mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-12 12:55:46 +00:00
b3ba0520ee
Going through the extension policy service rather than using WebExtensionPolicy objects directly adds a lot of unnecessary overhead to common operations on extension principals, and also makes the code more complicated than it needs to be. We also use weak references to policy objects here, since principals should ideally lose as much of their elevated privileges as possible once the extension instance that created them has been destroyed (which is something we couldn't handle easily when we simply tracked ID strings). MozReview-Commit-ID: KDNvVdvLkIt --HG-- extra : rebase_source : 1b567919d2461bd0315d1a7d89f330cbd585f579
145 lines
4.2 KiB
C++
145 lines
4.2 KiB
C++
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/* vim: set ts=4 et sw=4 tw=80: */
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
#ifndef nsScriptSecurityManager_h__
|
|
#define nsScriptSecurityManager_h__
|
|
|
|
#include "nsIScriptSecurityManager.h"
|
|
|
|
#include "mozilla/Maybe.h"
|
|
#include "nsIPrincipal.h"
|
|
#include "nsCOMPtr.h"
|
|
#include "nsIObserver.h"
|
|
#include "nsServiceManagerUtils.h"
|
|
#include "nsStringFwd.h"
|
|
#include "plstr.h"
|
|
#include "js/TypeDecls.h"
|
|
|
|
#include <stdint.h>
|
|
|
|
class nsIIOService;
|
|
class nsIStringBundle;
|
|
class SystemPrincipal;
|
|
|
|
namespace mozilla {
|
|
class OriginAttributes;
|
|
} // namespace mozilla
|
|
|
|
/////////////////////////////
|
|
// nsScriptSecurityManager //
|
|
/////////////////////////////
|
|
#define NS_SCRIPTSECURITYMANAGER_CID \
|
|
{ 0x7ee2a4c0, 0x4b93, 0x17d3, \
|
|
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
|
|
|
|
class nsScriptSecurityManager final : public nsIScriptSecurityManager,
|
|
public nsIObserver
|
|
{
|
|
public:
|
|
static void Shutdown();
|
|
|
|
NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
|
|
|
|
NS_DECL_ISUPPORTS
|
|
NS_DECL_NSISCRIPTSECURITYMANAGER
|
|
NS_DECL_NSIOBSERVER
|
|
|
|
static nsScriptSecurityManager*
|
|
GetScriptSecurityManager();
|
|
|
|
// Invoked exactly once, by XPConnect.
|
|
static void InitStatics();
|
|
|
|
static SystemPrincipal*
|
|
SystemPrincipalSingletonConstructor();
|
|
|
|
/**
|
|
* Utility method for comparing two URIs. For security purposes, two URIs
|
|
* are equivalent if their schemes, hosts, and ports (if any) match. This
|
|
* method returns true if aSubjectURI and aObjectURI have the same origin,
|
|
* false otherwise.
|
|
*/
|
|
static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
|
|
static uint32_t SecurityHashURI(nsIURI* aURI);
|
|
|
|
static nsresult
|
|
ReportError(JSContext* cx, const char* aMessageTag,
|
|
nsIURI* aSource, nsIURI* aTarget);
|
|
|
|
static uint32_t
|
|
HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
|
|
|
|
static bool
|
|
GetStrictFileOriginPolicy()
|
|
{
|
|
return sStrictFileOriginPolicy;
|
|
}
|
|
|
|
void DeactivateDomainPolicy();
|
|
|
|
private:
|
|
|
|
// GetScriptSecurityManager is the only call that can make one
|
|
nsScriptSecurityManager();
|
|
virtual ~nsScriptSecurityManager();
|
|
|
|
// Decides, based on CSP, whether or not eval() and stuff can be executed.
|
|
static bool
|
|
ContentSecurityPolicyPermitsJSAction(JSContext *cx);
|
|
|
|
static bool
|
|
JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second);
|
|
|
|
// Returns null if a principal cannot be found; generally callers
|
|
// should error out at that point.
|
|
static nsIPrincipal* doGetObjectPrincipal(JSObject* obj);
|
|
|
|
nsresult
|
|
Init();
|
|
|
|
nsresult
|
|
InitPrefs();
|
|
|
|
inline void
|
|
ScriptSecurityPrefChanged();
|
|
|
|
inline void
|
|
AddSitesToFileURIWhitelist(const nsCString& aSiteList);
|
|
|
|
nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
|
|
nsIPrincipal** aPrincipal,
|
|
bool aIgnoreSandboxing);
|
|
|
|
nsresult
|
|
CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI, nsIURI* aSourceBaseURI,
|
|
nsIURI* aTargetBaseURI, uint32_t aFlags);
|
|
|
|
// Returns the file URI whitelist, initializing it if it has not been
|
|
// initialized.
|
|
const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIWhitelist();
|
|
|
|
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
|
|
bool mPrefInitialized;
|
|
bool mIsJavaScriptEnabled;
|
|
|
|
// List of URIs whose domains and sub-domains are whitelisted to allow
|
|
// access to file: URIs. Lazily initialized; isNothing() when not yet
|
|
// initialized.
|
|
mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIWhitelist;
|
|
|
|
// This machinery controls new-style domain policies. The old-style
|
|
// policy machinery will be removed soon.
|
|
nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
|
|
|
|
static bool sStrictFileOriginPolicy;
|
|
|
|
static nsIIOService *sIOService;
|
|
static nsIStringBundle *sStrBundle;
|
|
static JSContext *sContext;
|
|
};
|
|
|
|
#endif // nsScriptSecurityManager_h__
|