caps/nsScriptSecurityManager.h
author Mike Hommey <mh+mozilla@glandium.org>
Fri, 15 Apr 2016 06:43:35 +0900
changeset 331180 334804a9afacc402b16c172a97bb85919510a8e8
parent 322807 b2a21a014436551942179dd3e70c2642bb6e4e7a
child 334578 c32539fd746a21ebef7f0d2e601c20ad6acd0640
permissions -rw-r--r--
Bug 1257448 - Don't emit an error on unknown implied options when their resolved value is None. r=nalexander imply_option has no effect when the resolved value is None, so the same logic can be applied when checking for unknown implied options. This allows to imply options that may not always exist (because they are in a configure file that is optionally included). Ideally, it would be better not to do this, but until we have something better than optionally included configure files for --disable-compile-environment, this is a necessary evil.

/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/* vim: set ts=4 et sw=4 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef nsScriptSecurityManager_h__
#define nsScriptSecurityManager_h__

#include "nsIScriptSecurityManager.h"

#include "nsIAddonPolicyService.h"
#include "mozilla/Maybe.h"
#include "nsIAddonPolicyService.h"
#include "nsIPrincipal.h"
#include "nsCOMPtr.h"
#include "nsIObserver.h"
#include "nsServiceManagerUtils.h"
#include "plstr.h"
#include "js/TypeDecls.h"

#include <stdint.h>

class nsCString;
class nsIIOService;
class nsIStringBundle;
class nsSystemPrincipal;

namespace mozilla {
class PrincipalOriginAttributes;
} // namespace mozilla

/////////////////////////////
// nsScriptSecurityManager //
/////////////////////////////
#define NS_SCRIPTSECURITYMANAGER_CID \
{ 0x7ee2a4c0, 0x4b93, 0x17d3, \
{ 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}

class nsScriptSecurityManager final : public nsIScriptSecurityManager,
                                      public nsIObserver
{
public:
    static void Shutdown();

    NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)

    NS_DECL_ISUPPORTS
    NS_DECL_NSISCRIPTSECURITYMANAGER
    NS_DECL_NSIOBSERVER

    static nsScriptSecurityManager*
    GetScriptSecurityManager();

    // Invoked exactly once, by XPConnect.
    static void InitStatics();

    static nsSystemPrincipal*
    SystemPrincipalSingletonConstructor();

    JSContext* GetCurrentJSContext();

    JSContext* GetSafeJSContext();

    /**
     * Utility method for comparing two URIs.  For security purposes, two URIs
     * are equivalent if their schemes, hosts, and ports (if any) match.  This
     * method returns true if aSubjectURI and aObjectURI have the same origin,
     * false otherwise.
     */
    static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
    static uint32_t SecurityHashURI(nsIURI* aURI);

    static uint16_t AppStatusForPrincipal(nsIPrincipal *aPrin);

    static nsresult 
    ReportError(JSContext* cx, const nsAString& messageTag,
                nsIURI* aSource, nsIURI* aTarget);

    static uint32_t
    HashPrincipalByOrigin(nsIPrincipal* aPrincipal);

    static bool
    GetStrictFileOriginPolicy()
    {
        return sStrictFileOriginPolicy;
    }

    void DeactivateDomainPolicy();

private:

    // GetScriptSecurityManager is the only call that can make one
    nsScriptSecurityManager();
    virtual ~nsScriptSecurityManager();

    // Decides, based on CSP, whether or not eval() and stuff can be executed.
    static bool
    ContentSecurityPolicyPermitsJSAction(JSContext *cx);

    static bool
    JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second);

    // Returns null if a principal cannot be found; generally callers
    // should error out at that point.
    static nsIPrincipal* doGetObjectPrincipal(JSObject* obj);

    nsresult
    Init();

    nsresult
    InitPrefs();

    inline void
    ScriptSecurityPrefChanged();

    inline void
    AddSitesToFileURIWhitelist(const nsCString& aSiteList);

    // If aURI is a moz-extension:// URI, set mAddonId to the associated addon.
    nsresult MaybeSetAddonIdFromURI(mozilla::PrincipalOriginAttributes& aAttrs, nsIURI* aURI);

    nsCOMPtr<nsIPrincipal> mSystemPrincipal;
    bool mPrefInitialized;
    bool mIsJavaScriptEnabled;
    nsTArray<nsCOMPtr<nsIURI>> mFileURIWhitelist;

    // This machinery controls new-style domain policies. The old-style
    // policy machinery will be removed soon.
    nsCOMPtr<nsIDomainPolicy> mDomainPolicy;

    // Cached addon policy service. We can't generate this in Init() because
    // that's too early to get a service.
    mozilla::Maybe<nsCOMPtr<nsIAddonPolicyService>> mAddonPolicyService;
    nsIAddonPolicyService* GetAddonPolicyService()
    {
        if (mAddonPolicyService.isNothing()) {
            mAddonPolicyService.emplace(do_GetService("@mozilla.org/addons/policy-service;1"));
        }
        return mAddonPolicyService.ref();
    }

    static bool sStrictFileOriginPolicy;

    static nsIIOService    *sIOService;
    static nsIStringBundle *sStrBundle;
    static JSRuntime       *sRuntime;
};

namespace mozilla {

void
GetJarPrefix(uint32_t aAppid,
             bool aInIsolatedMozBrowser,
             nsACString& aJarPrefix);

} // namespace mozilla

#endif // nsScriptSecurityManager_h__