| author | Bobby Holley <bobbyholley@gmail.com> |
| Wed, 02 May 2012 23:57:34 +0200 | |
| changeset 97396 | 2a59d26bc6c7636c8439740156b4f2d70e4863db |
| parent 97395 | 05f7445feda30f190ec69d8270f0b482103b0a1f |
| child 97397 | e0d9d5a0987b667cee54e4dc3fe21500d83c9aee |
| push id | 173 |
| push user | lsblakk@mozilla.com |
| push date | Fri, 24 Aug 2012 15:39:16 +0000 |
| treeherder | mozilla-release@bcc45eb1fb41 [default view] [failures only] |
| perfherder | [talos] [build metrics] [platform microbench] (compared to previous push) |
| reviewers | bz |
| bugs | 750859 |
| milestone | 15.0a1 |
| first release with | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
| last release without | nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
|
--- a/caps/idl/nsIPrincipal.idl +++ b/caps/idl/nsIPrincipal.idl @@ -47,17 +47,17 @@ struct JSPrincipals; %} interface nsIURI; interface nsIContentSecurityPolicy; [ptr] native JSContext(JSContext); [ptr] native JSPrincipals(JSPrincipals); -[scriptable, uuid(f8c4c89a-d726-421b-8415-3e34b241175b)] +[scriptable, uuid(fb783979-b3f8-4e0d-980f-f0f83b0f505d)] interface nsIPrincipal : nsISerializable { /** * Values of capabilities for each principal. Order is * significant: if an operation is performed on a set * of capabilities, the minimum is computed. */ const short ENABLE_DENIED = 1; @@ -110,18 +110,16 @@ interface nsIPrincipal : nsISerializable // permissions of a page) it should be a |void clearSecurityPolicy()| // method. [noscript] attribute voidPtr securityPolicy; // XXXcaa probably should be turned into {get|set}CapabilityFlags // XXXbz again, what if this lives in our hashtable and someone // messes with it? Is that OK? [noscript] short canEnableCapability(in string capability); - [noscript] void setCanEnableCapability(in string capability, - in short canEnable); [noscript] boolean isCapabilityEnabled(in string capability, in voidPtr annotation); [noscript] void enableCapability(in string capability, inout voidPtr annotation); [noscript] void revertCapability(in string capability, inout voidPtr annotation); [noscript] void disableCapability(in string capability, inout voidPtr annotation);
--- a/caps/idl/nsIScriptSecurityManager.idl +++ b/caps/idl/nsIScriptSecurityManager.idl @@ -36,17 +36,17 @@ * ***** END LICENSE BLOCK ***** */ #include "nsISupports.idl" #include "nsIPrincipal.idl" #include "nsIXPCSecurityManager.idl" interface nsIURI; interface nsIChannel; -[scriptable, uuid(50eda256-4dd2-4c7c-baed-96983910af9f)] +[scriptable, uuid(d6cf287a-476a-43ba-aa03-70af4a01044e)] interface nsIScriptSecurityManager : nsIXPCSecurityManager { ///////////////// Security Checks ////////////////// /** * Checks whether the running script is allowed to access aProperty. */ [noscript] void checkPropertyAccess(in JSContextPtr aJSContext, in JSObjectPtr aJSObject, @@ -240,22 +240,16 @@ interface nsIScriptSecurityManager : nsI */ void disableCapability(in string capability); //////////////// Master Certificate Functions //////////////////// /** * Allow 'certificateID' to enable 'capability.' Can only be performed * by code signed by the system certificate. */ - // XXXbz Capabilities can't have non-ascii chars? - // XXXbz ideally we'd pass a subjectName here too, and the nsISupports - // cert we're enabling for... - void setCanEnableCapability(in AUTF8String certificateFingerprint, - in string capability, - in short canEnable); /////////////////////// /** * Return the principal of the specified object in the specified context. */ [noscript] nsIPrincipal getObjectPrincipal(in JSContextPtr cx, in JSObjectPtr obj);
--- a/caps/include/nsPrincipal.h +++ b/caps/include/nsPrincipal.h @@ -102,16 +102,19 @@ public: virtual void GetScriptLocation(nsACString &aStr) MOZ_OVERRIDE; #ifdef DEBUG virtual void dumpImpl() MOZ_OVERRIDE; #endif protected: + // Formerly an IDL method. Now just a protected helper. + nsresult SetCanEnableCapability(const char *capability, PRInt16 canEnable); + nsTArray< nsAutoPtr<nsHashtable> > mAnnotations; nsHashtable* mCapabilities; nsCString mPrefName; static PRInt32 sCapabilitiesOrdinal; // XXXcaa This is a semi-hack. The best solution here is to keep // a reference to an interface here, except there is no interface // that we can use yet.
--- a/caps/include/nsScriptSecurityManager.h +++ b/caps/include/nsScriptSecurityManager.h @@ -521,19 +521,16 @@ private: nsIPrincipal* GetPrincipalAndFrame(JSContext *cx, JSStackFrame** frameResult, nsresult* rv); static void FormatCapabilityString(nsAString& aCapability); - nsresult - SavePrincipal(nsIPrincipal* aToSave); - /** * Check capability levels for an |aObj| that implements * nsISecurityCheckedComponent. * * NB: This function also checks to see if aObj is a plugin and the user * has set the "security.xpconnect.plugin.unrestricted" pref to allow * anybody to script plugin objects from anywhere. *
--- a/caps/src/nsNullPrincipal.cpp +++ b/caps/src/nsNullPrincipal.cpp @@ -216,24 +216,16 @@ nsNullPrincipal::CanEnableCapability(con PRInt16 *aResult) { // Null principal can enable no capabilities. *aResult = nsIPrincipal::ENABLE_DENIED; return NS_OK; } NS_IMETHODIMP -nsNullPrincipal::SetCanEnableCapability(const char *aCapability, - PRInt16 aCanEnable) -{ - return NS_ERROR_NOT_AVAILABLE; -} - - -NS_IMETHODIMP nsNullPrincipal::IsCapabilityEnabled(const char *aCapability, void *aAnnotation, bool *aResult) { // Nope. No capabilities, I say! *aResult = false; return NS_OK; }
--- a/caps/src/nsPrincipal.cpp +++ b/caps/src/nsPrincipal.cpp @@ -537,17 +537,17 @@ nsPrincipal::CanEnableCapability(const c } start = space + 1; } return NS_OK; } -NS_IMETHODIMP +nsresult nsPrincipal::SetCanEnableCapability(const char *capability, PRInt16 canEnable) { // If this principal is marked invalid, can't enable any capabilities if (!mCapabilities) { mCapabilities = new nsHashtable(7); // XXXbz gets bumped up to 16 anyway NS_ENSURE_TRUE(mCapabilities, NS_ERROR_OUT_OF_MEMORY); }
--- a/caps/src/nsScriptSecurityManager.cpp +++ b/caps/src/nsScriptSecurityManager.cpp @@ -2531,74 +2531,16 @@ nsScriptSecurityManager::doGetObjectPrin NS_ASSERTION(NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)), "Principal mismatch. Not good"); } #endif return result; } -nsresult -nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave) -{ - //-- Save to mPrincipals - mPrincipals.Put(aToSave, aToSave); - - //-- Save to prefs - nsXPIDLCString idPrefName; - nsXPIDLCString id; - nsXPIDLCString subjectName; - nsXPIDLCString grantedList; - nsXPIDLCString deniedList; - bool isTrusted; - nsresult rv = aToSave->GetPreferences(getter_Copies(idPrefName), - getter_Copies(id), - getter_Copies(subjectName), - getter_Copies(grantedList), - getter_Copies(deniedList), - &isTrusted); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - - nsCAutoString grantedPrefName; - nsCAutoString deniedPrefName; - nsCAutoString subjectNamePrefName; - rv = GetPrincipalPrefNames( idPrefName, - grantedPrefName, - deniedPrefName, - subjectNamePrefName ); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - - mIsWritingPrefs = true; - if (grantedList) { - Preferences::SetCString(grantedPrefName.get(), grantedList); - } else { - Preferences::ClearUser(grantedPrefName.get()); - } - - if (deniedList) { - Preferences::SetCString(deniedPrefName.get(), deniedList); - } else { - Preferences::ClearUser(deniedPrefName.get()); - } - - if (grantedList || deniedList) { - Preferences::SetCString(idPrefName, id); - Preferences::SetCString(subjectNamePrefName.get(), subjectName); - } else { - Preferences::ClearUser(idPrefName); - Preferences::ClearUser(subjectNamePrefName.get()); - } - - mIsWritingPrefs = false; - - nsIPrefService* prefService = Preferences::GetService(); - NS_ENSURE_TRUE(prefService, NS_ERROR_FAILURE); - return prefService->SavePrefFile(nsnull); -} - ///////////////// Capabilities API ///////////////////// NS_IMETHODIMP nsScriptSecurityManager::IsCapabilityEnabled(const char *capability, bool *result) { nsresult rv; JSStackFrame *fp = nsnull; JSContext *cx = GetCurrentJSContext(); @@ -2859,81 +2801,16 @@ nsScriptSecurityManager::DisableCapabili if (!principal) return NS_ERROR_NOT_AVAILABLE; void *annotation = JS_GetFrameAnnotation(cx, fp); principal->DisableCapability(capability, &annotation); JS_SetFrameAnnotation(cx, fp, annotation); return NS_OK; } -//////////////// Master Certificate Functions /////////////////////////////////////// -NS_IMETHODIMP -nsScriptSecurityManager::SetCanEnableCapability(const nsACString& certFingerprint, - const char* capability, - PRInt16 canEnable) -{ - NS_ENSURE_ARG(!certFingerprint.IsEmpty()); - - nsresult rv; - nsIPrincipal* subjectPrincipal = doGetSubjectPrincipal(&rv); - if (NS_FAILED(rv)) - return rv; - - //-- Get the system certificate - if (!mSystemCertificate) - { - nsCOMPtr<nsIFile> systemCertFile; - nsCOMPtr<nsIProperties> directoryService = - do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv); - if (!directoryService) return NS_ERROR_FAILURE; - rv = directoryService->Get(NS_XPCOM_CURRENT_PROCESS_DIR, NS_GET_IID(nsIFile), - getter_AddRefs(systemCertFile)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - systemCertFile->AppendNative(NS_LITERAL_CSTRING("systemSignature.jar")); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - nsCOMPtr<nsIZipReader> systemCertZip = do_CreateInstance(kZipReaderCID, &rv); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - rv = systemCertZip->Open(systemCertFile); - if (NS_SUCCEEDED(rv)) - { - rv = systemCertZip->GetCertificatePrincipal(EmptyCString(), - getter_AddRefs(mSystemCertificate)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - } - } - - //-- Make sure the caller's principal is the system certificate - bool isEqual = false; - if (mSystemCertificate) - { - rv = mSystemCertificate->Equals(subjectPrincipal, &isEqual); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - } - if (!isEqual) - { - JSContext* cx = GetCurrentJSContext(); - if (!cx) return NS_ERROR_FAILURE; - static const char msg1[] = "Only code signed by the system certificate may call SetCanEnableCapability or Invalidate"; - static const char msg2[] = "Attempt to call SetCanEnableCapability or Invalidate when no system certificate has been established"; - SetPendingException(cx, mSystemCertificate ? msg1 : msg2); - return NS_ERROR_FAILURE; - } - - //-- Get the target principal - nsCOMPtr<nsIPrincipal> objectPrincipal; - rv = DoGetCertificatePrincipal(certFingerprint, EmptyCString(), - EmptyCString(), nsnull, - nsnull, false, - getter_AddRefs(objectPrincipal)); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - rv = objectPrincipal->SetCanEnableCapability(capability, canEnable); - if (NS_FAILED(rv)) return NS_ERROR_FAILURE; - return SavePrincipal(objectPrincipal); -} - //////////////////////////////////////////////// // Methods implementing nsIXPCSecurityManager // //////////////////////////////////////////////// NS_IMETHODIMP nsScriptSecurityManager::CanCreateWrapper(JSContext *cx, const nsIID &aIID, nsISupports *aObj,
--- a/caps/src/nsSystemPrincipal.cpp +++ b/caps/src/nsSystemPrincipal.cpp @@ -163,24 +163,16 @@ nsSystemPrincipal::CanEnableCapability(c PRInt16 *result) { // System principal can enable all capabilities. *result = nsIPrincipal::ENABLE_GRANTED; return NS_OK; } NS_IMETHODIMP -nsSystemPrincipal::SetCanEnableCapability(const char *capability, - PRInt16 canEnable) -{ - return NS_ERROR_FAILURE; -} - - -NS_IMETHODIMP nsSystemPrincipal::IsCapabilityEnabled(const char *capability, void *annotation, bool *result) { *result = true; return NS_OK; }
--- a/ipc/testshell/XPCShellEnvironment.cpp +++ b/ipc/testshell/XPCShellEnvironment.cpp @@ -868,24 +868,16 @@ FullTrustSecMan::RevertCapability(const NS_IMETHODIMP FullTrustSecMan::DisableCapability(const char *capability) { return NS_OK; } NS_IMETHODIMP -FullTrustSecMan::SetCanEnableCapability(const nsACString & certificateFingerprint, - const char *capability, - PRInt16 canEnable) -{ - return NS_OK; -} - -NS_IMETHODIMP FullTrustSecMan::GetObjectPrincipal(JSContext * cx, JSObject * obj, nsIPrincipal **_retval) { NS_IF_ADDREF(*_retval = mSystemPrincipal); return *_retval ? NS_OK : NS_ERROR_FAILURE; }
--- a/js/xpconnect/shell/xpcshell.cpp +++ b/js/xpconnect/shell/xpcshell.cpp @@ -1516,25 +1516,16 @@ FullTrustSecMan::RevertCapability(const /* void disableCapability (in string capability); */ NS_IMETHODIMP FullTrustSecMan::DisableCapability(const char *capability) { return NS_OK; } -/* void setCanEnableCapability (in AUTF8String certificateFingerprint, in string capability, in short canEnable); */ -NS_IMETHODIMP -FullTrustSecMan::SetCanEnableCapability(const nsACString & certificateFingerprint, - const char *capability, - PRInt16 canEnable) -{ - return NS_OK; -} - /* [noscript] nsIPrincipal getObjectPrincipal (in JSContextPtr cx, in JSObjectPtr obj); */ NS_IMETHODIMP FullTrustSecMan::GetObjectPrincipal(JSContext * cx, JSObject * obj, nsIPrincipal **_retval) { NS_IF_ADDREF(*_retval = mSystemPrincipal); return *_retval ? NS_OK : NS_ERROR_FAILURE; }