Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst
authorDan Witte <dwitte@mozilla.com>
Tue, 08 Jun 2010 16:43:54 -0700
changeset 43345 2f382be70ce763b6375647ab67db1ef3fae24c44
parent 43344 76e9dd2d932271371d576157ae09cf969902018f
child 43346 d2b01fbc54803d76eb4772bba59b1bcdfc321658
push idunknown
push userunknown
push dateunknown
reviewerssicking, jst
bugs564048
milestone1.9.3a5pre
Bug 564048 - Nix security checks in nsPrefBranch. r=sicking, sr=jst
caps/include/nsScriptSecurityManager.h
caps/src/nsScriptSecurityManager.cpp
caps/src/nsSecurityManagerFactory.cpp
dom/locales/en-US/chrome/security/caps.properties
layout/build/nsLayoutModule.cpp
modules/libpref/public/Makefile.in
modules/libpref/public/nsISecurityPref.idl
modules/libpref/public/nsPrefsCID.h
modules/libpref/src/nsPrefBranch.cpp
modules/libpref/src/nsPrefBranch.h
--- a/caps/include/nsScriptSecurityManager.h
+++ b/caps/include/nsScriptSecurityManager.h
@@ -46,17 +46,16 @@
 #include "nsIPrincipal.h"
 #include "jsapi.h"
 #include "jsdbgapi.h"
 #include "nsIXPCSecurityManager.h"
 #include "nsInterfaceHashtable.h"
 #include "nsHashtable.h"
 #include "nsCOMPtr.h"
 #include "nsIPrefService.h"
-#include "nsISecurityPref.h"
 #include "nsIChannelEventSink.h"
 #include "nsIJSContextStack.h"
 #include "nsIObserver.h"
 #include "pldhash.h"
 #include "plstr.h"
 #include "nsIScriptExternalNameSet.h"
 
 class nsIDocShell;
@@ -365,29 +364,27 @@ MoveClassPolicyEntry(PLDHashTable *table
 /////////////////////////////
 // nsScriptSecurityManager //
 /////////////////////////////
 #define NS_SCRIPTSECURITYMANAGER_CID \
 { 0x7ee2a4c0, 0x4b93, 0x17d3, \
 { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
 
 class nsScriptSecurityManager : public nsIScriptSecurityManager,
-                                public nsIPrefSecurityCheck,
                                 public nsIChannelEventSink,
                                 public nsIObserver
 {
 public:
     static void Shutdown();
     
     NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
         
     NS_DECL_ISUPPORTS
     NS_DECL_NSISCRIPTSECURITYMANAGER
     NS_DECL_NSIXPCSECURITYMANAGER
-    NS_DECL_NSIPREFSECURITYCHECK
     NS_DECL_NSICHANNELEVENTSINK
     NS_DECL_NSIOBSERVER
 
     static nsScriptSecurityManager*
     GetScriptSecurityManager();
 
     static nsSystemPrincipal*
     SystemPrincipalSingletonConstructor();
@@ -584,18 +581,17 @@ private:
     nsresult
     InitPolicies();
 
     nsresult
     InitDomainPolicy(JSContext* cx, const char* aPolicyName,
                      DomainPolicy* aDomainPolicy);
 
     nsresult
-    InitPrincipals(PRUint32 prefCount, const char** prefNames,
-                   nsISecurityPref* securityPref);
+    InitPrincipals(PRUint32 prefCount, const char** prefNames);
 
 
 #ifdef XPC_IDISPATCH_SUPPORT
     // While this header is included outside of caps, this class isn't 
     // referenced so this should be fine.
     nsresult
     CheckComponentPermissions(JSContext *cx, const nsCID &aCID);
 #endif
@@ -624,17 +620,16 @@ private:
     static const char sJSEnabledPrefName[];
     static const char sFileOriginPolicyPrefName[];
 
     nsObjectHashtable* mOriginToPolicyMap;
     DomainPolicy* mDefaultPolicy;
     nsObjectHashtable* mCapabilities;
 
     nsCOMPtr<nsIPrefBranch> mPrefBranch;
-    nsCOMPtr<nsISecurityPref> mSecurityPref;
     nsCOMPtr<nsIPrincipal> mSystemPrincipal;
     nsCOMPtr<nsIPrincipal> mSystemCertificate;
     ContextPrincipal *mContextPrincipals;
     nsInterfaceHashtable<PrincipalKey, nsIPrincipal> mPrincipals;
     PRPackedBool mIsJavaScriptEnabled;
     PRPackedBool mIsWritingPrefs;
     PRPackedBool mPolicyPrefsChanged;
 #ifdef XPC_IDISPATCH_SUPPORT    
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -498,20 +498,19 @@ DeleteDomainEntry(nsHashKey *aKey, void 
 
 /////////////////////////////
 // nsScriptSecurityManager //
 /////////////////////////////
 
 ////////////////////////////////////
 // Methods implementing ISupports //
 ////////////////////////////////////
-NS_IMPL_ISUPPORTS5(nsScriptSecurityManager,
+NS_IMPL_ISUPPORTS4(nsScriptSecurityManager,
                    nsIScriptSecurityManager,
                    nsIXPCSecurityManager,
-                   nsIPrefSecurityCheck,
                    nsIChannelEventSink,
                    nsIObserver)
 
 ///////////////////////////////////////////////////
 // Methods implementing nsIScriptSecurityManager //
 ///////////////////////////////////////////////////
 
 ///////////////// Security Checks /////////////////
@@ -1083,17 +1082,17 @@ nsScriptSecurityManager::LookupPolicy(ns
 {
     nsresult rv;
     result->level = SCRIPT_SECURITY_UNDEFINED_ACCESS;
 
     DomainPolicy* dpolicy = nsnull;
     //-- Initialize policies if necessary
     if (mPolicyPrefsChanged)
     {
-        if (!mSecurityPref) {
+        if (!mPrefBranch) {
             rv = InitPrefs();
             NS_ENSURE_SUCCESS(rv, rv);
         }
         rv = InitPolicies();
         if (NS_FAILED(rv))
             return rv;
     }
     else
@@ -2508,33 +2507,33 @@ nsScriptSecurityManager::SavePrincipal(n
     rv = GetPrincipalPrefNames( idPrefName,
                                 grantedPrefName,
                                 deniedPrefName,
                                 subjectNamePrefName );
     if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
 
     mIsWritingPrefs = PR_TRUE;
     if (grantedList)
-        mSecurityPref->SecuritySetCharPref(grantedPrefName.get(), grantedList);
+        mPrefBranch->SetCharPref(grantedPrefName.get(), grantedList);
     else
-        mSecurityPref->SecurityClearUserPref(grantedPrefName.get());
+        mPrefBranch->ClearUserPref(grantedPrefName.get());
 
     if (deniedList)
-        mSecurityPref->SecuritySetCharPref(deniedPrefName.get(), deniedList);
+        mPrefBranch->SetCharPref(deniedPrefName.get(), deniedList);
     else
-        mSecurityPref->SecurityClearUserPref(deniedPrefName.get());
+        mPrefBranch->ClearUserPref(deniedPrefName.get());
 
     if (grantedList || deniedList) {
-        mSecurityPref->SecuritySetCharPref(idPrefName, id);
-        mSecurityPref->SecuritySetCharPref(subjectNamePrefName.get(),
+        mPrefBranch->SetCharPref(idPrefName, id);
+        mPrefBranch->SetCharPref(subjectNamePrefName.get(),
                                            subjectName);
     }
     else {
-        mSecurityPref->SecurityClearUserPref(idPrefName);
-        mSecurityPref->SecurityClearUserPref(subjectNamePrefName.get());
+        mPrefBranch->ClearUserPref(idPrefName);
+        mPrefBranch->ClearUserPref(subjectNamePrefName.get());
     }
 
     mIsWritingPrefs = PR_FALSE;
 
     nsCOMPtr<nsIPrefService> prefService(do_GetService(NS_PREFSERVICE_CONTRACTID, &rv));
     NS_ENSURE_SUCCESS(rv, rv);
     return prefService->SavePrefFile(nsnull);
 }
@@ -3245,39 +3244,29 @@ nsScriptSecurityManager::CheckXPCPermiss
         nsresult rv;
         nsCOMPtr<nsIPluginInstance> plugin(do_QueryInterface(aObj, &rv));
         if (NS_SUCCEEDED(rv))
         {
             static PRBool prefSet = PR_FALSE;
             static PRBool allowPluginAccess = PR_FALSE;
             if (!prefSet)
             {
-                rv = mSecurityPref->SecurityGetBoolPref("security.xpconnect.plugin.unrestricted",
+                rv = mPrefBranch->GetBoolPref("security.xpconnect.plugin.unrestricted",
                                                        &allowPluginAccess);
                 prefSet = PR_TRUE;
             }
             if (allowPluginAccess)
                 return NS_OK;
         }
     }
 
     //-- Access tests failed
     return NS_ERROR_DOM_XPCONNECT_ACCESS_DENIED;
 }
 
-//////////////////////////////////////////////
-// Method implementing nsIPrefSecurityCheck //
-//////////////////////////////////////////////
-
-NS_IMETHODIMP
-nsScriptSecurityManager::CanAccessSecurityPreferences(PRBool* _retval)
-{
-    return IsCapabilityEnabled("CapabilityPreferencesAccess", _retval);  
-}
-
 /////////////////////////////////////////////
 // Method implementing nsIChannelEventSink //
 /////////////////////////////////////////////
 NS_IMETHODIMP
 nsScriptSecurityManager::OnChannelRedirect(nsIChannel* oldChannel, 
                                            nsIChannel* newChannel,
                                            PRUint32 redirFlags)
 {
@@ -3333,17 +3322,17 @@ nsScriptSecurityManager::Observe(nsISupp
     {
         static const char id[] = "id";
         char* lastDot = PL_strrchr(message, '.');
         //-- This check makes sure the string copy below doesn't overwrite its bounds
         if(PL_strlen(lastDot) >= sizeof(id))
         {
             PL_strcpy(lastDot + 1, id);
             const char** idPrefArray = (const char**)&message;
-            rv = InitPrincipals(1, idPrefArray, mSecurityPref);
+            rv = InitPrincipals(1, idPrefArray);
         }
     }
     return rv;
 }
 
 /////////////////////////////////////////////
 // Constructor, Destructor, Initialization //
 /////////////////////////////////////////////
@@ -3558,21 +3547,21 @@ nsScriptSecurityManager::InitPolicies()
     // Get a JS context - we need it to create internalized strings later.
     JSContext* cx = GetSafeJSContext();
     NS_ASSERTION(cx, "failed to get JS context");
     AutoCxPusher autoPusher(sJSContextStack, cx);
     rv = InitDomainPolicy(cx, "default", mDefaultPolicy);
     NS_ENSURE_SUCCESS(rv, rv);
 
     nsXPIDLCString policyNames;
-    rv = mSecurityPref->SecurityGetCharPref("capability.policy.policynames",
+    rv = mPrefBranch->GetCharPref("capability.policy.policynames",
                                             getter_Copies(policyNames));
 
     nsXPIDLCString defaultPolicyNames;
-    rv = mSecurityPref->SecurityGetCharPref("capability.policy.default_policynames",
+    rv = mPrefBranch->GetCharPref("capability.policy.default_policynames",
                                             getter_Copies(defaultPolicyNames));
     policyNames += NS_LITERAL_CSTRING(" ") + defaultPolicyNames;
 
     //-- Initialize domain policies
     char* policyCurrent = policyNames.BeginWriting();
     PRBool morePolicies = PR_TRUE;
     while (morePolicies)
     {
@@ -3589,17 +3578,17 @@ nsScriptSecurityManager::InitPolicies()
         *policyCurrent = '\0';
         policyCurrent++;
 
         nsCAutoString sitesPrefName(
             NS_LITERAL_CSTRING(sPolicyPrefix) +
             nsDependentCString(nameBegin) +
             NS_LITERAL_CSTRING(".sites"));
         nsXPIDLCString domainList;
-        rv = mSecurityPref->SecurityGetCharPref(sitesPrefName.get(),
+        rv = mPrefBranch->GetCharPref(sitesPrefName.get(),
                                                 getter_Copies(domainList));
         if (NS_FAILED(rv))
             continue;
 
         DomainPolicy* domainPolicy = new DomainPolicy();
         if (!domainPolicy)
             return NS_ERROR_OUT_OF_MEMORY;
 
@@ -3717,17 +3706,17 @@ nsScriptSecurityManager::InitDomainPolic
 
         // We dealt with "sites" in InitPolicies(), so no need to do
         // that again...
         if (PL_strncmp(start, sitesStr, sizeof(sitesStr)-1) == 0)
             continue;
 
         // Get the pref value
         nsXPIDLCString prefValue;
-        rv = mSecurityPref->SecurityGetCharPref(prefNames[currentPref],
+        rv = mPrefBranch->GetCharPref(prefNames[currentPref],
                                                 getter_Copies(prefValue));
         if (NS_FAILED(rv) || !prefValue)
             continue;
 
         SecurityLevel secLevel;
         if (PL_strcasecmp(prefValue, "noAccess") == 0)
             secLevel.level = SCRIPT_SECURITY_NO_ACCESS;
         else if (PL_strcasecmp(prefValue, "allAccess") == 0)
@@ -3852,18 +3841,17 @@ nsScriptSecurityManager::GetPrincipalPre
 #undef SUBJECTNAME
 #undef DENIED
 #undef GRANTED
     
     return NS_OK;
 }
 
 nsresult
-nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefNames,
-                                        nsISecurityPref* aSecurityPref)
+nsScriptSecurityManager::InitPrincipals(PRUint32 aPrefCount, const char** aPrefNames)
 {
     /* This is the principal preference syntax:
      * capability.principal.[codebase|codebaseTrusted|certificate].<name>.[id|granted|denied]
      * For example:
      * user_pref("capability.principal.certificate.p1.id","12:34:AB:CD");
      * user_pref("capability.principal.certificate.p1.granted","Capability1 Capability2");
      * user_pref("capability.principal.certificate.p1.denied","Capability3");
      */
@@ -3877,48 +3865,48 @@ nsScriptSecurityManager::InitPrincipals(
     for (PRUint32 c = 0; c < aPrefCount; c++)
     {
         PRInt32 prefNameLen = PL_strlen(aPrefNames[c]) - 
             (NS_ARRAY_LENGTH(idSuffix) - 1);
         if (PL_strcasecmp(aPrefNames[c] + prefNameLen, idSuffix) != 0)
             continue;
 
         nsXPIDLCString id;
-        if (NS_FAILED(mSecurityPref->SecurityGetCharPref(aPrefNames[c], getter_Copies(id))))
+        if (NS_FAILED(mPrefBranch->GetCharPref(aPrefNames[c], getter_Copies(id))))
             return NS_ERROR_FAILURE;
 
         nsCAutoString grantedPrefName;
         nsCAutoString deniedPrefName;
         nsCAutoString subjectNamePrefName;
         nsresult rv = GetPrincipalPrefNames(aPrefNames[c],
                                             grantedPrefName,
                                             deniedPrefName,
                                             subjectNamePrefName);
         if (rv == NS_ERROR_OUT_OF_MEMORY)
             return rv;
         if (NS_FAILED(rv))
             continue;
 
         nsXPIDLCString grantedList;
-        mSecurityPref->SecurityGetCharPref(grantedPrefName.get(),
+        mPrefBranch->GetCharPref(grantedPrefName.get(),
                                            getter_Copies(grantedList));
         nsXPIDLCString deniedList;
-        mSecurityPref->SecurityGetCharPref(deniedPrefName.get(),
+        mPrefBranch->GetCharPref(deniedPrefName.get(),
                                            getter_Copies(deniedList));
         nsXPIDLCString subjectName;
-        mSecurityPref->SecurityGetCharPref(subjectNamePrefName.get(),
+        mPrefBranch->GetCharPref(subjectNamePrefName.get(),
                                            getter_Copies(subjectName));
 
         //-- Delete prefs if their value is the empty string
         if (id.IsEmpty() || (grantedList.IsEmpty() && deniedList.IsEmpty()))
         {
-            mSecurityPref->SecurityClearUserPref(aPrefNames[c]);
-            mSecurityPref->SecurityClearUserPref(grantedPrefName.get());
-            mSecurityPref->SecurityClearUserPref(deniedPrefName.get());
-            mSecurityPref->SecurityClearUserPref(subjectNamePrefName.get());
+            mPrefBranch->ClearUserPref(aPrefNames[c]);
+            mPrefBranch->ClearUserPref(grantedPrefName.get());
+            mPrefBranch->ClearUserPref(deniedPrefName.get());
+            mPrefBranch->ClearUserPref(subjectNamePrefName.get());
             continue;
         }
 
         //-- Create a principal based on the prefs
         static const char certificateName[] = "capability.principal.certificate";
         static const char codebaseName[] = "capability.principal.codebase";
         static const char codebaseTrustedName[] = "capability.principal.codebaseTrusted";
 
@@ -3973,50 +3961,48 @@ nsScriptSecurityManager::ScriptSecurityP
     sStrictFileOriginPolicy = PR_TRUE;
 
 #ifdef XPC_IDISPATCH_SUPPORT
     // Granting XPC Priveleges defaults to disabled in failure cases.
     mXPCDefaultGrantAll = PR_FALSE;
 #endif
 
     nsresult rv;
-    if (!mSecurityPref) {
+    if (!mPrefBranch) {
         rv = InitPrefs();
         if (NS_FAILED(rv))
             return;
     }
 
     PRBool temp;
-    rv = mSecurityPref->SecurityGetBoolPref(sJSEnabledPrefName, &temp);
+    rv = mPrefBranch->GetBoolPref(sJSEnabledPrefName, &temp);
     if (NS_SUCCEEDED(rv))
         mIsJavaScriptEnabled = temp;
 
-    rv = mSecurityPref->SecurityGetBoolPref(sFileOriginPolicyPrefName, &temp);
+    rv = mPrefBranch->GetBoolPref(sFileOriginPolicyPrefName, &temp);
     if (NS_SUCCEEDED(rv))
         sStrictFileOriginPolicy = NS_SUCCEEDED(rv) && temp;
 
 #ifdef XPC_IDISPATCH_SUPPORT
-    rv = mSecurityPref->SecurityGetBoolPref(sXPCDefaultGrantAllName, &temp);
+    rv = mPrefBranch->GetBoolPref(sXPCDefaultGrantAllName, &temp);
     if (NS_SUCCEEDED(rv))
         mXPCDefaultGrantAll = temp;
 #endif
 }
 
 nsresult
 nsScriptSecurityManager::InitPrefs()
 {
     nsresult rv;
     nsCOMPtr<nsIPrefService> prefService(do_GetService(NS_PREFSERVICE_CONTRACTID, &rv));
     NS_ENSURE_SUCCESS(rv, rv);
     rv = prefService->GetBranch(nsnull, getter_AddRefs(mPrefBranch));
     NS_ENSURE_SUCCESS(rv, rv);
     nsCOMPtr<nsIPrefBranch2> prefBranchInternal(do_QueryInterface(mPrefBranch, &rv));
     NS_ENSURE_SUCCESS(rv, rv);
-    mSecurityPref = do_QueryInterface(mPrefBranch, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
 
     // Set the initial value of the "javascript.enabled" prefs
     ScriptSecurityPrefChanged();
     // set observer callbacks in case the value of the prefs change
     prefBranchInternal->AddObserver(sJSEnabledPrefName, this, PR_FALSE);
     prefBranchInternal->AddObserver(sFileOriginPolicyPrefName, this, PR_FALSE);
 #ifdef XPC_IDISPATCH_SUPPORT
     prefBranchInternal->AddObserver(sXPCDefaultGrantAllName, this, PR_FALSE);
@@ -4026,17 +4012,17 @@ nsScriptSecurityManager::InitPrefs()
 
     // Set a callback for policy pref changes
     prefBranchInternal->AddObserver(sPolicyPrefix, this, PR_FALSE);
 
     //-- Initialize the principals database from prefs
     rv = mPrefBranch->GetChildList(sPrincipalPrefix, &prefCount, &prefNames);
     if (NS_SUCCEEDED(rv) && prefCount > 0)
     {
-        rv = InitPrincipals(prefCount, (const char**)prefNames, mSecurityPref);
+        rv = InitPrincipals(prefCount, (const char**)prefNames);
         NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(prefCount, prefNames);
         NS_ENSURE_SUCCESS(rv, rv);
     }
     //-- Set a callback for principal changes
     prefBranchInternal->AddObserver(sPrincipalPrefix, this, PR_FALSE);
 
     return NS_OK;
 }
--- a/caps/src/nsSecurityManagerFactory.cpp
+++ b/caps/src/nsSecurityManagerFactory.cpp
@@ -47,17 +47,16 @@
 #include "nsNullPrincipal.h"
 #include "nsIScriptNameSpaceManager.h"
 #include "nsIScriptContext.h"
 #include "nsICategoryManager.h"
 #include "nsXPIDLString.h"
 #include "nsCOMPtr.h"
 #include "nsIServiceManager.h"
 #include "nsString.h"
-#include "nsPrefsCID.h"
 #include "nsNetCID.h"
 #include "nsIClassInfoImpl.h"
 
 ///////////////////////
 // nsSecurityNameSet //
 ///////////////////////
 
 nsSecurityNameSet::nsSecurityNameSet()
--- a/dom/locales/en-US/chrome/security/caps.properties
+++ b/dom/locales/en-US/chrome/security/caps.properties
@@ -152,11 +152,10 @@ ExtensionCapability = Unknown: %S
 ProtocolFlagError = Warning: Protocol handler for '%S' doesn't advertise a security policy.  While loading of such protocols is allowed for now, this is deprecated.  Please see the documentation in nsIProtocolHandler.idl.
 #
 # The following descriptions are shown in the EnableCapabilityQuery dialog
 #
 capdesc.UniversalBrowserRead = Read private data from any site or window
 capdesc.UniversalBrowserWrite = Modify any open window
 capdesc.UniversalXPConnect = Run or install software on your machine
 capdesc.UniversalFileRead = Read and upload local files
-capdesc.CapabilityPreferencesAccess = By-pass core security settings
 capdesc.UniversalPreferencesRead = Read program settings
 capdesc.UniversalPreferencesWrite = Modify program settings
--- a/layout/build/nsLayoutModule.cpp
+++ b/layout/build/nsLayoutModule.cpp
@@ -143,17 +143,16 @@
 #include "nsTextServicesDocument.h"
 #include "nsTextServicesCID.h"
 #endif
 
 #include "nsScriptSecurityManager.h"
 #include "nsPrincipal.h"
 #include "nsSystemPrincipal.h"
 #include "nsNullPrincipal.h"
-#include "nsPrefsCID.h"
 #include "nsNetCID.h"
 
 #define NS_EDITORCOMMANDTABLE_CID \
 { 0x4f5e62b8, 0xd659, 0x4156, { 0x84, 0xfc, 0x2f, 0x60, 0x99, 0x40, 0x03, 0x69 }}
 
 static NS_DEFINE_CID(kEditorCommandTableCID, NS_EDITORCOMMANDTABLE_CID);
 
 NS_GENERIC_FACTORY_CONSTRUCTOR(nsPlaintextEditor)
@@ -1631,29 +1630,16 @@ static const nsModuleComponentInfo gXPCo
       nsnull,
       nsnull,
       nsnull,
       nsnull,
       nsnull,
       nsIClassInfo::MAIN_THREAD_ONLY
     },
 
-    { NS_SCRIPTSECURITYMANAGER_CLASSNAME, 
-      NS_SCRIPTSECURITYMANAGER_CID, 
-      NS_GLOBAL_PREF_SECURITY_CHECK,
-      Construct_nsIScriptSecurityManager,
-      RegisterSecurityNameSet,
-      nsnull,
-      nsnull,
-      nsnull,
-      nsnull,
-      nsnull,
-      nsIClassInfo::MAIN_THREAD_ONLY
-    },
-
     { NS_SCRIPTSECURITYMANAGER_CLASSNAME,
       NS_SCRIPTSECURITYMANAGER_CID,
       NS_GLOBAL_CHANNELEVENTSINK_CONTRACTID,
       Construct_nsIScriptSecurityManager,
       RegisterSecurityNameSet,
       nsnull,
       nsnull,
       nsnull,
--- a/modules/libpref/public/Makefile.in
+++ b/modules/libpref/public/Makefile.in
@@ -49,18 +49,13 @@ SDK_XPIDLSRCS   = \
               nsIPrefService.idl \
               nsIPrefBranch.idl \
               nsIPrefBranch2.idl \
               nsIPrefLocalizedString.idl \
               $(NULL)
 
 XPIDLSRCS	= \
               nsIPrefBranchInternal.idl \
-              nsISecurityPref.idl \
               nsIRelativeFilePref.idl \
               $(NULL)
 
-EXPORTS = \
-          nsPrefsCID.h \
-          $(NULL)
-
 include $(topsrcdir)/config/rules.mk
 
deleted file mode 100644
--- a/modules/libpref/public/nsISecurityPref.idl
+++ /dev/null
@@ -1,157 +0,0 @@
-/* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is mozilla.org code.
- *
- * The Initial Developer of the Original Code is
- * Netscape Communications Corporation.
- * Portions created by the Initial Developer are Copyright (C) 1998
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#include "nsISupports.idl"
-
-/**
- * Interface for accessing preferences, bypassing the usual security check on
- * preferences starting with "capability". This interface is used by
- * nsScriptSecurityManager which needs unchecked access to security prefs. 
- * *PLEASE* do not call this interface from any other file, as this 
- * would be insecure.
- *
- * THIS INTERFACE SHOULD NEVER BE MADE SCRIPTABLE 
- *
- * @see nsIPrefBranch
- */
-
-[uuid(94afd973-8045-4c6c-89e6-75bdced4209e)]
-interface nsISecurityPref : nsISupports {
-
-  /**
-   * Called to get the state of a "capability" boolean preference.
-   *
-   * @param pref     The boolean preference to get the state of.
-   *
-   * @return boolean The value of the requested boolean preference.
-   *
-   * @see securitySetBoolPref
-   */
-  boolean securityGetBoolPref(in string pref);
-
-  /**
-   * Called to set the state of a "capability" boolean preference.
-   *
-   * @param pref   The boolean preference to set the state of.
-   * @param value  The boolean value to set the preference to.
-   *
-   * @return NS_OK The value was successfully set.
-   * @return Other The value was not set or is the wrong type.
-   *
-   * @see securityGetBoolPref
-   */
-  void securitySetBoolPref(in string pref, in boolean value);
-
-  /**
-   * Called to get the state of a "capability" string preference.
-   *
-   * @param pref    The string preference to retrieve.
-   *
-   * @return string The value of the requested string preference.
-   *
-   * @see securitySetCharPref
-   */
-  string securityGetCharPref(in string pref);
-
-  /**
-   * Called to set the state of a "capability" string preference.
-   *
-   * @param pref   The string preference to set.
-   * @param value  The string value to set the preference to.
-   *
-   * @return NS_OK The value was successfully set.
-   * @return Other The value was not set or is the wrong type.
-   *
-   * @see securityGetCharPref
-   */
-  void securitySetCharPref(in string pref, in string value);
-
-  /**
-   * Called to get the state of a "capability" integer preference.
-   *
-   * @param pref  The integer preference to get the value of.
-   *
-   * @return long The value of the requested integer preference.
-   *
-   * @see securitySetIntPref
-   */
-  long securityGetIntPref(in string pref);
-
-  /**
-   * Called to set the state of a "capability" integer preference.
-   *
-   * @param pref   The integer preference to set the value of.
-   * @param value  The integer value to set the preference to.
-   *
-   * @return NS_OK The value was successfully set.
-   * @return Other The value was not set or is the wrong type.
-   *
-   * @see securityGetIntPref
-   */
-  void securitySetIntPref(in string pref, in long value);
-
-  /**
-   * Called to clear a user set value from a "capability" preference. This
-   * will, in effect, reset the value to the default value. If no default value
-   * exists the preference will cease to exist.
-   *
-   * @param pref_name The preference to be cleared.
-   *
-   * @note
-   * This method does nothing if this object is a default branch.
-   *
-   * @return NS_OK The user preference was successfully cleared.
-   * @return Other The preference does not exist or have a user set value.
-   */
-  void securityClearUserPref(in string pref_name);
-
-};
-
-/**
- * This interface allows checking whether getting capability prefs is allowed.
- */
-[uuid(c73c9a05-92ce-46e1-8f69-90a2a3a36104)]
-interface nsIPrefSecurityCheck : nsISupports {
-  /**
-   * Checks whether the currently executing script (if any) can access security
-   * preferences. Corresponds to CapabilityPreferencesAccess.
-   *
-   * Exceptions from this method should be treated like a return value of false.
-   */
-  boolean canAccessSecurityPreferences();
-};
-
deleted file mode 100644
--- a/modules/libpref/public/nsPrefsCID.h
+++ /dev/null
@@ -1,51 +0,0 @@
-/* ***** BEGIN LICENSE BLOCK *****
- * Version: MPL 1.1/GPL 2.0/LGPL 2.1
- *
- * The contents of this file are subject to the Mozilla Public License Version
- * 1.1 (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
- * http://www.mozilla.org/MPL/
- *
- * Software distributed under the License is distributed on an "AS IS" basis,
- * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
- * for the specific language governing rights and limitations under the
- * License.
- *
- * The Original Code is the prefs module contractid listing file.
- *
- * The Initial Developer of the Original Code is
- * Christian Biesinger <cbiesinger@web.de>.
- * Portions created by the Initial Developer are Copyright (C) 2004
- * the Initial Developer. All Rights Reserved.
- *
- * Contributor(s):
- *
- * Alternatively, the contents of this file may be used under the terms of
- * either the GNU General Public License Version 2 or later (the "GPL"), or
- * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
- * in which case the provisions of the GPL or the LGPL are applicable instead
- * of those above. If you wish to allow use of your version of this file only
- * under the terms of either the GPL or the LGPL, and not to allow others to
- * use your version of this file under the terms of the MPL, indicate your
- * decision by deleting the provisions above and replace them with the notice
- * and other provisions required by the GPL or the LGPL. If you do not delete
- * the provisions above, a recipient may use your version of this file under
- * the terms of any one of the MPL, the GPL or the LGPL.
- *
- * ***** END LICENSE BLOCK ***** */
-
-#ifndef NSPREFSCID_H_
-#define NSPREFSCID_H_
-
-/**
- * This service will be used by the prefs module when a preference of
- * capability.* is being requested. It is used to check whether the caller is
- * allowed to access this pref. canAccessSecurityPreferences is called to
- * determine that.
- *
- * INTERFACES THAT MUST BE IMPLEMENTED:
- *   nsIPrefSecurityCheck
- */
-#define NS_GLOBAL_PREF_SECURITY_CHECK "@mozilla.org/globalprefsecuritycheck;1"
-
-#endif
--- a/modules/libpref/src/nsPrefBranch.cpp
+++ b/modules/libpref/src/nsPrefBranch.cpp
@@ -45,17 +45,16 @@
 #include "nsIDirectoryService.h"
 #include "nsString.h"
 #include "nsReadableUtils.h"
 #include "nsXPIDLString.h"
 #include "nsIStringBundle.h"
 #include "prefapi.h"
 #include "prmem.h"
 #include "pldhash.h"
-#include "nsPrefsCID.h"
 
 #include "plstr.h"
 #include "nsCRT.h"
 #include "mozilla/Services.h"
 
 #include "prefapi_private_data.h"
 
 // Definitions
@@ -113,17 +112,16 @@ nsPrefBranch::~nsPrefBranch()
 NS_IMPL_THREADSAFE_ADDREF(nsPrefBranch)
 NS_IMPL_THREADSAFE_RELEASE(nsPrefBranch)
 
 NS_INTERFACE_MAP_BEGIN(nsPrefBranch)
   NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIPrefBranch)
   NS_INTERFACE_MAP_ENTRY(nsIPrefBranch)
   NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIPrefBranch2, !mIsDefault)
   NS_INTERFACE_MAP_ENTRY_CONDITIONAL(nsIPrefBranchInternal, !mIsDefault)
-  NS_INTERFACE_MAP_ENTRY(nsISecurityPref)
   NS_INTERFACE_MAP_ENTRY(nsIObserver)
   NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
 NS_INTERFACE_MAP_END
 
 
 /*
  * nsIPrefBranch Implementation
  */
@@ -134,117 +132,72 @@ NS_IMETHODIMP nsPrefBranch::GetRoot(char
 
   mPrefRoot.Truncate(mPrefRootLength);
   *aRoot = ToNewCString(mPrefRoot);
   return NS_OK;
 }
 
 NS_IMETHODIMP nsPrefBranch::GetPrefType(const char *aPrefName, PRInt32 *_retval)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_FAILED(rv))
-    return rv;
-
+  const char *pref = getPrefName(aPrefName);
   *_retval = PREF_GetPrefType(pref);
   return NS_OK;
 }
 
 NS_IMETHODIMP nsPrefBranch::GetBoolPref(const char *aPrefName, PRBool *_retval)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_GetBoolPref(pref, _retval, mIsDefault);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  return PREF_GetBoolPref(pref, _retval, mIsDefault);
 }
 
 NS_IMETHODIMP nsPrefBranch::SetBoolPref(const char *aPrefName, PRInt32 aValue)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_SetBoolPref(pref, aValue, mIsDefault);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  return PREF_SetBoolPref(pref, aValue, mIsDefault);
 }
 
 NS_IMETHODIMP nsPrefBranch::GetCharPref(const char *aPrefName, char **_retval)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_CopyCharPref(pref, _retval, mIsDefault);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  return PREF_CopyCharPref(pref, _retval, mIsDefault);
 }
 
 NS_IMETHODIMP nsPrefBranch::SetCharPref(const char *aPrefName, const char *aValue)
 {
-  const char *pref;
-  nsresult   rv;
+  NS_ENSURE_ARG_POINTER(aValue);
 
-  NS_ENSURE_ARG_POINTER(aValue);
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_SetCharPref(pref, aValue, mIsDefault);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  return PREF_SetCharPref(pref, aValue, mIsDefault);
 }
 
 NS_IMETHODIMP nsPrefBranch::GetIntPref(const char *aPrefName, PRInt32 *_retval)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_GetIntPref(pref, _retval, mIsDefault);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  return PREF_GetIntPref(pref, _retval, mIsDefault);
 }
 
 NS_IMETHODIMP nsPrefBranch::SetIntPref(const char *aPrefName, PRInt32 aValue)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_SetIntPref(pref, aValue, mIsDefault);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  return PREF_SetIntPref(pref, aValue, mIsDefault);
 }
 
 NS_IMETHODIMP nsPrefBranch::GetComplexValue(const char *aPrefName, const nsIID & aType, void * *_retval)
 {
   nsresult       rv;
   nsXPIDLCString utf8String;
 
   // we have to do this one first because it's different than all the rest
   if (aType.Equals(NS_GET_IID(nsIPrefLocalizedString))) {
     nsCOMPtr<nsIPrefLocalizedString> theString(do_CreateInstance(NS_PREFLOCALIZEDSTRING_CONTRACTID, &rv));
 
     if (NS_SUCCEEDED(rv)) {
-      const char *pref;
+      const char *pref = getPrefName(aPrefName);
       PRBool  bNeedDefault = PR_FALSE;
 
-      rv = getValidatedPrefName(aPrefName, &pref);
-      if (NS_FAILED(rv))
-        return rv;
-
       if (mIsDefault) {
         bNeedDefault = PR_TRUE;
       } else {
         // if there is no user (or locked) value
         if (!PREF_HasUserPref(pref) && !PREF_PrefIsLocked(pref)) {
           bNeedDefault = PR_TRUE;
         }
       }
@@ -433,94 +386,60 @@ NS_IMETHODIMP nsPrefBranch::SetComplexVa
   }
 
   NS_WARNING("nsPrefBranch::SetComplexValue - Unsupported interface type");
   return NS_NOINTERFACE;
 }
 
 NS_IMETHODIMP nsPrefBranch::ClearUserPref(const char *aPrefName)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_ClearUserPref(pref);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  return PREF_ClearUserPref(pref);
 }
 
 NS_IMETHODIMP nsPrefBranch::PrefHasUserValue(const char *aPrefName, PRBool *_retval)
 {
-  const char *pref;
-  nsresult   rv;
-
   NS_ENSURE_ARG_POINTER(_retval);
 
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    *_retval = PREF_HasUserPref(pref);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  *_retval = PREF_HasUserPref(pref);
+  return NS_OK;
 }
 
 NS_IMETHODIMP nsPrefBranch::LockPref(const char *aPrefName)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_LockPref(pref, PR_TRUE);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  return PREF_LockPref(pref, PR_TRUE);
 }
 
 NS_IMETHODIMP nsPrefBranch::PrefIsLocked(const char *aPrefName, PRBool *_retval)
 {
-  const char *pref;
-  nsresult   rv;
-
   NS_ENSURE_ARG_POINTER(_retval);
 
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    *_retval = PREF_PrefIsLocked(pref);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  *_retval = PREF_PrefIsLocked(pref);
+  return NS_OK;
 }
 
 NS_IMETHODIMP nsPrefBranch::UnlockPref(const char *aPrefName)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aPrefName, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_LockPref(pref, PR_FALSE);
-  }
-  return rv;
+  const char *pref = getPrefName(aPrefName);
+  return PREF_LockPref(pref, PR_FALSE);
 }
 
 /* void resetBranch (in string startingAt); */
 NS_IMETHODIMP nsPrefBranch::ResetBranch(const char *aStartingAt)
 {
   return NS_ERROR_NOT_IMPLEMENTED;
 }
 
 NS_IMETHODIMP nsPrefBranch::DeleteBranch(const char *aStartingAt)
 {
-  const char *pref;
-  nsresult   rv;
-
-  rv = getValidatedPrefName(aStartingAt, &pref);
-  if (NS_SUCCEEDED(rv)) {
-    rv = PREF_DeleteBranch(pref);
-  }
-  return rv;
+  const char *pref = getPrefName(aStartingAt);
+  return PREF_DeleteBranch(pref);
 }
 
 NS_IMETHODIMP nsPrefBranch::GetChildList(const char *aStartingAt, PRUint32 *aCount, char ***aChildArray)
 {
   char**          outArray;
   char*           theElement;
   PRInt32         numPrefs;
   PRInt32         dwIndex;
@@ -783,100 +702,28 @@ const char *nsPrefBranch::getPrefName(co
 
   // only append if anything to append
   if ((nsnull != aPrefName) && (*aPrefName != '\0'))
     mPrefRoot.Append(aPrefName);
 
   return mPrefRoot.get();
 }
 
-nsresult nsPrefBranch::getValidatedPrefName(const char *aPrefName, const char **_retval)
-{
-  static const char capabilityPrefix[] = "capability.";
-
-  NS_ENSURE_ARG_POINTER(aPrefName);
-  const char *fullPref = getPrefName(aPrefName);
-
-  // now that we have the pref, check it against the ScriptSecurityManager
-  if ((fullPref[0] == 'c') &&
-    PL_strncmp(fullPref, capabilityPrefix, sizeof(capabilityPrefix)-1) == 0)
-  {
-    nsresult rv;
-    nsCOMPtr<nsIPrefSecurityCheck> secCheck = 
-             do_GetService(NS_GLOBAL_PREF_SECURITY_CHECK, &rv);
-
-    if (NS_FAILED(rv))
-      return NS_ERROR_FAILURE;
-
-    PRBool enabled;
-    rv = secCheck->CanAccessSecurityPreferences(&enabled);
-    if (NS_FAILED(rv) || !enabled)
-      return NS_ERROR_FAILURE;
-  }
-
-  *_retval = fullPref;
-  return NS_OK;
-}
-
 static PLDHashOperator
 pref_enumChild(PLDHashTable *table, PLDHashEntryHdr *heh,
                PRUint32 i, void *arg)
 {
   PrefHashEntry *he = static_cast<PrefHashEntry*>(heh);
   EnumerateData *d = reinterpret_cast<EnumerateData *>(arg);
   if (PL_strncmp(he->key, d->parent, PL_strlen(d->parent)) == 0) {
     d->pref_list->AppendElement((void*)he->key);
   }
   return PL_DHASH_NEXT;
 }
 
-
-/*
- * nsISecurityPref methods
- *
- * Pref access without security check - these are here
- * to support nsScriptSecurityManager.
- * These functions are part of nsISecurityPref, not nsIPref.
- * **PLEASE** do not call these functions from elsewhere
- */
-NS_IMETHODIMP nsPrefBranch::SecurityGetBoolPref(const char *pref, PRBool * return_val)
-{
-  return PREF_GetBoolPref(getPrefName(pref), return_val, PR_FALSE);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecuritySetBoolPref(const char *pref, PRBool value)
-{
-  return PREF_SetBoolPref(getPrefName(pref), value);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecurityGetCharPref(const char *pref, char ** return_buf)
-{
-  return PREF_CopyCharPref(getPrefName(pref), return_buf, PR_FALSE);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecuritySetCharPref(const char *pref, const char* value)
-{
-  return PREF_SetCharPref(getPrefName(pref), value);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecurityGetIntPref(const char *pref, PRInt32 * return_val)
-{
-  return PREF_GetIntPref(getPrefName(pref), return_val, PR_FALSE);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecuritySetIntPref(const char *pref, PRInt32 value)
-{
-  return PREF_SetIntPref(getPrefName(pref), value);
-}
-
-NS_IMETHODIMP nsPrefBranch::SecurityClearUserPref(const char *pref_name)
-{
-  return PREF_ClearUserPref(getPrefName(pref_name));
-}
-
 //----------------------------------------------------------------------------
 // nsPrefLocalizedString
 //----------------------------------------------------------------------------
 
 nsPrefLocalizedString::nsPrefLocalizedString()
 {
 }
 
--- a/modules/libpref/src/nsPrefBranch.h
+++ b/modules/libpref/src/nsPrefBranch.h
@@ -38,50 +38,46 @@
  *
  * ***** END LICENSE BLOCK ***** */
 
 #include "nsCOMPtr.h"
 #include "nsIObserver.h"
 #include "nsIPrefBranch.h"
 #include "nsIPrefBranchInternal.h"
 #include "nsIPrefLocalizedString.h"
-#include "nsISecurityPref.h"
 #include "nsXPCOM.h"
 #include "nsISupportsPrimitives.h"
 #include "nsIRelativeFilePref.h"
 #include "nsILocalFile.h"
 #include "nsString.h"
 #include "nsVoidArray.h"
 #include "nsTArray.h"
 #include "nsWeakReference.h"
 
 class nsPrefBranch : public nsIPrefBranchInternal,
-                     public nsISecurityPref,
                      public nsIObserver,
                      public nsSupportsWeakReference
 {
 public:
   NS_DECL_ISUPPORTS
   NS_DECL_NSIPREFBRANCH
   NS_DECL_NSIPREFBRANCH2
-  NS_DECL_NSISECURITYPREF
   NS_DECL_NSIOBSERVER
 
   nsPrefBranch(const char *aPrefRoot, PRBool aDefaultBranch);
   virtual ~nsPrefBranch();
 
   PRInt32 GetRootLength() { return mPrefRootLength; }
 
 protected:
   nsPrefBranch()	/* disallow use of this constructer */
     { }
 
   nsresult   GetDefaultFromPropertiesFile(const char *aPrefName, PRUnichar **return_buf);
   const char *getPrefName(const char *aPrefName);
-  nsresult   getValidatedPrefName(const char *aPrefName, const char **_retval);
   void       freeObserverList(void);
 
 private:
   PRInt32               mPrefRootLength;
   nsAutoVoidArray       *mObservers;
   nsCString             mPrefRoot;
   PRBool                mIsDefault;