--- a/caps/include/nsScriptSecurityManager.h
+++ b/caps/include/nsScriptSecurityManager.h
@@ -46,17 +46,16 @@
#include "nsIPrincipal.h"
#include "jsapi.h"
#include "jsdbgapi.h"
#include "nsIXPCSecurityManager.h"
#include "nsInterfaceHashtable.h"
#include "nsHashtable.h"
#include "nsCOMPtr.h"
#include "nsIPrefService.h"
-#include "nsISecurityPref.h"
#include "nsIChannelEventSink.h"
#include "nsIJSContextStack.h"
#include "nsIObserver.h"
#include "pldhash.h"
#include "plstr.h"
#include "nsIScriptExternalNameSet.h"
class nsIDocShell;
@@ -365,29 +364,27 @@ MoveClassPolicyEntry(PLDHashTable *table
/////////////////////////////
// nsScriptSecurityManager //
/////////////////////////////
#define NS_SCRIPTSECURITYMANAGER_CID \
{ 0x7ee2a4c0, 0x4b93, 0x17d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
class nsScriptSecurityManager : public nsIScriptSecurityManager,
- public nsIPrefSecurityCheck,
public nsIChannelEventSink,
public nsIObserver
{
public:
static void Shutdown();
NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
NS_DECL_ISUPPORTS
NS_DECL_NSISCRIPTSECURITYMANAGER
NS_DECL_NSIXPCSECURITYMANAGER
- NS_DECL_NSIPREFSECURITYCHECK
NS_DECL_NSICHANNELEVENTSINK
NS_DECL_NSIOBSERVER
static nsScriptSecurityManager*
GetScriptSecurityManager();
static nsSystemPrincipal*
SystemPrincipalSingletonConstructor();
@@ -584,18 +581,17 @@ private:
nsresult
InitPolicies();
nsresult
InitDomainPolicy(JSContext* cx, const char* aPolicyName,
DomainPolicy* aDomainPolicy);
nsresult
- InitPrincipals(PRUint32 prefCount, const char** prefNames,
- nsISecurityPref* securityPref);
+ InitPrincipals(PRUint32 prefCount, const char** prefNames);
#ifdef XPC_IDISPATCH_SUPPORT
// While this header is included outside of caps, this class isn't
// referenced so this should be fine.
nsresult
CheckComponentPermissions(JSContext *cx, const nsCID &aCID);
#endif
@@ -624,17 +620,16 @@ private:
static const char sJSEnabledPrefName[];
static const char sFileOriginPolicyPrefName[];
nsObjectHashtable* mOriginToPolicyMap;
DomainPolicy* mDefaultPolicy;
nsObjectHashtable* mCapabilities;
nsCOMPtr<nsIPrefBranch> mPrefBranch;
- nsCOMPtr<nsISecurityPref> mSecurityPref;
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
nsCOMPtr<nsIPrincipal> mSystemCertificate;
ContextPrincipal *mContextPrincipals;
nsInterfaceHashtable<PrincipalKey, nsIPrincipal> mPrincipals;
PRPackedBool mIsJavaScriptEnabled;
PRPackedBool mIsWritingPrefs;
PRPackedBool mPolicyPrefsChanged;
#ifdef XPC_IDISPATCH_SUPPORT
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -498,20 +498,19 @@ DeleteDomainEntry(nsHashKey *aKey, void
/////////////////////////////
// nsScriptSecurityManager //
/////////////////////////////
////////////////////////////////////
// Methods implementing ISupports //
////////////////////////////////////
-NS_IMPL_ISUPPORTS5(nsScriptSecurityManager,
+NS_IMPL_ISUPPORTS4(nsScriptSecurityManager,
nsIScriptSecurityManager,
nsIXPCSecurityManager,
- nsIPrefSecurityCheck,
nsIChannelEventSink,
nsIObserver)
///////////////////////////////////////////////////
// Methods implementing nsIScriptSecurityManager //
///////////////////////////////////////////////////
///////////////// Security Checks /////////////////
@@ -1083,17 +1082,17 @@ nsScriptSecurityManager::LookupPolicy(ns
{
nsresult rv;
result->level = SCRIPT_SECURITY_UNDEFINED_ACCESS;
DomainPolicy* dpolicy = nsnull;
//-- Initialize policies if necessary
if (mPolicyPrefsChanged)
{
- if (!mSecurityPref) {
+ if (!mPrefBranch) {
rv = InitPrefs();
NS_ENSURE_SUCCESS(rv, rv);
}
rv = InitPolicies();
if (NS_FAILED(rv))
return rv;
}
else
@@ -2508,33 +2507,33 @@ nsScriptSecurityManager::SavePrincipal(n
rv = GetPrincipalPrefNames( idPrefName,
grantedPrefName,
deniedPrefName,
subjectNamePrefName );
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
mIsWritingPrefs = PR_TRUE;
if (grantedList)
- mSecurityPref->SecuritySetCharPref(grantedPrefName.get(), grantedList);
+ mPrefBranch->SetCharPref(grantedPrefName.get(), grantedList);
else
- mSecurityPref->SecurityClearUserPref(grantedPrefName.get());
+ mPrefBranch->ClearUserPref(grantedPrefName.get());
if (deniedList)
- mSecurityPref->SecuritySetCharPref(deniedPrefName.get(), deniedList);
+ mPrefBranch->SetCharPref(deniedPrefName.get(), deniedList);
else
- mSecurityPref->SecurityClearUserPref(deniedPrefName.get());
+ mPrefBranch->ClearUserPref(deniedPrefName.get());
if (grantedList || deniedList) {
- mSecurityPref->SecuritySetCharPref(idPrefName, id);
- mSecurityPref->SecuritySetCharPref(subjectNamePrefName.get(),
+ mPrefBranch->SetCharPref(idPrefName, id);
+ mPrefBranch->SetCharPref(subjectNamePrefName.get(),
subjectName);
}
else {
- mSecurityPref->SecurityClearUserPref(idPrefName);
- mSecurityPref->SecurityClearUserPref(subjectNamePrefName.get());
+ mPrefBranch->ClearUserPref(idPrefName);
+ mPrefBranch->ClearUserPref(subjectNamePrefName.get());
}
mIsWritingPrefs = PR_FALSE;
nsCOMPtr<nsIPrefService> prefService(do_GetService(NS_PREFSERVICE_CONTRACTID, &rv));
NS_ENSURE_SUCCESS(rv, rv);
return prefService->SavePrefFile(nsnull);
}
@@ -3245,39 +3244,29 @@ nsScriptSecurityManager::CheckXPCPermiss
nsresult rv;
nsCOMPtr<nsIPluginInstance> plugin(do_QueryInterface(aObj, &rv));
if (NS_SUCCEEDED(rv))
{
static PRBool prefSet = PR_FALSE;
static PRBool allowPluginAccess = PR_FALSE;
if (!prefSet)
{
- rv = mSecurityPref->SecurityGetBoolPref("security.xpconnect.plugin.unrestricted",
+ rv = mPrefBranch->GetBoolPref("security.xpconnect.plugin.unrestricted",
&allowPluginAccess);
prefSet = PR_TRUE;
}
if (allowPluginAccess)
return NS_OK;
}
}
//-- Access tests failed
return NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED;
}
-//////////////////////////////////////////////
-// Method implementing nsIPrefSecurityCheck //
-//////////////////////////////////////////////
-
-NS_IMETHODIMP
-nsScriptSecurityManager::CanAccessSecurityPreferences(PRBool* _retval)
-{
- return IsCapabilityEnabled("CapabilityPreferencesAccess", _retval);
-}
-
/////////////////////////////////////////////
// Method implementing nsIChannelEventSink //
/////////////////////////////////////////////
NS_IMETHODIMP
nsScriptSecurityManager::OnChannelRedirect(nsIChannel* oldChannel,
nsIChannel* newChannel,
PRUint32 redirFlags)
{
@@ -3333,17 +3322,17 @@ nsScriptSecurityManager::Observe(nsISupp
{
static const char id[] = "id";
char* lastDot = PL_strrchr(message, '.');
//-- This check makes sure the string copy below doesn't overwrite its bounds
if(PL_strlen(lastDot) >= sizeof(id))
{
PL_strcpy(lastDot + 1, id);
const char** idPrefArray = (const char**)&message;
- rv = InitPrincipals(1, idPrefArray, mSecurityPref);
+ rv = InitPrincipals(1, idPrefArray);
}
}
return rv;
}
/////////////////////////////////////////////
// Constructor, Destructor, Initialization //
/////////////////////////////////////////////
@@ -3558,21 +3547,21 @@ nsScriptSecurityManager::InitPolicies()
// Get a JS context - we need it to create internalized strings later.
JSContext* cx = GetSafeJSContext();
NS_ASSERTION(cx, "failed to get JS context");
AutoCxPusher autoPusher(sJSContextStack, cx);
rv = InitDomainPolicy(cx, "default", mDefaultPolicy);
NS_ENSURE_SUCCESS(rv, rv);
nsXPIDLCString policyNames;
- rv = mSecurityPref->SecurityGetCharPref("capability.policy.policynames",
+ rv = mPrefBranch->GetCharPref("capability.policy.policynames",
getter_Copies(policyNames));
nsXPIDLCString defaultPolicyNames;
- rv = mSecurityPref->SecurityGetCharPref("capability.policy.default_policynames",
+ rv = mPrefBranch->GetCharPref("capability.policy.default_policynames",
getter_Copies(defaultPolicyNames));
policyNames += NS_LITERAL_CSTRING(" ") + defaultPolicyNames;
//-- Initialize domain policies
char* policyCurrent = policyNames.BeginWriting();
PRBool morePolicies = PR_TRUE;
while (morePolicies)
{
@@ -3589,17 +3578,17 @@ nsScriptSecurityManager::InitPolicies()
*policyCurrent = '\0';
policyCurrent++;
nsCAutoString sitesPrefName(
NS_LITERAL_CSTRING(sPolicyPrefix) +
nsDependentCString(nameBegin) +
NS_LITERAL_CSTRING(".sites"));
nsXPIDLCString domainList;
- rv = mSecurityPref->SecurityGetCharPref(sitesPrefName.get(),
+ rv = mPrefBranch->GetCharPref(sitesPrefName.get(),
getter_Copies(domainList));
if (NS_FAILED(rv))
continue;
DomainPolicy* domainPolicy = new DomainPolicy();
if (!domainPolicy)
return NS_ERROR_OUT_OF_MEMORY;
@@ -3717,17 +3706,17 @@ nsScriptSecurityManager::InitDomainPolic
// We dealt with "sites" in InitPolicies(), so no need to do
// that again...
if (PL_strncmp(start, sitesStr, sizeof(sitesStr)-1) == 0)
continue;
// Get the pref value
nsXPIDLCString prefValue;
- rv = mSecurityPref->SecurityGetCharPref(prefNames[currentPref],
+ rv = mPrefBranch->GetCharPref(prefNames[currentPref],
getter_Copies(prefValue));
if (NS_FAILED(rv) || !prefValue)
continue;
SecurityLevel secLevel;
if (PL_strcasecmp(prefValue, "noAccess") == 0)
secLevel.level = SCRIPT_SECURITY_NO_ACCESS;
else if (PL_strcasecmp(prefValue, "allAccess") == 0)
@@ -3852,18 +3841,17 @@ nsScriptSecurityManager::GetPrincipalPre
#undef SUBJECTNAME
#undef DENIED
#undef GRANTED
return NS_OK;
}
nsresult
-nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefNames,
- nsISecurityPref* aSecurityPref)
+nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefNames)
{
/* This is the principal preference syntax:
* capability.principal.[codebase|codebaseTrusted|certificate].<name>.[id|granted|denied]
* For example:
* user_pref("capability.principal.certificate.p1.id","12:34:AB:CD");
* user_pref("capability.principal.certificate.p1.granted","Capability1 Capability2");
* user_pref("capability.principal.certificate.p1.denied","Capability3");
*/
@@ -3877,48 +3865,48 @@ nsScriptSecurityManager::InitPrincipals(
for (PRUint32 c = 0; c < aPrefCount; c++)
{
PRInt32 prefNameLen = PL_strlen(aPrefNames[c]) -
(NS_ARRAY_LENGTH(idSuffix) - 1);
if (PL_strcasecmp(aPrefNames[c] + prefNameLen, idSuffix) != 0)
continue;
nsXPIDLCString id;
- if (NS_FAILED(mSecurityPref->SecurityGetCharPref(aPrefNames[c], getter_Copies(id))))
+ if (NS_FAILED(mPrefBranch->GetCharPref(aPrefNames[c], getter_Copies(id))))
return NS_ERROR_FAILURE;
nsCAutoString grantedPrefName;
nsCAutoString deniedPrefName;
nsCAutoString subjectNamePrefName;
nsresult rv = GetPrincipalPrefNames(aPrefNames[c],
grantedPrefName,
deniedPrefName,
subjectNamePrefName);
if (rv == NS_ERROR_OUT_OF_MEMORY)
return rv;
if (NS_FAILED(rv))
continue;
nsXPIDLCString grantedList;
- mSecurityPref->SecurityGetCharPref(grantedPrefName.get(),
+ mPrefBranch->GetCharPref(grantedPrefName.get(),
getter_Copies(grantedList));
nsXPIDLCString deniedList;
- mSecurityPref->SecurityGetCharPref(deniedPrefName.get(),
+ mPrefBranch->GetCharPref(deniedPrefName.get(),
getter_Copies(deniedList));
nsXPIDLCString subjectName;
- mSecurityPref->SecurityGetCharPref(subjectNamePrefName.get(),
+ mPrefBranch->GetCharPref(subjectNamePrefName.get(),
getter_Copies(subjectName));
//-- Delete prefs if their value is the empty string
if (id.IsEmpty() || (grantedList.IsEmpty() && deniedList.IsEmpty()))
{
- mSecurityPref->SecurityClearUserPref(aPrefNames[c]);
- mSecurityPref->SecurityClearUserPref(grantedPrefName.get());
- mSecurityPref->SecurityClearUserPref(deniedPrefName.get());
- mSecurityPref->SecurityClearUserPref(subjectNamePrefName.get());
+ mPrefBranch->ClearUserPref(aPrefNames[c]);
+ mPrefBranch->ClearUserPref(grantedPrefName.get());
+ mPrefBranch->ClearUserPref(deniedPrefName.get());
+ mPrefBranch->ClearUserPref(subjectNamePrefName.get());
continue;
}
//-- Create a principal based on the prefs
static const char certificateName[] = "capability.principal.certificate";
static const char codebaseName[] = "capability.principal.codebase";
static const char codebaseTrustedName[] = "capability.principal.codebaseTrusted";
@@ -3973,50 +3961,48 @@ nsScriptSecurityManager::ScriptSecurityP
sStrictFileOriginPolicy = PR_TRUE;
#ifdef XPC_IDISPATCH_SUPPORT
// Granting XPC Priveleges defaults to disabled in failure cases.
mXPCDefaultGrantAll = PR_FALSE;
#endif
nsresult rv;
- if (!mSecurityPref) {
+ if (!mPrefBranch) {
rv = InitPrefs();
if (NS_FAILED(rv))
return;
}
PRBool temp;
- rv = mSecurityPref->SecurityGetBoolPref(sJSEnabledPrefName, &temp);
+ rv = mPrefBranch->GetBoolPref(sJSEnabledPrefName, &temp);
if (NS_SUCCEEDED(rv))
mIsJavaScriptEnabled = temp;
- rv = mSecurityPref->SecurityGetBoolPref(sFileOriginPolicyPrefName, &temp);
+ rv = mPrefBranch->GetBoolPref(sFileOriginPolicyPrefName, &temp);
if (NS_SUCCEEDED(rv))
sStrictFileOriginPolicy = NS_SUCCEEDED(rv) && temp;
#ifdef XPC_IDISPATCH_SUPPORT
- rv = mSecurityPref->SecurityGetBoolPref(sXPCDefaultGrantAllName, &temp);
+ rv = mPrefBranch->GetBoolPref(sXPCDefaultGrantAllName, &temp);
if (NS_SUCCEEDED(rv))
mXPCDefaultGrantAll = temp;
#endif
}
nsresult
nsScriptSecurityManager::InitPrefs()
{
nsresult rv;
nsCOMPtr<nsIPrefService> prefService(do_GetService(NS_PREFSERVICE_CONTRACTID, &rv));
NS_ENSURE_SUCCESS(rv, rv);
rv = prefService->GetBranch(nsnull, getter_AddRefs(mPrefBranch));
NS_ENSURE_SUCCESS(rv, rv);
nsCOMPtr<nsIPrefBranch2> prefBranchInternal(do_QueryInterface(mPrefBranch, &rv));
NS_ENSURE_SUCCESS(rv, rv);
- mSecurityPref = do_QueryInterface(mPrefBranch, &rv);
- NS_ENSURE_SUCCESS(rv, rv);
// Set the initial value of the "javascript.enabled" prefs
ScriptSecurityPrefChanged();
// set observer callbacks in case the value of the prefs change
prefBranchInternal->AddObserver(sJSEnabledPrefName, this, PR_FALSE);
prefBranchInternal->AddObserver(sFileOriginPolicyPrefName, this, PR_FALSE);
#ifdef XPC_IDISPATCH_SUPPORT
prefBranchInternal->AddObserver(sXPCDefaultGrantAllName, this, PR_FALSE);
@@ -4026,17 +4012,17 @@ nsScriptSecurityManager::InitPrefs()
// Set a callback for policy pref changes
prefBranchInternal->AddObserver(sPolicyPrefix, this, PR_FALSE);
//-- Initialize the principals database from prefs
rv = mPrefBranch->GetChildList(sPrincipalPrefix, &prefCount, &prefNames);
if (NS_SUCCEEDED(rv) && prefCount > 0)
{
- rv = InitPrincipals(prefCount, (const char**)prefNames, mSecurityPref);
+ rv = InitPrincipals(prefCount, (const char**)prefNames);
NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(prefCount, prefNames);
NS_ENSURE_SUCCESS(rv, rv);
}
//-- Set a callback for principal changes
prefBranchInternal->AddObserver(sPrincipalPrefix, this, PR_FALSE);
return NS_OK;
}
--- a/caps/src/nsSecurityManagerFactory.cpp
+++ b/caps/src/nsSecurityManagerFactory.cpp
@@ -47,17 +47,16 @@
#include "nsNullPrincipal.h"
#include "nsIScriptNameSpaceManager.h"
#include "nsIScriptContext.h"
#include "nsICategoryManager.h"
#include "nsXPIDLString.h"
#include "nsCOMPtr.h"
#include "nsIServiceManager.h"
#include "nsString.h"
-#include "nsPrefsCID.h"
#include "nsNetCID.h"
#include "nsIClassInfoImpl.h"
///////////////////////
// nsSecurityNameSet //
///////////////////////
nsSecurityNameSet::nsSecurityNameSet()
--- a/dom/locales/en-US/chrome/security/caps.properties
+++ b/dom/locales/en-US/chrome/security/caps.properties
@@ -152,11 +152,10 @@ ExtensionCapability = Unknown: %S
ProtocolFlagError = Warning: Protocol handler for '%S' doesn't advertise a security policy. While loading of such protocols is allowed for now, this is deprecated. Please see the documentation in nsIProtocolHandler.idl.
#
# The following descriptions are shown in the EnableCapabilityQuery dialog
#
capdesc.UniversalBrowserRead = Read private data from any site or window
capdesc.UniversalBrowserWrite = Modify any open window
capdesc.UniversalXPConnect = Run or install software on your machine
capdesc.UniversalFileRead = Read and upload local files
-capdesc.CapabilityPreferencesAccess = By-pass core security settings
capdesc.UniversalPreferencesRead = Read program settings
capdesc.UniversalPreferencesWrite = Modify program settings
--- a/layout/build/nsLayoutModule.cpp
+++ b/layout/build/nsLayoutModule.cpp
@@ -143,17 +143,16 @@
#include "nsTextServicesDocument.h"
#include "nsTextServicesCID.h"
#endif
#include "nsScriptSecurityManager.h"
#include "nsPrincipal.h"
#include "nsSystemPrincipal.h"
#include "nsNullPrincipal.h"
-#include "nsPrefsCID.h"
#include "nsNetCID.h"
#define NS_EDITORCOMMANDTABLE_CID \
{ 0x4f5e62b8, 0xd659, 0x4156, { 0x84, 0xfc, 0x2f, 0x60, 0x99, 0x40, 0x03, 0x69 }}
static NS_DEFINE_CID(kEditorCommandTableCID, NS_EDITORCOMMANDTABLE_CID);
NS_GENERIC_FACTORY_CONSTRUCTOR(nsPlaintextEditor)
@@ -1631,29 +1630,16 @@ static const nsModuleComponentInfo gXPCo
nsnull,
nsnull,
nsnull,
nsnull,
nsnull,
nsIClassInfo::MAIN_THREAD_ONLY
},
- { NS_SCRIPTSECURITYMANAGER_CLASSNAME,
- NS_SCRIPTSECURITYMANAGER_CID,
- NS_GLOBAL_PREF_SECURITY_CHECK,
- Construct_nsIScriptSecurityManager,
- RegisterSecurityNameSet,
- nsnull,
- nsnull,
- nsnull,
- nsnull,
- nsnull,
- nsIClassInfo::MAIN_THREAD_ONLY
- },
-
{ NS_SCRIPTSECURITYMANAGER_CLASSNAME,
NS_SCRIPTSECURITYMANAGER_CID,
NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID,
Construct_nsIScriptSecurityManager,
RegisterSecurityNameSet,
nsnull,
nsnull,
nsnull,
--- a/modules/libpref/public/Makefile.in
+++ b/modules/libpref/public/Makefile.in
@@ -49,18 +49,13 @@ SDK_XPIDLSRCS = \
nsIPrefService.idl \
nsIPrefBranch.idl \
nsIPrefBranch2.idl \
nsIPrefLocalizedString.idl \
$(NULL)
XPIDLSRCS = \
nsIPrefBranchInternal.idl \
- nsISecurityPref.idl \
nsIRelativeFilePref.idl \
$(NULL)
-EXPORTS = \
- nsPrefsCID.h \
- $(NULL)
-
include $(topsrcdir)/config/rules.mk
deleted file mode 100644
--- a/modules/libpref/public/nsISecurityPref.idl
+++ /dev/null
@@ -1,157 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nsISupports.idl"
-
-/**
- * Interface for accessing preferences, bypassing the usual security check on
- * preferences starting with "capability". This interface is used by
- * nsScriptSecurityManager which needs unchecked access to security prefs.
- * *PLEASE* do not call this interface from any other file, as this
- * would be insecure.
- *
- * THIS INTERFACE SHOULD NEVER BE MADE SCRIPTABLE
- *
- * @see nsIPrefBranch
- */
-
-[uuid(94afd973-8045-4c6c-89e6-75bdced4209e)]
-interface nsISecurityPref : nsISupports {
-
- /**
- * Called to get the state of a "capability" boolean preference.
- *
- * @param pref The boolean preference to get the state of.
- *
- * @return boolean The value of the requested boolean preference.
- *
- * @see securitySetBoolPref
- */
- boolean securityGetBoolPref(in string pref);
-
- /**
- * Called to set the state of a "capability" boolean preference.
- *
- * @param pref The boolean preference to set the state of.
- * @param value The boolean value to set the preference to.
- *
- * @return NS_OK The value was successfully set.
- * @return Other The value was not set or is the wrong type.
- *
- * @see securityGetBoolPref
- */
- void securitySetBoolPref(in string pref, in boolean value);
-
- /**
- * Called to get the state of a "capability" string preference.
- *
- * @param pref The string preference to retrieve.
- *
- * @return string The value of the requested string preference.
- *
- * @see securitySetCharPref
- */
- string securityGetCharPref(in string pref);
-
- /**
- * Called to set the state of a "capability" string preference.
- *
- * @param pref The string preference to set.
- * @param value The string value to set the preference to.
- *
- * @return NS_OK The value was successfully set.
- * @return Other The value was not set or is the wrong type.
- *
- * @see securityGetCharPref
- */
- void securitySetCharPref(in string pref, in string value);
-
- /**
- * Called to get the state of a "capability" integer preference.
- *
- * @param pref The integer preference to get the value of.
- *
- * @return long The value of the requested integer preference.
- *
- * @see securitySetIntPref
- */
- long securityGetIntPref(in string pref);
-
- /**
- * Called to set the state of a "capability" integer preference.
- *
- * @param pref The integer preference to set the value of.
- * @param value The integer value to set the preference to.
- *
- * @return NS_OK The value was successfully set.
- * @return Other The value was not set or is the wrong type.
- *
- * @see securityGetIntPref
- */
- void securitySetIntPref(in string pref, in long value);
-
- /**
- * Called to clear a user set value from a "capability" preference. This
- * will, in effect, reset the value to the default value. If no default value
- * exists the preference will cease to exist.
- *
- * @param pref_name The preference to be cleared.
- *
- * @note
- * This method does nothing if this object is a default branch.
- *
- * @return NS_OK The user preference was successfully cleared.
- * @return Other The preference does not exist or have a user set value.
- */
- void securityClearUserPref(in string pref_name);
-
-};
-
-/**
- * This interface allows checking whether getting capability prefs is allowed.
- */
-[uuid(c73c9a05-92ce-46e1-8f69-90a2a3a36104)]
-interface nsIPrefSecurityCheck : nsISupports {
- /**
- * Checks whether the currently executing script (if any) can access security
- * preferences. Corresponds to CapabilityPreferencesAccess.
- *
- * Exceptions from this method should be treated like a return value of false.
- */
- boolean canAccessSecurityPreferences();
-};
-
deleted file mode 100644
--- a/modules/libpref/public/nsPrefsCID.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the prefs module contractid listing file.
- *
- * The Initial Developer of the Original Code is
- * Christian Biesinger <cbiesinger@web.de>.
- * Portions created by the Initial Developer are Copyright (C) 2004
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef NSPREFSCID_H_
-#define NSPREFSCID_H_
-
-/**
- * This service will be used by the prefs module when a preference of
- * capability.* is being requested. It is used to check whether the caller is
- * allowed to access this pref. canAccessSecurityPreferences is called to
- * determine that.
- *
- * INTERFACES THAT MUST BE IMPLEMENTED:
- * nsIPrefSecurityCheck
- */
-#define NS_GLOBAL_PREF_SECURITY_CHECK "@mozilla.org/globalprefsecuritycheck;1"
-
-#endif
--- a/modules/libpref/src/nsPrefBranch.cpp
+++ b/modules/libpref/src/nsPrefBranch.cpp
@@ -45,17 +45,16 @@
#include "nsIDirectoryService.h"
#include "nsString.h"
#include "nsReadableUtils.h"
#include "nsXPIDLString.h"
#include "nsIStringBundle.h"
#include "prefapi.h"
#include "prmem.h"
#include "pldhash.h"
-#include "nsPrefsCID.h"
#include "plstr.h"
#include "nsCRT.h"
#include "mozilla/Services.h"
#include "prefapi_private_data.h"
// Definitions
@@ -113,17 +112,16 @@ nsPrefBranch::~nsPrefBranch()
NS_IMPL_THREADSAFE_ADDREF(nsPrefBranch)
NS_IMPL_THREADSAFE_RELEASE(nsPrefBranch)
NS_INTERFACE_MAP_BEGIN(nsPrefBranch)
NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIPrefBranch)
NS_INTERFACE_MAP_ENTRY(nsIPrefBranch)
NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIPrefBranch2, !mIsDefault)
NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIPrefBranchInternal, !mIsDefault)
- NS_INTERFACE_MAP_ENTRY(nsISecurityPref)
NS_INTERFACE_MAP_ENTRY(nsIObserver)
NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
NS_INTERFACE_MAP_END
/*
* nsIPrefBranch Implementation
*/
@@ -134,117 +132,72 @@ NS_IMETHODIMP nsPrefBranch::GetRoot(char
mPrefRoot.Truncate(mPrefRootLength);
*aRoot = ToNewCString(mPrefRoot);
return NS_OK;
}
NS_IMETHODIMP nsPrefBranch::GetPrefType(const char *aPrefName, PRInt32 *_retval)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_FAILED(rv))
- return rv;
-
+ const char *pref = getPrefName(aPrefName);
*_retval = PREF_GetPrefType(pref);
return NS_OK;
}
NS_IMETHODIMP nsPrefBranch::GetBoolPref(const char *aPrefName, PRBool *_retval)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_GetBoolPref(pref, _retval, mIsDefault);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ return PREF_GetBoolPref(pref, _retval, mIsDefault);
}
NS_IMETHODIMP nsPrefBranch::SetBoolPref(const char *aPrefName, PRInt32 aValue)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_SetBoolPref(pref, aValue, mIsDefault);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ return PREF_SetBoolPref(pref, aValue, mIsDefault);
}
NS_IMETHODIMP nsPrefBranch::GetCharPref(const char *aPrefName, char **_retval)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_CopyCharPref(pref, _retval, mIsDefault);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ return PREF_CopyCharPref(pref, _retval, mIsDefault);
}
NS_IMETHODIMP nsPrefBranch::SetCharPref(const char *aPrefName, const char *aValue)
{
- const char *pref;
- nsresult rv;
+ NS_ENSURE_ARG_POINTER(aValue);
- NS_ENSURE_ARG_POINTER(aValue);
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_SetCharPref(pref, aValue, mIsDefault);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ return PREF_SetCharPref(pref, aValue, mIsDefault);
}
NS_IMETHODIMP nsPrefBranch::GetIntPref(const char *aPrefName, PRInt32 *_retval)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_GetIntPref(pref, _retval, mIsDefault);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ return PREF_GetIntPref(pref, _retval, mIsDefault);
}
NS_IMETHODIMP nsPrefBranch::SetIntPref(const char *aPrefName, PRInt32 aValue)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_SetIntPref(pref, aValue, mIsDefault);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ return PREF_SetIntPref(pref, aValue, mIsDefault);
}
NS_IMETHODIMP nsPrefBranch::GetComplexValue(const char *aPrefName, const nsIID & aType, void * *_retval)
{
nsresult rv;
nsXPIDLCString utf8String;
// we have to do this one first because it's different than all the rest
if (aType.Equals(NS_GET_IID(nsIPrefLocalizedString))) {
nsCOMPtr<nsIPrefLocalizedString> theString(do_CreateInstance(NS_PREFLOCALIZEDSTRING_CONTRACTID, &rv));
if (NS_SUCCEEDED(rv)) {
- const char *pref;
+ const char *pref = getPrefName(aPrefName);
PRBool bNeedDefault = PR_FALSE;
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_FAILED(rv))
- return rv;
-
if (mIsDefault) {
bNeedDefault = PR_TRUE;
} else {
// if there is no user (or locked) value
if (!PREF_HasUserPref(pref) && !PREF_PrefIsLocked(pref)) {
bNeedDefault = PR_TRUE;
}
}
@@ -433,94 +386,60 @@ NS_IMETHODIMP nsPrefBranch::SetComplexVa
}
NS_WARNING("nsPrefBranch::SetComplexValue - Unsupported interface type");
return NS_NOINTERFACE;
}
NS_IMETHODIMP nsPrefBranch::ClearUserPref(const char *aPrefName)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_ClearUserPref(pref);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ return PREF_ClearUserPref(pref);
}
NS_IMETHODIMP nsPrefBranch::PrefHasUserValue(const char *aPrefName, PRBool *_retval)
{
- const char *pref;
- nsresult rv;
-
NS_ENSURE_ARG_POINTER(_retval);
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- *_retval = PREF_HasUserPref(pref);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ *_retval = PREF_HasUserPref(pref);
+ return NS_OK;
}
NS_IMETHODIMP nsPrefBranch::LockPref(const char *aPrefName)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_LockPref(pref, PR_TRUE);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ return PREF_LockPref(pref, PR_TRUE);
}
NS_IMETHODIMP nsPrefBranch::PrefIsLocked(const char *aPrefName, PRBool *_retval)
{
- const char *pref;
- nsresult rv;
-
NS_ENSURE_ARG_POINTER(_retval);
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- *_retval = PREF_PrefIsLocked(pref);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ *_retval = PREF_PrefIsLocked(pref);
+ return NS_OK;
}
NS_IMETHODIMP nsPrefBranch::UnlockPref(const char *aPrefName)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aPrefName, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_LockPref(pref, PR_FALSE);
- }
- return rv;
+ const char *pref = getPrefName(aPrefName);
+ return PREF_LockPref(pref, PR_FALSE);
}
/* void resetBranch (in string startingAt); */
NS_IMETHODIMP nsPrefBranch::ResetBranch(const char *aStartingAt)
{
return NS_ERROR_NOT_IMPLEMENTED;
}
NS_IMETHODIMP nsPrefBranch::DeleteBranch(const char *aStartingAt)
{
- const char *pref;
- nsresult rv;
-
- rv = getValidatedPrefName(aStartingAt, &pref);
- if (NS_SUCCEEDED(rv)) {
- rv = PREF_DeleteBranch(pref);
- }
- return rv;
+ const char *pref = getPrefName(aStartingAt);
+ return PREF_DeleteBranch(pref);
}
NS_IMETHODIMP nsPrefBranch::GetChildList(const char *aStartingAt, PRUint32 *aCount, char ***aChildArray)
{
char** outArray;
char* theElement;
PRInt32 numPrefs;
PRInt32 dwIndex;
@@ -783,100 +702,28 @@ const char *nsPrefBranch::getPrefName(co
// only append if anything to append
if ((nsnull != aPrefName) && (*aPrefName != '\0'))
mPrefRoot.Append(aPrefName);
return mPrefRoot.get();
}
-nsresult nsPrefBranch::getValidatedPrefName(const char *aPrefName, const char **_retval)
-{
- static const char capabilityPrefix[] = "capability.";
-
- NS_ENSURE_ARG_POINTER(aPrefName);
- const char *fullPref = getPrefName(aPrefName);
-
- // now that we have the pref, check it against the ScriptSecurityManager
- if ((fullPref[0] == 'c') &&
- PL_strncmp(fullPref, capabilityPrefix, sizeof(capabilityPrefix)-1) == 0)
- {
- nsresult rv;
- nsCOMPtr<nsIPrefSecurityCheck> secCheck =
- do_GetService(NS_GLOBAL_PREF_SECURITY_CHECK, &rv);
-
- if (NS_FAILED(rv))
- return NS_ERROR_FAILURE;
-
- PRBool enabled;
- rv = secCheck->CanAccessSecurityPreferences(&enabled);
- if (NS_FAILED(rv) || !enabled)
- return NS_ERROR_FAILURE;
- }
-
- *_retval = fullPref;
- return NS_OK;
-}
-
static PLDHashOperator
pref_enumChild(PLDHashTable *table, PLDHashEntryHdr *heh,
PRUint32 i, void *arg)
{
PrefHashEntry *he = static_cast<PrefHashEntry*>(heh);
EnumerateData *d = reinterpret_cast<EnumerateData *>(arg);
if (PL_strncmp(he->key, d->parent, PL_strlen(d->parent)) == 0) {
d->pref_list->AppendElement((void*)he->key);
}
return PL_DHASH_NEXT;
}
-
-/*
- * nsISecurityPref methods
- *
- * Pref access without security check - these are here
- * to support nsScriptSecurityManager.
- * These functions are part of nsISecurityPref, not nsIPref.
- * **PLEASE** do not call these functions from elsewhere
- */
-NS_IMETHODIMP nsPrefBranch::SecurityGetBoolPref(const char *pref, PRBool * return_val)
-{
- return PREF_GetBoolPref(getPrefName(pref), return_val, PR_FALSE);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecuritySetBoolPref(const char *pref, PRBool value)
-{
- return PREF_SetBoolPref(getPrefName(pref), value);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecurityGetCharPref(const char *pref, char ** return_buf)
-{
- return PREF_CopyCharPref(getPrefName(pref), return_buf, PR_FALSE);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecuritySetCharPref(const char *pref, const char* value)
-{
- return PREF_SetCharPref(getPrefName(pref), value);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecurityGetIntPref(const char *pref, PRInt32 * return_val)
-{
- return PREF_GetIntPref(getPrefName(pref), return_val, PR_FALSE);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecuritySetIntPref(const char *pref, PRInt32 value)
-{
- return PREF_SetIntPref(getPrefName(pref), value);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecurityClearUserPref(const char *pref_name)
-{
- return PREF_ClearUserPref(getPrefName(pref_name));
-}
-
//----------------------------------------------------------------------------
// nsPrefLocalizedString
//----------------------------------------------------------------------------
nsPrefLocalizedString::nsPrefLocalizedString()
{
}
--- a/modules/libpref/src/nsPrefBranch.h
+++ b/modules/libpref/src/nsPrefBranch.h
@@ -38,50 +38,46 @@
*
* ***** END LICENSE BLOCK ***** */
#include "nsCOMPtr.h"
#include "nsIObserver.h"
#include "nsIPrefBranch.h"
#include "nsIPrefBranchInternal.h"
#include "nsIPrefLocalizedString.h"
-#include "nsISecurityPref.h"
#include "nsXPCOM.h"
#include "nsISupportsPrimitives.h"
#include "nsIRelativeFilePref.h"
#include "nsILocalFile.h"
#include "nsString.h"
#include "nsVoidArray.h"
#include "nsTArray.h"
#include "nsWeakReference.h"
class nsPrefBranch : public nsIPrefBranchInternal,
- public nsISecurityPref,
public nsIObserver,
public nsSupportsWeakReference
{
public:
NS_DECL_ISUPPORTS
NS_DECL_NSIPREFBRANCH
NS_DECL_NSIPREFBRANCH2
- NS_DECL_NSISECURITYPREF
NS_DECL_NSIOBSERVER
nsPrefBranch(const char *aPrefRoot, PRBool aDefaultBranch);
virtual ~nsPrefBranch();
PRInt32 GetRootLength() { return mPrefRootLength; }
protected:
nsPrefBranch() /* disallow use of this constructer */
{ }
nsresult GetDefaultFromPropertiesFile(const char *aPrefName, PRUnichar **return_buf);
const char *getPrefName(const char *aPrefName);
- nsresult getValidatedPrefName(const char *aPrefName, const char **_retval);
void freeObserverList(void);
private:
PRInt32 mPrefRootLength;
nsAutoVoidArray *mObservers;
nsCString mPrefRoot;
PRBool mIsDefault;
