author Justin Wood <>
Mon, 09 Jan 2017 16:23:04 -0500
changeset 463197 b3774461acc6bee2216c5f57e167f9e5795fb09d
parent 459745 8fe52da5cb90209689b41879843ba93f6acda884
child 464224 e230f64769665dc5071cd383a82cd8eae936bc4a
child 489668 cbb8fdf1daf98a15f7d57f6b08d273bdf96aa1a0
permissions -rw-r--r--
Bug 1301495 - Taskcluster l10n indexing should match mozharness' l10n indexing. r=dustin a=RyanVM Adds l10n and nightly indexing, matching (better) what Buildbot is currently doing with these types of tasks (This patch is against `date`, will be grafted on review for real landing, using autoland) MozReview-Commit-ID: K0BYwaCm6xL

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim: set ts=4 et sw=4 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at */

#ifndef nsScriptSecurityManager_h__
#define nsScriptSecurityManager_h__

#include "nsIScriptSecurityManager.h"

#include "nsIAddonPolicyService.h"
#include "mozilla/Maybe.h"
#include "nsIAddonPolicyService.h"
#include "nsIPrincipal.h"
#include "nsCOMPtr.h"
#include "nsIObserver.h"
#include "nsServiceManagerUtils.h"
#include "plstr.h"
#include "js/TypeDecls.h"

#include <stdint.h>

class nsCString;
class nsIIOService;
class nsIStringBundle;
class nsSystemPrincipal;

namespace mozilla {
class OriginAttributes;
} // namespace mozilla

// nsScriptSecurityManager //
{ 0x7ee2a4c0, 0x4b93, 0x17d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}

class nsScriptSecurityManager final : public nsIScriptSecurityManager,
                                      public nsIObserver
    static void Shutdown();



    static nsScriptSecurityManager*

    // Invoked exactly once, by XPConnect.
    static void InitStatics();

    static nsSystemPrincipal*

     * Utility method for comparing two URIs.  For security purposes, two URIs
     * are equivalent if their schemes, hosts, and ports (if any) match.  This
     * method returns true if aSubjectURI and aObjectURI have the same origin,
     * false otherwise.
    static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
    static uint32_t SecurityHashURI(nsIURI* aURI);

    static nsresult
    ReportError(JSContext* cx, const nsAString& messageTag,
                nsIURI* aSource, nsIURI* aTarget);

    static uint32_t
    HashPrincipalByOrigin(nsIPrincipal* aPrincipal);

    static bool
        return sStrictFileOriginPolicy;

    void DeactivateDomainPolicy();


    // GetScriptSecurityManager is the only call that can make one
    virtual ~nsScriptSecurityManager();

    // Decides, based on CSP, whether or not eval() and stuff can be executed.
    static bool
    ContentSecurityPolicyPermitsJSAction(JSContext *cx);

    static bool
    JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second);

    // Returns null if a principal cannot be found; generally callers
    // should error out at that point.
    static nsIPrincipal* doGetObjectPrincipal(JSObject* obj);



    inline void

    inline void
    AddSitesToFileURIWhitelist(const nsCString& aSiteList);

    // If aURI is a moz-extension:// URI, set mAddonId to the associated addon.
    nsresult MaybeSetAddonIdFromURI(mozilla::OriginAttributes& aAttrs, nsIURI* aURI);

    nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
                                       nsIPrincipal** aPrincipal,
                                       bool aIgnoreSandboxing);

    CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI, nsIURI* aSourceBaseURI,
                      nsIURI* aTargetBaseURI, uint32_t aFlags);

    // Returns the file URI whitelist, initializing it if it has not been
    // initialized.
    const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIWhitelist();

    nsCOMPtr<nsIPrincipal> mSystemPrincipal;
    bool mPrefInitialized;
    bool mIsJavaScriptEnabled;

    // List of URIs whose domains and sub-domains are whitelisted to allow
    // access to file: URIs.  Lazily initialized; isNothing() when not yet
    // initialized.
    mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIWhitelist;

    // This machinery controls new-style domain policies. The old-style
    // policy machinery will be removed soon.
    nsCOMPtr<nsIDomainPolicy> mDomainPolicy;

    // Cached addon policy service. We can't generate this in Init() because
    // that's too early to get a service.
    mozilla::Maybe<nsCOMPtr<nsIAddonPolicyService>> mAddonPolicyService;
    nsIAddonPolicyService* GetAddonPolicyService()
        if (mAddonPolicyService.isNothing()) {
        return mAddonPolicyService.ref();

    static bool sStrictFileOriginPolicy;

    static nsIIOService    *sIOService;
    static nsIStringBundle *sStrBundle;
    static JSContext       *sContext;

#endif // nsScriptSecurityManager_h__