Bug 789224 - Remove miscellaneous UniversalXPConnect checks sprinkled throughout gecko. r=mrbkap
authorBobby Holley <bobbyholley@gmail.com>
Mon, 22 Oct 2012 08:29:55 +0200
changeset 111134 d7c0dc5df1196d68d20c8c7065336f82b400caa3
parent 111133 03cd2ad254cc8e2067555cc11ec186f471c861ea
child 111135 77749ba52bbf3e5e857e182577cc199b5ab38906
push id93
push usernmatsakis@mozilla.com
push dateWed, 31 Oct 2012 21:26:57 +0000
reviewersmrbkap
bugs789224
milestone19.0a1
Bug 789224 - Remove miscellaneous UniversalXPConnect checks sprinkled throughout gecko. r=mrbkap
content/base/src/nsContentUtils.cpp
content/base/src/nsDOMParser.cpp
content/base/src/nsINode.cpp
content/base/src/nsXMLHttpRequest.cpp
content/events/src/nsDOMEvent.cpp
content/xbl/src/nsXBLContentSink.cpp
content/xul/document/src/nsXULDocument.cpp
content/xul/document/src/nsXULDocument.h
docshell/base/nsDocShell.cpp
dom/base/nsBarProps.cpp
dom/base/nsDOMClassInfo.cpp
dom/base/nsDOMClassInfo.h
dom/base/nsDOMWindowUtils.cpp
dom/base/nsJSEnvironment.cpp
dom/workers/RuntimeService.cpp
dom/workers/WorkerPrivate.cpp
embedding/components/find/src/nsWebBrowserFind.cpp
embedding/components/windowwatcher/src/nsWindowWatcher.cpp
--- a/content/base/src/nsContentUtils.cpp
+++ b/content/base/src/nsContentUtils.cpp
@@ -1532,21 +1532,17 @@ nsContentUtils::Shutdown()
   EncodingUtils::Shutdown();
   nsTextEditorState::ShutDown();
 }
 
 // static
 bool
 nsContentUtils::CallerHasUniversalXPConnect()
 {
-  bool hasCap;
-  if (NS_FAILED(sSecurityManager->IsCapabilityEnabled("UniversalXPConnect",
-                                                      &hasCap)))
-    return false;
-  return hasCap;
+  return IsCallerChrome();
 }
 
 /**
  * Checks whether two nodes come from the same origin. aTrustedNode is
  * considered 'safe' in that a user can operate on it and that it isn't
  * a js-object that implements nsIDOMNode.
  * Never call this function with the first node provided by script, it
  * must always be known to be a 'real' node!
@@ -1777,18 +1773,22 @@ nsContentUtils::GetDocumentFromContext()
 bool
 nsContentUtils::IsCallerChrome()
 {
   bool is_caller_chrome = false;
   nsresult rv = sSecurityManager->SubjectPrincipalIsSystem(&is_caller_chrome);
   if (NS_FAILED(rv)) {
     return false;
   }
-
-  return is_caller_chrome;
+  if (is_caller_chrome) {
+    return true;
+  }
+
+  // If the check failed, look for UniversalXPConnect on the cx compartment.
+  return xpc::IsUniversalXPConnectEnabled(GetCurrentJSContext());
 }
 
 bool
 nsContentUtils::IsCallerTrustedForRead()
 {
   return CallerHasUniversalXPConnect();
 }
 
--- a/content/base/src/nsDOMParser.cpp
+++ b/content/base/src/nsDOMParser.cpp
@@ -319,25 +319,19 @@ JSvalToInterface(JSContext* cx, JS::Valu
   return nsQueryInterface(nullptr);
 }
 
 static nsresult
 GetInitArgs(JSContext *cx, uint32_t argc, jsval *argv,
             nsIPrincipal** aPrincipal, nsIURI** aDocumentURI,
             nsIURI** aBaseURI)
 {
-  // Only proceed if the caller has UniversalXPConnect.
-  bool haveUniversalXPConnect;
-  nsresult rv = nsContentUtils::GetSecurityManager()->
-    IsCapabilityEnabled("UniversalXPConnect", &haveUniversalXPConnect);
-  NS_ENSURE_SUCCESS(rv, rv);
-
-  if (!haveUniversalXPConnect) {
+  if (!nsContentUtils::IsCallerChrome()) {
     return NS_ERROR_DOM_SECURITY_ERR;
-  }    
+  }
   
   nsIXPConnect* xpc = nsContentUtils::XPConnect();
   
   // First arg is our principal.  If someone passes something that's
   // not a principal and not null, die to prevent privilege escalation.
   bool wasNull;
   nsCOMPtr<nsIPrincipal> prin = JSvalToInterface(cx, argv[0], xpc, &wasNull);
   if (!prin && !wasNull) {
--- a/content/base/src/nsINode.cpp
+++ b/content/base/src/nsINode.cpp
@@ -2305,24 +2305,19 @@ nsINode::WrapObject(JSContext *aCx, JSOb
   // (2) Our owner document has had a script handling object, or has been marked
   //     to have had one,
   // (3) we are running a privileged script.
   // Event handling is possible only if (1). If (2) event handling is
   // prevented.
   // If the document has never had a script handling object, untrusted
   // scripts (3) shouldn't touch it!
   bool hasHadScriptHandlingObject = false;
-  bool enabled;
-  nsIScriptSecurityManager* securityManager;
   if (!OwnerDoc()->GetScriptHandlingObject(hasHadScriptHandlingObject) &&
       !hasHadScriptHandlingObject &&
-      !((securityManager = nsContentUtils::GetSecurityManager()) &&
-        NS_SUCCEEDED(securityManager->IsCapabilityEnabled("UniversalXPConnect",
-                                                          &enabled)) &&
-        enabled)) {
+      !nsContentUtils::IsCallerChrome()) {
     Throw<true>(aCx, NS_ERROR_UNEXPECTED);
     *aTriedToWrap = true;
     return nullptr;
   }
 
   return WrapNode(aCx, aScope, aTriedToWrap);
 }
 
--- a/content/base/src/nsXMLHttpRequest.cpp
+++ b/content/base/src/nsXMLHttpRequest.cpp
@@ -169,25 +169,16 @@ private:
 static void AddLoadFlags(nsIRequest *request, nsLoadFlags newFlags)
 {
   nsLoadFlags flags;
   request->GetLoadFlags(&flags);
   flags |= newFlags;
   request->SetLoadFlags(flags);
 }
 
-static nsresult IsCapabilityEnabled(const char *capability, bool *enabled)
-{
-  nsIScriptSecurityManager *secMan = nsContentUtils::GetSecurityManager();
-  if (!secMan)
-    return NS_ERROR_FAILURE;
-
-  return secMan->IsCapabilityEnabled(capability, enabled);
-}
-
 // Helper proxy class to be used when expecting an
 // multipart/x-mixed-replace stream of XML documents.
 
 class nsMultipartProxyListener : public nsIStreamListener
 {
 public:
   nsMultipartProxyListener(nsIStreamListener *dest);
   virtual ~nsMultipartProxyListener();
@@ -1470,19 +1461,17 @@ nsXMLHttpRequest::GetResponseHeader(cons
         _retval.AppendInt(length);
       }
     }
 
     return;
   }
 
   // See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts.
-  bool chrome = false; // default to false in case IsCapabilityEnabled fails
-  IsCapabilityEnabled("UniversalXPConnect", &chrome);
-  if (!chrome &&
+  if (!nsContentUtils::IsCallerChrome() &&
        (header.LowerCaseEqualsASCII("set-cookie") ||
         header.LowerCaseEqualsASCII("set-cookie2"))) {
     NS_WARNING("blocked access to response header");
     return;
   }
 
   // Check for dangerous headers
   if (mState & XML_HTTP_REQUEST_USE_XSITE_AC) {
@@ -3187,23 +3176,19 @@ nsXMLHttpRequest::SetRequestHeader(const
     return NS_ERROR_FAILURE; // must be called before first setRequestHeader()
 
   nsCOMPtr<nsIHttpChannel> httpChannel = do_QueryInterface(mChannel);
   if (!httpChannel) {
     return NS_OK;
   }
 
   // Prevent modification to certain HTTP headers (see bug 302263), unless
-  // the executing script has UniversalXPConnect.
-
-  bool privileged;
-  if (NS_FAILED(IsCapabilityEnabled("UniversalXPConnect", &privileged)))
-    return NS_ERROR_FAILURE;
-
-  if (!privileged) {
+  // the executing script is privileged.
+
+  if (!nsContentUtils::IsCallerChrome()) {
     // Step 5: Check for dangerous headers.
     const char *kInvalidHeaders[] = {
       "accept-charset", "accept-encoding", "access-control-request-headers",
       "access-control-request-method", "connection", "content-length",
       "cookie", "cookie2", "content-transfer-encoding", "date", "dnt",
       "expect", "host", "keep-alive", "origin", "referer", "te", "trailer",
       "transfer-encoding", "upgrade", "user-agent", "via"
     };
@@ -3418,23 +3403,17 @@ nsXMLHttpRequest::SetMozBackgroundReques
   nsresult rv = NS_OK;
   SetMozBackgroundRequest(aMozBackgroundRequest, rv);
   return rv;
 }
 
 void
 nsXMLHttpRequest::SetMozBackgroundRequest(bool aMozBackgroundRequest, nsresult& aRv)
 {
-  bool privileged;
-  aRv = IsCapabilityEnabled("UniversalXPConnect", &privileged);
-  if (NS_FAILED(aRv)) {
-    return;
-  }
-
-  if (!privileged) {
+  if (!nsContentUtils::IsCallerChrome()) {
     aRv = NS_ERROR_DOM_SECURITY_ERR;
     return;
   }
 
   if (!(mState & XML_HTTP_REQUEST_UNSENT)) {
     // Can't change this while we're in the middle of something.
     aRv = NS_ERROR_IN_PROGRESS;
     return;
@@ -4025,19 +4004,17 @@ nsXMLHttpRequest::EnsureXPCOMifier()
 }
 
 NS_IMPL_ISUPPORTS1(nsXMLHttpRequest::nsHeaderVisitor, nsIHttpHeaderVisitor)
 
 NS_IMETHODIMP nsXMLHttpRequest::
 nsHeaderVisitor::VisitHeader(const nsACString &header, const nsACString &value)
 {
     // See bug #380418. Hide "Set-Cookie" headers from non-chrome scripts.
-    bool chrome = false; // default to false in case IsCapabilityEnabled fails
-    IsCapabilityEnabled("UniversalXPConnect", &chrome);
-    if (!chrome &&
+    if (!nsContentUtils::IsCallerChrome() &&
          (header.LowerCaseEqualsASCII("set-cookie") ||
           header.LowerCaseEqualsASCII("set-cookie2"))) {
         NS_WARNING("blocked access to response header");
     } else {
         mHeaders.Append(header);
         mHeaders.Append(": ");
         mHeaders.Append(value);
         mHeaders.Append("\r\n");
--- a/content/events/src/nsDOMEvent.cpp
+++ b/content/events/src/nsDOMEvent.cpp
@@ -467,22 +467,17 @@ nsDOMEvent::SetEventType(const nsAString
 NS_IMETHODIMP
 nsDOMEvent::InitEvent(const nsAString& aEventTypeArg, bool aCanBubbleArg, bool aCancelableArg)
 {
   // Make sure this event isn't already being dispatched.
   NS_ENSURE_TRUE(!NS_IS_EVENT_IN_DISPATCH(mEvent), NS_OK);
 
   if (NS_IS_TRUSTED_EVENT(mEvent)) {
     // Ensure the caller is permitted to dispatch trusted DOM events.
-
-    bool enabled = false;
-    nsContentUtils::GetSecurityManager()->
-      IsCapabilityEnabled("UniversalXPConnect", &enabled);
-
-    if (!enabled) {
+    if (!nsContentUtils::IsCallerChrome()) {
       SetTrusted(false);
     }
   }
 
   SetEventType(aEventTypeArg);
 
   if (aCanBubbleArg) {
     mEvent->flags &= ~NS_EVENT_FLAG_CANT_BUBBLE;
--- a/content/xbl/src/nsXBLContentSink.cpp
+++ b/content/xbl/src/nsXBLContentSink.cpp
@@ -718,29 +718,18 @@ nsXBLContentSink::ConstructImplementatio
     }
 
     // Is this attribute one of the ones we care about?
     if (localName == nsGkAtoms::name) {
       name = aAtts[1];
     }
     else if (localName == nsGkAtoms::implements) {
       // Only allow implementation of interfaces via XBL if the principal of
-      // our XBL document has UniversalXPConnect privileges.  No principal
-      // means no privs!
-      
-      // XXX this api is so badly tied to JS it's not even funny.  We don't
-      // have a concept of enabling capabilities on a per-principal basis,
-      // but only on a per-principal-and-JS-stackframe basis!  So for now
-      // this is basically equivalent to testing that we have the system
-      // principal, since there is no JS stackframe in sight here...
-      bool hasUniversalXPConnect;
-      nsresult rv = mDocument->NodePrincipal()->
-        IsCapabilityEnabled("UniversalXPConnect", nullptr,
-                            &hasUniversalXPConnect);
-      if (NS_SUCCEEDED(rv) && hasUniversalXPConnect) {
+      // our XBL document is the system principal.
+      if (nsContentUtils::IsSystemPrincipal(mDocument->NodePrincipal())) {
         mBinding->ConstructInterfaceTable(nsDependentString(aAtts[1]));
       }
     }
   }
 
   NS_NewXBLProtoImpl(mBinding, name, &mImplementation);
 }
 
--- a/content/xul/document/src/nsXULDocument.cpp
+++ b/content/xul/document/src/nsXULDocument.cpp
@@ -1333,38 +1333,22 @@ nsXULDocument::Persist(const nsAString& 
     }
 
     rv = Persist(element, nameSpaceID, tag);
     if (NS_FAILED(rv)) return rv;
 
     return NS_OK;
 }
 
-
-bool
-nsXULDocument::IsCapabilityEnabled(const char* aCapabilityLabel)
-{
-    nsresult rv;
-
-    // NodePrincipal is guarantied to be non-null
-    bool enabled = false;
-    rv = NodePrincipal()->IsCapabilityEnabled(aCapabilityLabel, nullptr, &enabled);
-    if (NS_FAILED(rv))
-        return false;
- 
-    return enabled;
-}
-
-
 nsresult
 nsXULDocument::Persist(nsIContent* aElement, int32_t aNameSpaceID,
                        nsIAtom* aAttribute)
 {
     // For non-chrome documents, persistance is simply broken
-    if (!IsCapabilityEnabled("UniversalXPConnect"))
+    if (!nsContentUtils::IsSystemPrincipal(NodePrincipal()))
         return NS_ERROR_NOT_AVAILABLE;
 
     // First make sure we _have_ a local store to stuff the persisted
     // information into. (We might not have one if profile information
     // hasn't been loaded yet...)
     if (!mLocalStore)
         return NS_OK;
 
@@ -2104,17 +2088,17 @@ nsXULDocument::PrepareToLoadPrototype(ns
     return NS_OK;
 }
 
 
 nsresult
 nsXULDocument::ApplyPersistentAttributes()
 {
     // For non-chrome documents, persistance is simply broken
-    if (!IsCapabilityEnabled("UniversalXPConnect"))
+    if (!nsContentUtils::IsSystemPrincipal(NodePrincipal()))
         return NS_ERROR_NOT_AVAILABLE;
 
     // Add all of the 'persisted' attributes into the content
     // model.
     if (!mLocalStore)
         return NS_OK;
 
     mApplyingPersistedAttrs = true;
--- a/content/xul/document/src/nsXULDocument.h
+++ b/content/xul/document/src/nsXULDocument.h
@@ -240,19 +240,16 @@ protected:
     static nsIRDFResource* kNC_persist;
     static nsIRDFResource* kNC_attribute;
     static nsIRDFResource* kNC_value;
 
     static nsXULPrototypeCache* gXULCache;
 
     static PRLogModuleInfo* gXULLog;
 
-    bool
-    IsCapabilityEnabled(const char* aCapabilityLabel);
-
     nsresult
     Persist(nsIContent* aElement, int32_t aNameSpaceID, nsIAtom* aAttribute);
 
     // IMPORTANT: The ownership implicit in the following member
     // variables has been explicitly checked and set using nsCOMPtr
     // for owning pointers and raw COM interface pointers for weak
     // (ie, non owning) references. If you add any members to this
     // class, please make the ownership explicit (pinkerton, scc).
--- a/docshell/base/nsDocShell.cpp
+++ b/docshell/base/nsDocShell.cpp
@@ -1656,49 +1656,33 @@ nsDocShell::MaybeInitTiming()
 // file: uris are considered the same domain for the purpose of
 // frame navigation regardless of script accessibility (bug 420425)
 //
 /* static */
 bool
 nsDocShell::ValidateOrigin(nsIDocShellTreeItem* aOriginTreeItem,
                            nsIDocShellTreeItem* aTargetTreeItem)
 {
-    nsCOMPtr<nsIScriptSecurityManager> securityManager =
-        do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID);
-    NS_ENSURE_TRUE(securityManager, false);
-
-    nsCOMPtr<nsIPrincipal> subjectPrincipal;
-    nsresult rv =
-        securityManager->GetSubjectPrincipal(getter_AddRefs(subjectPrincipal));
-    NS_ENSURE_SUCCESS(rv, false);
-
-    if (subjectPrincipal) {
-        // We're called from JS, check if UniversalXPConnect is
-        // enabled.
-        bool ubwEnabled = false;
-        rv = securityManager->IsCapabilityEnabled("UniversalXPConnect",
-                                                  &ubwEnabled);
-        NS_ENSURE_SUCCESS(rv, false);
-
-        if (ubwEnabled) {
-            return true;
-        }
+    // We want to bypass this check for chrome callers, but only if there's
+    // JS on the stack. System callers still need to do it.
+    if (nsContentUtils::GetCurrentJSContext() && nsContentUtils::IsCallerChrome()) {
+        return true;
     }
 
     // Get origin document principal
     nsCOMPtr<nsIDocument> originDocument(do_GetInterface(aOriginTreeItem));
     NS_ENSURE_TRUE(originDocument, false);
 
     // Get target principal
     nsCOMPtr<nsIDocument> targetDocument(do_GetInterface(aTargetTreeItem));
     NS_ENSURE_TRUE(targetDocument, false);
 
     bool equal;
-    rv = originDocument->NodePrincipal()->
-            Equals(targetDocument->NodePrincipal(), &equal);
+    nsresult rv = originDocument->NodePrincipal()->Equals(targetDocument->NodePrincipal(),
+                                                          &equal);
     if (NS_SUCCEEDED(rv) && equal) {
         return true;
     }
 
     // Not strictly equal, special case if both are file: uris
     bool originIsFile = false;
     bool targetIsFile = false;
     nsCOMPtr<nsIURI> originURI;
@@ -8182,31 +8166,23 @@ nsDocShell::CheckLoadingPermissions()
 
     if (!gValidateOrigin || !IsFrame()) {
         // Origin validation was turned off, or we're not a frame.
         // Permit all loads.
 
         return rv;
     }
 
+    nsCOMPtr<nsIScriptSecurityManager> securityManager =
+      do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
+    NS_ENSURE_SUCCESS(rv, rv);
+
     // We're a frame. Check that the caller has write permission to
     // the parent before allowing it to load anything into this
     // docshell.
-
-    nsCOMPtr<nsIScriptSecurityManager> securityManager =
-        do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
-    NS_ENSURE_SUCCESS(rv, rv);
-
-    bool ubwEnabled = false;
-    rv = securityManager->IsCapabilityEnabled("UniversalXPConnect",
-                                              &ubwEnabled);
-    if (NS_FAILED(rv) || ubwEnabled) {
-        return rv;
-    }
-
     nsCOMPtr<nsIPrincipal> subjPrincipal;
     rv = securityManager->GetSubjectPrincipal(getter_AddRefs(subjPrincipal));
     NS_ENSURE_TRUE(NS_SUCCEEDED(rv) && subjPrincipal, rv);
 
     // Check if the caller is from the same origin as this docshell,
     // or any of its ancestors.
     nsCOMPtr<nsIDocShellTreeItem> item(this);
     do {
--- a/dom/base/nsBarProps.cpp
+++ b/dom/base/nsBarProps.cpp
@@ -10,16 +10,17 @@
 #include "nsGlobalWindow.h"
 #include "nsStyleConsts.h"
 #include "nsIDocShell.h"
 #include "nsIScriptSecurityManager.h"
 #include "nsIScrollable.h"
 #include "nsIWebBrowserChrome.h"
 #include "nsIDOMWindow.h"
 #include "nsDOMClassInfoID.h"
+#include "nsContentUtils.h"
 
 //
 //  Basic (virtual) BarProp class implementation
 //
 nsBarProp::nsBarProp(nsGlobalWindow *aWindow)
 {
   mDOMWindow = aWindow;
   nsISupports *supwin = static_cast<nsIScriptGlobalObject *>(aWindow);
@@ -63,23 +64,17 @@ nsBarProp::GetVisibleByFlag(bool *aVisib
 }
 
 NS_IMETHODIMP
 nsBarProp::SetVisibleByFlag(bool aVisible, uint32_t aChromeFlag)
 {
   nsCOMPtr<nsIWebBrowserChrome> browserChrome = GetBrowserChrome();
   NS_ENSURE_TRUE(browserChrome, NS_OK);
 
-  bool enabled = false;
-
-  nsCOMPtr<nsIScriptSecurityManager>
-           securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
-  if (securityManager)
-    securityManager->IsCapabilityEnabled("UniversalXPConnect", &enabled);
-  if (!enabled)
+  if (!nsContentUtils::IsCallerChrome())
     return NS_OK;
 
   uint32_t chromeFlags;
 
   NS_ENSURE_SUCCESS(browserChrome->GetChromeFlags(&chromeFlags),
                     NS_ERROR_FAILURE);
   if (aVisible)
     chromeFlags |= aChromeFlag;
@@ -280,23 +275,17 @@ nsScrollbarsProp::GetVisible(bool *aVisi
   }
 
   return NS_OK;
 }
 
 NS_IMETHODIMP
 nsScrollbarsProp::SetVisible(bool aVisible)
 {
-  bool     enabled = false;
-
-  nsCOMPtr<nsIScriptSecurityManager>
-           securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
-  if (securityManager)
-    securityManager->IsCapabilityEnabled("UniversalXPConnect", &enabled);
-  if (!enabled)
+  if (!nsContentUtils::IsCallerChrome())
     return NS_OK;
 
   /* Scrollbars, unlike the other barprops, implement visibility directly
      rather than handing off to the superclass (and from there to the
      chrome window) because scrollbar visibility uniquely applies only
      to the window making the change (arguably. it does now, anyway.)
      and because embedding apps have no interface for implementing this
      themselves, and therefore the implementation must be internal. */
--- a/dom/base/nsDOMClassInfo.cpp
+++ b/dom/base/nsDOMClassInfo.cpp
@@ -7717,25 +7717,16 @@ nsNodeSH::PostCreatePrototype(JSContext 
                           JSVAL_VOID, GetterShim<BaseURIObjectGetter>,
                           nullptr,
                           JSPROP_READONLY | JSPROP_SHARED);
   }
 
   return rv;
 }
 
-bool
-nsNodeSH::IsCapabilityEnabled(const char* aCapability)
-{
-  bool enabled;
-  return sSecMan &&
-    NS_SUCCEEDED(sSecMan->IsCapabilityEnabled(aCapability, &enabled)) &&
-    enabled;
-}
-
 NS_IMETHODIMP
 nsNodeSH::PreCreate(nsISupports *nativeObj, JSContext *cx, JSObject *globalObj,
                     JSObject **parentObj)
 {
   nsINode *node = static_cast<nsINode*>(nativeObj);
   
 #ifdef DEBUG
   {
@@ -7761,17 +7752,17 @@ nsNodeSH::PreCreate(nsISupports *nativeO
   // (2) has had one, or has been marked to have had one,
   // (3) we are running a privileged script.
   // Event handling is possible only if (1). If (2) event handling is prevented.
   // If document has never had a script handling object,
   // untrusted scripts (3) shouldn't touch it!
   bool hasHadScriptHandlingObject = false;
   NS_ENSURE_STATE(doc->GetScriptHandlingObject(hasHadScriptHandlingObject) ||
                   hasHadScriptHandlingObject ||
-                  IsPrivilegedScript());
+                  nsContentUtils::IsCallerChrome());
 
   nsINode *native_parent;
 
   bool nodeIsElement = node->IsElement();
   if (nodeIsElement && node->AsElement()->IsXUL()) {
     // For XUL elements, use the parent, if any.
     native_parent = node->GetParent();
 
--- a/dom/base/nsDOMClassInfo.h
+++ b/dom/base/nsDOMClassInfo.h
@@ -513,23 +513,16 @@ protected:
   nsNodeSH(nsDOMClassInfoData* aData) : nsDOMGenericSH(aData)
   {
   }
 
   virtual ~nsNodeSH()
   {
   }
 
-  // Helper to check whether a capability is enabled
-  bool IsCapabilityEnabled(const char* aCapability);
-
-  inline bool IsPrivilegedScript() {
-    return IsCapabilityEnabled("UniversalXPConnect");
-  }
-
 public:
   NS_IMETHOD PreCreate(nsISupports *nativeObj, JSContext *cx,
                        JSObject *globalObj, JSObject **parentObj);
   NS_IMETHOD PostCreatePrototype(JSContext * cx, JSObject * proto);
   NS_IMETHOD AddProperty(nsIXPConnectWrappedNative *wrapper, JSContext *cx,
                          JSObject *obj, jsid id, jsval *vp, bool *_retval);
   NS_IMETHOD NewResolve(nsIXPConnectWrappedNative *wrapper, JSContext *cx,
                         JSObject *obj, jsid id, uint32_t flags,
--- a/dom/base/nsDOMWindowUtils.cpp
+++ b/dom/base/nsDOMWindowUtils.cpp
@@ -69,21 +69,17 @@
 
 using namespace mozilla;
 using namespace mozilla::dom;
 using namespace mozilla::layers;
 using namespace mozilla::widget;
 
 static bool IsUniversalXPConnectCapable()
 {
-  bool hasCap = false;
-  nsresult rv = nsContentUtils::GetSecurityManager()->
-                  IsCapabilityEnabled("UniversalXPConnect", &hasCap);
-  NS_ENSURE_SUCCESS(rv, false);
-  return hasCap;
+  return nsContentUtils::IsCallerChrome();
 }
 
 DOMCI_DATA(WindowUtils, nsDOMWindowUtils)
 
 NS_INTERFACE_MAP_BEGIN(nsDOMWindowUtils)
   NS_INTERFACE_MAP_ENTRY_AMBIGUOUS(nsISupports, nsIDOMWindowUtils)
   NS_INTERFACE_MAP_ENTRY(nsIDOMWindowUtils)
   NS_INTERFACE_MAP_ENTRY(nsISupportsWeakReference)
--- a/dom/base/nsJSEnvironment.cpp
+++ b/dom/base/nsJSEnvironment.cpp
@@ -2455,20 +2455,17 @@ nsJSContext::AddSupportsPrimitiveTojsval
 #ifdef XP_WIN32
 #include <io.h>
 #endif
 #include "nsTraceMalloc.h"
 
 static JSBool
 CheckUniversalXPConnectForTraceMalloc(JSContext *cx)
 {
-    bool hasCap = false;
-    nsresult rv = nsContentUtils::GetSecurityManager()->
-                    IsCapabilityEnabled("UniversalXPConnect", &hasCap);
-    if (NS_SUCCEEDED(rv) && hasCap)
+    if (nsContentUtils::IsCallerChrome())
         return JS_TRUE;
     JS_ReportError(cx, "trace-malloc functions require UniversalXPConnect");
     return JS_FALSE;
 }
 
 static JSBool
 TraceMallocDisable(JSContext *cx, unsigned argc, jsval *vp)
 {
--- a/dom/workers/RuntimeService.cpp
+++ b/dom/workers/RuntimeService.cpp
@@ -527,26 +527,17 @@ ResolveWorkerClasses(JSContext* aCx, JSH
     }
   }
 
   bool isChrome = false;
   bool shouldResolve = false;
 
   for (uint32_t i = 0; i < ID_COUNT; i++) {
     if (gStringIDs[i] == aId) {
-      nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
-      NS_ASSERTION(ssm, "This should never be null!");
-
-      bool enabled;
-      if (NS_FAILED(ssm->IsCapabilityEnabled("UniversalXPConnect", &enabled))) {
-        NS_WARNING("IsCapabilityEnabled failed!");
-        isChrome = false;
-      }
-
-      isChrome = !!enabled;
+      isChrome = nsContentUtils::IsCallerChrome();
 
       // Don't resolve if this is ChromeWorker and we're not chrome. Otherwise
       // always resolve.
       shouldResolve = gStringIDs[ID_ChromeWorker] == aId ? isChrome : true;
       break;
     }
   }
 
--- a/dom/workers/WorkerPrivate.cpp
+++ b/dom/workers/WorkerPrivate.cpp
@@ -2510,21 +2510,17 @@ WorkerPrivate::Create(JSContext* aCx, JS
     domain = aParent->Domain();
   }
   else {
     AssertIsOnMainThread();
 
     nsIScriptSecurityManager* ssm = nsContentUtils::GetSecurityManager();
     NS_ASSERTION(ssm, "This should never be null!");
 
-    bool isChrome;
-    if (NS_FAILED(ssm->IsCapabilityEnabled("UniversalXPConnect", &isChrome))) {
-      NS_WARNING("IsCapabilityEnabled failed!");
-      isChrome = false;
-    }
+    bool isChrome = nsContentUtils::IsCallerChrome();
 
     // First check to make sure the caller has permission to make a
     // ChromeWorker if they called the ChromeWorker constructor.
     if (aIsChromeWorker && !isChrome) {
       xpc::Throw(aCx, NS_ERROR_DOM_SECURITY_ERR);
       return nullptr;
     }
 
--- a/embedding/components/find/src/nsWebBrowserFind.cpp
+++ b/embedding/components/find/src/nsWebBrowserFind.cpp
@@ -699,21 +699,17 @@ nsresult nsWebBrowserFind::SearchInFrame
     rv = secMan->GetSubjectPrincipal(getter_AddRefs(subject));
     NS_ENSURE_SUCCESS(rv, rv);
 
     if (subject) {
         bool subsumes;
         rv = subject->Subsumes(theDoc->NodePrincipal(), &subsumes);
         NS_ENSURE_SUCCESS(rv, rv);
         if (!subsumes) {
-            bool hasCap = false;
-            secMan->IsCapabilityEnabled("UniversalXPConnect", &hasCap);
-            if (!hasCap) {
-                return NS_ERROR_DOM_PROP_ACCESS_DENIED;
-            }
+            return NS_ERROR_DOM_PROP_ACCESS_DENIED;
         }
     }
 
     nsCOMPtr<nsIFind> find = do_CreateInstance(NS_FIND_CONTRACTID, &rv);
     NS_ENSURE_SUCCESS(rv, rv);
 
     (void) find->SetCaseSensitive(mMatchCase);
     (void) find->SetFindBackwards(mFindBackwards);
--- a/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
+++ b/embedding/components/windowwatcher/src/nsWindowWatcher.cpp
@@ -1602,23 +1602,17 @@ uint32_t nsWindowWatcher::CalculateChrom
       chromeFlags |= nsIWebBrowserChrome::CHROME_OPENAS_CHROME;
   }
 
   /* missing
      chromeFlags->copy_history
    */
 
   // Check security state for use in determing window dimensions
-  bool enabled = false;
-  if (securityManager) {
-    rv = securityManager->IsCapabilityEnabled("UniversalXPConnect",
-                                              &enabled);
-  }
-
-  if (NS_FAILED(rv) || !enabled || (isChrome && !aHasChromeParent)) {
+  if (!nsContentUtils::IsCallerChrome() || (isChrome && !aHasChromeParent)) {
     // If priv check fails (or if we're called from chrome, but the
     // parent is not a chrome window), set all elements to minimum
     // reqs., else leave them alone.
     chromeFlags |= nsIWebBrowserChrome::CHROME_TITLEBAR;
     chromeFlags |= nsIWebBrowserChrome::CHROME_WINDOW_CLOSE;
     chromeFlags &= ~nsIWebBrowserChrome::CHROME_WINDOW_LOWERED;
     chromeFlags &= ~nsIWebBrowserChrome::CHROME_WINDOW_RAISED;
     chromeFlags &= ~nsIWebBrowserChrome::CHROME_WINDOW_POPUP;
@@ -2040,41 +2034,24 @@ nsWindowWatcher::SizeOpenedDocShellItem(
     if (aSizeSpec.mUseDefaultHeight) {
       height = height - chromeHeight;
     } else {
       height = NSToIntRound(aSizeSpec.mInnerHeight * openerZoom);
     }
   }
 
   bool positionSpecified = aSizeSpec.PositionSpecified();
-  
-  nsresult res;
-  bool enabled = false;
 
   // Check security state for use in determing window dimensions
-  nsCOMPtr<nsIScriptSecurityManager>
-    securityManager(do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID));
-  if (securityManager) {
-    res = securityManager->IsCapabilityEnabled("UniversalXPConnect",
-                                               &enabled);
-    if (NS_FAILED(res))
-      enabled = false;
-    else if (enabled && aParent) {
-      nsCOMPtr<nsIDOMChromeWindow> chromeWin(do_QueryInterface(aParent));
-
-      bool isChrome = false;
-      nsresult rv = securityManager->SubjectPrincipalIsSystem(&isChrome);
-      if (NS_FAILED(rv)) {
-        isChrome = false;
-      }
-
-      // Only enable special priveleges for chrome when chrome calls
-      // open() on a chrome window
-      enabled = !(isChrome && chromeWin == nullptr);
-    }
+  bool enabled = false;
+  if (nsContentUtils::IsCallerChrome()) {
+    // Only enable special priveleges for chrome when chrome calls
+    // open() on a chrome window
+    nsCOMPtr<nsIDOMChromeWindow> chromeWin(do_QueryInterface(aParent));
+    enabled = !aParent || chromeWin;
   }
 
   if (!enabled) {
 
     // Security check failed.  Ensure all args meet minimum reqs.
 
     int32_t oldTop = top,
             oldLeft = left;