Bug 713747 - Remove usage of UniversalFoo in gecko. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Fri, 30 Dec 2011 09:35:39 -0800
changeset 84805 c991b7a9810a6f0c44d2bc5f6a6d90e236cb7793
parent 84804 3efc3a946a7f3ddffb2ca16f197e1753d8e2be8f
child 84806 c85e6c648d8f4490001317f738e786303cc25dd4
push id805
push userakeybl@mozilla.com
push dateWed, 01 Feb 2012 18:17:35 +0000
treeherdermozilla-aurora@6fb3bf232436 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs713747
milestone12.0a1
Bug 713747 - Remove usage of UniversalFoo in gecko. r=bz
content/base/public/nsContentUtils.h
content/base/src/nsContentUtils.cpp
content/base/src/nsDOMFile.cpp
content/base/src/nsXMLHttpRequest.cpp
content/events/public/nsEventDispatcher.h
content/events/src/nsDOMDataTransfer.cpp
content/events/src/nsDOMEvent.cpp
content/html/content/src/nsHTMLInputElement.cpp
content/xul/document/src/nsXULDocument.cpp
docshell/base/nsDocShell.cpp
dom/base/nsBarProps.cpp
dom/base/nsGlobalWindow.cpp
embedding/components/find/src/nsWebBrowserFind.cpp
embedding/components/windowwatcher/src/nsWindowWatcher.cpp
layout/style/nsCSSStyleSheet.h
layout/style/nsComputedDOMStyle.cpp
--- a/content/base/public/nsContentUtils.h
+++ b/content/base/public/nsContentUtils.h
@@ -227,20 +227,19 @@ public:
 
   static bool     IsCallerChrome();
 
   static bool     IsCallerTrustedForRead();
 
   static bool     IsCallerTrustedForWrite();
 
   /**
-   * Check whether a caller is trusted to have aCapability.  This also
-   * checks for UniversalXPConnect in addition to aCapability.
+   * Check whether a caller has UniversalXPConnect.
    */
-  static bool     IsCallerTrustedForCapability(const char* aCapability);
+  static bool     CallerHasUniversalXPConnect();
 
   static bool     IsImageSrcSetDisabled();
 
   /**
    * Returns the parent node of aChild crossing document boundaries.
    */
   static nsINode* GetCrossDocParentNode(nsINode* aChild);
 
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@@ -1143,26 +1143,19 @@ nsContentUtils::Shutdown()
 
   NS_IF_RELEASE(sSameOriginChecker);
   
   nsTextEditorState::ShutDown();
 }
 
 // static
 bool
-nsContentUtils::IsCallerTrustedForCapability(const char* aCapability)
-{
-  // The secman really should handle UniversalXPConnect case, since that
-  // should include UniversalBrowserRead... doesn't right now, though.
+nsContentUtils::CallerHasUniversalXPConnect()
+{
   bool hasCap;
-  if (NS_FAILED(sSecurityManager->IsCapabilityEnabled(aCapability, &hasCap)))
-    return false;
-  if (hasCap)
-    return true;
-    
   if (NS_FAILED(sSecurityManager->IsCapabilityEnabled("UniversalXPConnect",
                                                       &hasCap)))
     return false;
   return hasCap;
 }
 
 /**
  * Checks whether two nodes come from the same origin. aTrustedNode is
@@ -1222,26 +1215,19 @@ nsContentUtils::CanCallerAccess(nsIPrinc
   bool subsumes;
   nsresult rv = aSubjectPrincipal->Subsumes(aPrincipal, &subsumes);
   NS_ENSURE_SUCCESS(rv, false);
 
   if (subsumes) {
     return true;
   }
 
-  // The subject doesn't subsume aPrincipal.  Allow access only if the subject
-  // has either "UniversalXPConnect" (if aPrincipal is system principal) or
-  // "UniversalBrowserRead" (in all other cases).
-  bool isSystem;
-  rv = sSecurityManager->IsSystemPrincipal(aPrincipal, &isSystem);
-  isSystem = NS_FAILED(rv) || isSystem;
-  const char* capability =
-    NS_FAILED(rv) || isSystem ? "UniversalXPConnect" : "UniversalBrowserRead";
-
-  return IsCallerTrustedForCapability(capability);
+  // The subject doesn't subsume aPrincipal. Allow access only if the subject
+  // has UniversalXPConnect.
+  return CallerHasUniversalXPConnect();
 }
 
 // static
 bool
 nsContentUtils::CanCallerAccess(nsIDOMNode *aNode)
 {
   // XXXbz why not check the IsCapabilityEnabled thing up front, and not bother
   // with the system principal games?  But really, there should be a simpler
@@ -1464,23 +1450,23 @@ nsContentUtils::IsCallerChrome()
   }
 
   return is_caller_chrome;
 }
 
 bool
 nsContentUtils::IsCallerTrustedForRead()
 {
-  return IsCallerTrustedForCapability("UniversalBrowserRead");
+  return CallerHasUniversalXPConnect();
 }
 
 bool
 nsContentUtils::IsCallerTrustedForWrite()
 {
-  return IsCallerTrustedForCapability("UniversalBrowserWrite");
+  return CallerHasUniversalXPConnect();
 }
 
 bool
 nsContentUtils::IsImageSrcSetDisabled()
 {
   return Preferences::GetBool("dom.disable_image_src_set") &&
          !IsCallerChrome();
 }
--- a/content/base/src/nsDOMFile.cpp
+++ b/content/base/src/nsDOMFile.cpp
@@ -160,22 +160,22 @@ nsDOMFileBase::GetName(nsAString &aFileN
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsDOMFileBase::GetMozFullPath(nsAString &aFileName)
 {
   NS_ASSERTION(mIsFile, "Should only be called on files");
 
-  // It is unsafe to call IsCallerTrustedForCapability on a non-main thread. If
+  // It is unsafe to call CallerHasUniversalXPConnect on a non-main thread. If
   // you hit the following assertion you need to figure out some other way to
   // determine privileges and call GetMozFullPathInternal.
   NS_ASSERTION(NS_IsMainThread(), "Wrong thread!");
 
-  if (nsContentUtils::IsCallerTrustedForCapability("UniversalFileRead")) {
+  if (nsContentUtils::CallerHasUniversalXPConnect()) {
     return GetMozFullPathInternal(aFileName);
   }
   aFileName.Truncate();
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsDOMFileBase::GetMozFullPathInternal(nsAString &aFileName)
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -2744,20 +2744,20 @@ nsXMLHttpRequest::SetRequestHeader(const
     return NS_ERROR_FAILURE; // must be called before first setRequestHeader()
 
   nsCOMPtr<nsIHttpChannel> httpChannel(do_QueryInterface(mChannel));
   if (!httpChannel) {
     return NS_OK;
   }
 
   // Prevent modification to certain HTTP headers (see bug 302263), unless
-  // the executing script has UniversalBrowserWrite permission.
+  // the executing script has UniversalXPConnect.
 
   bool privileged;
-  rv = IsCapabilityEnabled("UniversalBrowserWrite", &privileged);
+  rv = IsCapabilityEnabled("UniversalXPConnect", &privileged);
   if (NS_FAILED(rv))
     return NS_ERROR_FAILURE;
 
   if (!privileged) {
     // Check for dangerous headers
     const char *kInvalidHeaders[] = {
       "accept-charset", "accept-encoding", "access-control-request-headers",
       "access-control-request-method", "connection", "content-length",
--- a/content/events/public/nsEventDispatcher.h
+++ b/content/events/public/nsEventDispatcher.h
@@ -250,17 +250,17 @@ public:
                            nsEventStatus* aEventStatus = nsnull,
                            nsDispatchingCallback* aCallback = nsnull,
                            nsCOMArray<nsIDOMEventTarget>* aTargets = nsnull);
 
   /**
    * Dispatches an event.
    * If aDOMEvent is not nsnull, it is used for dispatching
    * (aEvent can then be nsnull) and (if aDOMEvent is not |trusted| already),
-   * the |trusted| flag is set based on the UniversalBrowserWrite capability.
+   * the |trusted| flag is set based on the UniversalXPConnect capability.
    * Otherwise this works like nsEventDispatcher::Dispatch.
    * @note Use this method when dispatching nsIDOMEvent.
    */
   static nsresult DispatchDOMEvent(nsISupports* aTarget,
                                    nsEvent* aEvent, nsIDOMEvent* aDOMEvent,
                                    nsPresContext* aPresContext,
                                    nsEventStatus* aEventStatus);
 
--- a/content/events/src/nsDOMDataTransfer.cpp
+++ b/content/events/src/nsDOMDataTransfer.cpp
@@ -447,21 +447,21 @@ nsDOMDataTransfer::MozGetDataAt(const ns
     return NS_ERROR_DOM_INDEX_SIZE_ERR;
 
   nsAutoString format;
   GetRealFormat(aFormat, format);
 
   nsTArray<TransferItem>& item = mItems[aIndex];
 
   // allow access to any data in the drop and dragdrop events, or if the
-  // UniversalBrowserRead privilege is set, otherwise only allow access to
+  // UniversalXPConnect privilege is set, otherwise only allow access to
   // data from the same principal.
   nsIPrincipal* principal = nsnull;
   if (mEventType != NS_DRAGDROP_DROP && mEventType != NS_DRAGDROP_DRAGDROP &&
-      !nsContentUtils::IsCallerTrustedForCapability("UniversalBrowserRead")) {
+      !nsContentUtils::CallerHasUniversalXPConnect()) {
     nsresult rv = NS_OK;
     principal = GetCurrentPrincipal(&rv);
     NS_ENSURE_SUCCESS(rv, rv);
   }
 
   PRUint32 count = item.Length();
   for (PRUint32 i = 0; i < count; i++) {
     TransferItem& formatitem = item[i];
@@ -520,17 +520,17 @@ nsDOMDataTransfer::MozSetDataAt(const ns
   // item. Specifying an index equal to the current length will add a new item.
   if (aIndex > mItems.Length())
     return NS_ERROR_DOM_INDEX_SIZE_ERR;
 
   // don't allow non-chrome to add file data
   // XXX perhaps this should also limit any non-string type as well
   if ((aFormat.EqualsLiteral("application/x-moz-file-promise") ||
        aFormat.EqualsLiteral("application/x-moz-file")) &&
-       !nsContentUtils::IsCallerTrustedForCapability("UniversalXPConnect")) {
+       !nsContentUtils::CallerHasUniversalXPConnect()) {
     return NS_ERROR_DOM_SECURITY_ERR;
   }
 
   nsresult rv = NS_OK;
   nsIPrincipal* principal = GetCurrentPrincipal(&rv);
   NS_ENSURE_SUCCESS(rv, rv);
   return SetDataWithPrincipal(aFormat, aData, aIndex, principal);
 }
--- a/content/events/src/nsDOMEvent.cpp
+++ b/content/events/src/nsDOMEvent.cpp
@@ -575,17 +575,17 @@ nsDOMEvent::InitEvent(const nsAString& a
   // Make sure this event isn't already being dispatched.
   NS_ENSURE_TRUE(!NS_IS_EVENT_IN_DISPATCH(mEvent), NS_ERROR_INVALID_ARG);
 
   if (NS_IS_TRUSTED_EVENT(mEvent)) {
     // Ensure the caller is permitted to dispatch trusted DOM events.
 
     bool enabled = false;
     nsContentUtils::GetSecurityManager()->
-      IsCapabilityEnabled("UniversalBrowserWrite", &enabled);
+      IsCapabilityEnabled("UniversalXPConnect", &enabled);
 
     if (!enabled) {
       SetTrusted(false);
     }
   }
 
   NS_ENSURE_SUCCESS(SetEventType(aEventTypeArg), NS_ERROR_FAILURE);
 
--- a/content/html/content/src/nsHTMLInputElement.cpp
+++ b/content/html/content/src/nsHTMLInputElement.cpp
@@ -936,17 +936,17 @@ nsresult
 nsHTMLInputElement::GetValueInternal(nsAString& aValue) const
 {
   switch (GetValueMode()) {
     case VALUE_MODE_VALUE:
       mInputData.mState->GetValue(aValue, true);
       return NS_OK;
 
     case VALUE_MODE_FILENAME:
-      if (nsContentUtils::IsCallerTrustedForCapability("UniversalFileRead")) {
+      if (nsContentUtils::CallerHasUniversalXPConnect()) {
         if (mFiles.Count()) {
           return mFiles[0]->GetMozFullPath(aValue);
         }
         else {
           aValue.Truncate();
         }
       } else {
         // Just return the leaf name
@@ -985,19 +985,19 @@ nsHTMLInputElement::IsValueEmpty() const
 
 NS_IMETHODIMP 
 nsHTMLInputElement::SetValue(const nsAString& aValue)
 {
   // check security.  Note that setting the value to the empty string is always
   // OK and gives pages a way to clear a file input if necessary.
   if (mType == NS_FORM_INPUT_FILE) {
     if (!aValue.IsEmpty()) {
-      if (!nsContentUtils::IsCallerTrustedForCapability("UniversalFileRead")) {
+      if (!nsContentUtils::CallerHasUniversalXPConnect()) {
         // setting the value of a "FILE" input widget requires the
-        // UniversalFileRead privilege
+        // UniversalXPConnect privilege
         return NS_ERROR_DOM_SECURITY_ERR;
       }
       const PRUnichar *name = PromiseFlatString(aValue).get();
       return MozSetFileNameArray(&name, 1);
     }
     else {
       ClearFiles(true);
     }
@@ -1032,17 +1032,17 @@ nsHTMLInputElement::GetList(nsIDOMHTMLEl
 
   CallQueryInterface(element, aValue);
   return NS_OK;
 }
 
 NS_IMETHODIMP 
 nsHTMLInputElement::MozGetFileNameArray(PRUint32 *aLength, PRUnichar ***aFileNames)
 {
-  if (!nsContentUtils::IsCallerTrustedForCapability("UniversalFileRead")) {
+  if (!nsContentUtils::CallerHasUniversalXPConnect()) {
     // Since this function returns full paths it's important that normal pages
     // can't call it.
     return NS_ERROR_DOM_SECURITY_ERR;
   }
 
   *aLength = mFiles.Count();
   PRUnichar **ret =
     static_cast<PRUnichar **>(NS_Alloc(mFiles.Count() * sizeof(PRUnichar*)));
@@ -1059,19 +1059,19 @@ nsHTMLInputElement::MozGetFileNameArray(
   *aFileNames = ret;
 
   return NS_OK;
 }
 
 NS_IMETHODIMP 
 nsHTMLInputElement::MozSetFileNameArray(const PRUnichar **aFileNames, PRUint32 aLength)
 {
-  if (!nsContentUtils::IsCallerTrustedForCapability("UniversalFileRead")) {
+  if (!nsContentUtils::CallerHasUniversalXPConnect()) {
     // setting the value of a "FILE" input widget requires the
-    // UniversalFileRead privilege
+    // UniversalXPConnect privilege
     return NS_ERROR_DOM_SECURITY_ERR;
   }
 
   nsCOMArray<nsIDOMFile> files;
   for (PRUint32 i = 0; i < aLength; ++i) {
     nsCOMPtr<nsIFile> file;
     if (StringBeginsWith(nsDependentString(aFileNames[i]),
                          NS_LITERAL_STRING("file:"),
--- a/content/xul/document/src/nsXULDocument.cpp
+++ b/content/xul/document/src/nsXULDocument.cpp
@@ -1376,17 +1376,17 @@ nsXULDocument::IsCapabilityEnabled(const
 }
 
 
 nsresult
 nsXULDocument::Persist(nsIContent* aElement, PRInt32 aNameSpaceID,
                        nsIAtom* aAttribute)
 {
     // For non-chrome documents, persistance is simply broken
-    if (!IsCapabilityEnabled("UniversalBrowserWrite"))
+    if (!IsCapabilityEnabled("UniversalXPConnect"))
         return NS_ERROR_NOT_AVAILABLE;
 
     // First make sure we _have_ a local store to stuff the persisted
     // information into. (We might not have one if profile information
     // hasn't been loaded yet...)
     if (!mLocalStore)
         return NS_OK;
 
@@ -2135,17 +2135,17 @@ nsXULDocument::PrepareToLoadPrototype(ns
     return NS_OK;
 }
 
 
 nsresult
 nsXULDocument::ApplyPersistentAttributes()
 {
     // For non-chrome documents, persistance is simply broken
-    if (!IsCapabilityEnabled("UniversalBrowserRead"))
+    if (!IsCapabilityEnabled("UniversalXPConnect"))
         return NS_ERROR_NOT_AVAILABLE;
 
     // Add all of the 'persisted' attributes into the content
     // model.
     if (!mLocalStore)
         return NS_OK;
 
     mApplyingPersistedAttrs = true;
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -1621,20 +1621,20 @@ nsDocShell::ValidateOrigin(nsIDocShellTr
     NS_ENSURE_TRUE(securityManager, false);
 
     nsCOMPtr<nsIPrincipal> subjectPrincipal;
     nsresult rv =
         securityManager->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal));
     NS_ENSURE_SUCCESS(rv, false);
 
     if (subjectPrincipal) {
-        // We're called from JS, check if UniversalBrowserWrite is
+        // We're called from JS, check if UniversalXPConnect is
         // enabled.
         bool ubwEnabled = false;
-        rv = securityManager->IsCapabilityEnabled("UniversalBrowserWrite",
+        rv = securityManager->IsCapabilityEnabled("UniversalXPConnect",
                                                   &ubwEnabled);
         NS_ENSURE_SUCCESS(rv, false);
 
         if (ubwEnabled) {
             return true;
         }
     }
 
@@ -7779,17 +7779,17 @@ nsDocShell::CheckLoadingPermissions()
     // the parent before allowing it to load anything into this
     // docshell.
 
     nsCOMPtr<nsIScriptSecurityManager> securityManager =
         do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
     NS_ENSURE_SUCCESS(rv, rv);
 
     bool ubwEnabled = false;
-    rv = securityManager->IsCapabilityEnabled("UniversalBrowserWrite",
+    rv = securityManager->IsCapabilityEnabled("UniversalXPConnect",
                                               &ubwEnabled);
     if (NS_FAILED(rv) || ubwEnabled) {
         return rv;
     }
 
     nsCOMPtr<nsIPrincipal> subjPrincipal;
     rv = securityManager->GetSubjectPrincipal(getter_AddRefs(subjPrincipal));
     NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && subjPrincipal, rv);
--- a/dom/base/nsBarProps.cpp
+++ b/dom/base/nsBarProps.cpp
@@ -101,17 +101,17 @@ nsBarProp::SetVisibleByFlag(bool aVisibl
   nsCOMPtr<nsIWebBrowserChrome> browserChrome = GetBrowserChrome();
   NS_ENSURE_TRUE(browserChrome, NS_OK);
 
   bool enabled = false;
 
   nsCOMPtr<nsIScriptSecurityManager>
            securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
   if (securityManager)
-    securityManager->IsCapabilityEnabled("UniversalBrowserWrite", &enabled);
+    securityManager->IsCapabilityEnabled("UniversalXPConnect", &enabled);
   if (!enabled)
     return NS_OK;
 
   PRUint32 chromeFlags;
 
   NS_ENSURE_SUCCESS(browserChrome->GetChromeFlags(&chromeFlags),
                     NS_ERROR_FAILURE);
   if (aVisible)
@@ -318,17 +318,17 @@ nsScrollbarsProp::GetVisible(bool *aVisi
 NS_IMETHODIMP
 nsScrollbarsProp::SetVisible(bool aVisible)
 {
   bool     enabled = false;
 
   nsCOMPtr<nsIScriptSecurityManager>
            securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
   if (securityManager)
-    securityManager->IsCapabilityEnabled("UniversalBrowserWrite", &enabled);
+    securityManager->IsCapabilityEnabled("UniversalXPConnect", &enabled);
   if (!enabled)
     return NS_OK;
 
   /* Scrollbars, unlike the other barprops, implement visibility directly
      rather than handing off to the superclass (and from there to the
      chrome window) because scrollbar visibility uniquely applies only
      to the window making the change (arguably. it does now, anyway.)
      and because embedding apps have no interface for implementing this
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@@ -2597,17 +2597,17 @@ nsGlobalWindow::DialogOpenAttempted()
     NS_ERROR("DialogOpenAttempted() called without a top window?");
 
     return false;
   }
 
   topWindow = topWindow->GetCurrentInnerWindowInternal();
   if (!topWindow ||
       topWindow->mLastDialogQuitTime.IsNull() ||
-      nsContentUtils::IsCallerTrustedForCapability("UniversalXPConnect")) {
+      nsContentUtils::CallerHasUniversalXPConnect()) {
     return false;
   }
 
   TimeDuration dialogDuration(TimeStamp::Now() -
                               topWindow->mLastDialogQuitTime);
 
   if (dialogDuration.ToSeconds() <
         Preferences::GetInt("dom.successive_dialog_time_limit",
--- a/embedding/components/find/src/nsWebBrowserFind.cpp
+++ b/embedding/components/find/src/nsWebBrowserFind.cpp
@@ -734,20 +734,17 @@ nsresult nsWebBrowserFind::SearchInFrame
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (subject) {
         bool subsumes;
         rv = subject->Subsumes(theDoc->NodePrincipal(), &subsumes);
         NS_ENSURE_SUCCESS(rv, rv);
         if (!subsumes) {
             bool hasCap = false;
-            secMan->IsCapabilityEnabled("UniversalBrowserWrite", &hasCap);
-            if (!hasCap) {
-                secMan->IsCapabilityEnabled("UniversalXPConnect", &hasCap);
-            }
+            secMan->IsCapabilityEnabled("UniversalXPConnect", &hasCap);
             if (!hasCap) {
                 return NS_ERROR_DOM_PROP_ACCESS_DENIED;
             }
         }
     }
 
     if (!mFind) {
         mFind = do_CreateInstance(NS_FIND_CONTRACTID, &rv);
--- a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
+++ b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
@@ -1551,17 +1551,17 @@ PRUint32 nsWindowWatcher::CalculateChrom
 
   /* missing
      chromeFlags->copy_history
    */
 
   // Check security state for use in determing window dimensions
   bool enabled;
   nsresult res =
-    securityManager->IsCapabilityEnabled("UniversalBrowserWrite", &enabled);
+    securityManager->IsCapabilityEnabled("UniversalXPConnect", &enabled);
 
   if (NS_FAILED(res) || !enabled || (isChrome && !aHasChromeParent)) {
     // If priv check fails (or if we're called from chrome, but the
     // parent is not a chrome window), set all elements to minimum
     // reqs., else leave them alone.
     chromeFlags |= nsIWebBrowserChrome::CHROME_TITLEBAR;
     chromeFlags |= nsIWebBrowserChrome::CHROME_WINDOW_CLOSE;
     chromeFlags &= ~nsIWebBrowserChrome::CHROME_WINDOW_LOWERED;
@@ -1973,17 +1973,17 @@ nsWindowWatcher::SizeOpenedDocShellItem(
   
   nsresult res;
   bool enabled = false;
 
   // Check security state for use in determing window dimensions
   nsCOMPtr<nsIScriptSecurityManager>
     securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
   if (securityManager) {
-    res = securityManager->IsCapabilityEnabled("UniversalBrowserWrite",
+    res = securityManager->IsCapabilityEnabled("UniversalXPConnect",
                                                &enabled);
     if (NS_FAILED(res))
       enabled = false;
     else if (enabled && aParent) {
       nsCOMPtr<nsIDOMChromeWindow> chromeWin(do_QueryInterface(aParent));
 
       bool isChrome = false;
       nsresult rv = securityManager->SubjectPrincipalIsSystem(&isChrome);
--- a/layout/style/nsCSSStyleSheet.h
+++ b/layout/style/nsCSSStyleSheet.h
@@ -281,17 +281,17 @@ protected:
 
   void ClearRuleCascades();
 
   nsresult WillDirty();
   void     DidDirty();
 
   // Return success if the subject principal subsumes the principal of our
   // inner, error otherwise.  This will also succeed if the subject has
-  // UniversalBrowserWrite.
+  // UniversalXPConnect.
   nsresult SubjectSubsumesInnerPrincipal() const;
 
   // Add the namespace mapping from this @namespace rule to our namespace map
   nsresult RegisterNamespaceRule(mozilla::css::Rule* aRule);
 
 protected:
   nsString              mTitle;
   nsRefPtr<nsMediaList> mMedia;
--- a/layout/style/nsComputedDOMStyle.cpp
+++ b/layout/style/nsComputedDOMStyle.cpp
@@ -532,18 +532,17 @@ nsComputedDOMStyle::GetPropertyCSSValue(
     NS_ENSURE_TRUE(mStyleContextHolder, NS_ERROR_OUT_OF_MEMORY);
     NS_ASSERTION(mPseudo || !mStyleContextHolder->HasPseudoElementData(),
                  "should not have pseudo-element data");
   }
 
   // mExposeVisitedStyle is set to true only by testing APIs that
   // require UniversalXPConnect.
   NS_ABORT_IF_FALSE(!mExposeVisitedStyle ||
-                    nsContentUtils::IsCallerTrustedForCapability(
-                                      "UniversalXPConnect"),
+                    nsContentUtils::CallerHasUniversalXPConnect(),
                     "mExposeVisitedStyle set incorrectly");
   if (mExposeVisitedStyle && mStyleContextHolder->RelevantLinkVisited()) {
     nsStyleContext *styleIfVisited = mStyleContextHolder->GetStyleIfVisited();
     if (styleIfVisited) {
       mStyleContextHolder = styleIfVisited;
     }
   }