caps/nsScriptSecurityManager.h
author Mike Hommey <mh+mozilla@glandium.org>
Thu, 20 Jul 2017 14:06:23 +0900
changeset 612007 499490d18b16ae716794ae027179cce6cb20147c
parent 608816 129793760f2d718ed61ba17d9aacd57c7ec6785b
child 648192 c236dfe7dc98c387219d7cb45d0693560db708fd
child 651650 397cfed5073f34740aed9e20460810316ee8ec25
permissions -rw-r--r--
Bug 1382525 - Move LLVM_CONFIG out of mozconfig.common. r?chmanchester LLVM_CONFIG, per the contents of toolkit/moz.configure, is tied to --enable-stylo, but it currently is set on all types of builds. It currently happens to work, but it's actually not meant to, and sure enough, the fix for bug 1374727 exacerbates that. So we create a new mozconfig.stylo file that enables stylo and sets LLVM_CONFIG, such that only build types that do enable stylo have LLVM_CONFIG set.

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim: set ts=4 et sw=4 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsScriptSecurityManager_h__
#define nsScriptSecurityManager_h__

#include "nsIScriptSecurityManager.h"

#include "nsIAddonPolicyService.h"
#include "mozilla/Maybe.h"
#include "nsIAddonPolicyService.h"
#include "nsIPrincipal.h"
#include "nsCOMPtr.h"
#include "nsIObserver.h"
#include "nsServiceManagerUtils.h"
#include "plstr.h"
#include "js/TypeDecls.h"

#include <stdint.h>

class nsCString;
class nsIIOService;
class nsIStringBundle;
class SystemPrincipal;

namespace mozilla {
class OriginAttributes;
} // namespace mozilla

/////////////////////////////
// nsScriptSecurityManager //
/////////////////////////////
#define NS_SCRIPTSECURITYMANAGER_CID \
{ 0x7ee2a4c0, 0x4b93, 0x17d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}

class nsScriptSecurityManager final : public nsIScriptSecurityManager,
                                      public nsIObserver
{
public:
    static void Shutdown();

    NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)

    NS_DECL_ISUPPORTS
    NS_DECL_NSISCRIPTSECURITYMANAGER
    NS_DECL_NSIOBSERVER

    static nsScriptSecurityManager*
    GetScriptSecurityManager();

    // Invoked exactly once, by XPConnect.
    static void InitStatics();

    static SystemPrincipal*
    SystemPrincipalSingletonConstructor();

    /**
     * Utility method for comparing two URIs.  For security purposes, two URIs
     * are equivalent if their schemes, hosts, and ports (if any) match.  This
     * method returns true if aSubjectURI and aObjectURI have the same origin,
     * false otherwise.
     */
    static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
    static uint32_t SecurityHashURI(nsIURI* aURI);

    static nsresult
    ReportError(JSContext* cx, const char* aMessageTag,
                nsIURI* aSource, nsIURI* aTarget);

    static uint32_t
    HashPrincipalByOrigin(nsIPrincipal* aPrincipal);

    static bool
    GetStrictFileOriginPolicy()
    {
        return sStrictFileOriginPolicy;
    }

    void DeactivateDomainPolicy();

private:

    // GetScriptSecurityManager is the only call that can make one
    nsScriptSecurityManager();
    virtual ~nsScriptSecurityManager();

    // Decides, based on CSP, whether or not eval() and stuff can be executed.
    static bool
    ContentSecurityPolicyPermitsJSAction(JSContext *cx);

    static bool
    JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second);

    // Returns null if a principal cannot be found; generally callers
    // should error out at that point.
    static nsIPrincipal* doGetObjectPrincipal(JSObject* obj);

    nsresult
    Init();

    nsresult
    InitPrefs();

    inline void
    ScriptSecurityPrefChanged();

    inline void
    AddSitesToFileURIWhitelist(const nsCString& aSiteList);

    nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
                                       nsIPrincipal** aPrincipal,
                                       bool aIgnoreSandboxing);

    nsresult
    CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI, nsIURI* aSourceBaseURI,
                      nsIURI* aTargetBaseURI, uint32_t aFlags);

    // Returns the file URI whitelist, initializing it if it has not been
    // initialized.
    const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIWhitelist();

    nsCOMPtr<nsIPrincipal> mSystemPrincipal;
    bool mPrefInitialized;
    bool mIsJavaScriptEnabled;

    // List of URIs whose domains and sub-domains are whitelisted to allow
    // access to file: URIs.  Lazily initialized; isNothing() when not yet
    // initialized.
    mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIWhitelist;

    // This machinery controls new-style domain policies. The old-style
    // policy machinery will be removed soon.
    nsCOMPtr<nsIDomainPolicy> mDomainPolicy;

    // Cached addon policy service. We can't generate this in Init() because
    // that's too early to get a service.
    mozilla::Maybe<nsCOMPtr<nsIAddonPolicyService>> mAddonPolicyService;
    nsIAddonPolicyService* GetAddonPolicyService()
    {
        if (mAddonPolicyService.isNothing()) {
            mAddonPolicyService.emplace(do_GetService("@mozilla.org/addons/policy-service;1"));
        }
        return mAddonPolicyService.ref();
    }

    static bool sStrictFileOriginPolicy;

    static nsIIOService    *sIOService;
    static nsIStringBundle *sStrBundle;
    static JSContext       *sContext;
};

#endif // nsScriptSecurityManager_h__