mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 913734 - Remove now-unused policy machinery. r=mrbkap

This commit is contained in:
Bobby Holley 2013-12-13 19:15:43 -08:00
Родитель d99e6b8d97
Коммит 041e66aa0e
8 изменённых файлов: 4 добавлений и 1087 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

17
caps/idl/nsIPrincipal.idl
Просмотреть файл

@ -20,7 +20,7 @@ interface nsIContentSecurityPolicy;
[ptr] native JSPrincipals(JSPrincipals);
[ptr] native PrincipalArray(nsTArray<nsCOMPtr<nsIPrincipal> >);
[scriptable, builtinclass, uuid(551bf53d-203c-4ac4-8c0b-40aa7b5f1ad6)]
[scriptable, builtinclass, uuid(f09d8a53-a6c8-4f68-b329-9a76a709d24e)]
interface nsIPrincipal : nsISerializable
{
/**
@ -52,21 +52,6 @@ interface nsIPrincipal : nsISerializable
*/
[noscript] readonly attribute unsigned long hashValue;
/**
* The domain security policy of the principal.
*/
// XXXcaa should this be here? The script security manager is the only
// thing that should care about this. Wouldn't storing this data in one
// of the hashtables in nsScriptSecurityManager be better?
// XXXbz why is this writable? Who should have write access to this? What
// happens if this principal is in our hashtable and we pass it out of the
// security manager and someone writes to this field? Especially if they
// write garbage? If we need to give someone other than the security
// manager a way to set this (which I question, since it can increase the
// permissions of a page) it should be a |void clearSecurityPolicy()|
// method.
[noscript] attribute voidPtr securityPolicy;
/**
* The codebase URI to which this principal pertains. This is
* generally the document URI.

5
caps/include/nsPrincipal.h
Просмотреть файл

@ -18,7 +18,6 @@
class nsIObjectInputStream;
class nsIObjectOutputStream;
class DomainPolicy;
class nsBasePrincipal : public nsJSPrincipals
{
@ -31,8 +30,6 @@ protected:
public:
NS_IMETHOD_(nsrefcnt) AddRef(void);
NS_IMETHOD_(nsrefcnt) Release(void);
NS_IMETHOD GetSecurityPolicy(void** aSecurityPolicy);
NS_IMETHOD SetSecurityPolicy(void* aSecurityPolicy);
NS_IMETHOD GetCsp(nsIContentSecurityPolicy** aCsp);
NS_IMETHOD SetCsp(nsIContentSecurityPolicy* aCsp);
public:
@ -45,8 +42,6 @@ protected:
virtual void dumpImpl() = 0;
#endif
DomainPolicy* mSecurityPolicy;
nsCOMPtr<nsIContentSecurityPolicy> mCSP;
};

278
caps/include/nsScriptSecurityManager.h
Просмотреть файл

@ -28,266 +28,7 @@ class nsIClassInfo;
class nsIIOService;
class nsIStringBundle;
class nsSystemPrincipal;
struct ClassPolicy;
class ClassInfoData;
class DomainPolicy;
/////////////////////
// PrincipalKey //
/////////////////////
class PrincipalKey : public PLDHashEntryHdr
{
public:
typedef const nsIPrincipal* KeyType;
typedef const nsIPrincipal* KeyTypePointer;
PrincipalKey(const nsIPrincipal* key)
: mKey(const_cast<nsIPrincipal*>(key))
{
}
PrincipalKey(const PrincipalKey& toCopy)
: mKey(toCopy.mKey)
{
}
~PrincipalKey()
{
}
KeyType GetKey() const
{
return mKey;
}
bool KeyEquals(KeyTypePointer aKey) const
{
bool eq;
mKey->Equals(const_cast<nsIPrincipal*>(aKey),
&eq);
return eq;
}
static KeyTypePointer KeyToPointer(KeyType aKey)
{
return aKey;
}
static PLDHashNumber HashKey(KeyTypePointer aKey)
{
uint32_t hash;
const_cast<nsIPrincipal*>(aKey)->GetHashValue(&hash);
return PLDHashNumber(hash);
}
enum { ALLOW_MEMMOVE = true };
private:
nsCOMPtr<nsIPrincipal> mKey;
};
////////////////////
// Policy Storage //
////////////////////
// Property Policy
union SecurityLevel
{
intptr_t level;
char* capability;
};
// Security levels
// These values all have the low bit set (except UNDEFINED_ACCESS)
// to distinguish them from pointer values, because no pointer
// to allocated memory ever has the low bit set. A SecurityLevel
// contains either one of these constants or a pointer to a string
// representing the name of a capability.
#define SCRIPT_SECURITY_UNDEFINED_ACCESS 0
#define SCRIPT_SECURITY_ACCESS_IS_SET_BIT 1
#define SCRIPT_SECURITY_NO_ACCESS \
((1 << 0) | SCRIPT_SECURITY_ACCESS_IS_SET_BIT)
#define SCRIPT_SECURITY_SAME_ORIGIN_ACCESS \
((1 << 1) | SCRIPT_SECURITY_ACCESS_IS_SET_BIT)
#define SCRIPT_SECURITY_ALL_ACCESS \
((1 << 2) | SCRIPT_SECURITY_ACCESS_IS_SET_BIT)
#define SECURITY_ACCESS_LEVEL_FLAG(_sl) \
((_sl.level == 0) || \
(_sl.level & SCRIPT_SECURITY_ACCESS_IS_SET_BIT))
struct PropertyPolicy : public PLDHashEntryHdr
{
JSString *key; // interned string
SecurityLevel mGet;
SecurityLevel mSet;
};
static bool
InitPropertyPolicyEntry(PLDHashTable *table,
PLDHashEntryHdr *entry,
const void *key)
{
PropertyPolicy* pp = (PropertyPolicy*)entry;
pp->key = (JSString *)key;
pp->mGet.level = SCRIPT_SECURITY_UNDEFINED_ACCESS;
pp->mSet.level = SCRIPT_SECURITY_UNDEFINED_ACCESS;
return true;
}
static void
ClearPropertyPolicyEntry(PLDHashTable *table, PLDHashEntryHdr *entry)
{
PropertyPolicy* pp = (PropertyPolicy*)entry;
pp->key = nullptr;
}
// Class Policy
#define NO_POLICY_FOR_CLASS (ClassPolicy*)1
struct ClassPolicy : public PLDHashEntryHdr
{
char* key;
PLDHashTable* mPolicy;
// Note: the DomainPolicy owns us, so if if dies we will too. Hence no
// need to refcount it here (and in fact, we'd probably leak if we tried).
DomainPolicy* mDomainWeAreWildcardFor;
};
static void
ClearClassPolicyEntry(PLDHashTable *table, PLDHashEntryHdr *entry)
{
ClassPolicy* cp = (ClassPolicy *)entry;
if (cp->key)
{
PL_strfree(cp->key);
cp->key = nullptr;
}
PL_DHashTableDestroy(cp->mPolicy);
}
// Note: actual impl is going to be after the DomainPolicy class definition,
// since we need to access members of DomainPolicy in the impl
static void
MoveClassPolicyEntry(PLDHashTable *table,
const PLDHashEntryHdr *from,
PLDHashEntryHdr *to);
static bool
InitClassPolicyEntry(PLDHashTable *table,
PLDHashEntryHdr *entry,
const void *key)
{
static PLDHashTableOps classPolicyOps =
{
PL_DHashAllocTable,
PL_DHashFreeTable,
PL_DHashVoidPtrKeyStub,
PL_DHashMatchEntryStub,
PL_DHashMoveEntryStub,
ClearPropertyPolicyEntry,
PL_DHashFinalizeStub,
InitPropertyPolicyEntry
};
ClassPolicy* cp = (ClassPolicy*)entry;
cp->mDomainWeAreWildcardFor = nullptr;
cp->key = PL_strdup((const char*)key);
if (!cp->key)
return false;
cp->mPolicy = PL_NewDHashTable(&classPolicyOps, nullptr,
sizeof(PropertyPolicy), 16);
if (!cp->mPolicy) {
PL_strfree(cp->key);
cp->key = nullptr;
return false;
}
return true;
}
// Domain Policy
class DomainPolicy : public PLDHashTable
{
public:
DomainPolicy() : mWildcardPolicy(nullptr),
mRefCount(0)
{
mGeneration = sGeneration;
}
bool Init()
{
static const PLDHashTableOps domainPolicyOps =
{
PL_DHashAllocTable,
PL_DHashFreeTable,
PL_DHashStringKey,
PL_DHashMatchStringKey,
MoveClassPolicyEntry,
ClearClassPolicyEntry,
PL_DHashFinalizeStub,
InitClassPolicyEntry
};
return PL_DHashTableInit(this, &domainPolicyOps, nullptr,
sizeof(ClassPolicy), 16);
}
~DomainPolicy()
{
PL_DHashTableFinish(this);
NS_ASSERTION(mRefCount == 0, "Wrong refcount in DomainPolicy dtor");
}
void Hold()
{
mRefCount++;
}
void Drop()
{
if (--mRefCount == 0)
delete this;
}
static void InvalidateAll()
{
sGeneration++;
}
bool IsInvalid()
{
return mGeneration != sGeneration;
}
ClassPolicy* mWildcardPolicy;
private:
uint32_t mRefCount;
uint32_t mGeneration;
static uint32_t sGeneration;
};
static void
MoveClassPolicyEntry(PLDHashTable *table,
const PLDHashEntryHdr *from,
PLDHashEntryHdr *to)
{
memcpy(to, from, table->entrySize);
// Now update the mDefaultPolicy pointer that points to us, if any.
ClassPolicy* cp = static_cast<ClassPolicy*>(to);
if (cp->mDomainWeAreWildcardFor) {
NS_ASSERTION(cp->mDomainWeAreWildcardFor->mWildcardPolicy ==
static_cast<const ClassPolicy*>(from),
"Unexpected wildcard policy on mDomainWeAreWildcardFor");
cp->mDomainWeAreWildcardFor->mWildcardPolicy = cp;
}
}
/////////////////////////////
// nsScriptSecurityManager //
@ -403,13 +144,6 @@ private:
nsIPrincipal* aObject,
uint32_t aAction);
nsresult
LookupPolicy(nsIPrincipal* principal,
ClassInfoData& aClassData,
JS::Handle<jsid> aProperty,
uint32_t aAction,
SecurityLevel* result);
nsresult
GetCodebasePrincipalInternal(nsIURI* aURI, uint32_t aAppId,
bool aInMozBrowser,
@ -468,24 +202,12 @@ private:
nsresult
InitPrefs();
nsresult
InitPolicies();
nsresult
InitDomainPolicy(JSContext* cx, const char* aPolicyName,
DomainPolicy* aDomainPolicy);
inline void
ScriptSecurityPrefChanged();
nsObjectHashtable* mOriginToPolicyMap;
DomainPolicy* mDefaultPolicy;
nsObjectHashtable* mCapabilities;
nsCOMPtr<nsIPrincipal> mSystemPrincipal;
bool mPrefInitialized;
bool mIsJavaScriptEnabled;
bool mPolicyPrefsChanged;
// This machinery controls new-style domain policies. The old-style
// policy machinery will be removed soon.

23
caps/src/nsNullPrincipal.cpp
Просмотреть файл

@ -146,29 +146,6 @@ nsNullPrincipal::GetHashValue(uint32_t *aResult)
return NS_OK;
}
NS_IMETHODIMP
nsNullPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
{
// Leftover from old security model, a "security policy" is a set of
// rules for property access that can override the SOP. Policies are
// associated with origins and since nsNullPinricipals never get the
// same origin twice, it's not possible to specify a "security
// policy" for it. Hence, we do not cache the security policy.
*aSecurityPolicy = nullptr;
return NS_OK;
}
NS_IMETHODIMP
nsNullPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
{
// Leftover from old security model, a "security policy" is a set of
// rules for property access that can override the SOP. Policies are
// associated with origins and since nsNullPinricipals never get the
// same origin twice, it's not possible to specify a "security
// policy" for it. Hence, we do not cache the security policy.
return NS_OK;
}
NS_IMETHODIMP
nsNullPrincipal::GetURI(nsIURI** aURI)
{

34
caps/src/nsPrincipal.cpp
Просмотреть файл

@ -69,7 +69,7 @@ nsBasePrincipal::Release()
return count;
}
nsBasePrincipal::nsBasePrincipal() : mSecurityPolicy(nullptr)
nsBasePrincipal::nsBasePrincipal()
{
if (!gIsObservingCodeBasePrincipalSupport) {
nsresult rv =
@ -84,31 +84,6 @@ nsBasePrincipal::nsBasePrincipal() : mSecurityPolicy(nullptr)
nsBasePrincipal::~nsBasePrincipal(void)
{
SetSecurityPolicy(nullptr);
}
NS_IMETHODIMP
nsBasePrincipal::GetSecurityPolicy(void** aSecurityPolicy)
{
if (mSecurityPolicy && mSecurityPolicy->IsInvalid())
SetSecurityPolicy(nullptr);
*aSecurityPolicy = (void *) mSecurityPolicy;
return NS_OK;
}
NS_IMETHODIMP
nsBasePrincipal::SetSecurityPolicy(void* aSecurityPolicy)
{
DomainPolicy *newPolicy = reinterpret_cast<DomainPolicy *>(aSecurityPolicy);
if (newPolicy)
newPolicy->Hold();
if (mSecurityPolicy)
mSecurityPolicy->Drop();
mSecurityPolicy = newPolicy;
return NS_OK;
}
NS_IMETHODIMP
@ -406,9 +381,6 @@ nsPrincipal::SetDomain(nsIURI* aDomain)
mDomain = NS_TryToMakeImmutable(aDomain);
mDomainImmutable = URIIsImmutable(mDomain);
// Domain has changed, forget cached security policy
SetSecurityPolicy(nullptr);
// Recompute all wrappers between compartments using this principal and other
// non-chrome compartments.
AutoSafeJSContext cx;
@ -532,10 +504,6 @@ nsPrincipal::Write(nsIObjectOutputStream* aStream)
{
NS_ENSURE_STATE(mCodebase);
// mSecurityPolicy is an optimization; it'll get looked up again as needed.
// Don't bother saving and restoring it, esp. since it might change if
// preferences change.
nsresult rv = NS_WriteOptionalCompoundObject(aStream, mCodebase, NS_GET_IID(nsIURI),
true);
if (NS_FAILED(rv)) {

555
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

@ -195,9 +195,6 @@ inline void SetPendingException(JSContext *cx, const PRUnichar *aMsg)
JS_ReportError(cx, "%hs", aMsg);
}
// DomainPolicy members
uint32_t DomainPolicy::sGeneration = 0;
// Helper class to get stuff from the ClassInfo and not waste extra time with
// virtual method calls for things it has already gotten
class ClassInfoData
@ -348,71 +345,6 @@ nsScriptSecurityManager::GetCxSubjectPrincipal(JSContext *cx)
return principal;
}
////////////////////
// Policy Storage //
////////////////////
// Table of security levels
static bool
DeleteCapability(nsHashKey *aKey, void *aData, void* closure)
{
NS_Free(aData);
return true;
}
//-- Per-Domain Policy - applies to one or more protocols or hosts
struct DomainEntry
{
DomainEntry(const char* aOrigin,
DomainPolicy* aDomainPolicy) : mOrigin(aOrigin),
mDomainPolicy(aDomainPolicy),
mNext(nullptr)
{
mDomainPolicy->Hold();
}
~DomainEntry()
{
mDomainPolicy->Drop();
}
bool Matches(const char *anOrigin)
{
int len = strlen(anOrigin);
int thisLen = mOrigin.Length();
if (len < thisLen)
return false;
if (mOrigin.RFindChar(':', thisLen-1, 1) != -1)
//-- Policy applies to all URLs of this scheme, compare scheme only
return mOrigin.EqualsIgnoreCase(anOrigin, thisLen);
//-- Policy applies to a particular host; compare domains
if (!mOrigin.Equals(anOrigin + (len - thisLen)))
return false;
if (len == thisLen)
return true;
char charBefore = anOrigin[len-thisLen-1];
return (charBefore == '.' || charBefore == ':' || charBefore == '/');
}
nsCString mOrigin;
DomainPolicy* mDomainPolicy;
DomainEntry* mNext;
};
static bool
DeleteDomainEntry(nsHashKey *aKey, void *aData, void* closure)
{
DomainEntry *entry = (DomainEntry*) aData;
do
{
DomainEntry *next = entry->mNext;
delete entry;
entry = next;
} while (entry);
return true;
}
/////////////////////////////
// nsScriptSecurityManager //
/////////////////////////////
@ -957,186 +889,6 @@ nsScriptSecurityManager::CheckSameOriginDOMProp(nsIPrincipal* aSubject,
return NS_ERROR_DOM_PROP_ACCESS_DENIED;
}
nsresult
nsScriptSecurityManager::LookupPolicy(nsIPrincipal* aPrincipal,
ClassInfoData& aClassData,
JS::Handle<jsid> aProperty,
uint32_t aAction,
SecurityLevel* result)
{
AutoJSContext cx;
nsresult rv;
JS::RootedId property(cx, aProperty);
result->level = SCRIPT_SECURITY_UNDEFINED_ACCESS;
DomainPolicy* dpolicy = nullptr;
//-- Initialize policies if necessary
if (mPolicyPrefsChanged)
{
if (!mPrefInitialized) {
rv = InitPrefs();
NS_ENSURE_SUCCESS(rv, rv);
}
rv = InitPolicies();
if (NS_FAILED(rv))
return rv;
}
else
{
aPrincipal->GetSecurityPolicy((void**)&dpolicy);
}
if (!dpolicy && mOriginToPolicyMap)
{
//-- Look up the relevant domain policy, if any
if (nsCOMPtr<nsIExpandedPrincipal> exp = do_QueryInterface(aPrincipal))
{
// For expanded principals domain origin is not defined so let's just
// use the default policy
dpolicy = mDefaultPolicy;
}
else
{
nsAutoCString origin;
rv = GetPrincipalDomainOrigin(aPrincipal, origin);
NS_ENSURE_SUCCESS(rv, rv);
char *start = origin.BeginWriting();
const char *nextToLastDot = nullptr;
const char *lastDot = nullptr;
const char *colon = nullptr;
char *p = start;
//-- search domain (stop at the end of the string or at the 3rd slash)
for (uint32_t slashes=0; *p; p++)
{
if (*p == '/' && ++slashes == 3)
{
*p = '\0'; // truncate at 3rd slash
break;
}
if (*p == '.')
{
nextToLastDot = lastDot;
lastDot = p;
}
else if (!colon && *p == ':')
colon = p;
}
nsCStringKey key(nextToLastDot ? nextToLastDot+1 : start);
DomainEntry *de = (DomainEntry*) mOriginToPolicyMap->Get(&key);
if (!de)
{
nsAutoCString scheme(start, colon-start+1);
nsCStringKey schemeKey(scheme);
de = (DomainEntry*) mOriginToPolicyMap->Get(&schemeKey);
}
while (de)
{
if (de->Matches(start))
{
dpolicy = de->mDomainPolicy;
break;
}
de = de->mNext;
}
if (!dpolicy)
dpolicy = mDefaultPolicy;
}
aPrincipal->SetSecurityPolicy((void*)dpolicy);
}
ClassPolicy* cpolicy = static_cast<ClassPolicy*>
(PL_DHashTableOperate(dpolicy,
aClassData.GetName(),
PL_DHASH_LOOKUP));
if (PL_DHASH_ENTRY_IS_FREE(cpolicy))
cpolicy = NO_POLICY_FOR_CLASS;
NS_ASSERTION(JSID_IS_INT(property) || JSID_IS_OBJECT(property) ||
JSID_IS_STRING(property), "Property must be a valid id");
// Only atomized strings are stored in the policies' hash tables.
if (!JSID_IS_STRING(property))
return NS_OK;
JS::RootedString propertyKey(cx, JSID_TO_STRING(property));
// We look for a PropertyPolicy in the following places:
// 1) The ClassPolicy for our class we got from our DomainPolicy
// 2) The mWildcardPolicy of our DomainPolicy
// 3) The ClassPolicy for our class we got from mDefaultPolicy
// 4) The mWildcardPolicy of our mDefaultPolicy
PropertyPolicy* ppolicy = nullptr;
if (cpolicy != NO_POLICY_FOR_CLASS)
{
ppolicy = static_cast<PropertyPolicy*>
(PL_DHashTableOperate(cpolicy->mPolicy,
propertyKey,
PL_DHASH_LOOKUP));
}
// If there is no class policy for this property, and we have a wildcard
// policy, try that.
if (dpolicy->mWildcardPolicy &&
(!ppolicy || PL_DHASH_ENTRY_IS_FREE(ppolicy)))
{
ppolicy =
static_cast<PropertyPolicy*>
(PL_DHashTableOperate(dpolicy->mWildcardPolicy->mPolicy,
propertyKey,
PL_DHASH_LOOKUP));
}
// If dpolicy is not the defauly policy and there's no class or wildcard
// policy for this property, check the default policy for this class and
// the default wildcard policy
if (dpolicy != mDefaultPolicy &&
(!ppolicy || PL_DHASH_ENTRY_IS_FREE(ppolicy)))
{
cpolicy = static_cast<ClassPolicy*>
(PL_DHashTableOperate(mDefaultPolicy,
aClassData.GetName(),
PL_DHASH_LOOKUP));
if (PL_DHASH_ENTRY_IS_BUSY(cpolicy))
{
ppolicy =
static_cast<PropertyPolicy*>
(PL_DHashTableOperate(cpolicy->mPolicy,
propertyKey,
PL_DHASH_LOOKUP));
}
if ((!ppolicy || PL_DHASH_ENTRY_IS_FREE(ppolicy)) &&
mDefaultPolicy->mWildcardPolicy)
{
ppolicy =
static_cast<PropertyPolicy*>
(PL_DHashTableOperate(mDefaultPolicy->mWildcardPolicy->mPolicy,
propertyKey,
PL_DHASH_LOOKUP));
}
}
if (!ppolicy || PL_DHASH_ENTRY_IS_FREE(ppolicy))
return NS_OK;
// Get the correct security level from the property policy
if (aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY)
*result = ppolicy->mSet;
else
*result = ppolicy->mGet;
return NS_OK;
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckLoadURIFromScript(JSContext *cx, nsIURI *aURI)
{
@ -1985,12 +1737,10 @@ nsScriptSecurityManager::AsyncOnChannelRedirect(nsIChannel* oldChannel,
const char sJSEnabledPrefName[] = "javascript.enabled";
const char sFileOriginPolicyPrefName[] =
"security.fileuri.strict_origin_policy";
static const char sPolicyPrefix[] = "capability.policy.";
static const char* kObservedPrefs[] = {
sJSEnabledPrefName,
sFileOriginPolicyPrefName,
sPolicyPrefix,
nullptr
};
@ -2010,11 +1760,6 @@ nsScriptSecurityManager::Observe(nsISupports* aObject, const char* aTopic,
{
ScriptSecurityPrefChanged();
}
else if (PL_strncmp(message, sPolicyPrefix, sizeof(sPolicyPrefix)-1) == 0)
{
// This will force re-initialization of the pref table
mPolicyPrefsChanged = true;
}
return rv;
}
@ -2022,12 +1767,8 @@ nsScriptSecurityManager::Observe(nsISupports* aObject, const char* aTopic,
// Constructor, Destructor, Initialization //
/////////////////////////////////////////////
nsScriptSecurityManager::nsScriptSecurityManager(void)
: mOriginToPolicyMap(nullptr),
mDefaultPolicy(nullptr),
mCapabilities(nullptr),
mPrefInitialized(false),
mIsJavaScriptEnabled(false),
mPolicyPrefsChanged(true)
: mPrefInitialized(false)
, mIsJavaScriptEnabled(false)
{
static_assert(sizeof(intptr_t) == sizeof(void*),
"intptr_t and void* have different lengths on this platform. "
@ -2079,10 +1820,6 @@ static StaticRefPtr<nsScriptSecurityManager> gScriptSecMan;
nsScriptSecurityManager::~nsScriptSecurityManager(void)
{
Preferences::RemoveObservers(this, kObservedPrefs);
delete mOriginToPolicyMap;
if(mDefaultPolicy)
mDefaultPolicy->Drop();
delete mCapabilities;
if (mDomainPolicy)
mDomainPolicy->Deactivate();
MOZ_ASSERT(!mDomainPolicy);
@ -2140,294 +1877,6 @@ nsScriptSecurityManager::SystemPrincipalSingletonConstructor()
return static_cast<nsSystemPrincipal*>(sysprin);
}
nsresult
nsScriptSecurityManager::InitPolicies()
{
//-- Clear mOriginToPolicyMap: delete mapped DomainEntry items,
//-- whose dtor decrements refcount of stored DomainPolicy object
delete mOriginToPolicyMap;
//-- Marks all the survivor DomainPolicy objects (those cached
//-- by nsPrincipal objects) as invalid: they will be released
//-- on first nsPrincipal::GetSecurityPolicy() attempt.
DomainPolicy::InvalidateAll();
//-- Release old default policy
if(mDefaultPolicy) {
mDefaultPolicy->Drop();
mDefaultPolicy = nullptr;
}
//-- Initialize a new mOriginToPolicyMap
mOriginToPolicyMap =
new nsObjectHashtable(nullptr, nullptr, DeleteDomainEntry, nullptr);
if (!mOriginToPolicyMap)
return NS_ERROR_OUT_OF_MEMORY;
//-- Create, refcount and initialize a new default policy
mDefaultPolicy = new DomainPolicy();
if (!mDefaultPolicy)
return NS_ERROR_OUT_OF_MEMORY;
mDefaultPolicy->Hold();
if (!mDefaultPolicy->Init())
return NS_ERROR_UNEXPECTED;
//-- Initialize the table of security levels
if (!mCapabilities)
{
mCapabilities =
new nsObjectHashtable(nullptr, nullptr, DeleteCapability, nullptr);
if (!mCapabilities)
return NS_ERROR_OUT_OF_MEMORY;
}
// Get a JS context - we need it to create internalized strings later.
AutoSafeJSContext cx;
nsresult rv = InitDomainPolicy(cx, "default", mDefaultPolicy);
NS_ENSURE_SUCCESS(rv, rv);
nsAdoptingCString policyNames =
Preferences::GetCString("capability.policy.policynames");
nsAdoptingCString defaultPolicyNames =
Preferences::GetCString("capability.policy.default_policynames");
policyNames += NS_LITERAL_CSTRING(" ") + defaultPolicyNames;
//-- Initialize domain policies
char* policyCurrent = policyNames.BeginWriting();
bool morePolicies = true;
while (morePolicies)
{
while(*policyCurrent == ' ' || *policyCurrent == ',')
policyCurrent++;
if (*policyCurrent == '\0')
break;
char* nameBegin = policyCurrent;
while(*policyCurrent != '\0' && *policyCurrent != ' ' && *policyCurrent != ',')
policyCurrent++;
morePolicies = (*policyCurrent != '\0');
*policyCurrent = '\0';
policyCurrent++;
nsAutoCString sitesPrefName(
NS_LITERAL_CSTRING(sPolicyPrefix) +
nsDependentCString(nameBegin) +
NS_LITERAL_CSTRING(".sites"));
nsAdoptingCString domainList =
Preferences::GetCString(sitesPrefName.get());
if (!domainList) {
continue;
}
DomainPolicy* domainPolicy = new DomainPolicy();
if (!domainPolicy)
return NS_ERROR_OUT_OF_MEMORY;
if (!domainPolicy->Init())
{
delete domainPolicy;
return NS_ERROR_UNEXPECTED;
}
domainPolicy->Hold();
//-- Parse list of sites and create an entry in mOriginToPolicyMap for each
char* domainStart = domainList.BeginWriting();
char* domainCurrent = domainStart;
char* lastDot = nullptr;
char* nextToLastDot = nullptr;
bool moreDomains = true;
while (moreDomains)
{
if (*domainCurrent == ' ' || *domainCurrent == '\0')
{
moreDomains = (*domainCurrent != '\0');
*domainCurrent = '\0';
nsCStringKey key(nextToLastDot ? nextToLastDot+1 : domainStart);
DomainEntry *newEntry = new DomainEntry(domainStart, domainPolicy);
if (!newEntry)
{
domainPolicy->Drop();
return NS_ERROR_OUT_OF_MEMORY;
}
DomainEntry *existingEntry = (DomainEntry *)
mOriginToPolicyMap->Get(&key);
if (!existingEntry)
mOriginToPolicyMap->Put(&key, newEntry);
else
{
if (existingEntry->Matches(domainStart))
{
newEntry->mNext = existingEntry;
mOriginToPolicyMap->Put(&key, newEntry);
}
else
{
while (existingEntry->mNext)
{
if (existingEntry->mNext->Matches(domainStart))
{
newEntry->mNext = existingEntry->mNext;
existingEntry->mNext = newEntry;
break;
}
existingEntry = existingEntry->mNext;
}
if (!existingEntry->mNext)
existingEntry->mNext = newEntry;
}
}
domainStart = domainCurrent + 1;
lastDot = nextToLastDot = nullptr;
}
else if (*domainCurrent == '.')
{
nextToLastDot = lastDot;
lastDot = domainCurrent;
}
domainCurrent++;
}
rv = InitDomainPolicy(cx, nameBegin, domainPolicy);
domainPolicy->Drop();
if (NS_FAILED(rv))
return rv;
}
// Reset the "dirty" flag
mPolicyPrefsChanged = false;
return NS_OK;
}
nsresult
nsScriptSecurityManager::InitDomainPolicy(JSContext* cx,
const char* aPolicyName,
DomainPolicy* aDomainPolicy)
{
nsresult rv;
nsAutoCString policyPrefix(NS_LITERAL_CSTRING(sPolicyPrefix) +
nsDependentCString(aPolicyName) +
NS_LITERAL_CSTRING("."));
uint32_t prefixLength = policyPrefix.Length() - 1; // subtract the '.'
uint32_t prefCount;
char** prefNames;
nsIPrefBranch* branch = Preferences::GetRootBranch();
NS_ASSERTION(branch, "failed to get the root pref branch");
rv = branch->GetChildList(policyPrefix.get(), &prefCount, &prefNames);
if (NS_FAILED(rv)) return rv;
if (prefCount == 0)
return NS_OK;
//-- Populate the policy
uint32_t currentPref = 0;
for (; currentPref < prefCount; currentPref++)
{
// Get the class name
const char* start = prefNames[currentPref] + prefixLength + 1;
char* end = PL_strchr(start, '.');
if (!end) // malformed pref, bail on this one
continue;
static const char sitesStr[] = "sites";
// We dealt with "sites" in InitPolicies(), so no need to do
// that again...
if (PL_strncmp(start, sitesStr, sizeof(sitesStr)-1) == 0)
continue;
// Get the pref value
nsAdoptingCString prefValue =
Preferences::GetCString(prefNames[currentPref]);
if (!prefValue) {
continue;
}
SecurityLevel secLevel;
if (PL_strcasecmp(prefValue, "noAccess") == 0)
secLevel.level = SCRIPT_SECURITY_NO_ACCESS;
else if (PL_strcasecmp(prefValue, "allAccess") == 0)
secLevel.level = SCRIPT_SECURITY_ALL_ACCESS;
else if (PL_strcasecmp(prefValue, "sameOrigin") == 0)
secLevel.level = SCRIPT_SECURITY_SAME_ORIGIN_ACCESS;
else
{ //-- pref value is the name of a capability
nsCStringKey secLevelKey(prefValue);
secLevel.capability =
reinterpret_cast<char*>(mCapabilities->Get(&secLevelKey));
if (!secLevel.capability)
{
secLevel.capability = NS_strdup(prefValue);
if (!secLevel.capability)
break;
mCapabilities->Put(&secLevelKey,
secLevel.capability);
}
}
*end = '\0';
// Find or store this class in the classes table
ClassPolicy* cpolicy =
static_cast<ClassPolicy*>
(PL_DHashTableOperate(aDomainPolicy, start,
PL_DHASH_ADD));
if (!cpolicy)
break;
// If this is the wildcard class (class '*'), save it in mWildcardPolicy
// (we leave it stored in the hashtable too to take care of the cleanup)
if ((*start == '*') && (end == start + 1)) {
aDomainPolicy->mWildcardPolicy = cpolicy;
// Make sure that cpolicy knows about aDomainPolicy so it can reset
// the mWildcardPolicy pointer as needed if it gets moved in the
// hashtable.
cpolicy->mDomainWeAreWildcardFor = aDomainPolicy;
}
// Get the property name
start = end + 1;
end = PL_strchr(start, '.');
if (end)
*end = '\0';
JSString* propertyKey = ::JS_InternString(cx, start);
if (!propertyKey)
return NS_ERROR_OUT_OF_MEMORY;
// Store this property in the class policy
PropertyPolicy* ppolicy =
static_cast<PropertyPolicy*>
(PL_DHashTableOperate(cpolicy->mPolicy, propertyKey,
PL_DHASH_ADD));
if (!ppolicy)
break;
if (end) // The pref specifies an access mode
{
start = end + 1;
if (PL_strcasecmp(start, "set") == 0)
ppolicy->mSet = secLevel;
else
ppolicy->mGet = secLevel;
}
else
{
if (ppolicy->mGet.level == SCRIPT_SECURITY_UNDEFINED_ACCESS)
ppolicy->mGet = secLevel;
if (ppolicy->mSet.level == SCRIPT_SECURITY_UNDEFINED_ACCESS)
ppolicy->mSet = secLevel;
}
}
NS_FREE_XPCOM_ALLOCATED_POINTER_ARRAY(prefCount, prefNames);
if (currentPref < prefCount) // Loop exited early because of out-of-memory error
return NS_ERROR_OUT_OF_MEMORY;
return NS_OK;
}
inline void
nsScriptSecurityManager::ScriptSecurityPrefChanged()
{

13
caps/src/nsSystemPrincipal.cpp
Просмотреть файл

@ -152,19 +152,6 @@ nsSystemPrincipal::SetDomain(nsIURI* aDomain)
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
{
*aSecurityPolicy = nullptr;
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
{
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::GetJarPrefix(nsACString& aJarPrefix)
{

166
modules/libpref/src/init/all.js
Просмотреть файл

@ -662,172 +662,6 @@ pref("editor.css.default_length_unit", "px");
pref("editor.resizing.preserve_ratio", true);
pref("editor.positioning.offset", 0);
// Default Capability Preferences: Security-Critical!
// Editing these may create a security risk - be sure you know what you're doing
//pref("capability.policy.default.barprop.visible.set", "UniversalXPConnect");
pref("capability.policy.default_policynames", "mailnews");
pref("capability.policy.default.DOMException.code", "allAccess");
pref("capability.policy.default.DOMException.message", "allAccess");
pref("capability.policy.default.DOMException.name", "allAccess");
pref("capability.policy.default.DOMException.result", "allAccess");
pref("capability.policy.default.DOMException.toString.get", "allAccess");
pref("capability.policy.default.History.back.get", "allAccess");
pref("capability.policy.default.History.current", "UniversalXPConnect");
pref("capability.policy.default.History.forward.get", "allAccess");
pref("capability.policy.default.History.go.get", "allAccess");
pref("capability.policy.default.History.item", "UniversalXPConnect");
pref("capability.policy.default.History.next", "UniversalXPConnect");
pref("capability.policy.default.History.previous", "UniversalXPConnect");
pref("capability.policy.default.History.toString", "UniversalXPConnect");
pref("capability.policy.default.Location.hash.set", "allAccess");
pref("capability.policy.default.Location.href.set", "allAccess");
pref("capability.policy.default.Location.replace.get", "allAccess");
pref("capability.policy.default.Window.blur.get", "allAccess");
pref("capability.policy.default.Window.close.get", "allAccess");
pref("capability.policy.default.Window.closed.get", "allAccess");
pref("capability.policy.default.Window.focus.get", "allAccess");
pref("capability.policy.default.Window.frames.get", "allAccess");
pref("capability.policy.default.Window.history.get", "allAccess");
pref("capability.policy.default.Window.length.get", "allAccess");
pref("capability.policy.default.Window.location", "allAccess");
pref("capability.policy.default.Window.opener.get", "allAccess");
pref("capability.policy.default.Window.parent.get", "allAccess");
pref("capability.policy.default.Window.postMessage.get", "allAccess");
pref("capability.policy.default.Window.self.get", "allAccess");
pref("capability.policy.default.Window.top.get", "allAccess");
pref("capability.policy.default.Window.window.get", "allAccess");
pref("capability.policy.default.Selection.addSelectionListener", "UniversalXPConnect");
pref("capability.policy.default.Selection.removeSelectionListener", "UniversalXPConnect");
// Restrictions on the DOM for mail/news - see bugs 66938 and 84545
pref("capability.policy.mailnews.sites", "mailbox: imap: news:");
pref("capability.policy.mailnews.*.attributes.get", "noAccess");
pref("capability.policy.mailnews.*.baseURI.get", "noAccess");
pref("capability.policy.mailnews.*.data.get", "noAccess");
pref("capability.policy.mailnews.*.getAttribute", "noAccess");
pref("capability.policy.mailnews.HTMLDivElement.getAttribute", "sameOrigin");
pref("capability.policy.mailnews.*.getAttributeNS", "noAccess");
pref("capability.policy.mailnews.*.getAttributeNode", "noAccess");
pref("capability.policy.mailnews.*.getAttributeNodeNS", "noAccess");
pref("capability.policy.mailnews.*.getNamedItem", "noAccess");
pref("capability.policy.mailnews.*.getNamedItemNS", "noAccess");
pref("capability.policy.mailnews.*.host.get", "noAccess");
pref("capability.policy.mailnews.*.hostname.get", "noAccess");
pref("capability.policy.mailnews.*.href.get", "noAccess");
pref("capability.policy.mailnews.*.innerHTML.get", "noAccess");
pref("capability.policy.mailnews.*.lowSrc.get", "noAccess");
pref("capability.policy.mailnews.*.nodeValue.get", "noAccess");
pref("capability.policy.mailnews.*.pathname.get", "noAccess");
pref("capability.policy.mailnews.*.protocol.get", "noAccess");
pref("capability.policy.mailnews.*.src.get", "noAccess");
pref("capability.policy.mailnews.*.substringData.get", "noAccess");
pref("capability.policy.mailnews.*.text.get", "noAccess");
pref("capability.policy.mailnews.*.textContent", "noAccess");
pref("capability.policy.mailnews.*.title.get", "noAccess");
pref("capability.policy.mailnews.*.wholeText", "noAccess");
pref("capability.policy.mailnews.DOMException.toString", "noAccess");
pref("capability.policy.mailnews.HTMLAnchorElement.toString", "noAccess");
pref("capability.policy.mailnews.HTMLDocument.domain", "noAccess");
pref("capability.policy.mailnews.HTMLDocument.URL", "noAccess");
pref("capability.policy.mailnews.*.documentURI", "noAccess");
pref("capability.policy.mailnews.Location.toString", "noAccess");
pref("capability.policy.mailnews.Range.toString", "noAccess");
pref("capability.policy.mailnews.Window.blur", "noAccess");
pref("capability.policy.mailnews.Window.focus", "noAccess");
pref("capability.policy.mailnews.Window.innerWidth.set", "noAccess");
pref("capability.policy.mailnews.Window.innerHeight.set", "noAccess");
pref("capability.policy.mailnews.Window.moveBy", "noAccess");
pref("capability.policy.mailnews.Window.moveTo", "noAccess");
pref("capability.policy.mailnews.Window.name.set", "noAccess");
pref("capability.policy.mailnews.Window.outerHeight.set", "noAccess");
pref("capability.policy.mailnews.Window.outerWidth.set", "noAccess");
pref("capability.policy.mailnews.Window.resizeBy", "noAccess");
pref("capability.policy.mailnews.Window.resizeTo", "noAccess");
pref("capability.policy.mailnews.Window.screenX.set", "noAccess");
pref("capability.policy.mailnews.Window.screenY.set", "noAccess");
pref("capability.policy.mailnews.Window.sizeToContent", "noAccess");
pref("capability.policy.mailnews.document.load", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.channel", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.getInterface", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.responseXML", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.responseText", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.status", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.statusText", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.abort", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.getAllResponseHeaders", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.getResponseHeader", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.open", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.send", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.setRequestHeader", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.readyState", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.overrideMimeType", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.onload", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.onerror", "noAccess");
pref("capability.policy.mailnews.XMLHttpRequest.onreadystatechange", "noAccess");
pref("capability.policy.mailnews.XMLSerializer.serializeToString", "noAccess");
pref("capability.policy.mailnews.XMLSerializer.serializeToStream", "noAccess");
pref("capability.policy.mailnews.DOMParser.parseFromString", "noAccess");
pref("capability.policy.mailnews.DOMParser.parseFromStream", "noAccess");
pref("capability.policy.mailnews.SOAPCall.transportURI", "noAccess");
pref("capability.policy.mailnews.SOAPCall.verifySourceHeader", "noAccess");
pref("capability.policy.mailnews.SOAPCall.invoke", "noAccess");
pref("capability.policy.mailnews.SOAPCall.asyncInvoke", "noAccess");
pref("capability.policy.mailnews.SOAPResponse.fault", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.styleURI", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.getAssociatedEncoding", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.setEncoder", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.getEncoder", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.setDecoder", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.setDecoder", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.getDecoder", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.defaultEncoder", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.defaultDecoder", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.schemaCollection", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.encode", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.decode", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.mapSchemaURI", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.unmapSchemaURI", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.getInternalSchemaURI", "noAccess");
pref("capability.policy.mailnews.SOAPEncoding.getExternalSchemaURI", "noAccess");
pref("capability.policy.mailnews.SOAPFault.element", "noAccess");
pref("capability.policy.mailnews.SOAPFault.faultNamespaceURI", "noAccess");
pref("capability.policy.mailnews.SOAPFault.faultCode", "noAccess");
pref("capability.policy.mailnews.SOAPFault.faultString", "noAccess");
pref("capability.policy.mailnews.SOAPFault.faultActor", "noAccess");
pref("capability.policy.mailnews.SOAPFault.detail", "noAccess");
pref("capability.policy.mailnews.SOAPHeaderBlock.actorURI", "noAccess");
pref("capability.policy.mailnews.SOAPHeaderBlock.mustUnderstand", "noAccess");
pref("capability.policy.mailnews.SOAPParameter", "noAccess");
pref("capability.policy.mailnews.SOAPPropertyBagMutator.propertyBag", "noAccess");
pref("capability.policy.mailnews.SOAPPropertyBagMutator.addProperty", "noAccess");
pref("capability.policy.mailnews.SchemaLoader.load", "noAccess");
pref("capability.policy.mailnews.SchemaLoader.loadAsync", "noAccess");
pref("capability.policy.mailnews.SchemaLoader.processSchemaElement", "noAccess");
pref("capability.policy.mailnews.SchemaLoader.onLoad", "noAccess");
pref("capability.policy.mailnews.SchemaLoader.onError", "noAccess");
pref("capability.policy.mailnews.WSDLLoader.load", "noAccess");
pref("capability.policy.mailnews.WSDLLoader.loadAsync", "noAccess");
pref("capability.policy.mailnews.WSDLLoader.onLoad", "noAccess");
pref("capability.policy.mailnews.WSDLLoader.onError", "noAccess");
pref("capability.policy.mailnews.WebServiceProxyFactory.createProxy", "noAccess");
pref("capability.policy.mailnews.WebServiceProxyFactory.createProxyAsync", "noAccess");
pref("capability.policy.mailnews.WebServiceProxyFactory.onLoad", "noAccess");
pref("capability.policy.mailnews.WebServiceProxyFactory.onError", "noAccess");
// XMLExtras
pref("capability.policy.default.XMLHttpRequest.channel", "noAccess");
pref("capability.policy.default.XMLHttpRequest.getInterface", "noAccess");
pref("capability.policy.default.XMLHttpRequest.open-uri", "allAccess");
pref("capability.policy.default.DOMParser.parseFromStream", "noAccess");
// Scripts & Windows prefs
pref("dom.disable_image_src_set", false);
pref("dom.disable_window_flip", false);