Bug 886237 - follow-up part1: Moving Sandbox/XPCComponents helpers into namespace xpc. r=bholley

js/xpconnect/src/Sandbox.cpp

@@ -68,7 +68,7 @@ private:
 };
 
 already_AddRefed<nsIXPCComponents_utils_Sandbox>
-NewSandboxConstructor()
+xpc::NewSandboxConstructor()
 {
     nsCOMPtr<nsIXPCComponents_utils_Sandbox> sbConstructor =
         new nsXPCComponents_utils_Sandbox();
@@ -319,13 +319,11 @@ GetFilenameAndLineNumber(JSContext *cx, nsACString &filename, unsigned &lineno)
     return false;
 }
 
-namespace xpc {
 bool
-IsReflector(JSObject *obj)
+xpc::IsReflector(JSObject *obj)
 {
     return IS_WN_REFLECTOR(obj) || dom::IsDOMObject(obj);
 }
-} /* namespace xpc */
 
 enum ForwarderCloneTags {
     SCTAG_BASE = JS_SCTAG_USER_MIN,
@@ -604,7 +602,7 @@ static const JSFunctionSpec SandboxFunctions[] = {
 };
 
 bool
-IsSandbox(JSObject *obj)
+xpc::IsSandbox(JSObject *obj)
 {
     return GetObjectJSClass(obj) == &SandboxClass;
 }
@@ -870,7 +868,7 @@ xpc::SandboxProxyHandler::iterate(JSContext *cx, JS::Handle<JSObject*> proxy,
 }
 
 nsresult
-xpc_CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop, SandboxOptions& options)
+xpc::CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop, SandboxOptions& options)
 {
     // Create the sandbox global object
     nsresult rv;
@@ -1344,7 +1342,7 @@ nsXPCComponents_utils_Sandbox::CallOrConstruct(nsIXPConnectWrappedNative *wrappe
     if (NS_FAILED(AssembleSandboxMemoryReporterName(cx, options.sandboxName)))
         return ThrowAndFail(NS_ERROR_INVALID_ARG, cx, _retval);
 
-    rv = xpc_CreateSandboxObject(cx, args.rval().address(), prinOrSop, options);
+    rv = CreateSandboxObject(cx, args.rval().address(), prinOrSop, options);
 
     if (NS_FAILED(rv))
         return ThrowAndFail(rv, cx, _retval);
@@ -1404,9 +1402,9 @@ ContextHolder::~ContextHolder()
 }
 
 nsresult
-xpc_EvalInSandbox(JSContext *cx, HandleObject sandboxArg, const nsAString& source,
-                  const char *filename, int32_t lineNo,
-                  JSVersion jsVersion, bool returnStringOnly, MutableHandleValue rval)
+xpc::EvalInSandbox(JSContext *cx, HandleObject sandboxArg, const nsAString& source,
+                   const char *filename, int32_t lineNo,
+                   JSVersion jsVersion, bool returnStringOnly, MutableHandleValue rval)
 {
     JS_AbortIfWrongThread(JS_GetRuntime(cx));
     rval.set(UndefinedValue());
@@ -1557,8 +1555,8 @@ CloningFunctionForwarder(JSContext *cx, unsigned argc, Value *vp)
 }
 
 bool
-NewFunctionForwarder(JSContext *cx, HandleId id, HandleObject callable, bool doclone,
-                     MutableHandleValue vp)
+xpc::NewFunctionForwarder(JSContext *cx, HandleId id, HandleObject callable, bool doclone,
+                          MutableHandleValue vp)
 {
     JSFunction *fun = js::NewFunctionByIdWithReserved(cx, doclone ? CloningFunctionForwarder :
                                                                     NonCloningFunctionForwarder,

js/xpconnect/src/XPCComponents.cpp

@@ -48,7 +48,7 @@ using namespace xpc;
 // stuff used by all
 
 nsresult
-ThrowAndFail(nsresult errNum, JSContext* cx, bool* retval)
+xpc::ThrowAndFail(nsresult errNum, JSContext *cx, bool *retval)
 {
     XPCThrower::Throw(errNum, cx);
     *retval = false;
@@ -77,20 +77,22 @@ JSValIsInterfaceOfType(JSContext *cx, HandleValue v, REFNSIID iid)
     return false;
 }
 
-char* xpc_CloneAllAccess()
+char *
+xpc::CloneAllAccess()
 {
     static const char allAccess[] = "AllAccess";
     return (char*)nsMemory::Clone(allAccess, sizeof(allAccess));
 }
 
-char * xpc_CheckAccessList(const PRUnichar* wideName, const char* const list[])
+char *
+xpc::CheckAccessList(const PRUnichar *wideName, const char *const list[])
 {
     nsAutoCString asciiName;
     CopyUTF16toUTF8(nsDependentString(wideName), asciiName);
 
     for (const char* const* p = list; *p; p++)
         if (!strcmp(*p, asciiName.get()))
-            return xpc_CloneAllAccess();
+            return CloneAllAccess();
 
     return nullptr;
 }
@@ -351,7 +353,7 @@ NS_IMETHODIMP
 nsXPCComponents_Interfaces::CanCreateWrapper(const nsIID * iid, char **_retval)
 {
     // We let anyone do this...
-    *_retval = xpc_CloneAllAccess();
+    *_retval = CloneAllAccess();
     return NS_OK;
 }
 
@@ -644,7 +646,7 @@ NS_IMETHODIMP
 nsXPCComponents_InterfacesByID::CanCreateWrapper(const nsIID * iid, char **_retval)
 {
     // We let anyone do this...
-    *_retval = xpc_CloneAllAccess();
+    *_retval = CloneAllAccess();
     return NS_OK;
 }
 
@@ -2833,8 +2835,8 @@ nsXPCComponents_Utils::EvalInSandbox(const nsAString& source,
     }
 
     RootedValue rval(cx);
-    nsresult rv = xpc_EvalInSandbox(cx, sandbox, source, filename.get(), lineNo,
-                                    jsVersion, false, &rval);
+    nsresult rv = xpc::EvalInSandbox(cx, sandbox, source, filename.get(), lineNo,
+                                     jsVersion, false, &rval);
     NS_ENSURE_SUCCESS(rv, rv);
     *retval = rval;
     return NS_OK;
@@ -3242,7 +3244,7 @@ NS_IMETHODIMP
 nsXPCComponents_Utils::CanCreateWrapper(const nsIID * iid, char **_retval)
 {
     // We let anyone do this...
-    *_retval = xpc_CloneAllAccess();
+    *_retval = CloneAllAccess();
     return NS_OK;
 }
 
@@ -3251,7 +3253,7 @@ NS_IMETHODIMP
 nsXPCComponents_Utils::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
 {
     static const char* const allowed[] = { "lookupMethod", "evalInSandbox", nullptr };
-    *_retval = xpc_CheckAccessList(methodName, allowed);
+    *_retval = CheckAccessList(methodName, allowed);
     return NS_OK;
 }
 
@@ -3751,7 +3753,7 @@ NS_IMETHODIMP
 nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
 {
     // We let anyone do this...
-    *_retval = xpc_CloneAllAccess();
+    *_retval = CloneAllAccess();
     return NS_OK;
 }
 
@@ -3760,7 +3762,7 @@ NS_IMETHODIMP
 nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
 {
     static const char* const allowed[] = { "isSuccessCode", "lookupMethod", nullptr };
-    *_retval = xpc_CheckAccessList(methodName, allowed);
+    *_retval = CheckAccessList(methodName, allowed);
     return NS_OK;
 }
 
@@ -3769,7 +3771,7 @@ NS_IMETHODIMP
 nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
 {
     static const char* const allowed[] = { "interfaces", "interfacesByID", "results", nullptr};
-    *_retval = xpc_CheckAccessList(propertyName, allowed);
+    *_retval = CheckAccessList(propertyName, allowed);
     return NS_OK;
 }
 

js/xpconnect/src/XPCJSID.cpp

@@ -568,7 +568,7 @@ NS_IMETHODIMP
 nsJSIID::CanCreateWrapper(const nsIID * iid, char **_retval)
 {
     // We let anyone do this...
-    *_retval = xpc_CloneAllAccess();
+    *_retval = xpc::CloneAllAccess();
     return NS_OK;
 }
 
@@ -578,7 +578,7 @@ nsJSIID::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_r
 {
     static const char* const allowed[] = {"equals", "toString", nullptr};
 
-    *_retval = xpc_CheckAccessList(methodName, allowed);
+    *_retval = xpc::CheckAccessList(methodName, allowed);
     return NS_OK;
 }
 
@@ -587,7 +587,7 @@ NS_IMETHODIMP
 nsJSIID::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
 {
     static const char* const allowed[] = {"name", "number", "valid", nullptr};
-    *_retval = xpc_CheckAccessList(propertyName, allowed);
+    *_retval = xpc::CheckAccessList(propertyName, allowed);
     return NS_OK;
 }
 

js/xpconnect/src/XPCJSRuntime.cpp

@@ -3267,9 +3267,9 @@ XPCJSRuntime::GetJunkScope()
         SandboxOptions options(cx);
         options.sandboxName.AssignASCII("XPConnect Junk Compartment");
         RootedValue v(cx);
-        nsresult rv = xpc_CreateSandboxObject(cx, v.address(),
-                                              nsContentUtils::GetSystemPrincipal(),
-                                              options);
+        nsresult rv = CreateSandboxObject(cx, v.address(),
+                                          nsContentUtils::GetSystemPrincipal(),
+                                          options);
 
         NS_ENSURE_SUCCESS(rv, nullptr);
 

js/xpconnect/src/XPCWrappedNativeScope.cpp

@@ -256,7 +256,7 @@ XPCWrappedNativeScope::EnsureXBLScope(JSContext *cx)
 
     // Create the sandbox.
     JS::RootedValue v(cx, JS::UndefinedValue());
-    nsresult rv = xpc_CreateSandboxObject(cx, v.address(), ep, options);
+    nsresult rv = CreateSandboxObject(cx, v.address(), ep, options);
     NS_ENSURE_SUCCESS(rv, nullptr);
     mXBLScope = &v.toObject();
 

js/xpconnect/src/nsXPConnect.cpp

@@ -945,7 +945,7 @@ nsXPConnect::CreateSandbox(JSContext *cx, nsIPrincipal *principal,
     RootedValue rval(cx, JSVAL_VOID);
 
     SandboxOptions options(cx);
-    nsresult rv = xpc_CreateSandboxObject(cx, rval.address(), principal, options);
+    nsresult rv = CreateSandboxObject(cx, rval.address(), principal, options);
     MOZ_ASSERT(NS_FAILED(rv) || !JSVAL_IS_PRIMITIVE(rval),
                "Bad return value from xpc_CreateSandboxObject()!");
 
@@ -969,9 +969,9 @@ nsXPConnect::EvalInSandboxObject(const nsAString& source, const char *filename,
 
     RootedObject sandbox(cx, sandboxArg);
     RootedValue rval(cx);
-    nsresult rv = xpc_EvalInSandbox(cx, sandbox, source, filename ? filename :
-                                    "x-bogus://XPConnect/Sandbox", 1, JSVERSION_DEFAULT,
-                                    returnStringOnly, &rval);
+    nsresult rv = EvalInSandbox(cx, sandbox, source, filename ? filename :
+                                "x-bogus://XPConnect/Sandbox", 1, JSVERSION_DEFAULT,
+                                returnStringOnly, &rval);
     NS_ENSURE_SUCCESS(rv, rv);
     *rvalArg = rval;
     return NS_OK;

js/xpconnect/src/xpcprivate.h

@@ -3547,13 +3547,15 @@ class ArrayAutoMarkingPtr : public AutoMarkingPtr
 typedef ArrayAutoMarkingPtr<XPCNativeInterface> AutoMarkingNativeInterfacePtrArrayPtr;
 
 /***************************************************************************/
+namespace xpc {
 // Allocates a string that grants all access ("AllAccess")
+char *
+CloneAllAccess();
 
-extern char* xpc_CloneAllAccess();
-/***************************************************************************/
 // Returns access if wideName is in list
-
-extern char * xpc_CheckAccessList(const PRUnichar* wideName, const char* const list[]);
+char *
+CheckAccessList(const PRUnichar *wideName, const char *const list[]);
+} /* namespace xpc */
 
 /***************************************************************************/
 // in xpcvariant.cpp...
@@ -3681,22 +3683,27 @@ xpc_GetSafeJSContext()
     return XPCJSRuntime::Get()->GetJSContextStack()->GetSafeJSContext();
 }
 
+namespace xpc {
+
+// Helper function that creates a JSFunction that wraps a native function that
+// forwards the call to the original 'callable'. If the 'doclone' argument is
+// set, it also structure clones non-native arguments for extra security.
 bool
 NewFunctionForwarder(JSContext *cx, JS::HandleId id, JS::HandleObject callable,
                      bool doclone, JS::MutableHandleValue vp);
 
+// Old fashioned xpc error reporter. Try to use JS_ReportError instead.
 nsresult
-ThrowAndFail(nsresult errNum, JSContext* cx, bool* retval);
+ThrowAndFail(nsresult errNum, JSContext *cx, bool *retval);
 
 // Infallible.
 already_AddRefed<nsIXPCComponents_utils_Sandbox>
 NewSandboxConstructor();
 
+// Returns true if class of 'obj' is SandboxClass.
 bool
 IsSandbox(JSObject *obj);
 
-namespace xpc {
-
 struct SandboxOptions {
     SandboxOptions(JSContext *cx)
         : wantXrays(true)
@@ -3719,11 +3726,10 @@ struct SandboxOptions {
 JSObject *
 CreateGlobalObject(JSContext *cx, JSClass *clasp, nsIPrincipal *principal,
                    JS::CompartmentOptions& aOptions);
-}
 
 // Helper for creating a sandbox object to use for evaluating
 // untrusted code completely separated from all other code in the
-// system using xpc_EvalInSandbox(). Takes the JSContext on which to
+// system using EvalInSandbox(). Takes the JSContext on which to
 // do setup etc on, puts the sandbox object in *vp (which must be
 // rooted by the caller), and uses the principal that's either
 // directly passed in prinOrSop or indirectly as an
@@ -3731,10 +3737,10 @@ CreateGlobalObject(JSContext *cx, JSClass *clasp, nsIPrincipal *principal,
 // reachable through prinOrSop, a new null principal will be created
 // and used.
 nsresult
-xpc_CreateSandboxObject(JSContext * cx, jsval * vp, nsISupports *prinOrSop,
-                        xpc::SandboxOptions& options);
+CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop,
+                    xpc::SandboxOptions& options);
 // Helper for evaluating scripts in a sandbox object created with
-// xpc_CreateSandboxObject(). The caller is responsible of ensuring
+// CreateSandboxObject(). The caller is responsible of ensuring
 // that *rval doesn't get collected during the call or usage after the
 // call. This helper will use filename and lineNo for error reporting,
 // and if no filename is provided it will use the codebase from the
@@ -3744,10 +3750,12 @@ xpc_CreateSandboxObject(JSContext * cx, jsval * vp, nsISupports *prinOrSop,
 // an exception to a string, evalInSandbox will return an NS_ERROR_*
 // result, and cx->exception will be empty.
 nsresult
-xpc_EvalInSandbox(JSContext *cx, JS::HandleObject sandbox, const nsAString& source,
-                  const char *filename, int32_t lineNo,
-                  JSVersion jsVersion, bool returnStringOnly,
-                  JS::MutableHandleValue rval);
+EvalInSandbox(JSContext *cx, JS::HandleObject sandbox, const nsAString& source,
+              const char *filename, int32_t lineNo,
+              JSVersion jsVersion, bool returnStringOnly,
+              JS::MutableHandleValue rval);
+
+} /* namespace xpc */
 
 /***************************************************************************/
 // Inlined utilities.