Make security manager API more useful from script. Make more things
authorbzbarsky@mit.edu
Mon, 18 Jun 2007 08:12:09 -0700
changeset 2524 a05bdf8965fb15fef68dac89018fbd812c64efde
parent 2523 c91b7d89788c303fd49c5bc565f7c7961b40af59
child 2525 18fcb6c89453e3e68ef299e1e51f466f3d0f0dab
push idunknown
push userunknown
push dateunknown
bugs383783
milestone1.9a6pre
Make security manager API more useful from script. Make more things scriptable, and add a scriptable method for testing whether a given principal is the system principal. Bug 383783, r=dveditz, sr=jst
caps/idl/nsIScriptSecurityManager.idl
caps/src/nsScriptSecurityManager.cpp
--- a/caps/idl/nsIScriptSecurityManager.idl
+++ b/caps/idl/nsIScriptSecurityManager.idl
@@ -37,17 +37,17 @@
 
 #include "nsISupports.idl"
 #include "nsIPrincipal.idl"
 #include "nsIXPCSecurityManager.idl"
 interface nsIURI;
 interface nsIChannel;
 
 
-[scriptable, uuid(c61d3ad1-00aa-407c-b7d7-de48b3f18662)]
+[scriptable, uuid(0b8a9b32-713f-4c39-bea0-6cacec46f385)]
 interface nsIScriptSecurityManager : nsIXPCSecurityManager
 {
     ///////////////// Security Checks //////////////////
     /**
      * Checks whether the running script is allowed to access aProperty.
      */
     [noscript] void checkPropertyAccess(in JSContextPtr aJSContext,
                                         in JSObjectPtr aJSObject,
@@ -208,17 +208,17 @@ interface nsIScriptSecurityManager : nsI
                                  in AUTF8String aSubjectName,
                                  in AUTF8String aPrettyName,
                                  in nsISupports aCert,
                                  in nsIURI aURI);
 
     /**
      * Return a principal that has the same origin as aURI.
      */
-    [noscript] nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
+    nsIPrincipal getCodebasePrincipal(in nsIURI aURI);
 
     ///////////////// Capabilities API /////////////////////
     /**
      * Request that 'capability' can be enabled by scripts or applets
      * running with 'principal'. Will prompt user if
      * necessary. Returns nsIPrincipal::ENABLE_GRANTED or
      * nsIPrincipal::ENABLE_DENIED based on user's choice.
      */
@@ -301,15 +301,22 @@ interface nsIScriptSecurityManager : nsI
      */
     [noscript] nsIPrincipal getPrincipalFromContext(in JSContextPtr cx);
 
     /**
      * Get the principal for the given channel.  This will typically be the
      * channel owner if there is one, and the codebase principal for the
      * channel's URI otherwise.  aChannel must not be null.
      */
-    [noscript] nsIPrincipal getChannelPrincipal(in nsIChannel aChannel);
+    nsIPrincipal getChannelPrincipal(in nsIChannel aChannel);
+
+    /**
+     * Check whether a given principal is a system principal.  This allows us
+     * to avoid handing back the system principal to script while allowing
+     * script to check whether a given principal is system.
+     */
+    boolean isSystemPrincipal(in nsIPrincipal aPrincipal);
 };
 
 %{C++
 #define NS_SCRIPTSECURITYMANAGER_CONTRACTID "@mozilla.org/scriptsecuritymanager;1"
 #define NS_SCRIPTSECURITYMANAGER_CLASSNAME "scriptsecuritymanager"
 %}
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -380,16 +380,24 @@ nsScriptSecurityManager::GetChannelPrinc
       aChannel->GetURI(getter_AddRefs(uri));
     } else {
       aChannel->GetOriginalURI(getter_AddRefs(uri));
     }
 
     return GetCodebasePrincipal(uri, aPrincipal);
 }
 
+NS_IMETHODIMP
+nsScriptSecurityManager::IsSystemPrincipal(nsIPrincipal* aPrincipal,
+                                           PRBool* aIsSystem)
+{
+    *aIsSystem = (aPrincipal == mSystemPrincipal);
+    return NS_OK;
+}
+
 ////////////////////
 // Policy Storage //
 ////////////////////
 
 // Table of security levels
 PR_STATIC_CALLBACK(PRBool)
 DeleteCapability(nsHashKey *aKey, void *aData, void* closure)
 {