mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Back out mstoltz because of blocker bug #81629. Original bugs were 47905 79775.

This commit is contained in:
blizzard%redhat.com 2001-05-18 17:41:23 +00:00
Родитель 81543cd446
Коммит 678b80f10b
8 изменённых файлов: 57 добавлений и 104 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

16
caps/idl/nsIScriptSecurityManager.idl
Просмотреть файл

@ -34,19 +34,13 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
/**
* Checks whether the running script is allowed to access aProperty.
*/
[noscript] void checkPropertyAccess(in JSContextPtr aJSContext,
[noscript] void checkPropertyAccess(in PRUint32 aAction,
in JSContextPtr aJSContext,
in JSObjectPtr aJSObject,
in nsISupports aObj,
in nsIClassInfo aClassInfo,
in string aClassName,
in string aProperty,
in PRUint32 aAction);
/**
* Checks whether the running script is allowed to connect to aTargetURI
*/
[noscript] void checkConnect(in JSContextPtr aJSContext,
in nsIURI aTargetURI,
in string aClassName,
in string aPropertyName);
in string aProperty);
/**
* Check that the script currently running in context "cx" can load "uri".

5
caps/include/nsScriptSecurityManager.h
Просмотреть файл

@ -112,8 +112,7 @@ private:
nsresult
CheckPropertyAccessImpl(PRUint32 aAction, nsIXPCNativeCallContext* aCallContext,
JSContext* aJSContext, JSObject* aJSObject,
nsISupports* aObj, nsIURI* aTargetURI,
nsIClassInfo* aClassInfo,
nsISupports* aObj, nsIClassInfo* aClassInfo,
jsval aName, const char* aClassName,
const char* aProperty, void** aPolicy);
@ -123,7 +122,7 @@ private:
PRInt32
GetSecurityLevel(JSContext* aCx, nsIPrincipal *principal,
PRBool aIsDOM,
nsIClassInfo* aClassInfo,
const char* aClassName, const char* aProperty,
PRUint32 aAction, nsCString &capability, void** aPolicy);

69
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

@ -137,34 +137,23 @@ NS_IMPL_THREADSAFE_ISUPPORTS3(nsScriptSecurityManager,
///////////////// Security Checks /////////////////
NS_IMETHODIMP
nsScriptSecurityManager::CheckPropertyAccess(JSContext* aJSContext,
nsScriptSecurityManager::CheckPropertyAccess(PRUint32 aAction,
JSContext* aJSContext,
JSObject* aJSObject,
nsISupports* aObj,
nsIClassInfo* aClassInfo,
const char* aClassName,
const char* aPropertyName,
PRUint32 aAction)
const char* aProperty)
{
return CheckPropertyAccessImpl(aAction, nsnull, aJSContext, aJSObject,
nsnull, nsnull, nsnull, nsnull,
aClassName, aPropertyName, nsnull);
}
NS_IMETHODIMP
nsScriptSecurityManager::CheckConnect(JSContext* aJSContext,
nsIURI* aTargetURI,
const char* aClassName,
const char* aPropertyName)
{
return CheckPropertyAccessImpl(nsIXPCSecurityManager::ACCESS_GET_PROPERTY, nsnull,
aJSContext, nsnull, nsnull, aTargetURI,
nsnull, nsnull, aClassName, aPropertyName, nsnull);
return CheckPropertyAccessImpl(aAction, nsnull, aJSContext, aJSObject, aObj,
aClassInfo, nsnull, aClassName, aProperty, nsnull);
}
nsresult
nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
nsIXPCNativeCallContext* aCallContext,
JSContext* aJSContext, JSObject* aJSObject,
nsISupports* aObj, nsIURI* aTargetURI,
nsIClassInfo* aClassInfo,
nsISupports* aObj, nsIClassInfo* aClassInfo,
jsval aName, const char* aClassName,
const char* aProperty, void** aPolicy)
{
@ -225,11 +214,8 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
propertyName.AssignWithConversion((PRUnichar*)JSValIDToString(aJSContext, aName));
}
// if (aPropertyStr), we were called from CheckPropertyAccess or checkConnect,
// so we can assume this is a DOM class. Otherwise, we ask the ClassInfo.
secLevel = GetSecurityLevel(aJSContext, subjectPrincipal,
(aProperty || IsDOMClass(aClassInfo)),
className, propertyName, aAction, capability, aPolicy);
secLevel = GetSecurityLevel(aJSContext, subjectPrincipal, aClassInfo, className,
propertyName, aAction, capability, aPolicy);
}
nsresult rv;
@ -246,27 +232,18 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
#ifdef DEBUG_mstoltz
printf("Level: SameOrigin ");
#endif
nsCOMPtr<nsIPrincipal> objectPrincipal;
if(aJSObject)
{
nsCOMPtr<nsIPrincipal> objectPrincipal;
if (NS_FAILED(GetObjectPrincipal(aJSContext,
NS_REINTERPRET_CAST(JSObject*, aJSObject),
getter_AddRefs(objectPrincipal))))
return NS_ERROR_FAILURE;
}
else if(aTargetURI)
{
if (NS_FAILED(GetCodebasePrincipal(aTargetURI, getter_AddRefs(objectPrincipal))))
return NS_ERROR_FAILURE;
rv = CheckSameOrigin(aJSContext, subjectPrincipal, objectPrincipal,
aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY);
}
else
{
rv = NS_ERROR_DOM_SECURITY_ERR;
break;
}
rv = CheckSameOrigin(aJSContext, subjectPrincipal, objectPrincipal,
aAction == nsIXPCSecurityManager::ACCESS_SET_PROPERTY);
break;
}
case SCRIPT_SECURITY_CAPABILITY_ONLY:
@ -406,7 +383,7 @@ nsScriptSecurityManager::IsDOMClass(nsIClassInfo* aClassInfo)
PRInt32
nsScriptSecurityManager::GetSecurityLevel(JSContext* aJSContext,
nsIPrincipal *principal,
PRBool aIsDOM,
nsIClassInfo* aClassInfo,
const char* aClassName,
const char* aPropertyName,
PRUint32 aAction,
@ -470,7 +447,7 @@ nsScriptSecurityManager::GetSecurityLevel(JSContext* aJSContext,
}
//-- No policy for this property.
// Use the default policy: sameOrigin for DOM, noAccess for everything else
if(aIsDOM)
if(IsDOMClass(aClassInfo))
secLevel = SCRIPT_SECURITY_SAME_ORIGIN_ACCESS;
if (!classPolicy && aPolicy)
//-- If there's no stored policy for this property,
@ -1711,9 +1688,8 @@ nsScriptSecurityManager::CanAccess(PRUint32 aAction,
jsval aName,
void** aPolicy)
{
return CheckPropertyAccessImpl(aAction, aCallContext, aJSContext,
aJSObject, aObj, nsnull, aClassInfo,
aName, nsnull, nsnull, aPolicy);
return CheckPropertyAccessImpl(aAction, aCallContext, aJSContext, aJSObject,
aObj, aClassInfo, aName, nsnull, nsnull, aPolicy);
}
nsresult
@ -1975,10 +1951,12 @@ nsScriptSecurityManager::InitPolicies(PRUint32 aPrefCount, const char** aPrefNam
else if (count > 3)
{ // capability.policy.<policyname>.<class>.<property>[.(get|set)]
// Store the class name so we know this class has a policy set on it
// Shoving a null into the pref anme string is unorthodox
// but it saves a malloc & copy - hash keys require null-terminated strings
*(char*)dots[3] = '\0';
nsCStringKey classNameKey(dots[2] + 1);
const char* className = dots[2] + 1;
PRInt32 classNameLen = dots[3] - className;
char* classNameNullTerm = PL_strndup(className, classNameLen);
if (!classNameNullTerm)
return NS_ERROR_OUT_OF_MEMORY;
nsCStringKey classNameKey(classNameNullTerm);
if (!(mClassPolicies))
mClassPolicies = new nsHashtable(31);
// We don't actually have to store the class name as data in the hashtable,
@ -1988,6 +1966,7 @@ nsScriptSecurityManager::InitPolicies(PRUint32 aPrefCount, const char** aPrefNam
mClassPolicies->Put(&classNameKey, (void*)CLASS_POLICY_DEFAULT);
else if (!isDefault && classPolicy != (void*)CLASS_POLICY_SITE)
mClassPolicies->Put(&classNameKey, (void*)CLASS_POLICY_SITE);
PR_Free(classNameNullTerm);
}
}
return NS_OK;

8
content/events/src/nsEventListenerManager.cpp
Просмотреть файл

@ -981,9 +981,11 @@ nsEventListenerManager::RegisterScriptEventListener(nsIScriptContext *aContext,
if (NS_FAILED(rv))
return rv;
if (NS_FAILED(rv = securityManager->CheckPropertyAccess(cx, jsobj,
"EventTarget","addEventListener",
nsIXPCSecurityManager::ACCESS_SET_PROPERTY))) {
nsCOMPtr<nsIClassInfo> classInfo = do_QueryInterface(aObject);
if (NS_FAILED(rv = securityManager->CheckPropertyAccess(
nsIXPCSecurityManager::ACCESS_SET_PROPERTY, cx, jsobj, aObject, classInfo,
"EventTarget","addEventListener"))) {
// XXX set pending exception on the native call context?
return rv;
}

12
dom/src/base/nsDOMClassInfo.cpp
Просмотреть файл

@ -1108,9 +1108,9 @@ nsWindowSH::doCheckWriteAccess(JSContext *cx, JSObject *obj, jsval id,
PRBool isLocation = JSVAL_IS_STRING(id) &&
JSVAL_TO_STRING(id) == sLocation_id;
rv = sSecMan->CheckPropertyAccess(cx, obj, "Window",
isLocation ? "location" : "scriptglobals",
nsIXPCSecurityManager::ACCESS_SET_PROPERTY);
rv = sSecMan->CheckPropertyAccess(nsIXPCSecurityManager::ACCESS_SET_PROPERTY,
cx, obj, native, this, "Window",
isLocation ? "location" : "scriptglobals");
if (NS_SUCCEEDED(rv)) {
return rv;
@ -1146,9 +1146,9 @@ nsWindowSH::doCheckReadAccess(JSContext *cx, JSObject *obj, jsval id,
PRBool isLocation = JSVAL_IS_STRING(id) &&
JSVAL_TO_STRING(id) == sLocation_id;
rv = sSecMan->CheckPropertyAccess(cx, obj, "Window",
isLocation ? "location" : "scriptglobals",
nsIXPCSecurityManager::ACCESS_GET_PROPERTY);
rv = sSecMan->CheckPropertyAccess(nsIXPCSecurityManager::ACCESS_GET_PROPERTY,
cx, obj, native, this, "Window",
isLocation ? "location" : "scriptglobals");
if (NS_SUCCEEDED(rv)) {
return rv;

4
dom/src/base/nsGlobalWindow.cpp
Просмотреть файл

@ -4123,8 +4123,8 @@ NavigatorImpl::Preference()
action = nsIXPCSecurityManager::ACCESS_GET_PROPERTY;
else
action = nsIXPCSecurityManager::ACCESS_SET_PROPERTY;
rv = secMan->CheckPropertyAccess(cx, nsnull,
"Navigator", "preferenceinternal", action);
rv = secMan->CheckPropertyAccess(action, cx, nsnull, nsnull, nsnull,
"Navigator", "preferenceinternal");
if (NS_FAILED(rv))
{
//-- XXX doing the right thing here? Does the exception propagate?

23
embedding/components/windowwatcher/src/nsWindowWatcher.cpp
Просмотреть файл

@ -630,22 +630,17 @@ nsWindowWatcher::OpenWindowJS(nsIDOMWindow *aParent,
nsCOMPtr<nsIDocShell> newDocShell(do_QueryInterface(newDocShellItem));
if (uriToLoad) { // Get script principal and pass to docshell
nsCOMPtr<nsIPrincipal> principal;
if (NS_FAILED(secMan->GetSubjectPrincipal(getter_AddRefs(principal))))
return NS_ERROR_FAILURE;
nsCOMPtr<nsIDocShellLoadInfo> loadInfo;
newDocShell->CreateLoadInfo(getter_AddRefs(loadInfo));
NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE);
PRBool isChrome = PR_FALSE;
rv = uriToLoad->SchemeIs("chrome", &isChrome);
if (NS_FAILED(rv) || !isChrome) {
nsCOMPtr<nsIPrincipal> principal;
if (NS_FAILED(secMan->GetSubjectPrincipal(getter_AddRefs(principal))))
return NS_ERROR_FAILURE;
newDocShell->CreateLoadInfo(getter_AddRefs(loadInfo));
NS_ENSURE_TRUE(loadInfo, NS_ERROR_FAILURE);
if (principal) {
nsCOMPtr<nsISupports> owner(do_QueryInterface(principal));
loadInfo->SetOwner(owner);
}
if (principal) {
nsCOMPtr<nsISupports> owner(do_QueryInterface(principal));
loadInfo->SetOwner(owner);
}
// Get the calling context off the JS context stack

24
extensions/xmlextras/base/src/nsXMLHttpRequest.cpp
Просмотреть файл

@ -922,26 +922,10 @@ nsXMLHttpRequest::Open(const char *method, const char *url)
NS_WITH_SERVICE(nsIScriptSecurityManager, secMan,
NS_SCRIPTSECURITYMANAGER_CONTRACTID, &rv);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
nsCOMPtr<nsIURI> targetURI;
rv = NS_NewURI(getter_AddRefs(targetURI), url, nsnull);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
rv = secMan->CheckConnect(cx, targetURI, "XMLHttpRequest","open");
if (NS_FAILED(rv))
{
// Security check failed. The above call set a JS exception. The
// following lines ensure that the exception is propagated.
NS_WITH_SERVICE(nsIXPConnect, xpc, nsIXPConnect::GetCID(), &rv);
nsCOMPtr<nsIXPCNativeCallContext> cc;
if(NS_SUCCEEDED(rv))
xpc->GetCurrentNativeCallContext(getter_AddRefs(cc));
if (cc)
cc->SetExceptionWasThrown(PR_TRUE);
return NS_OK;
}
/*
rv = secMan->CheckScriptAccessToURL(cx, url, NS_DOM_PROP_XMLHTTPREQUEST_OPEN, PR_FALSE);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
*/
nsCOMPtr<nsIPrincipal> principal;
rv = secMan->GetSubjectPrincipal(getter_AddRefs(principal));
if (NS_SUCCEEDED(rv)) {