diff --git a/dom/base/nsContentUtils.cpp b/dom/base/nsContentUtils.cpp index 0c992c2262e8..dc6fa7bc5e0a 100644 --- a/dom/base/nsContentUtils.cpp +++ b/dom/base/nsContentUtils.cpp @@ -2211,6 +2211,14 @@ nsContentUtils::IsCallerChrome() return xpc::IsUniversalXPConnectEnabled(GetCurrentJSContext()); } +#ifdef FUZZING +bool +nsContentUtils::IsFuzzingEnabled() +{ + return StaticPrefs::fuzzing_enabled(); +} +#endif + /* static */ bool nsContentUtils::ShouldResistFingerprinting() diff --git a/dom/base/nsContentUtils.h b/dom/base/nsContentUtils.h index 00e41f4679f9..7bddbce14028 100644 --- a/dom/base/nsContentUtils.h +++ b/dom/base/nsContentUtils.h @@ -216,9 +216,22 @@ public: // Strip off "wyciwyg://n/" part of a URL. aURI must have "wyciwyg" scheme. static nsresult RemoveWyciwygScheme(nsIURI* aURI, nsIURI** aReturn); - static bool IsCallerChrome(); - static bool ThreadsafeIsCallerChrome(); - static bool IsCallerContentXBL(); + static bool IsCallerChrome(); + static bool ThreadsafeIsCallerChrome(); + static bool IsCallerContentXBL(); + static bool IsFuzzingEnabled() +#ifndef FUZZING + { + return false; + } +#else + ; +#endif + + static bool IsCallerChromeOrFuzzingEnabled(JSContext* aCx, JSObject*) + { + return ThreadsafeIsSystemCaller(aCx) || IsFuzzingEnabled(); + } // The APIs for checking whether the caller is system (in the sense of system // principal) should only be used when the JSContext is known to accurately diff --git a/dom/bindings/Configuration.py b/dom/bindings/Configuration.py index f8bf2bad38b4..79056d62f289 100644 --- a/dom/bindings/Configuration.py +++ b/dom/bindings/Configuration.py @@ -105,6 +105,7 @@ class Configuration(DescriptorProvider): (partialIface.location, iface.location)) if not (iface.getExtendedAttribute("ChromeOnly") or iface.getExtendedAttribute("Func") == ["IsChromeOrXBL"] or + iface.getExtendedAttribute("Func") == ["nsContentUtils::IsCallerChromeOrFuzzingEnabled"] or not (iface.hasInterfaceObject() or iface.isNavigatorProperty()) or isInWebIDLRoot(iface.filename())): diff --git a/dom/bindings/parser/WebIDL.py b/dom/bindings/parser/WebIDL.py index f4f9cb1323a5..d484a4a3e63a 100644 --- a/dom/bindings/parser/WebIDL.py +++ b/dom/bindings/parser/WebIDL.py @@ -1809,7 +1809,7 @@ class IDLNamespace(IDLInterfaceOrNamespace): if not attr.noArguments(): raise WebIDLError("[%s] must not have arguments" % identifier, [attr.location]) - elif identifier == "Pref": + elif identifier == "Pref" or identifier == "Func": # Known extended attributes that take a string value if not attr.hasValue(): raise WebIDLError("[%s] must have a value" % identifier, diff --git a/dom/chrome-webidl/InspectorUtils.webidl b/dom/chrome-webidl/InspectorUtils.webidl index 98dff60c9c56..9d22d1fc6e7f 100644 --- a/dom/chrome-webidl/InspectorUtils.webidl +++ b/dom/chrome-webidl/InspectorUtils.webidl @@ -9,7 +9,7 @@ * * See InspectorUtils.h for documentation on these methods. */ -[ChromeOnly] +[Func="nsContentUtils::IsCallerChromeOrFuzzingEnabled"] namespace InspectorUtils { // documentOnly tells whether user and UA sheets should get included. sequence getAllStyleSheets(Document document, optional boolean documentOnly = false); @@ -129,7 +129,7 @@ dictionary InspectorFontFeature { required DOMString languageSystem; }; -[ChromeOnly] +[Func="nsContentUtils::IsCallerChromeOrFuzzingEnabled"] interface InspectorFontFace { // An indication of how we found this font during font-matching. // Note that the same physical font may have been found in multiple ways within a range. diff --git a/js/xpconnect/src/XPCJSContext.cpp b/js/xpconnect/src/XPCJSContext.cpp index 26727726f72f..d53c05abc67d 100644 --- a/js/xpconnect/src/XPCJSContext.cpp +++ b/js/xpconnect/src/XPCJSContext.cpp @@ -30,6 +30,7 @@ #include "mozilla/Preferences.h" #include "mozilla/Telemetry.h" #include "mozilla/Services.h" +#include "mozilla/StaticPrefs.h" #include "mozilla/dom/ScriptSettings.h" #include "nsContentUtils.h" @@ -861,7 +862,7 @@ ReloadPrefsCallback(const char* pref, XPCJSContext* xpccx) #endif // JS_GC_ZEAL #ifdef FUZZING - bool fuzzingEnabled = Preferences::GetBool("fuzzing.enabled"); + bool fuzzingEnabled = StaticPrefs::fuzzing_enabled(); #endif JS::ContextOptionsRef(cx).setBaseline(useBaseline) diff --git a/modules/libpref/init/StaticPrefList.h b/modules/libpref/init/StaticPrefList.h index 04d94adb5197..20ce46fc8acb 100644 --- a/modules/libpref/init/StaticPrefList.h +++ b/modules/libpref/init/StaticPrefList.h @@ -87,6 +87,20 @@ VARCACHE_PREF( RelaxedAtomicBool, false ) +//--------------------------------------------------------------------------- +// Fuzzing prefs. It's important that these can only be checked in fuzzing +// builds (when FUZZING is defined), otherwise you could enable the fuzzing +// stuff on your regular build which would be bad :) +//--------------------------------------------------------------------------- + +#ifdef FUZZING +VARCACHE_PREF( + "fuzzing.enabled", + fuzzing_enabled, + bool, false +) +#endif + //--------------------------------------------------------------------------- // Clipboard prefs //--------------------------------------------------------------------------- diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js index 757953a6c5cd..7cccf1d10758 100644 --- a/modules/libpref/init/all.js +++ b/modules/libpref/init/all.js @@ -5813,10 +5813,6 @@ pref("dom.payments.loglevel", "Warn"); pref("dom.payments.defaults.saveCreditCard", false); pref("dom.payments.defaults.saveAddress", true); -#ifdef FUZZING -pref("fuzzing.enabled", false); -#endif - #ifdef MOZ_ASAN_REPORTER pref("asanreporter.apiurl", "https://anf1.fuzzing.mozilla.org/crashproxy/submit/"); pref("asanreporter.clientid", "unknown");