Bug 1022229 - Hoist GetAppStatus into a static method on nsScriptSecurityManager. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Tue, 29 Jul 2014 08:47:52 -0700
changeset 218252 f163c6ca88ee4c080e56533326e42e10be637143
parent 218251 e8a6a7a2212502f15564c671a363601b7dcd5a19
child 218253 36fe477bcbcf4588cb767003da7155f8091e3cc2
push idunknown
push userunknown
push dateunknown
reviewersbz
bugs1022229
milestone34.0a1
Bug 1022229 - Hoist GetAppStatus into a static method on nsScriptSecurityManager. r=bz
caps/nsPrincipal.cpp
caps/nsScriptSecurityManager.cpp
caps/nsScriptSecurityManager.h
--- a/caps/nsPrincipal.cpp
+++ b/caps/nsPrincipal.cpp
@@ -572,58 +572,21 @@ nsPrincipal::Write(nsIObjectOutputStream
   // on the deserialized URIs in Read().
 
   return NS_OK;
 }
 
 uint16_t
 nsPrincipal::GetAppStatus()
 {
-  NS_WARN_IF_FALSE(mAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID,
-                   "Asking for app status on a principal with an unknown app id");
-  // Installed apps have a valid app id (not NO_APP_ID or UNKNOWN_APP_ID)
-  // and they are not inside a mozbrowser.
-  if (mAppId == nsIScriptSecurityManager::NO_APP_ID ||
-      mAppId == nsIScriptSecurityManager::UNKNOWN_APP_ID || mInMozBrowser) {
+  if (mAppId == nsIScriptSecurityManager::UNKNOWN_APP_ID) {
+    NS_WARNING("Asking for app status on a principal with an unknown app id");
     return nsIPrincipal::APP_STATUS_NOT_INSTALLED;
   }
-
-  nsCOMPtr<nsIAppsService> appsService = do_GetService(APPS_SERVICE_CONTRACTID);
-  NS_ENSURE_TRUE(appsService, nsIPrincipal::APP_STATUS_NOT_INSTALLED);
-
-  nsCOMPtr<mozIApplication> app;
-  appsService->GetAppByLocalId(mAppId, getter_AddRefs(app));
-  NS_ENSURE_TRUE(app, nsIPrincipal::APP_STATUS_NOT_INSTALLED);
-
-  uint16_t status = nsIPrincipal::APP_STATUS_INSTALLED;
-  NS_ENSURE_SUCCESS(app->GetAppStatus(&status),
-                    nsIPrincipal::APP_STATUS_NOT_INSTALLED);
-
-  nsAutoCString origin;
-  NS_ENSURE_SUCCESS(GetOrigin(getter_Copies(origin)),
-                    nsIPrincipal::APP_STATUS_NOT_INSTALLED);
-  nsString appOrigin;
-  NS_ENSURE_SUCCESS(app->GetOrigin(appOrigin),
-                    nsIPrincipal::APP_STATUS_NOT_INSTALLED);
-
-  // We go from string -> nsIURI -> origin to be sure we
-  // compare two punny-encoded origins.
-  nsCOMPtr<nsIURI> appURI;
-  NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(appURI), appOrigin),
-                    nsIPrincipal::APP_STATUS_NOT_INSTALLED);
-
-  nsAutoCString appOriginPunned;
-  NS_ENSURE_SUCCESS(GetOriginForURI(appURI, getter_Copies(appOriginPunned)),
-                    nsIPrincipal::APP_STATUS_NOT_INSTALLED);
-
-  if (!appOriginPunned.Equals(origin)) {
-    return nsIPrincipal::APP_STATUS_NOT_INSTALLED;
-  }
-
-  return status;
+  return nsScriptSecurityManager::AppStatusForPrincipal(this);
 }
 
 /************************************************************************************************************************/
 
 static const char EXPANDED_PRINCIPAL_SPEC[] = "[Expanded Principal]";
 
 NS_IMPL_CLASSINFO(nsExpandedPrincipal, nullptr, nsIClassInfo::MAIN_THREAD_ONLY,
                   NS_EXPANDEDPRINCIPAL_CID)
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -6,16 +6,17 @@
 
 #include "nsScriptSecurityManager.h"
 
 #include "mozilla/ArrayUtils.h"
 
 #include "js/OldDebugAPI.h"
 #include "xpcprivate.h"
 #include "XPCWrapper.h"
+#include "nsIAppsService.h"
 #include "nsILoadContext.h"
 #include "nsIServiceManager.h"
 #include "nsIScriptObjectPrincipal.h"
 #include "nsIScriptContext.h"
 #include "nsIURL.h"
 #include "nsINestedURI.h"
 #include "nspr.h"
 #include "nsJSPrincipals.h"
@@ -51,16 +52,17 @@
 #include "nsDOMJSUtils.h"
 #include "nsAboutProtocolUtils.h"
 #include "nsIClassInfo.h"
 #include "nsIURIFixup.h"
 #include "nsCDefaultURIFixup.h"
 #include "nsIChromeRegistry.h"
 #include "nsIContentSecurityPolicy.h"
 #include "nsIAsyncVerifyRedirectCallback.h"
+#include "mozIApplication.h"
 #include "mozilla/Preferences.h"
 #include "mozilla/dom/BindingUtils.h"
 #include <stdint.h>
 #include "mozilla/ClearOnShutdown.h"
 #include "mozilla/StaticPtr.h"
 #include "nsContentUtils.h"
 #include "nsCxPusher.h"
 #include "nsJSUtils.h"
@@ -247,16 +249,67 @@ nsScriptSecurityManager::SecurityCompare
 // SecurityHashURI is consistent with SecurityCompareURIs because NS_SecurityHashURI
 // is consistent with NS_SecurityCompareURIs.  See nsNetUtil.h.
 uint32_t
 nsScriptSecurityManager::SecurityHashURI(nsIURI* aURI)
 {
     return NS_SecurityHashURI(aURI);
 }
 
+uint16_t
+nsScriptSecurityManager::AppStatusForPrincipal(nsIPrincipal *aPrin)
+{
+    uint32_t appId = aPrin->GetAppId();
+    bool inMozBrowser = aPrin->GetIsInBrowserElement();
+    NS_WARN_IF_FALSE(appId != nsIScriptSecurityManager::UNKNOWN_APP_ID,
+                     "Asking for app status on a principal with an unknown app id");
+    // Installed apps have a valid app id (not NO_APP_ID or UNKNOWN_APP_ID)
+    // and they are not inside a mozbrowser.
+    if (appId == nsIScriptSecurityManager::NO_APP_ID ||
+        appId == nsIScriptSecurityManager::UNKNOWN_APP_ID || inMozBrowser)
+    {
+        return nsIPrincipal::APP_STATUS_NOT_INSTALLED;
+    }
+
+    nsCOMPtr<nsIAppsService> appsService = do_GetService(APPS_SERVICE_CONTRACTID);
+    NS_ENSURE_TRUE(appsService, nsIPrincipal::APP_STATUS_NOT_INSTALLED);
+
+    nsCOMPtr<mozIApplication> app;
+    appsService->GetAppByLocalId(appId, getter_AddRefs(app));
+    NS_ENSURE_TRUE(app, nsIPrincipal::APP_STATUS_NOT_INSTALLED);
+
+    uint16_t status = nsIPrincipal::APP_STATUS_INSTALLED;
+    NS_ENSURE_SUCCESS(app->GetAppStatus(&status),
+                      nsIPrincipal::APP_STATUS_NOT_INSTALLED);
+
+    nsAutoCString origin;
+    NS_ENSURE_SUCCESS(aPrin->GetOrigin(getter_Copies(origin)),
+                      nsIPrincipal::APP_STATUS_NOT_INSTALLED);
+    nsString appOrigin;
+    NS_ENSURE_SUCCESS(app->GetOrigin(appOrigin),
+                      nsIPrincipal::APP_STATUS_NOT_INSTALLED);
+
+    // We go from string -> nsIURI -> origin to be sure we
+    // compare two punny-encoded origins.
+    nsCOMPtr<nsIURI> appURI;
+    NS_ENSURE_SUCCESS(NS_NewURI(getter_AddRefs(appURI), appOrigin),
+                      nsIPrincipal::APP_STATUS_NOT_INSTALLED);
+
+    nsAutoCString appOriginPunned;
+    NS_ENSURE_SUCCESS(nsPrincipal::GetOriginForURI(appURI, getter_Copies(appOriginPunned)),
+                      nsIPrincipal::APP_STATUS_NOT_INSTALLED);
+
+    if (!appOriginPunned.Equals(origin)) {
+        return nsIPrincipal::APP_STATUS_NOT_INSTALLED;
+    }
+
+    return status;
+
+}
+
 NS_IMETHODIMP
 nsScriptSecurityManager::GetChannelPrincipal(nsIChannel* aChannel,
                                              nsIPrincipal** aPrincipal)
 {
     NS_PRECONDITION(aChannel, "Must have channel!");
     nsCOMPtr<nsISupports> owner;
     aChannel->GetOwner(getter_AddRefs(owner));
     if (owner) {
--- a/caps/nsScriptSecurityManager.h
+++ b/caps/nsScriptSecurityManager.h
@@ -63,16 +63,18 @@ public:
      * Utility method for comparing two URIs.  For security purposes, two URIs
      * are equivalent if their schemes, hosts, and ports (if any) match.  This
      * method returns true if aSubjectURI and aObjectURI have the same origin,
      * false otherwise.
      */
     static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
     static uint32_t SecurityHashURI(nsIURI* aURI);
 
+    static uint16_t AppStatusForPrincipal(nsIPrincipal *aPrin);
+
     static nsresult 
     ReportError(JSContext* cx, const nsAString& messageTag,
                 nsIURI* aSource, nsIURI* aTarget);
 
     static uint32_t
     HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
 
     static bool