Bug 1006692 - Replaced nsScriptSecurityManager::SubjectIsPrivileged and AccessCheck::IsCallerChrome by nsContentUtils::IsCallerChrome. r=bholley
authorJulien Levesy <jlevesy@gmail.com>
Mon, 19 May 2014 13:39:00 +0200
changeset 184604 dc4c4e5fe01ddd9db601969606392853bd49de2e
parent 184603 cb3b68267af4cca0ad4996f5c6fa4a46d125183c
child 184605 1877d8afd10308d89d2b2bb55a2b8829f498bbed
push id26826
push usercbook@mozilla.com
push dateFri, 23 May 2014 13:41:49 +0000
treeherdermozilla-central@e3d39ffacb5e [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley
bugs1006692
milestone32.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1006692 - Replaced nsScriptSecurityManager::SubjectIsPrivileged and AccessCheck::IsCallerChrome by nsContentUtils::IsCallerChrome. r=bholley
caps/include/nsScriptSecurityManager.h
caps/src/nsScriptSecurityManager.cpp
js/xpconnect/wrappers/AccessCheck.cpp
js/xpconnect/wrappers/AccessCheck.h
--- a/caps/include/nsScriptSecurityManager.h
+++ b/caps/include/nsScriptSecurityManager.h
@@ -101,18 +101,16 @@ public:
     void DeactivateDomainPolicy();
 
 private:
 
     // GetScriptSecurityManager is the only call that can make one
     nsScriptSecurityManager();
     virtual ~nsScriptSecurityManager();
 
-    bool SubjectIsPrivileged();
-
     // Decides, based on CSP, whether or not eval() and stuff can be executed.
     static bool
     ContentSecurityPolicyPermitsJSAction(JSContext *cx);
 
     static bool
     JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second);
 
     // Returns null if a principal cannot be found; generally callers
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -73,22 +73,16 @@ using namespace mozilla::dom;
 
 static NS_DEFINE_CID(kZipReaderCID, NS_ZIPREADER_CID);
 
 nsIIOService    *nsScriptSecurityManager::sIOService = nullptr;
 nsIStringBundle *nsScriptSecurityManager::sStrBundle = nullptr;
 JSRuntime       *nsScriptSecurityManager::sRuntime   = 0;
 bool nsScriptSecurityManager::sStrictFileOriginPolicy = true;
 
-bool
-nsScriptSecurityManager::SubjectIsPrivileged()
-{
-    return nsContentUtils::IsCallerChrome();
-}
-
 ///////////////////////////
 // Convenience Functions //
 ///////////////////////////
 // Result of this function should not be freed.
 static inline const char16_t *
 IDToString(JSContext *cx, jsid id_)
 {
     JS::RootedId id(cx, id_);
@@ -482,17 +476,17 @@ nsScriptSecurityManager::CheckLoadURIFro
     // UniversalXPConnect capability trump the above check.
     bool isFile = false;
     bool isRes = false;
     if (NS_FAILED(aURI->SchemeIs("file", &isFile)) ||
         NS_FAILED(aURI->SchemeIs("resource", &isRes)))
         return NS_ERROR_FAILURE;
     if (isFile || isRes)
     {
-        if (SubjectIsPrivileged())
+        if (nsContentUtils::IsCallerChrome())
             return NS_OK;
     }
 
     // Report error.
     nsAutoCString spec;
     if (NS_FAILED(aURI->GetAsciiSpec(spec)))
         return NS_ERROR_FAILURE;
     nsAutoCString msg("Access to '");
@@ -1045,17 +1039,17 @@ nsScriptSecurityManager::CanCreateWrappe
     }
 
     // We give remote-XUL whitelisted domains a free pass here. See bug 932906.
     if (!xpc::AllowXBLScope(js::GetContextCompartment(cx)))
     {
         return NS_OK;
     }
 
-    if (SubjectIsPrivileged())
+    if (nsContentUtils::IsCallerChrome())
     {
         return NS_OK;
     }
 
     //-- Access denied, report an error
     NS_ConvertUTF8toUTF16 strName("CreateWrapperDenied");
     nsAutoCString origin;
     nsIPrincipal* subjectPrincipal = nsContentUtils::SubjectPrincipal();
@@ -1082,34 +1076,34 @@ nsScriptSecurityManager::CanCreateWrappe
     SetPendingException(cx, errorMsg.get());
     return NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::CanCreateInstance(JSContext *cx,
                                            const nsCID &aCID)
 {
-    if (SubjectIsPrivileged()) {
+    if (nsContentUtils::IsCallerChrome()) {
         return NS_OK;
     }
 
     //-- Access denied, report an error
     nsAutoCString errorMsg("Permission denied to create instance of class. CID=");
     char cidStr[NSID_LENGTH];
     aCID.ToProvidedString(cidStr);
     errorMsg.Append(cidStr);
     SetPendingException(cx, errorMsg.get());
     return NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED;
 }
 
 NS_IMETHODIMP
 nsScriptSecurityManager::CanGetService(JSContext *cx,
                                        const nsCID &aCID)
 {
-    if (SubjectIsPrivileged()) {
+    if (nsContentUtils::IsCallerChrome()) {
         return NS_OK;
     }
 
     //-- Access denied, report an error
     nsAutoCString errorMsg("Permission denied to get service. CID=");
     char cidStr[NSID_LENGTH];
     aCID.ToProvidedString(cidStr);
     errorMsg.Append(cidStr);
--- a/js/xpconnect/wrappers/AccessCheck.cpp
+++ b/js/xpconnect/wrappers/AccessCheck.cpp
@@ -79,22 +79,16 @@ AccessCheck::isChrome(JSCompartment *com
 }
 
 bool
 AccessCheck::isChrome(JSObject *obj)
 {
     return isChrome(js::GetObjectCompartment(obj));
 }
 
-bool
-AccessCheck::callerIsChrome()
-{
-    return nsContentUtils::IsCallerChrome();
-}
-
 nsIPrincipal *
 AccessCheck::getPrincipal(JSCompartment *compartment)
 {
     return GetCompartmentPrincipal(compartment);
 }
 
 #define NAME(ch, str, cases)                                                  \
     case ch: if (!strcmp(name, str)) switch (propChars[0]) { cases }; break;
--- a/js/xpconnect/wrappers/AccessCheck.h
+++ b/js/xpconnect/wrappers/AccessCheck.h
@@ -17,17 +17,16 @@ namespace xpc {
 class AccessCheck {
   public:
     static bool subsumes(JSCompartment *a, JSCompartment *b);
     static bool subsumes(JSObject *a, JSObject *b);
     static bool wrapperSubsumes(JSObject *wrapper);
     static bool subsumesConsideringDomain(JSCompartment *a, JSCompartment *b);
     static bool isChrome(JSCompartment *compartment);
     static bool isChrome(JSObject *obj);
-    static bool callerIsChrome();
     static nsIPrincipal *getPrincipal(JSCompartment *compartment);
     static bool isCrossOriginAccessPermitted(JSContext *cx, JSObject *obj, jsid id,
                                              js::Wrapper::Action act);
 };
 
 struct Policy {
 };