mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 886237 - follow-up part1: Moving Sandbox/XPCComponents helpers into namespace xpc. r=bholley

This commit is contained in:
Gabor Krizsanits 2013-08-23 09:55:47 +02:00
Родитель 70f2b2b29d
Коммит 43212356ff
7 изменённых файлов: 60 добавлений и 52 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

16
js/xpconnect/src/Sandbox.cpp
Просмотреть файл

@ -68,7 +68,7 @@ private:
}; };
already_AddRefed<nsIXPCComponents_utils_Sandbox> already_AddRefed<nsIXPCComponents_utils_Sandbox>
NewSandboxConstructor() xpc::NewSandboxConstructor()
{ {
nsCOMPtr<nsIXPCComponents_utils_Sandbox> sbConstructor = nsCOMPtr<nsIXPCComponents_utils_Sandbox> sbConstructor =
new nsXPCComponents_utils_Sandbox(); new nsXPCComponents_utils_Sandbox();
@ -319,13 +319,11 @@ GetFilenameAndLineNumber(JSContext *cx, nsACString &filename, unsigned &lineno)
return false; return false;
} }
namespace xpc {
bool bool
IsReflector(JSObject *obj) xpc::IsReflector(JSObject *obj)
{ {
return IS_WN_REFLECTOR(obj) || dom::IsDOMObject(obj); return IS_WN_REFLECTOR(obj) || dom::IsDOMObject(obj);
} }
} /* namespace xpc */
enum ForwarderCloneTags { enum ForwarderCloneTags {
SCTAG_BASE = JS_SCTAG_USER_MIN, SCTAG_BASE = JS_SCTAG_USER_MIN,
@ -604,7 +602,7 @@ static const JSFunctionSpec SandboxFunctions[] = {
}; };
bool bool
IsSandbox(JSObject *obj) xpc::IsSandbox(JSObject *obj)
{ {
return GetObjectJSClass(obj) == &SandboxClass; return GetObjectJSClass(obj) == &SandboxClass;
} }
@ -870,7 +868,7 @@ xpc::SandboxProxyHandler::iterate(JSContext *cx, JS::Handle<JSObject*> proxy,
} }
nsresult nsresult
xpc_CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop, SandboxOptions& options) xpc::CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop, SandboxOptions& options)
{ {
// Create the sandbox global object // Create the sandbox global object
nsresult rv; nsresult rv;
@ -1344,7 +1342,7 @@ nsXPCComponents_utils_Sandbox::CallOrConstruct(nsIXPConnectWrappedNative *wrappe
if (NS_FAILED(AssembleSandboxMemoryReporterName(cx, options.sandboxName))) if (NS_FAILED(AssembleSandboxMemoryReporterName(cx, options.sandboxName)))
return ThrowAndFail(NS_ERROR_INVALID_ARG, cx, _retval); return ThrowAndFail(NS_ERROR_INVALID_ARG, cx, _retval);
rv = xpc_CreateSandboxObject(cx, args.rval().address(), prinOrSop, options); rv = CreateSandboxObject(cx, args.rval().address(), prinOrSop, options);
if (NS_FAILED(rv)) if (NS_FAILED(rv))
return ThrowAndFail(rv, cx, _retval); return ThrowAndFail(rv, cx, _retval);
@ -1404,7 +1402,7 @@ ContextHolder::~ContextHolder()
} }
nsresult nsresult
xpc_EvalInSandbox(JSContext *cx, HandleObject sandboxArg, const nsAString& source, xpc::EvalInSandbox(JSContext *cx, HandleObject sandboxArg, const nsAString& source,
const char *filename, int32_t lineNo, const char *filename, int32_t lineNo,
JSVersion jsVersion, bool returnStringOnly, MutableHandleValue rval) JSVersion jsVersion, bool returnStringOnly, MutableHandleValue rval)
{ {
@ -1557,7 +1555,7 @@ CloningFunctionForwarder(JSContext *cx, unsigned argc, Value *vp)
} }
bool bool
NewFunctionForwarder(JSContext *cx, HandleId id, HandleObject callable, bool doclone, xpc::NewFunctionForwarder(JSContext *cx, HandleId id, HandleObject callable, bool doclone,
MutableHandleValue vp) MutableHandleValue vp)
{ {
JSFunction *fun = js::NewFunctionByIdWithReserved(cx, doclone ? CloningFunctionForwarder : JSFunction *fun = js::NewFunctionByIdWithReserved(cx, doclone ? CloningFunctionForwarder :

26
js/xpconnect/src/XPCComponents.cpp
Просмотреть файл

@ -48,7 +48,7 @@ using namespace xpc;
// stuff used by all // stuff used by all
nsresult nsresult
ThrowAndFail(nsresult errNum, JSContext* cx, bool* retval) xpc::ThrowAndFail(nsresult errNum, JSContext *cx, bool *retval)
{ {
XPCThrower::Throw(errNum, cx); XPCThrower::Throw(errNum, cx);
*retval = false; *retval = false;
@ -77,20 +77,22 @@ JSValIsInterfaceOfType(JSContext *cx, HandleValue v, REFNSIID iid)
return false; return false;
} }
char* xpc_CloneAllAccess() char *
xpc::CloneAllAccess()
{ {
static const char allAccess[] = "AllAccess"; static const char allAccess[] = "AllAccess";
return (char*)nsMemory::Clone(allAccess, sizeof(allAccess)); return (char*)nsMemory::Clone(allAccess, sizeof(allAccess));
} }
char * xpc_CheckAccessList(const PRUnichar* wideName, const char* const list[]) char *
xpc::CheckAccessList(const PRUnichar *wideName, const char *const list[])
{ {
nsAutoCString asciiName; nsAutoCString asciiName;
CopyUTF16toUTF8(nsDependentString(wideName), asciiName); CopyUTF16toUTF8(nsDependentString(wideName), asciiName);
for (const char* const* p = list; *p; p++) for (const char* const* p = list; *p; p++)
if (!strcmp(*p, asciiName.get())) if (!strcmp(*p, asciiName.get()))
return xpc_CloneAllAccess(); return CloneAllAccess();
return nullptr; return nullptr;
} }
@ -351,7 +353,7 @@ NS_IMETHODIMP
nsXPCComponents_Interfaces::CanCreateWrapper(const nsIID * iid, char **_retval) nsXPCComponents_Interfaces::CanCreateWrapper(const nsIID * iid, char **_retval)
{ {
// We let anyone do this... // We let anyone do this...
*_retval = xpc_CloneAllAccess(); *_retval = CloneAllAccess();
return NS_OK; return NS_OK;
} }
@ -644,7 +646,7 @@ NS_IMETHODIMP
nsXPCComponents_InterfacesByID::CanCreateWrapper(const nsIID * iid, char **_retval) nsXPCComponents_InterfacesByID::CanCreateWrapper(const nsIID * iid, char **_retval)
{ {
// We let anyone do this... // We let anyone do this...
*_retval = xpc_CloneAllAccess(); *_retval = CloneAllAccess();
return NS_OK; return NS_OK;
} }
@ -2833,7 +2835,7 @@ nsXPCComponents_Utils::EvalInSandbox(const nsAString& source,
} }
RootedValue rval(cx); RootedValue rval(cx);
nsresult rv = xpc_EvalInSandbox(cx, sandbox, source, filename.get(), lineNo, nsresult rv = xpc::EvalInSandbox(cx, sandbox, source, filename.get(), lineNo,
jsVersion, false, &rval); jsVersion, false, &rval);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);
*retval = rval; *retval = rval;
@ -3242,7 +3244,7 @@ NS_IMETHODIMP
nsXPCComponents_Utils::CanCreateWrapper(const nsIID * iid, char **_retval) nsXPCComponents_Utils::CanCreateWrapper(const nsIID * iid, char **_retval)
{ {
// We let anyone do this... // We let anyone do this...
*_retval = xpc_CloneAllAccess(); *_retval = CloneAllAccess();
return NS_OK; return NS_OK;
} }
@ -3251,7 +3253,7 @@ NS_IMETHODIMP
nsXPCComponents_Utils::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval) nsXPCComponents_Utils::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
{ {
static const char* const allowed[] = { "lookupMethod", "evalInSandbox", nullptr }; static const char* const allowed[] = { "lookupMethod", "evalInSandbox", nullptr };
*_retval = xpc_CheckAccessList(methodName, allowed); *_retval = CheckAccessList(methodName, allowed);
return NS_OK; return NS_OK;
} }
@ -3751,7 +3753,7 @@ NS_IMETHODIMP
nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval) nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
{ {
// We let anyone do this... // We let anyone do this...
*_retval = xpc_CloneAllAccess(); *_retval = CloneAllAccess();
return NS_OK; return NS_OK;
} }
@ -3760,7 +3762,7 @@ NS_IMETHODIMP
nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval) nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
{ {
static const char* const allowed[] = { "isSuccessCode", "lookupMethod", nullptr }; static const char* const allowed[] = { "isSuccessCode", "lookupMethod", nullptr };
*_retval = xpc_CheckAccessList(methodName, allowed); *_retval = CheckAccessList(methodName, allowed);
return NS_OK; return NS_OK;
} }
@ -3769,7 +3771,7 @@ NS_IMETHODIMP
nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval) nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
{ {
static const char* const allowed[] = { "interfaces", "interfacesByID", "results", nullptr}; static const char* const allowed[] = { "interfaces", "interfacesByID", "results", nullptr};
*_retval = xpc_CheckAccessList(propertyName, allowed); *_retval = CheckAccessList(propertyName, allowed);
return NS_OK; return NS_OK;
} }

6
js/xpconnect/src/XPCJSID.cpp
Просмотреть файл

@ -568,7 +568,7 @@ NS_IMETHODIMP
nsJSIID::CanCreateWrapper(const nsIID * iid, char **_retval) nsJSIID::CanCreateWrapper(const nsIID * iid, char **_retval)
{ {
// We let anyone do this... // We let anyone do this...
*_retval = xpc_CloneAllAccess(); *_retval = xpc::CloneAllAccess();
return NS_OK; return NS_OK;
} }
@ -578,7 +578,7 @@ nsJSIID::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_r
{ {
static const char* const allowed[] = {"equals", "toString", nullptr}; static const char* const allowed[] = {"equals", "toString", nullptr};
*_retval = xpc_CheckAccessList(methodName, allowed); *_retval = xpc::CheckAccessList(methodName, allowed);
return NS_OK; return NS_OK;
} }
@ -587,7 +587,7 @@ NS_IMETHODIMP
nsJSIID::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval) nsJSIID::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
{ {
static const char* const allowed[] = {"name", "number", "valid", nullptr}; static const char* const allowed[] = {"name", "number", "valid", nullptr};
*_retval = xpc_CheckAccessList(propertyName, allowed); *_retval = xpc::CheckAccessList(propertyName, allowed);
return NS_OK; return NS_OK;
} }

2
js/xpconnect/src/XPCJSRuntime.cpp
Просмотреть файл

@ -3267,7 +3267,7 @@ XPCJSRuntime::GetJunkScope()
SandboxOptions options(cx); SandboxOptions options(cx);
options.sandboxName.AssignASCII("XPConnect Junk Compartment"); options.sandboxName.AssignASCII("XPConnect Junk Compartment");
RootedValue v(cx); RootedValue v(cx);
nsresult rv = xpc_CreateSandboxObject(cx, v.address(), nsresult rv = CreateSandboxObject(cx, v.address(),
nsContentUtils::GetSystemPrincipal(), nsContentUtils::GetSystemPrincipal(),
options); options);

2
js/xpconnect/src/XPCWrappedNativeScope.cpp
Просмотреть файл

@ -256,7 +256,7 @@ XPCWrappedNativeScope::EnsureXBLScope(JSContext *cx)
// Create the sandbox. // Create the sandbox.
JS::RootedValue v(cx, JS::UndefinedValue()); JS::RootedValue v(cx, JS::UndefinedValue());
nsresult rv = xpc_CreateSandboxObject(cx, v.address(), ep, options); nsresult rv = CreateSandboxObject(cx, v.address(), ep, options);
NS_ENSURE_SUCCESS(rv, nullptr); NS_ENSURE_SUCCESS(rv, nullptr);
mXBLScope = &v.toObject(); mXBLScope = &v.toObject();

4
js/xpconnect/src/nsXPConnect.cpp
Просмотреть файл

@ -945,7 +945,7 @@ nsXPConnect::CreateSandbox(JSContext *cx, nsIPrincipal *principal,
RootedValue rval(cx, JSVAL_VOID); RootedValue rval(cx, JSVAL_VOID);
SandboxOptions options(cx); SandboxOptions options(cx);
nsresult rv = xpc_CreateSandboxObject(cx, rval.address(), principal, options); nsresult rv = CreateSandboxObject(cx, rval.address(), principal, options);
MOZ_ASSERT(NS_FAILED(rv) || !JSVAL_IS_PRIMITIVE(rval), MOZ_ASSERT(NS_FAILED(rv) || !JSVAL_IS_PRIMITIVE(rval),
"Bad return value from xpc_CreateSandboxObject()!"); "Bad return value from xpc_CreateSandboxObject()!");
@ -969,7 +969,7 @@ nsXPConnect::EvalInSandboxObject(const nsAString& source, const char *filename,
RootedObject sandbox(cx, sandboxArg); RootedObject sandbox(cx, sandboxArg);
RootedValue rval(cx); RootedValue rval(cx);
nsresult rv = xpc_EvalInSandbox(cx, sandbox, source, filename ? filename : nsresult rv = EvalInSandbox(cx, sandbox, source, filename ? filename :
"x-bogus://XPConnect/Sandbox", 1, JSVERSION_DEFAULT, "x-bogus://XPConnect/Sandbox", 1, JSVERSION_DEFAULT,
returnStringOnly, &rval); returnStringOnly, &rval);
NS_ENSURE_SUCCESS(rv, rv); NS_ENSURE_SUCCESS(rv, rv);

30
js/xpconnect/src/xpcprivate.h
Просмотреть файл

@ -3547,13 +3547,15 @@ class ArrayAutoMarkingPtr : public AutoMarkingPtr
typedef ArrayAutoMarkingPtr<XPCNativeInterface> AutoMarkingNativeInterfacePtrArrayPtr; typedef ArrayAutoMarkingPtr<XPCNativeInterface> AutoMarkingNativeInterfacePtrArrayPtr;
/***************************************************************************/ /***************************************************************************/
namespace xpc {
// Allocates a string that grants all access ("AllAccess") // Allocates a string that grants all access ("AllAccess")
char *
CloneAllAccess();
extern char* xpc_CloneAllAccess();
/***************************************************************************/
// Returns access if wideName is in list // Returns access if wideName is in list
char *
extern char * xpc_CheckAccessList(const PRUnichar* wideName, const char* const list[]); CheckAccessList(const PRUnichar *wideName, const char *const list[]);
} /* namespace xpc */
/***************************************************************************/ /***************************************************************************/
// in xpcvariant.cpp... // in xpcvariant.cpp...
@ -3681,10 +3683,16 @@ xpc_GetSafeJSContext()
return XPCJSRuntime::Get()->GetJSContextStack()->GetSafeJSContext(); return XPCJSRuntime::Get()->GetJSContextStack()->GetSafeJSContext();
} }
namespace xpc {
// Helper function that creates a JSFunction that wraps a native function that
// forwards the call to the original 'callable'. If the 'doclone' argument is
// set, it also structure clones non-native arguments for extra security.
bool bool
NewFunctionForwarder(JSContext *cx, JS::HandleId id, JS::HandleObject callable, NewFunctionForwarder(JSContext *cx, JS::HandleId id, JS::HandleObject callable,
bool doclone, JS::MutableHandleValue vp); bool doclone, JS::MutableHandleValue vp);
// Old fashioned xpc error reporter. Try to use JS_ReportError instead.
nsresult nsresult
ThrowAndFail(nsresult errNum, JSContext *cx, bool *retval); ThrowAndFail(nsresult errNum, JSContext *cx, bool *retval);
@ -3692,11 +3700,10 @@ ThrowAndFail(nsresult errNum, JSContext* cx, bool* retval);
already_AddRefed<nsIXPCComponents_utils_Sandbox> already_AddRefed<nsIXPCComponents_utils_Sandbox>
NewSandboxConstructor(); NewSandboxConstructor();
// Returns true if class of 'obj' is SandboxClass.
bool bool
IsSandbox(JSObject *obj); IsSandbox(JSObject *obj);
namespace xpc {
struct SandboxOptions { struct SandboxOptions {
SandboxOptions(JSContext *cx) SandboxOptions(JSContext *cx)
: wantXrays(true) : wantXrays(true)
@ -3719,11 +3726,10 @@ struct SandboxOptions {
JSObject * JSObject *
CreateGlobalObject(JSContext *cx, JSClass *clasp, nsIPrincipal *principal, CreateGlobalObject(JSContext *cx, JSClass *clasp, nsIPrincipal *principal,
JS::CompartmentOptions& aOptions); JS::CompartmentOptions& aOptions);
}
// Helper for creating a sandbox object to use for evaluating // Helper for creating a sandbox object to use for evaluating
// untrusted code completely separated from all other code in the // untrusted code completely separated from all other code in the
// system using xpc_EvalInSandbox(). Takes the JSContext on which to // system using EvalInSandbox(). Takes the JSContext on which to
// do setup etc on, puts the sandbox object in *vp (which must be // do setup etc on, puts the sandbox object in *vp (which must be
// rooted by the caller), and uses the principal that's either // rooted by the caller), and uses the principal that's either
// directly passed in prinOrSop or indirectly as an // directly passed in prinOrSop or indirectly as an
@ -3731,10 +3737,10 @@ CreateGlobalObject(JSContext *cx, JSClass *clasp, nsIPrincipal *principal,
// reachable through prinOrSop, a new null principal will be created // reachable through prinOrSop, a new null principal will be created
// and used. // and used.
nsresult nsresult
xpc_CreateSandboxObject(JSContext * cx, jsval * vp, nsISupports *prinOrSop, CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop,
xpc::SandboxOptions& options); xpc::SandboxOptions& options);
// Helper for evaluating scripts in a sandbox object created with // Helper for evaluating scripts in a sandbox object created with
// xpc_CreateSandboxObject(). The caller is responsible of ensuring // CreateSandboxObject(). The caller is responsible of ensuring
// that *rval doesn't get collected during the call or usage after the // that *rval doesn't get collected during the call or usage after the
// call. This helper will use filename and lineNo for error reporting, // call. This helper will use filename and lineNo for error reporting,
// and if no filename is provided it will use the codebase from the // and if no filename is provided it will use the codebase from the
@ -3744,11 +3750,13 @@ xpc_CreateSandboxObject(JSContext * cx, jsval * vp, nsISupports *prinOrSop,
// an exception to a string, evalInSandbox will return an NS_ERROR_* // an exception to a string, evalInSandbox will return an NS_ERROR_*
// result, and cx->exception will be empty. // result, and cx->exception will be empty.
nsresult nsresult
xpc_EvalInSandbox(JSContext *cx, JS::HandleObject sandbox, const nsAString& source, EvalInSandbox(JSContext *cx, JS::HandleObject sandbox, const nsAString& source,
const char *filename, int32_t lineNo, const char *filename, int32_t lineNo,
JSVersion jsVersion, bool returnStringOnly, JSVersion jsVersion, bool returnStringOnly,
JS::MutableHandleValue rval); JS::MutableHandleValue rval);
} /* namespace xpc */
/***************************************************************************/ /***************************************************************************/
// Inlined utilities. // Inlined utilities.