Bug 1297687 - Part 1: Remove nsIScriptSecurityManager.createExpandedPrincipal(); r=bholley a=ritu
authorEhsan Akhgari <ehsan@mozilla.com>
Wed, 21 Sep 2016 15:37:04 -0400
changeset 358018 15c5875f5d24d48113b07b9cf9ffceee1ef65334
parent 358017 277a0cbc72e6934a44648db21cd8ae3c909aa663
child 358019 14e6fbd7d68a8cdbecfd4a2af5137abc07fd447d
push id1324
push usermtabara@mozilla.com
push dateMon, 16 Jan 2017 13:07:44 +0000
treeherdermozilla-release@a01c49833940 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbholley, ritu
bugs1297687
milestone51.0a2
Bug 1297687 - Part 1: Remove nsIScriptSecurityManager.createExpandedPrincipal(); r=bholley a=ritu
caps/nsIScriptSecurityManager.idl
caps/nsScriptSecurityManager.cpp
caps/tests/unit/test_origin.js
toolkit/components/extensions/test/xpcshell/test_ext_contexts.js
--- a/caps/nsIScriptSecurityManager.idl
+++ b/caps/nsIScriptSecurityManager.idl
@@ -196,30 +196,16 @@ interface nsIScriptSecurityManager : nsI
      * Returns a unique nonce principal with |originAttributes|.
      * See nsIPrincipal.idl for a description of origin attributes, and
      * ChromeUtils.webidl for a list of origin attributes and their defaults.
      */
     [implicit_jscontext]
     nsIPrincipal createNullPrincipal(in jsval originAttributes);
 
     /**
-     * Creates an expanded principal whose capabilities are the union of the
-     * given principals. An expanded principal has an asymmetric privilege
-     * relationship with its sub-principals (that is to say, it subsumes the
-     * sub-principals, but the sub-principals do not subsume it), even if
-     * there's only one. This presents a legitimate use-case for making an
-     * expanded principal around a single sub-principal, which we do frequently.
-     *
-     * Expanded principals cannot have origin attributes themselves, but rather
-     * have them through their sub-principals - so we don't accept them here.
-     */
-    nsIPrincipal createExpandedPrincipal([array, size_is(aLength)] in nsIPrincipal aPrincipalArray,
-                                         [optional] in unsigned long aLength);
-
-    /**
      * Returns OK if aSourceURI and target have the same "origin"
      * (scheme, host, and port).
      * ReportError flag suppresses error reports for functions that
      * don't need reporting.
      */
     void checkSameOriginURI(in nsIURI aSourceURI,
                             in nsIURI aTargetURI,
                             in boolean reportError);
--- a/caps/nsScriptSecurityManager.cpp
+++ b/caps/nsScriptSecurityManager.cpp
@@ -1177,31 +1177,16 @@ nsScriptSecurityManager::CreateNullPrinc
       return NS_ERROR_INVALID_ARG;
   }
   nsCOMPtr<nsIPrincipal> prin = nsNullPrincipal::Create(attrs);
   prin.forget(aPrincipal);
   return NS_OK;
 }
 
 NS_IMETHODIMP
-nsScriptSecurityManager::CreateExpandedPrincipal(nsIPrincipal** aPrincipalArray, uint32_t aLength,
-                                                 nsIPrincipal** aResult)
-{
-  nsTArray<nsCOMPtr<nsIPrincipal>> principals;
-  principals.SetCapacity(aLength);
-  for (uint32_t i = 0; i < aLength; ++i) {
-    principals.AppendElement(aPrincipalArray[i]);
-  }
-
-  nsCOMPtr<nsIPrincipal> p = new nsExpandedPrincipal(principals);
-  p.forget(aResult);
-  return NS_OK;
-}
-
-NS_IMETHODIMP
 nsScriptSecurityManager::GetAppCodebasePrincipal(nsIURI* aURI,
                                                  uint32_t aAppId,
                                                  bool aInIsolatedMozBrowser,
                                                  nsIPrincipal** aPrincipal)
 {
   NS_ENSURE_TRUE(aAppId != nsIScriptSecurityManager::UNKNOWN_APP_ID,
                  NS_ERROR_INVALID_ARG);
 
--- a/caps/tests/unit/test_origin.js
+++ b/caps/tests/unit/test_origin.js
@@ -75,17 +75,17 @@ function run_test() {
   do_check_true(/^moz-nullprincipal:\{([0-9]|[a-z]|\-){36}\}$/.test(nullPrin.origin));
   checkOriginAttributes(nullPrin);
   var ipv6Prin = ssm.createCodebasePrincipal(makeURI('https://[2001:db8::ff00:42:8329]:123'), {});
   do_check_eq(ipv6Prin.origin, 'https://[2001:db8::ff00:42:8329]:123');
   checkOriginAttributes(ipv6Prin);
   var ipv6NPPrin = ssm.createCodebasePrincipal(makeURI('https://[2001:db8::ff00:42:8329]'), {});
   do_check_eq(ipv6NPPrin.origin, 'https://[2001:db8::ff00:42:8329]');
   checkOriginAttributes(ipv6NPPrin);
-  var ep = ssm.createExpandedPrincipal([exampleCom, nullPrin, exampleOrg]);
+  var ep = Cu.getObjectPrincipal(Cu.Sandbox([exampleCom, nullPrin, exampleOrg]));
   checkOriginAttributes(ep);
   checkCrossOrigin(exampleCom, exampleOrg);
   checkCrossOrigin(exampleOrg, nullPrin);
 
   // nsEP origins should be in lexical order.
   do_check_eq(ep.origin, `[Expanded Principal [${exampleOrg.origin}, ${exampleCom.origin}, ${nullPrin.origin}]]`);
 
   // Make sure createCodebasePrincipal does what the rest of gecko does.
@@ -199,17 +199,17 @@ function run_test() {
   function checkKind(prin, kind) {
     do_check_eq(prin.isNullPrincipal, kind == 'nullPrincipal');
     do_check_eq(prin.isCodebasePrincipal, kind == 'codebasePrincipal');
     do_check_eq(prin.isExpandedPrincipal, kind == 'expandedPrincipal');
     do_check_eq(prin.isSystemPrincipal, kind == 'systemPrincipal');
   }
   checkKind(ssm.createNullPrincipal({}), 'nullPrincipal');
   checkKind(ssm.createCodebasePrincipal(makeURI('http://www.example.com'), {}), 'codebasePrincipal');
-  checkKind(ssm.createExpandedPrincipal([ssm.createCodebasePrincipal(makeURI('http://www.example.com'), {})]), 'expandedPrincipal');
+  checkKind(Cu.getObjectPrincipal(Cu.Sandbox([ssm.createCodebasePrincipal(makeURI('http://www.example.com'), {})])), 'expandedPrincipal');
   checkKind(ssm.getSystemPrincipal(), 'systemPrincipal');
 
   //
   // Test Origin Attribute Manipulation
   //
 
   // check that we can create an empty origin attributes dict with default
   // members and values.
--- a/toolkit/components/extensions/test/xpcshell/test_ext_contexts.js
+++ b/toolkit/components/extensions/test/xpcshell/test_ext_contexts.js
@@ -165,17 +165,17 @@ add_task(function* test_stringify_inacce
   let obj = Cu.evalInSandbox("({ local: true, nested: subobj })", sandbox);
   Assert.throws(() => {
     context.jsonStringify(obj);
   });
 });
 
 add_task(function* test_stringify_accessible() {
   // Test that an accessible property from another global is included
-  let principal = ssm.createExpandedPrincipal([PRINCIPAL1, PRINCIPAL2]);
+  let principal = Cu.getObjectPrincipal(Cu.Sandbox([PRINCIPAL1, PRINCIPAL2]));
   let context = new Context(principal);
   let sandbox = context.sandbox;
   let sandbox2 = Cu.Sandbox(PRINCIPAL2);
 
   Cu.waiveXrays(sandbox).subobj = Cu.evalInSandbox("({ subobject: true })", sandbox2);
   let obj = Cu.evalInSandbox("({ local: true, nested: subobj })", sandbox);
   let stringified = context.jsonStringify(obj);