Bug 504877 - Check for UniversalXPConnect access further down on the stack chain. r=jst sr=bzbarsky

2024-12-01 17:23:59 +00:00 · 2009-08-06 20:25:13 -07:00 · 2009-08-06 20:25:13 -07:00 · c2440a4cf3
commit c2440a4cf3
parent 3796321350
5 changed files with 38 additions and 48 deletions
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@ -5029,13 +5029,10 @@ nsContentUtils::CanAccessNativeAnon()
    fp = nsnull;
  }

-  void *annotation = fp ? JS_GetFrameAnnotation(cx, fp) : nsnull;
  PRBool privileged;
-  if (NS_SUCCEEDED(principal->IsCapabilityEnabled("UniversalXPConnect",
-                                                  annotation,
-                                                  &privileged)) &&
+  if (NS_SUCCEEDED(sSecurityManager->IsSystemPrincipal(principal, &privileged)) &&
      privileged) {
-    // UniversalXPConnect things are allowed to touch us.
+    // Chrome things are allowed to touch us.
    return PR_TRUE;
  }

@ -5049,6 +5046,12 @@ nsContentUtils::CanAccessNativeAnon()
    return PR_TRUE;
  }

+  // Before we throw, check for UniversalXPConnect.
+  nsresult rv = sSecurityManager->IsCapabilityEnabled("UniversalXPConnect", &privileged);
+  if (NS_SUCCEEDED(rv) && privileged) {
+    return PR_TRUE;
+  }
+
  return PR_FALSE;
 }

--- a/js/src/xpconnect/src/XPCCrossOriginWrapper.cpp
+++ b/js/src/xpconnect/src/XPCCrossOriginWrapper.cpp
@ -244,6 +244,7 @@ IsValFrame(JSObject *obj, jsval v, XPCWrappedNative *wn)
 nsresult
 CanAccessWrapper(JSContext *cx, JSObject *wrappedObj)
 {
+  // TODO bug 508928: Refactor this with the XOW security checking code.
  // Get the subject principal from the execution stack.
  nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager();
  if (!ssm) {
@ -271,18 +272,6 @@ CanAccessWrapper(JSContext *cx, JSObject *wrappedObj)
    return NS_OK;
  }

-  // There might be no code running, but if there is, we need to see if it is
-  // UniversalXPConnect enabled code.
-  if (fp) {
-    void *annotation = JS_GetFrameAnnotation(cx, fp);
-    rv = subjectPrin->IsCapabilityEnabled("UniversalXPConnect", annotation,
-                                          &isSystem);
-    NS_ENSURE_SUCCESS(rv, rv);
-    if (isSystem) {
-      return NS_OK;
-    }
-  }
-
  nsCOMPtr<nsIPrincipal> objectPrin;
  rv = ssm->GetObjectPrincipal(cx, wrappedObj, getter_AddRefs(objectPrin));
  if (NS_FAILED(rv)) {
@ -299,7 +288,14 @@ CanAccessWrapper(JSContext *cx, JSObject *wrappedObj)
  PRBool subsumes;
  rv = subjectPrin->Subsumes(objectPrin, &subsumes);
  if (NS_SUCCEEDED(rv) && !subsumes) {
-    rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
+    // We're about to fail, but make a last effort to see if
+    // UniversalXPConnect was enabled anywhere else on the stack.
+    rv = ssm->IsCapabilityEnabled("UniversalXPConnect", &isSystem);
+    if (NS_SUCCEEDED(rv) && isSystem) {
+      rv = NS_OK;
+    } else {
+      rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
+    }
  }
  return rv;
 }
--- a/js/src/xpconnect/src/XPCNativeWrapper.cpp
+++ b/js/src/xpconnect/src/XPCNativeWrapper.cpp
@ -205,17 +205,7 @@ EnsureLegalActivity(JSContext *cx, JSObject *obj,
  JSStackFrame *fp;
  nsIPrincipal *subjectPrincipal = ssm->GetCxSubjectPrincipalAndFrame(cx, &fp);
  if (!subjectPrincipal || !fp) {
-    // We must allow the access if there is no code running.
-    return JS_TRUE;
-  }
-
-  // This might be chrome code or content code with UniversalXPConnect.
-  void *annotation = JS_GetFrameAnnotation(cx, fp);
-  PRBool isPrivileged = PR_FALSE;
-  nsresult rv = subjectPrincipal->IsCapabilityEnabled("UniversalXPConnect",
-                                                      annotation,
-                                                      &isPrivileged);
-  if (NS_SUCCEEDED(rv) && isPrivileged) {
+    // We must allow access if there is no code running.
    return JS_TRUE;
  }

@ -227,6 +217,13 @@ EnsureLegalActivity(JSContext *cx, JSObject *obj,
    PRBool subsumes;
    if (NS_FAILED(subjectPrincipal->Subsumes(objectPrincipal, &subsumes)) ||
        !subsumes) {
+      // This might be chrome code or content code with UniversalXPConnect.
+      PRBool isPrivileged = PR_FALSE;
+      nsresult rv =
+        ssm->IsCapabilityEnabled("UniversalXPConnect", &isPrivileged);
+      if (NS_SUCCEEDED(rv) && isPrivileged) {
+        return JS_TRUE;
+      }

      JSObject* flatObj;
      if (!JSVAL_IS_VOID(id) &&
@ -288,26 +285,15 @@ XPCNativeWrapper::GetWrappedNative(JSContext *cx, JSObject *obj,
    return JS_TRUE;
  }

-  if (fp) {
-    void *annotation = JS_GetFrameAnnotation(cx, fp);
-
-    PRBool isPrivileged;
-    nsresult rv =
-      subjectPrincipal->IsCapabilityEnabled("UniversalXPConnect",
-                                            annotation,
-                                            &isPrivileged);
-    if (NS_SUCCEEDED(rv) && isPrivileged) {
-      return JS_TRUE;
-    }
-  }
-
  XPCWrappedNativeScope *scope = wn->GetScope();
  nsIPrincipal *objectPrincipal = scope->GetPrincipal();

  PRBool subsumes;
  nsresult rv = subjectPrincipal->Subsumes(objectPrincipal, &subsumes);
  if (NS_FAILED(rv) || !subsumes) {
-    return JS_FALSE;
+    PRBool isPrivileged;
+    rv = ssm->IsCapabilityEnabled("UniversalXPConnect", &isPrivileged);
+    return NS_SUCCEEDED(rv) && isPrivileged;
  }

  return JS_TRUE;
--- a/js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
+++ b/js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
@ -135,6 +135,7 @@ FindPrincipals(JSContext *cx, JSObject *obj, nsIPrincipal **objectPrincipal,
 static PRBool
 CanCallerAccess(JSContext *cx, JSObject *unsafeObj)
 {
+  // TODO bug 508928: Refactor this with the XOW security checking code.
  nsCOMPtr<nsIPrincipal> subjPrincipal, objPrincipal;
  nsCOMPtr<nsIScriptSecurityManager> ssm;
  nsresult rv = FindPrincipals(cx, unsafeObj, getter_AddRefs(objPrincipal),
--- a/js/src/xpconnect/src/XPCSystemOnlyWrapper.cpp
+++ b/js/src/xpconnect/src/XPCSystemOnlyWrapper.cpp
@ -164,6 +164,7 @@ GetWrappedObject(JSContext *cx, JSObject *wrapper)
 JSBool
 AllowedToAct(JSContext *cx, jsval idval)
 {
+  // TODO bug 508928: Refactor this with the XOW security checking code.
  nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager();
  if (!ssm) {
    return JS_TRUE;
@ -187,13 +188,10 @@ AllowedToAct(JSContext *cx, jsval idval)
    fp = nsnull;
  }

-  void *annotation = fp ? JS_GetFrameAnnotation(cx, fp) : nsnull;
  PRBool privileged;
-  if (NS_SUCCEEDED(principal->IsCapabilityEnabled("UniversalXPConnect",
-                                                  annotation,
-                                                  &privileged)) &&
+  if (NS_SUCCEEDED(ssm->IsSystemPrincipal(principal, &privileged)) &&
      privileged) {
-    // UniversalXPConnect things are allowed to touch us.
+    // Chrome things are allowed to touch us.
    return JS_TRUE;
  }

@ -218,6 +216,12 @@ AllowedToAct(JSContext *cx, jsval idval)
    }
  }

+  // Before we throw, check for UniversalXPConnect.
+  nsresult rv = ssm->IsCapabilityEnabled("UniversalXPConnect", &privileged);
+  if (NS_SUCCEEDED(rv) && privileged) {
+    return JS_TRUE;
+  }
+
  return JS_FALSE;
 }