Merge backout of orange-causing changeset.

2024-12-01 17:23:59 +00:00 · 2009-08-06 23:52:14 -07:00 · 2009-08-06 23:52:14 -07:00 · e447378fc2
commit e447378fc2
parent ce8b0492c3 8ab98a8594
5 changed files with 48 additions and 38 deletions
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@ -5029,10 +5029,13 @@ nsContentUtils::CanAccessNativeAnon()
    fp = nsnull;
  }

+  void *annotation = fp ? JS_GetFrameAnnotation(cx, fp) : nsnull;
  PRBool privileged;
-  if (NS_SUCCEEDED(sSecurityManager->IsSystemPrincipal(principal, &privileged)) &&
+  if (NS_SUCCEEDED(principal->IsCapabilityEnabled("UniversalXPConnect",
+                                                  annotation,
+                                                  &privileged)) &&
      privileged) {
-    // Chrome things are allowed to touch us.
+    // UniversalXPConnect things are allowed to touch us.
    return PR_TRUE;
  }

@ -5046,12 +5049,6 @@ nsContentUtils::CanAccessNativeAnon()
    return PR_TRUE;
  }

-  // Before we throw, check for UniversalXPConnect.
-  nsresult rv = sSecurityManager->IsCapabilityEnabled("UniversalXPConnect", &privileged);
-  if (NS_SUCCEEDED(rv) && privileged) {
-    return PR_TRUE;
-  }
-
  return PR_FALSE;
 }

--- a/js/src/xpconnect/src/XPCCrossOriginWrapper.cpp
+++ b/js/src/xpconnect/src/XPCCrossOriginWrapper.cpp
@ -244,7 +244,6 @@ IsValFrame(JSObject *obj, jsval v, XPCWrappedNative *wn)
 nsresult
 CanAccessWrapper(JSContext *cx, JSObject *wrappedObj)
 {
-  // TODO bug 508928: Refactor this with the XOW security checking code.
  // Get the subject principal from the execution stack.
  nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager();
  if (!ssm) {
@ -272,6 +271,18 @@ CanAccessWrapper(JSContext *cx, JSObject *wrappedObj)
    return NS_OK;
  }

+  // There might be no code running, but if there is, we need to see if it is
+  // UniversalXPConnect enabled code.
+  if (fp) {
+    void *annotation = JS_GetFrameAnnotation(cx, fp);
+    rv = subjectPrin->IsCapabilityEnabled("UniversalXPConnect", annotation,
+                                          &isSystem);
+    NS_ENSURE_SUCCESS(rv, rv);
+    if (isSystem) {
+      return NS_OK;
+    }
+  }
+
  nsCOMPtr<nsIPrincipal> objectPrin;
  rv = ssm->GetObjectPrincipal(cx, wrappedObj, getter_AddRefs(objectPrin));
  if (NS_FAILED(rv)) {
@ -288,14 +299,7 @@ CanAccessWrapper(JSContext *cx, JSObject *wrappedObj)
  PRBool subsumes;
  rv = subjectPrin->Subsumes(objectPrin, &subsumes);
  if (NS_SUCCEEDED(rv) && !subsumes) {
-    // We're about to fail, but make a last effort to see if
-    // UniversalXPConnect was enabled anywhere else on the stack.
-    rv = ssm->IsCapabilityEnabled("UniversalXPConnect", &isSystem);
-    if (NS_SUCCEEDED(rv) && isSystem) {
-      rv = NS_OK;
-    } else {
-      rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
-    }
+    rv = NS_ERROR_DOM_PROP_ACCESS_DENIED;
  }
  return rv;
 }
--- a/js/src/xpconnect/src/XPCNativeWrapper.cpp
+++ b/js/src/xpconnect/src/XPCNativeWrapper.cpp
@ -205,7 +205,17 @@ EnsureLegalActivity(JSContext *cx, JSObject *obj,
  JSStackFrame *fp;
  nsIPrincipal *subjectPrincipal = ssm->GetCxSubjectPrincipalAndFrame(cx, &fp);
  if (!subjectPrincipal || !fp) {
-    // We must allow access if there is no code running.
+    // We must allow the access if there is no code running.
+    return JS_TRUE;
+  }
+
+  // This might be chrome code or content code with UniversalXPConnect.
+  void *annotation = JS_GetFrameAnnotation(cx, fp);
+  PRBool isPrivileged = PR_FALSE;
+  nsresult rv = subjectPrincipal->IsCapabilityEnabled("UniversalXPConnect",
+                                                      annotation,
+                                                      &isPrivileged);
+  if (NS_SUCCEEDED(rv) && isPrivileged) {
    return JS_TRUE;
  }

@ -217,13 +227,6 @@ EnsureLegalActivity(JSContext *cx, JSObject *obj,
    PRBool subsumes;
    if (NS_FAILED(subjectPrincipal->Subsumes(objectPrincipal, &subsumes)) ||
        !subsumes) {
-      // This might be chrome code or content code with UniversalXPConnect.
-      PRBool isPrivileged = PR_FALSE;
-      nsresult rv =
-        ssm->IsCapabilityEnabled("UniversalXPConnect", &isPrivileged);
-      if (NS_SUCCEEDED(rv) && isPrivileged) {
-        return JS_TRUE;
-      }

      JSObject* flatObj;
      if (!JSVAL_IS_VOID(id) &&
@ -285,15 +288,26 @@ XPCNativeWrapper::GetWrappedNative(JSContext *cx, JSObject *obj,
    return JS_TRUE;
  }

+  if (fp) {
+    void *annotation = JS_GetFrameAnnotation(cx, fp);
+
+    PRBool isPrivileged;
+    nsresult rv =
+      subjectPrincipal->IsCapabilityEnabled("UniversalXPConnect",
+                                            annotation,
+                                            &isPrivileged);
+    if (NS_SUCCEEDED(rv) && isPrivileged) {
+      return JS_TRUE;
+    }
+  }
+
  XPCWrappedNativeScope *scope = wn->GetScope();
  nsIPrincipal *objectPrincipal = scope->GetPrincipal();

  PRBool subsumes;
  nsresult rv = subjectPrincipal->Subsumes(objectPrincipal, &subsumes);
  if (NS_FAILED(rv) || !subsumes) {
-    PRBool isPrivileged;
-    rv = ssm->IsCapabilityEnabled("UniversalXPConnect", &isPrivileged);
-    return NS_SUCCEEDED(rv) && isPrivileged;
+    return JS_FALSE;
  }

  return JS_TRUE;
--- a/js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
+++ b/js/src/xpconnect/src/XPCSafeJSObjectWrapper.cpp
@ -135,7 +135,6 @@ FindPrincipals(JSContext *cx, JSObject *obj, nsIPrincipal **objectPrincipal,
 static PRBool
 CanCallerAccess(JSContext *cx, JSObject *unsafeObj)
 {
-  // TODO bug 508928: Refactor this with the XOW security checking code.
  nsCOMPtr<nsIPrincipal> subjPrincipal, objPrincipal;
  nsCOMPtr<nsIScriptSecurityManager> ssm;
  nsresult rv = FindPrincipals(cx, unsafeObj, getter_AddRefs(objPrincipal),
--- a/js/src/xpconnect/src/XPCSystemOnlyWrapper.cpp
+++ b/js/src/xpconnect/src/XPCSystemOnlyWrapper.cpp
@ -164,7 +164,6 @@ GetWrappedObject(JSContext *cx, JSObject *wrapper)
 JSBool
 AllowedToAct(JSContext *cx, jsval idval)
 {
-  // TODO bug 508928: Refactor this with the XOW security checking code.
  nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager();
  if (!ssm) {
    return JS_TRUE;
@ -188,10 +187,13 @@ AllowedToAct(JSContext *cx, jsval idval)
    fp = nsnull;
  }

+  void *annotation = fp ? JS_GetFrameAnnotation(cx, fp) : nsnull;
  PRBool privileged;
-  if (NS_SUCCEEDED(ssm->IsSystemPrincipal(principal, &privileged)) &&
+  if (NS_SUCCEEDED(principal->IsCapabilityEnabled("UniversalXPConnect",
+                                                  annotation,
+                                                  &privileged)) &&
      privileged) {
-    // Chrome things are allowed to touch us.
+    // UniversalXPConnect things are allowed to touch us.
    return JS_TRUE;
  }

@ -216,12 +218,6 @@ AllowedToAct(JSContext *cx, jsval idval)
    }
  }

-  // Before we throw, check for UniversalXPConnect.
-  nsresult rv = ssm->IsCapabilityEnabled("UniversalXPConnect", &privileged);
-  if (NS_SUCCEEDED(rv) && privileged) {
-    return JS_TRUE;
-  }
-
  return JS_FALSE;
 }