Bug 1482835 - Remove JS_GetCompartmentPrincipals calls in the compartment nuking code. r=mccr8

Differential Revision: https://phabricator.services.mozilla.com/D5856

--HG--
extra : moz-landing-system : lando

dom/base/WindowDestroyedEvent.cpp

@@ -1,3 +1,9 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
 #include "WindowDestroyedEvent.h"
 
 #include "nsJSUtils.h"
@@ -9,17 +15,14 @@
 #include "nsToolkitCompsCID.h"
 #include "nsCOMPtr.h"
 #include "nsContentUtils.h"
+#include "xpcpublic.h"
 
 namespace mozilla {
 
-// Try to match compartments that are not web content by matching compartments
-// with principals that are either the system principal or an expanded principal.
-// This may not return true for all non-web-content compartments.
 struct BrowserCompartmentMatcher : public js::CompartmentFilter {
   bool match(JS::Compartment* aC) const override
   {
-    nsCOMPtr<nsIPrincipal> pc = nsJSPrincipals::get(JS_GetCompartmentPrincipals(aC));
-    return nsContentUtils::IsSystemOrExpandedPrincipal(pc);
+    return !xpc::MightBeWebContentCompartment(aC);
   }
 };
 
@@ -112,8 +115,11 @@ WindowDestroyedEvent::Run()
         AutoSafeJSContext cx;
         JS::Rooted<JSObject*> obj(cx, currentInner->FastGetGlobalJSObject());
         if (obj && !js::IsSystemRealm(js::GetNonCCWObjectRealm(obj))) {
-          JS::Compartment* cpt = js::GetObjectCompartment(obj);
-          nsCOMPtr<nsIPrincipal> pc = nsJSPrincipals::get(JS_GetCompartmentPrincipals(cpt));
+          JS::Realm* realm = js::GetNonCCWObjectRealm(obj);
+          JS::Compartment* cpt = JS::GetCompartmentForRealm(realm);
+
+          nsCOMPtr<nsIPrincipal> pc =
+            nsJSPrincipals::get(JS::GetRealmPrincipals(realm));
 
           if (BasePrincipal::Cast(pc)->AddonPolicy()) {
             // We want to nuke all references to the add-on compartment.

js/xpconnect/src/XPCJSRuntime.cpp

@@ -512,6 +512,25 @@ IsInSandboxCompartment(JSObject* obj)
     return priv && priv->isSandboxCompartment;
 }
 
+bool
+CompartmentOriginInfo::MightBeWebContent() const
+{
+    // Compartments with principals that are either the system principal or an
+    // expanded principal are definitely not web content.
+    return !nsContentUtils::IsSystemOrExpandedPrincipal(mOrigin);
+}
+
+bool
+MightBeWebContentCompartment(JS::Compartment* compartment)
+{
+    if (CompartmentPrivate* priv = CompartmentPrivate::Get(compartment)) {
+        return priv->originInfo.MightBeWebContent();
+    }
+
+    // No CompartmentPrivate; try IsSystemCompartment.
+    return !js::IsSystemCompartment(compartment);
+}
+
 bool
 IsUniversalXPConnectEnabled(JS::Compartment* compartment)
 {

js/xpconnect/src/xpcprivate.h

@@ -2932,6 +2932,8 @@ public:
 
     bool IsSameOrigin(nsIPrincipal* aOther) const;
 
+    bool MightBeWebContent() const;
+
     const mozilla::SiteIdentifier& SiteRef() const {
         return mSite;
     }

js/xpconnect/src/xpcpublic.h

@@ -92,6 +92,8 @@ bool IsInUAWidgetScope(JSObject* obj);
 
 bool IsInSandboxCompartment(JSObject* obj);
 
+bool MightBeWebContentCompartment(JS::Compartment* compartment);
+
 void SetCompartmentChangedDocumentDomain(JS::Compartment* compartment);
 
 // Return a raw XBL scope object corresponding to contentScope, which must