Bug 750859 - Remove (most of) SetCanEnableCapability. r=bz
authorBobby Holley <bobbyholley@gmail.com>
Wed, 02 May 2012 23:57:34 +0200
changeset 97396 2a59d26bc6c7636c8439740156b4f2d70e4863db
parent 97395 05f7445feda30f190ec69d8270f0b482103b0a1f
child 97397 e0d9d5a0987b667cee54e4dc3fe21500d83c9aee
push id173
push userlsblakk@mozilla.com
push dateFri, 24 Aug 2012 15:39:16 +0000
treeherdermozilla-release@bcc45eb1fb41 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersbz
bugs750859
milestone15.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 750859 - Remove (most of) SetCanEnableCapability. r=bz
caps/idl/nsIPrincipal.idl
caps/idl/nsIScriptSecurityManager.idl
caps/include/nsPrincipal.h
caps/include/nsScriptSecurityManager.h
caps/src/nsNullPrincipal.cpp
caps/src/nsPrincipal.cpp
caps/src/nsScriptSecurityManager.cpp
caps/src/nsSystemPrincipal.cpp
ipc/testshell/XPCShellEnvironment.cpp
js/xpconnect/shell/xpcshell.cpp
--- a/caps/idl/nsIPrincipal.idl
+++ b/caps/idl/nsIPrincipal.idl
@@ -47,17 +47,17 @@ struct JSPrincipals;
 %}
 
 interface nsIURI;
 interface nsIContentSecurityPolicy;
 
 [ptr] native JSContext(JSContext);
 [ptr] native JSPrincipals(JSPrincipals);
 
-[scriptable, uuid(f8c4c89a-d726-421b-8415-3e34b241175b)]
+[scriptable, uuid(fb783979-b3f8-4e0d-980f-f0f83b0f505d)]
 interface nsIPrincipal : nsISerializable
 {
     /**
      * Values of capabilities for each principal. Order is
      * significant: if an operation is performed on a set
      * of capabilities, the minimum is computed.
      */
     const short ENABLE_DENIED                = 1;
@@ -110,18 +110,16 @@ interface nsIPrincipal : nsISerializable
     // permissions of a page) it should be a |void clearSecurityPolicy()|
     // method.
     [noscript] attribute voidPtr securityPolicy;
 
     // XXXcaa probably should be turned into {get|set}CapabilityFlags
     // XXXbz again, what if this lives in our hashtable and someone
     // messes with it?  Is that OK?
     [noscript] short canEnableCapability(in string capability);
-    [noscript] void setCanEnableCapability(in string capability,
-                                           in short canEnable);
     [noscript] boolean isCapabilityEnabled(in string capability,
                                            in voidPtr annotation);
     [noscript] void enableCapability(in string capability,
                                      inout voidPtr annotation);
     [noscript] void revertCapability(in string capability,
                                      inout voidPtr annotation);
     [noscript] void disableCapability(in string capability,
                                       inout voidPtr annotation);
--- a/caps/idl/nsIScriptSecurityManager.idl
+++ b/caps/idl/nsIScriptSecurityManager.idl
@@ -36,17 +36,17 @@
  * ***** END LICENSE BLOCK ***** */
 
 #include "nsISupports.idl"
 #include "nsIPrincipal.idl"
 #include "nsIXPCSecurityManager.idl"
 interface nsIURI;
 interface nsIChannel;
 
-[scriptable, uuid(50eda256-4dd2-4c7c-baed-96983910af9f)]
+[scriptable, uuid(d6cf287a-476a-43ba-aa03-70af4a01044e)]
 interface nsIScriptSecurityManager : nsIXPCSecurityManager
 {
     ///////////////// Security Checks //////////////////
     /**
      * Checks whether the running script is allowed to access aProperty.
      */
     [noscript] void checkPropertyAccess(in JSContextPtr aJSContext,
                                         in JSObjectPtr aJSObject,
@@ -240,22 +240,16 @@ interface nsIScriptSecurityManager : nsI
      */
     void disableCapability(in string capability);
 
     //////////////// Master Certificate Functions ////////////////////
     /**
      * Allow 'certificateID' to enable 'capability.' Can only be performed
      * by code signed by the system certificate.
      */
-    // XXXbz Capabilities can't have non-ascii chars?
-    // XXXbz ideally we'd pass a subjectName here too, and the nsISupports
-    // cert we're enabling for...
-    void setCanEnableCapability(in AUTF8String certificateFingerprint,
-                                in string capability,
-                                in short canEnable);
 
     ///////////////////////
     /**
      * Return the principal of the specified object in the specified context.
      */
     [noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx,
                                                in JSObjectPtr obj);
 
--- a/caps/include/nsPrincipal.h
+++ b/caps/include/nsPrincipal.h
@@ -102,16 +102,19 @@ public:
 
   virtual void GetScriptLocation(nsACString &aStr) MOZ_OVERRIDE;
 
 #ifdef DEBUG
   virtual void dumpImpl() MOZ_OVERRIDE;
 #endif 
 
 protected:
+  // Formerly an IDL method. Now just a protected helper.
+  nsresult SetCanEnableCapability(const char *capability, PRInt16 canEnable);
+
   nsTArray< nsAutoPtr<nsHashtable> > mAnnotations;
   nsHashtable* mCapabilities;
   nsCString mPrefName;
   static PRInt32 sCapabilitiesOrdinal;
 
   // XXXcaa This is a semi-hack.  The best solution here is to keep
   // a reference to an interface here, except there is no interface
   // that we can use yet.
--- a/caps/include/nsScriptSecurityManager.h
+++ b/caps/include/nsScriptSecurityManager.h
@@ -521,19 +521,16 @@ private:
     nsIPrincipal*
     GetPrincipalAndFrame(JSContext *cx,
                          JSStackFrame** frameResult,
                          nsresult* rv);
 
     static void
     FormatCapabilityString(nsAString& aCapability);
 
-    nsresult
-    SavePrincipal(nsIPrincipal* aToSave);
-
     /**
      * Check capability levels for an |aObj| that implements
      * nsISecurityCheckedComponent.
      *
      * NB: This function also checks to see if aObj is a plugin and the user
      * has set the "security.xpconnect.plugin.unrestricted" pref to allow
      * anybody to script plugin objects from anywhere.
      *
--- a/caps/src/nsNullPrincipal.cpp
+++ b/caps/src/nsNullPrincipal.cpp
@@ -216,24 +216,16 @@ nsNullPrincipal::CanEnableCapability(con
                                      PRInt16 *aResult)
 {
   // Null principal can enable no capabilities.
   *aResult = nsIPrincipal::ENABLE_DENIED;
   return NS_OK;
 }
 
 NS_IMETHODIMP 
-nsNullPrincipal::SetCanEnableCapability(const char *aCapability, 
-                                        PRInt16 aCanEnable)
-{
-  return NS_ERROR_NOT_AVAILABLE;
-}
-
-
-NS_IMETHODIMP 
 nsNullPrincipal::IsCapabilityEnabled(const char *aCapability, 
                                      void *aAnnotation, 
                                      bool *aResult)
 {
   // Nope.  No capabilities, I say!
   *aResult = false;
   return NS_OK;
 }
--- a/caps/src/nsPrincipal.cpp
+++ b/caps/src/nsPrincipal.cpp
@@ -537,17 +537,17 @@ nsPrincipal::CanEnableCapability(const c
     }
 
     start = space + 1;
   }
 
   return NS_OK;
 }
 
-NS_IMETHODIMP
+nsresult
 nsPrincipal::SetCanEnableCapability(const char *capability,
                                     PRInt16 canEnable)
 {
   // If this principal is marked invalid, can't enable any capabilities
   if (!mCapabilities) {
     mCapabilities = new nsHashtable(7);  // XXXbz gets bumped up to 16 anyway
     NS_ENSURE_TRUE(mCapabilities, NS_ERROR_OUT_OF_MEMORY);
   }
--- a/caps/src/nsScriptSecurityManager.cpp
+++ b/caps/src/nsScriptSecurityManager.cpp
@@ -2531,74 +2531,16 @@ nsScriptSecurityManager::doGetObjectPrin
         NS_ASSERTION(NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)),
                      "Principal mismatch.  Not good");
     }
 #endif
 
     return result;
 }
 
-nsresult
-nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave)
-{
-    //-- Save to mPrincipals
-    mPrincipals.Put(aToSave, aToSave);
-
-    //-- Save to prefs
-    nsXPIDLCString idPrefName;
-    nsXPIDLCString id;
-    nsXPIDLCString subjectName;
-    nsXPIDLCString grantedList;
-    nsXPIDLCString deniedList;
-    bool isTrusted;
-    nsresult rv = aToSave->GetPreferences(getter_Copies(idPrefName),
-                                          getter_Copies(id),
-                                          getter_Copies(subjectName),
-                                          getter_Copies(grantedList),
-                                          getter_Copies(deniedList),
-                                          &isTrusted);
-    if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-
-    nsCAutoString grantedPrefName;
-    nsCAutoString deniedPrefName;
-    nsCAutoString subjectNamePrefName;
-    rv = GetPrincipalPrefNames( idPrefName,
-                                grantedPrefName,
-                                deniedPrefName,
-                                subjectNamePrefName );
-    if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-
-    mIsWritingPrefs = true;
-    if (grantedList) {
-        Preferences::SetCString(grantedPrefName.get(), grantedList);
-    } else {
-        Preferences::ClearUser(grantedPrefName.get());
-    }
-
-    if (deniedList) {
-        Preferences::SetCString(deniedPrefName.get(), deniedList);
-    } else {
-        Preferences::ClearUser(deniedPrefName.get());
-    }
-
-    if (grantedList || deniedList) {
-        Preferences::SetCString(idPrefName, id);
-        Preferences::SetCString(subjectNamePrefName.get(), subjectName);
-    } else {
-        Preferences::ClearUser(idPrefName);
-        Preferences::ClearUser(subjectNamePrefName.get());
-    }
-
-    mIsWritingPrefs = false;
-
-    nsIPrefService* prefService = Preferences::GetService();
-    NS_ENSURE_TRUE(prefService, NS_ERROR_FAILURE);
-    return prefService->SavePrefFile(nsnull);
-}
-
 ///////////////// Capabilities API /////////////////////
 NS_IMETHODIMP
 nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
                                              bool *result)
 {
     nsresult rv;
     JSStackFrame *fp = nsnull;
     JSContext *cx = GetCurrentJSContext();
@@ -2859,81 +2801,16 @@ nsScriptSecurityManager::DisableCapabili
     if (!principal)
         return NS_ERROR_NOT_AVAILABLE;
     void *annotation = JS_GetFrameAnnotation(cx, fp);
     principal->DisableCapability(capability, &annotation);
     JS_SetFrameAnnotation(cx, fp, annotation);
     return NS_OK;
 }
 
-//////////////// Master Certificate Functions ///////////////////////////////////////
-NS_IMETHODIMP
-nsScriptSecurityManager::SetCanEnableCapability(const nsACString& certFingerprint,
-                                                const char* capability,
-                                                PRInt16 canEnable)
-{
-    NS_ENSURE_ARG(!certFingerprint.IsEmpty());
-    
-    nsresult rv;
-    nsIPrincipal* subjectPrincipal = doGetSubjectPrincipal(&rv);
-    if (NS_FAILED(rv))
-        return rv;
-
-    //-- Get the system certificate
-    if (!mSystemCertificate)
-    {
-        nsCOMPtr<nsIFile> systemCertFile;
-        nsCOMPtr<nsIProperties> directoryService =
-                 do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
-        if (!directoryService) return NS_ERROR_FAILURE;
-        rv = directoryService->Get(NS_XPCOM_CURRENT_PROCESS_DIR, NS_GET_IID(nsIFile),
-                              getter_AddRefs(systemCertFile));
-        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-        systemCertFile->AppendNative(NS_LITERAL_CSTRING("systemSignature.jar"));
-        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-        nsCOMPtr<nsIZipReader> systemCertZip = do_CreateInstance(kZipReaderCID, &rv);
-        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-        rv = systemCertZip->Open(systemCertFile);
-        if (NS_SUCCEEDED(rv))
-        {
-            rv = systemCertZip->GetCertificatePrincipal(EmptyCString(),
-                                                        getter_AddRefs(mSystemCertificate));
-            if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-        }
-    }
-
-    //-- Make sure the caller's principal is the system certificate
-    bool isEqual = false;
-    if (mSystemCertificate)
-    {
-        rv = mSystemCertificate->Equals(subjectPrincipal, &isEqual);
-        if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-    }
-    if (!isEqual)
-    {
-        JSContext* cx = GetCurrentJSContext();
-        if (!cx) return NS_ERROR_FAILURE;
-        static const char msg1[] = "Only code signed by the system certificate may call SetCanEnableCapability or Invalidate";
-        static const char msg2[] = "Attempt to call SetCanEnableCapability or Invalidate when no system certificate has been established";
-        SetPendingException(cx, mSystemCertificate ? msg1 : msg2);
-        return NS_ERROR_FAILURE;
-    }
-
-    //-- Get the target principal
-    nsCOMPtr<nsIPrincipal> objectPrincipal;
-    rv = DoGetCertificatePrincipal(certFingerprint, EmptyCString(),
-                                   EmptyCString(), nsnull,
-                                   nsnull, false,
-                                   getter_AddRefs(objectPrincipal));
-    if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-    rv = objectPrincipal->SetCanEnableCapability(capability, canEnable);
-    if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
-    return SavePrincipal(objectPrincipal);
-}
-
 ////////////////////////////////////////////////
 // Methods implementing nsIXPCSecurityManager //
 ////////////////////////////////////////////////
 
 NS_IMETHODIMP
 nsScriptSecurityManager::CanCreateWrapper(JSContext *cx,
                                           const nsIID &aIID,
                                           nsISupports *aObj,
--- a/caps/src/nsSystemPrincipal.cpp
+++ b/caps/src/nsSystemPrincipal.cpp
@@ -163,24 +163,16 @@ nsSystemPrincipal::CanEnableCapability(c
                                        PRInt16 *result)
 {
     // System principal can enable all capabilities.
     *result = nsIPrincipal::ENABLE_GRANTED;
     return NS_OK;
 }
 
 NS_IMETHODIMP 
-nsSystemPrincipal::SetCanEnableCapability(const char *capability, 
-                                          PRInt16 canEnable)
-{
-    return NS_ERROR_FAILURE;
-}
-
-
-NS_IMETHODIMP 
 nsSystemPrincipal::IsCapabilityEnabled(const char *capability, 
                                        void *annotation, 
                                        bool *result)
 {
     *result = true;
     return NS_OK;
 }
 
--- a/ipc/testshell/XPCShellEnvironment.cpp
+++ b/ipc/testshell/XPCShellEnvironment.cpp
@@ -868,24 +868,16 @@ FullTrustSecMan::RevertCapability(const 
 
 NS_IMETHODIMP
 FullTrustSecMan::DisableCapability(const char *capability)
 {
     return NS_OK;
 }
 
 NS_IMETHODIMP
-FullTrustSecMan::SetCanEnableCapability(const nsACString & certificateFingerprint,
-                                        const char *capability,
-                                        PRInt16 canEnable)
-{
-    return NS_OK;
-}
-
-NS_IMETHODIMP
 FullTrustSecMan::GetObjectPrincipal(JSContext * cx,
                                     JSObject * obj,
                                     nsIPrincipal **_retval)
 {
     NS_IF_ADDREF(*_retval = mSystemPrincipal);
     return *_retval ? NS_OK : NS_ERROR_FAILURE;
 }
 
--- a/js/xpconnect/shell/xpcshell.cpp
+++ b/js/xpconnect/shell/xpcshell.cpp
@@ -1516,25 +1516,16 @@ FullTrustSecMan::RevertCapability(const 
 
 /* void disableCapability (in string capability); */
 NS_IMETHODIMP
 FullTrustSecMan::DisableCapability(const char *capability)
 {
     return NS_OK;
 }
 
-/* void setCanEnableCapability (in AUTF8String certificateFingerprint, in string capability, in short canEnable); */
-NS_IMETHODIMP
-FullTrustSecMan::SetCanEnableCapability(const nsACString & certificateFingerprint,
-                                        const char *capability,
-                                        PRInt16 canEnable)
-{
-    return NS_OK;
-}
-
 /* [noscript] nsIPrincipal getObjectPrincipal (in JSContextPtr cx, in JSObjectPtr obj); */
 NS_IMETHODIMP
 FullTrustSecMan::GetObjectPrincipal(JSContext * cx, JSObject * obj,
                                     nsIPrincipal **_retval)
 {
     NS_IF_ADDREF(*_retval = mSystemPrincipal);
     return *_retval ? NS_OK : NS_ERROR_FAILURE;
 }