Backed out changeset 212e1383eb6e (bug 802366)
authorJustin Lebar <justin.lebar@gmail.com>
Tue, 30 Oct 2012 21:36:32 -0400
changeset 111985 b103561f6a8b232c6acd6f9fd15d928174db67e3
parent 111984 2729e28870beae00ee11f722dba6ef45151e34b5
child 111986 3bc04269c76a5e92473b975ff9108b67b951ba55
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
bugs802366
milestone19.0a1
backs out212e1383eb6ed9d9f6c13530e320bc65815501aa
Backed out changeset 212e1383eb6e (bug 802366)
caps/idl/nsIPrincipal.idl
--- a/caps/idl/nsIPrincipal.idl
+++ b/caps/idl/nsIPrincipal.idl
@@ -16,17 +16,17 @@ struct JSPrincipals;
 
 interface nsIURI;
 interface nsIContentSecurityPolicy;
 
 [ptr] native JSContext(JSContext);
 [ptr] native JSPrincipals(JSPrincipals);
 [ptr] native PrincipalArray(nsTArray<nsCOMPtr<nsIPrincipal> >);
 
-[scriptable, builtinclass, uuid(011966C0-8564-438D-B37A-08D7E1195E5A)]
+[scriptable, uuid(3a283dc9-f733-4618-a36f-e2b68c280ab7)]
 interface nsIPrincipal : nsISerializable
 {
     /**
      * Returns whether the other principal is equivalent to this principal.
      * Principals are considered equal if they are the same principal, or
      * they have the same origin.
      */
     boolean equals(in nsIPrincipal other);
@@ -154,76 +154,88 @@ interface nsIPrincipal : nsISerializable
     readonly attribute AUTF8String extendedOrigin;
 
     const short APP_STATUS_NOT_INSTALLED = 0;
     const short APP_STATUS_INSTALLED     = 1;
     const short APP_STATUS_PRIVILEGED    = 2;
     const short APP_STATUS_CERTIFIED     = 3;
 
     /**
-     * Gets the principal's app status, which indicates whether the principal
-     * corresponds to "app code", and if it does, how privileged that code is.
-     * This method returns one of the APP_STATUS constants above.
-     *
-     * Note that a principal may have
-     *
-     *   appId != nsIScriptSecurityManager::NO_APP_ID &&
-     *   appId != nsIScriptSecurityManager::UNKNOWN_APP_ID
-     *
-     * and still have appStatus == APP_STATUS_NOT_INSTALLED.  That's because
-     * appId identifies the app that contains this principal, but a window
-     * might be contained in an app and not be running code that the app has
-     * vouched for.  For example, the window might be inside an <iframe
-     * mozbrowser>, or the window's origin might not match the app's origin.
-     *
-     * If you're doing a check to determine "does this principal correspond to
-     * app code?", you must check appStatus; checking appId != NO_APP_ID is not
-     * sufficient.
+     * Shows the status of the app.
+     * Can be: APP_STATUS_NOT_INSTALLED, APP_STATUS_INSTALLED,
+     *         APP_STATUS_PRIVILEGED or APP_STATUS_CERTIFIED.
      */
-    [infallible] readonly attribute unsigned short appStatus;
+    readonly attribute unsigned short appStatus;
+
+    %{C++
+    uint16_t GetAppStatus()
+    {
+      uint16_t appStatus;
+      nsresult rv = GetAppStatus(&appStatus);
+      if (NS_FAILED(rv)) {
+        return APP_STATUS_NOT_INSTALLED;
+      }
+      return appStatus;
+    }
+    %}
 
     /**
-     * Gets the id of the app this principal is inside.  If this principal is
-     * not inside an app, returns nsIScriptSecurityManager::NO_APP_ID.
-     *
-     * Note that this principal does not necessarily have the permissions of
-     * the app identified by appId.  For example, this principal might
-     * correspond to an iframe whose origin differs from that of the app frame
-     * containing it.  In this case, the iframe will have the appId of its
-     * containing app frame, but the iframe must not run with the app's
-     * permissions.
-     *
-     * Similarly, this principal might correspond to an <iframe mozbrowser>
-     * inside an app frame; in this case, the content inside the iframe should
-     * not have any of the app's permissions, even if the iframe is at the same
-     * origin as the app.
-     *
-     * If you're doing a security check based on appId, you must check
-     * appStatus as well.
+     * Returns the app id the principal is in, or returns
+     * nsIScriptSecurityManager::NO_APP_ID if this principal isn't part of an
+     * app.
      */
-    [infallible] readonly attribute unsigned long appId;
+    readonly attribute unsigned long appId;
+
+    %{C++
+    uint32_t GetAppId()
+    {
+      uint32_t appId;
+      mozilla::DebugOnly<nsresult> rv = GetAppId(&appId);
+      MOZ_ASSERT(NS_SUCCEEDED(rv));
+      return appId;
+    }
+    %}
 
     /**
-     * Returns true iff the principal is inside a browser element.  (<iframe
-     * mozbrowser mozapp> does not count as a browser element.)
+     * Returns true iif the principal is inside a browser element.
      */
-    [infallible] readonly attribute boolean isInBrowserElement;
+    readonly attribute boolean isInBrowserElement;
+
+    %{C++
+    bool GetIsInBrowserElement()
+    {
+      bool isInBrowserElement;
+      mozilla::DebugOnly<nsresult> rv = GetIsInBrowserElement(&isInBrowserElement);
+      MOZ_ASSERT(NS_SUCCEEDED(rv));
+      return isInBrowserElement;
+    }
+    %}
 
     /**
      * Returns true if this principal has an unknown appId. This shouldn't
      * generally be used. We only expose it due to not providing the correct
      * appId everywhere where we construct principals.
      */
-    [infallible] readonly attribute boolean unknownAppId;
+    readonly attribute boolean unknownAppId;
+
+    %{C++
+    bool GetUnknownAppId()
+    {
+      bool unkwnownAppId;
+      mozilla::DebugOnly<nsresult> rv = GetUnknownAppId(&unkwnownAppId);
+      MOZ_ASSERT(NS_SUCCEEDED(rv));
+      return unkwnownAppId;
+    }
+    %}
 
     /**
      * Returns true iff this principal is a null principal (corresponding to an
      * unknown, hence assumed minimally privileged, security context).
      */
-    [infallible] readonly attribute boolean isNullPrincipal;
+    readonly attribute boolean isNullPrincipal;
 };
 
 /**
  * If nsSystemPrincipal is too risky to use, but we want a principal to access 
  * more than one origin, nsExpandedPrincipals letting us define an array of 
  * principals it subsumes. So script with an nsExpandedPrincipals will gain
  * same origin access when at least one of its principals it contains gained 
  * sameorigin acccess. An nsExpandedPrincipal will be subsumed by the system