зеркало из https://github.com/mozilla/gecko-dev.git
Bug 886237 - follow-up part1: Moving Sandbox/XPCComponents helpers into namespace xpc. r=bholley
This commit is contained in:
Родитель
70f2b2b29d
Коммит
43212356ff
|
@ -68,7 +68,7 @@ private:
|
|||
};
|
||||
|
||||
already_AddRefed<nsIXPCComponents_utils_Sandbox>
|
||||
NewSandboxConstructor()
|
||||
xpc::NewSandboxConstructor()
|
||||
{
|
||||
nsCOMPtr<nsIXPCComponents_utils_Sandbox> sbConstructor =
|
||||
new nsXPCComponents_utils_Sandbox();
|
||||
|
@ -319,13 +319,11 @@ GetFilenameAndLineNumber(JSContext *cx, nsACString &filename, unsigned &lineno)
|
|||
return false;
|
||||
}
|
||||
|
||||
namespace xpc {
|
||||
bool
|
||||
IsReflector(JSObject *obj)
|
||||
xpc::IsReflector(JSObject *obj)
|
||||
{
|
||||
return IS_WN_REFLECTOR(obj) || dom::IsDOMObject(obj);
|
||||
}
|
||||
} /* namespace xpc */
|
||||
|
||||
enum ForwarderCloneTags {
|
||||
SCTAG_BASE = JS_SCTAG_USER_MIN,
|
||||
|
@ -604,7 +602,7 @@ static const JSFunctionSpec SandboxFunctions[] = {
|
|||
};
|
||||
|
||||
bool
|
||||
IsSandbox(JSObject *obj)
|
||||
xpc::IsSandbox(JSObject *obj)
|
||||
{
|
||||
return GetObjectJSClass(obj) == &SandboxClass;
|
||||
}
|
||||
|
@ -870,7 +868,7 @@ xpc::SandboxProxyHandler::iterate(JSContext *cx, JS::Handle<JSObject*> proxy,
|
|||
}
|
||||
|
||||
nsresult
|
||||
xpc_CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop, SandboxOptions& options)
|
||||
xpc::CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop, SandboxOptions& options)
|
||||
{
|
||||
// Create the sandbox global object
|
||||
nsresult rv;
|
||||
|
@ -1344,7 +1342,7 @@ nsXPCComponents_utils_Sandbox::CallOrConstruct(nsIXPConnectWrappedNative *wrappe
|
|||
if (NS_FAILED(AssembleSandboxMemoryReporterName(cx, options.sandboxName)))
|
||||
return ThrowAndFail(NS_ERROR_INVALID_ARG, cx, _retval);
|
||||
|
||||
rv = xpc_CreateSandboxObject(cx, args.rval().address(), prinOrSop, options);
|
||||
rv = CreateSandboxObject(cx, args.rval().address(), prinOrSop, options);
|
||||
|
||||
if (NS_FAILED(rv))
|
||||
return ThrowAndFail(rv, cx, _retval);
|
||||
|
@ -1404,7 +1402,7 @@ ContextHolder::~ContextHolder()
|
|||
}
|
||||
|
||||
nsresult
|
||||
xpc_EvalInSandbox(JSContext *cx, HandleObject sandboxArg, const nsAString& source,
|
||||
xpc::EvalInSandbox(JSContext *cx, HandleObject sandboxArg, const nsAString& source,
|
||||
const char *filename, int32_t lineNo,
|
||||
JSVersion jsVersion, bool returnStringOnly, MutableHandleValue rval)
|
||||
{
|
||||
|
@ -1557,7 +1555,7 @@ CloningFunctionForwarder(JSContext *cx, unsigned argc, Value *vp)
|
|||
}
|
||||
|
||||
bool
|
||||
NewFunctionForwarder(JSContext *cx, HandleId id, HandleObject callable, bool doclone,
|
||||
xpc::NewFunctionForwarder(JSContext *cx, HandleId id, HandleObject callable, bool doclone,
|
||||
MutableHandleValue vp)
|
||||
{
|
||||
JSFunction *fun = js::NewFunctionByIdWithReserved(cx, doclone ? CloningFunctionForwarder :
|
||||
|
|
|
@ -48,7 +48,7 @@ using namespace xpc;
|
|||
// stuff used by all
|
||||
|
||||
nsresult
|
||||
ThrowAndFail(nsresult errNum, JSContext* cx, bool* retval)
|
||||
xpc::ThrowAndFail(nsresult errNum, JSContext *cx, bool *retval)
|
||||
{
|
||||
XPCThrower::Throw(errNum, cx);
|
||||
*retval = false;
|
||||
|
@ -77,20 +77,22 @@ JSValIsInterfaceOfType(JSContext *cx, HandleValue v, REFNSIID iid)
|
|||
return false;
|
||||
}
|
||||
|
||||
char* xpc_CloneAllAccess()
|
||||
char *
|
||||
xpc::CloneAllAccess()
|
||||
{
|
||||
static const char allAccess[] = "AllAccess";
|
||||
return (char*)nsMemory::Clone(allAccess, sizeof(allAccess));
|
||||
}
|
||||
|
||||
char * xpc_CheckAccessList(const PRUnichar* wideName, const char* const list[])
|
||||
char *
|
||||
xpc::CheckAccessList(const PRUnichar *wideName, const char *const list[])
|
||||
{
|
||||
nsAutoCString asciiName;
|
||||
CopyUTF16toUTF8(nsDependentString(wideName), asciiName);
|
||||
|
||||
for (const char* const* p = list; *p; p++)
|
||||
if (!strcmp(*p, asciiName.get()))
|
||||
return xpc_CloneAllAccess();
|
||||
return CloneAllAccess();
|
||||
|
||||
return nullptr;
|
||||
}
|
||||
|
@ -351,7 +353,7 @@ NS_IMETHODIMP
|
|||
nsXPCComponents_Interfaces::CanCreateWrapper(const nsIID * iid, char **_retval)
|
||||
{
|
||||
// We let anyone do this...
|
||||
*_retval = xpc_CloneAllAccess();
|
||||
*_retval = CloneAllAccess();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -644,7 +646,7 @@ NS_IMETHODIMP
|
|||
nsXPCComponents_InterfacesByID::CanCreateWrapper(const nsIID * iid, char **_retval)
|
||||
{
|
||||
// We let anyone do this...
|
||||
*_retval = xpc_CloneAllAccess();
|
||||
*_retval = CloneAllAccess();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -2833,7 +2835,7 @@ nsXPCComponents_Utils::EvalInSandbox(const nsAString& source,
|
|||
}
|
||||
|
||||
RootedValue rval(cx);
|
||||
nsresult rv = xpc_EvalInSandbox(cx, sandbox, source, filename.get(), lineNo,
|
||||
nsresult rv = xpc::EvalInSandbox(cx, sandbox, source, filename.get(), lineNo,
|
||||
jsVersion, false, &rval);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
*retval = rval;
|
||||
|
@ -3242,7 +3244,7 @@ NS_IMETHODIMP
|
|||
nsXPCComponents_Utils::CanCreateWrapper(const nsIID * iid, char **_retval)
|
||||
{
|
||||
// We let anyone do this...
|
||||
*_retval = xpc_CloneAllAccess();
|
||||
*_retval = CloneAllAccess();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -3251,7 +3253,7 @@ NS_IMETHODIMP
|
|||
nsXPCComponents_Utils::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
|
||||
{
|
||||
static const char* const allowed[] = { "lookupMethod", "evalInSandbox", nullptr };
|
||||
*_retval = xpc_CheckAccessList(methodName, allowed);
|
||||
*_retval = CheckAccessList(methodName, allowed);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -3751,7 +3753,7 @@ NS_IMETHODIMP
|
|||
nsXPCComponents::CanCreateWrapper(const nsIID * iid, char **_retval)
|
||||
{
|
||||
// We let anyone do this...
|
||||
*_retval = xpc_CloneAllAccess();
|
||||
*_retval = CloneAllAccess();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -3760,7 +3762,7 @@ NS_IMETHODIMP
|
|||
nsXPCComponents::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_retval)
|
||||
{
|
||||
static const char* const allowed[] = { "isSuccessCode", "lookupMethod", nullptr };
|
||||
*_retval = xpc_CheckAccessList(methodName, allowed);
|
||||
*_retval = CheckAccessList(methodName, allowed);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -3769,7 +3771,7 @@ NS_IMETHODIMP
|
|||
nsXPCComponents::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
|
||||
{
|
||||
static const char* const allowed[] = { "interfaces", "interfacesByID", "results", nullptr};
|
||||
*_retval = xpc_CheckAccessList(propertyName, allowed);
|
||||
*_retval = CheckAccessList(propertyName, allowed);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -568,7 +568,7 @@ NS_IMETHODIMP
|
|||
nsJSIID::CanCreateWrapper(const nsIID * iid, char **_retval)
|
||||
{
|
||||
// We let anyone do this...
|
||||
*_retval = xpc_CloneAllAccess();
|
||||
*_retval = xpc::CloneAllAccess();
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -578,7 +578,7 @@ nsJSIID::CanCallMethod(const nsIID * iid, const PRUnichar *methodName, char **_r
|
|||
{
|
||||
static const char* const allowed[] = {"equals", "toString", nullptr};
|
||||
|
||||
*_retval = xpc_CheckAccessList(methodName, allowed);
|
||||
*_retval = xpc::CheckAccessList(methodName, allowed);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
@ -587,7 +587,7 @@ NS_IMETHODIMP
|
|||
nsJSIID::CanGetProperty(const nsIID * iid, const PRUnichar *propertyName, char **_retval)
|
||||
{
|
||||
static const char* const allowed[] = {"name", "number", "valid", nullptr};
|
||||
*_retval = xpc_CheckAccessList(propertyName, allowed);
|
||||
*_retval = xpc::CheckAccessList(propertyName, allowed);
|
||||
return NS_OK;
|
||||
}
|
||||
|
||||
|
|
|
@ -3267,7 +3267,7 @@ XPCJSRuntime::GetJunkScope()
|
|||
SandboxOptions options(cx);
|
||||
options.sandboxName.AssignASCII("XPConnect Junk Compartment");
|
||||
RootedValue v(cx);
|
||||
nsresult rv = xpc_CreateSandboxObject(cx, v.address(),
|
||||
nsresult rv = CreateSandboxObject(cx, v.address(),
|
||||
nsContentUtils::GetSystemPrincipal(),
|
||||
options);
|
||||
|
||||
|
|
|
@ -256,7 +256,7 @@ XPCWrappedNativeScope::EnsureXBLScope(JSContext *cx)
|
|||
|
||||
// Create the sandbox.
|
||||
JS::RootedValue v(cx, JS::UndefinedValue());
|
||||
nsresult rv = xpc_CreateSandboxObject(cx, v.address(), ep, options);
|
||||
nsresult rv = CreateSandboxObject(cx, v.address(), ep, options);
|
||||
NS_ENSURE_SUCCESS(rv, nullptr);
|
||||
mXBLScope = &v.toObject();
|
||||
|
||||
|
|
|
@ -945,7 +945,7 @@ nsXPConnect::CreateSandbox(JSContext *cx, nsIPrincipal *principal,
|
|||
RootedValue rval(cx, JSVAL_VOID);
|
||||
|
||||
SandboxOptions options(cx);
|
||||
nsresult rv = xpc_CreateSandboxObject(cx, rval.address(), principal, options);
|
||||
nsresult rv = CreateSandboxObject(cx, rval.address(), principal, options);
|
||||
MOZ_ASSERT(NS_FAILED(rv) || !JSVAL_IS_PRIMITIVE(rval),
|
||||
"Bad return value from xpc_CreateSandboxObject()!");
|
||||
|
||||
|
@ -969,7 +969,7 @@ nsXPConnect::EvalInSandboxObject(const nsAString& source, const char *filename,
|
|||
|
||||
RootedObject sandbox(cx, sandboxArg);
|
||||
RootedValue rval(cx);
|
||||
nsresult rv = xpc_EvalInSandbox(cx, sandbox, source, filename ? filename :
|
||||
nsresult rv = EvalInSandbox(cx, sandbox, source, filename ? filename :
|
||||
"x-bogus://XPConnect/Sandbox", 1, JSVERSION_DEFAULT,
|
||||
returnStringOnly, &rval);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
|
|
|
@ -3547,13 +3547,15 @@ class ArrayAutoMarkingPtr : public AutoMarkingPtr
|
|||
typedef ArrayAutoMarkingPtr<XPCNativeInterface> AutoMarkingNativeInterfacePtrArrayPtr;
|
||||
|
||||
/***************************************************************************/
|
||||
namespace xpc {
|
||||
// Allocates a string that grants all access ("AllAccess")
|
||||
char *
|
||||
CloneAllAccess();
|
||||
|
||||
extern char* xpc_CloneAllAccess();
|
||||
/***************************************************************************/
|
||||
// Returns access if wideName is in list
|
||||
|
||||
extern char * xpc_CheckAccessList(const PRUnichar* wideName, const char* const list[]);
|
||||
char *
|
||||
CheckAccessList(const PRUnichar *wideName, const char *const list[]);
|
||||
} /* namespace xpc */
|
||||
|
||||
/***************************************************************************/
|
||||
// in xpcvariant.cpp...
|
||||
|
@ -3681,10 +3683,16 @@ xpc_GetSafeJSContext()
|
|||
return XPCJSRuntime::Get()->GetJSContextStack()->GetSafeJSContext();
|
||||
}
|
||||
|
||||
namespace xpc {
|
||||
|
||||
// Helper function that creates a JSFunction that wraps a native function that
|
||||
// forwards the call to the original 'callable'. If the 'doclone' argument is
|
||||
// set, it also structure clones non-native arguments for extra security.
|
||||
bool
|
||||
NewFunctionForwarder(JSContext *cx, JS::HandleId id, JS::HandleObject callable,
|
||||
bool doclone, JS::MutableHandleValue vp);
|
||||
|
||||
// Old fashioned xpc error reporter. Try to use JS_ReportError instead.
|
||||
nsresult
|
||||
ThrowAndFail(nsresult errNum, JSContext *cx, bool *retval);
|
||||
|
||||
|
@ -3692,11 +3700,10 @@ ThrowAndFail(nsresult errNum, JSContext* cx, bool* retval);
|
|||
already_AddRefed<nsIXPCComponents_utils_Sandbox>
|
||||
NewSandboxConstructor();
|
||||
|
||||
// Returns true if class of 'obj' is SandboxClass.
|
||||
bool
|
||||
IsSandbox(JSObject *obj);
|
||||
|
||||
namespace xpc {
|
||||
|
||||
struct SandboxOptions {
|
||||
SandboxOptions(JSContext *cx)
|
||||
: wantXrays(true)
|
||||
|
@ -3719,11 +3726,10 @@ struct SandboxOptions {
|
|||
JSObject *
|
||||
CreateGlobalObject(JSContext *cx, JSClass *clasp, nsIPrincipal *principal,
|
||||
JS::CompartmentOptions& aOptions);
|
||||
}
|
||||
|
||||
// Helper for creating a sandbox object to use for evaluating
|
||||
// untrusted code completely separated from all other code in the
|
||||
// system using xpc_EvalInSandbox(). Takes the JSContext on which to
|
||||
// system using EvalInSandbox(). Takes the JSContext on which to
|
||||
// do setup etc on, puts the sandbox object in *vp (which must be
|
||||
// rooted by the caller), and uses the principal that's either
|
||||
// directly passed in prinOrSop or indirectly as an
|
||||
|
@ -3731,10 +3737,10 @@ CreateGlobalObject(JSContext *cx, JSClass *clasp, nsIPrincipal *principal,
|
|||
// reachable through prinOrSop, a new null principal will be created
|
||||
// and used.
|
||||
nsresult
|
||||
xpc_CreateSandboxObject(JSContext * cx, jsval * vp, nsISupports *prinOrSop,
|
||||
CreateSandboxObject(JSContext *cx, jsval *vp, nsISupports *prinOrSop,
|
||||
xpc::SandboxOptions& options);
|
||||
// Helper for evaluating scripts in a sandbox object created with
|
||||
// xpc_CreateSandboxObject(). The caller is responsible of ensuring
|
||||
// CreateSandboxObject(). The caller is responsible of ensuring
|
||||
// that *rval doesn't get collected during the call or usage after the
|
||||
// call. This helper will use filename and lineNo for error reporting,
|
||||
// and if no filename is provided it will use the codebase from the
|
||||
|
@ -3744,11 +3750,13 @@ xpc_CreateSandboxObject(JSContext * cx, jsval * vp, nsISupports *prinOrSop,
|
|||
// an exception to a string, evalInSandbox will return an NS_ERROR_*
|
||||
// result, and cx->exception will be empty.
|
||||
nsresult
|
||||
xpc_EvalInSandbox(JSContext *cx, JS::HandleObject sandbox, const nsAString& source,
|
||||
EvalInSandbox(JSContext *cx, JS::HandleObject sandbox, const nsAString& source,
|
||||
const char *filename, int32_t lineNo,
|
||||
JSVersion jsVersion, bool returnStringOnly,
|
||||
JS::MutableHandleValue rval);
|
||||
|
||||
} /* namespace xpc */
|
||||
|
||||
/***************************************************************************/
|
||||
// Inlined utilities.
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче