Bug 956382 - Remove usage of explicit *IgnoringDomain variants. r=mrbkap

2014-02-13 18:57:36 -08:00 · 2014-02-13 18:57:36 -08:00 · 1c600e7056
--- a/content/canvas/src/CanvasUtils.cpp
+++ b/content/canvas/src/CanvasUtils.cpp
@ -56,13 +56,7 @@ DoDrawImageSecurityCheck(dom::HTMLCanvasElement *aCanvasElement,
    if (CORSUsed)
        return;

-    // Ignore document.domain in this check.
-    bool subsumes;
-    nsresult rv =
-        aCanvasElement->NodePrincipal()->SubsumesIgnoringDomain(aPrincipal,
-                                                                &subsumes);
-
-    if (NS_SUCCEEDED(rv) && subsumes) {
+    if (aCanvasElement->NodePrincipal()->Subsumes(aPrincipal)) {
        // This canvas has access to that image anyway
        return;
    }
--- a/content/svg/content/src/SVGFEImageElement.cpp
+++ b/content/svg/content/src/SVGFEImageElement.cpp
@ -295,11 +295,7 @@ SVGFEImageElement::OutputIsTainted(const nsTArray<bool>& aInputsAreTainted,
    return false;
  }

-  // Ignore document.domain in this check.
-  bool subsumes;
-  rv = aReferencePrincipal->SubsumesIgnoringDomain(principal, &subsumes);
-
-  if (NS_SUCCEEDED(rv) && subsumes) {
+  if (aReferencePrincipal->Subsumes(principal)) {
    // The page is allowed to read from the image.
    return false;
  }
--- a/dom/base/nsGlobalWindow.cpp
+++ b/dom/base/nsGlobalWindow.cpp
@ -7720,7 +7720,7 @@ PostMessageEvent::Run()
    //       don't do that in other places it seems better to hold the line for
    //       now.  Long-term, we want HTML5 to address this so that we can
    //       be compliant while being safer.
-    if (!targetPrin->EqualsIgnoringDomain(mProvidedPrincipal)) {
+    if (!targetPrin->Equals(mProvidedPrincipal)) {
      return NS_OK;
    }
  }
--- a/dom/src/storage/DOMStorage.cpp
+++ b/dom/src/storage/DOMStorage.cpp
@ -319,29 +319,7 @@ DOMStorage::PrincipalEquals(nsIPrincipal* aPrincipal)
 bool
 DOMStorage::CanAccess(nsIPrincipal* aPrincipal)
 {
-  // Allow C++ callers to access the storage
-  if (!aPrincipal) {
-    return true;
-  }
-
-  // For content, either the code base or domain must be the same.  When code
-  // base is the same, this is enough to say it is safe for a page to access
-  // this storage.
-
-  bool subsumes;
-  nsresult rv = aPrincipal->SubsumesIgnoringDomain(mPrincipal, &subsumes);
-  if (NS_FAILED(rv)) {
-    return false;
-  }
-
-  if (!subsumes) {
-    nsresult rv = aPrincipal->Subsumes(mPrincipal, &subsumes);
-    if (NS_FAILED(rv)) {
-      return false;
-    }
-  }
-
-  return subsumes;
+  return !aPrincipal || aPrincipal->Subsumes(mPrincipal);
 }

 nsTArray<nsString>*
--- a/dom/src/storage/DOMStorageManager.cpp
+++ b/dom/src/storage/DOMStorageManager.cpp
@ -91,17 +91,7 @@ PrincipalsEqual(nsIPrincipal* aObjectPrincipal, nsIPrincipal* aSubjectPrincipal)
    return false;
  }

-  bool equals;
-  nsresult rv = aSubjectPrincipal->EqualsIgnoringDomain(aObjectPrincipal, &equals);
-
-  NS_ASSERTION(NS_SUCCEEDED(rv) && equals,
-               "Trying to get DOM storage for wrong principal!");
-
-  if (NS_FAILED(rv) || !equals) {
-    return false;
-  }
-
-  return true;
+  return aSubjectPrincipal->Equals(aObjectPrincipal);
 }

 NS_IMPL_ISUPPORTS1(DOMStorageManager,
--- a/js/xpconnect/wrappers/AccessCheck.cpp
+++ b/js/xpconnect/wrappers/AccessCheck.cpp
@ -51,15 +51,6 @@ AccessCheck::subsumes(JSObject *a, JSObject *b)
    return subsumes(js::GetObjectCompartment(a), js::GetObjectCompartment(b));
 }

-// Same as above, but ignoring document.domain.
-bool
-AccessCheck::subsumesIgnoringDomain(JSCompartment *a, JSCompartment *b)
-{
-    nsIPrincipal *aprin = GetCompartmentPrincipal(a);
-    nsIPrincipal *bprin = GetCompartmentPrincipal(b);
-    return aprin->SubsumesIgnoringDomain(bprin);
-}
-
 // Same as above, but considering document.domain.
 bool
 AccessCheck::subsumesConsideringDomain(JSCompartment *a, JSCompartment *b)
--- a/js/xpconnect/wrappers/AccessCheck.h
+++ b/js/xpconnect/wrappers/AccessCheck.h
@ -20,7 +20,6 @@ class AccessCheck {
    static bool subsumes(JSCompartment *a, JSCompartment *b);
    static bool subsumes(JSObject *a, JSObject *b);
    static bool wrapperSubsumes(JSObject *wrapper);
-    static bool subsumesIgnoringDomain(JSCompartment *a, JSCompartment *b);
    static bool subsumesConsideringDomain(JSCompartment *a, JSCompartment *b);
    static bool isChrome(JSCompartment *compartment);
    static bool isChrome(JSObject *obj);
--- a/js/xpconnect/wrappers/WrapperFactory.cpp
+++ b/js/xpconnect/wrappers/WrapperFactory.cpp
@ -166,9 +166,9 @@ WrapperFactory::PrepareForWrapping(JSContext *cx, HandleObject scope,
    //
    // NB: We need to ignore domain here so that the security relationship we
    // compute here can't change over time. See the comment above the other
-    // subsumesIgnoringDomain call below.
-    bool subsumes = AccessCheck::subsumesIgnoringDomain(js::GetContextCompartment(cx),
-                                                        js::GetObjectCompartment(obj));
+    // subsumes call below.
+    bool subsumes = AccessCheck::subsumes(js::GetContextCompartment(cx),
+                                          js::GetObjectCompartment(obj));
    XrayType xrayType = GetXrayType(obj);
    if (!subsumes && xrayType == NotXray) {
        JSProtoKey key = JSProto_Null;
@ -269,8 +269,8 @@ WrapperFactory::PrepareForWrapping(JSContext *cx, HandleObject scope,
            // the correct (opaque) wrapper for the object below given the security
            // characteristics of the two compartments.
            if (!AccessCheck::isChrome(js::GetObjectCompartment(wrapScope)) &&
-                 AccessCheck::subsumesIgnoringDomain(js::GetObjectCompartment(wrapScope),
-                                                     js::GetObjectCompartment(obj)))
+                 AccessCheck::subsumes(js::GetObjectCompartment(wrapScope),
+                                       js::GetObjectCompartment(obj)))
            {
                return DoubleWrap(cx, obj, flags);
            }
--- a/js/xpconnect/wrappers/XrayWrapper.cpp
+++ b/js/xpconnect/wrappers/XrayWrapper.cpp
@ -350,7 +350,6 @@ XrayTraits::expandoObjectMatchesConsumer(JSContext *cx,

    // First, compare the principals.
    nsIPrincipal *o = GetExpandoObjectPrincipal(expandoObject);
-    bool equal;
    // Note that it's very important here to ignore document.domain. We
    // pull the principal for the expando object off of the first consumer
    // for a given origin, and freely share the expandos amongst multiple
@ -358,9 +357,8 @@ XrayTraits::expandoObjectMatchesConsumer(JSContext *cx,
    // no way to know whether _all_ consumers have opted in to collaboration
    // by explicitly setting document.domain. So we just mandate that expando
    // sharing is unaffected by it.
-    nsresult rv = consumerOrigin->EqualsIgnoringDomain(o, &equal);
-    if (NS_FAILED(rv) || !equal)
-        return false;
+    if (!consumerOrigin->Equals(o))
+      return false;

    // Sandboxes want exclusive expando objects.
    JSObject *owner = JS_GetReservedSlot(expandoObject,