зеркало из https://github.com/mozilla/gecko-dev.git
Bug 754202 - Pull object principals directly off the compartment and assert that behavior doesn't change. r=bz
This commit is contained in:
Bobby Holley
Родитель
5fd32a8647
Коммит
6def798e8f
|
|
@ -403,12 +403,11 @@ private:
|
||||||
|
|
||||||
// Returns null if a principal cannot be found; generally callers
|
// Returns null if a principal cannot be found; generally callers
|
||||||
// should error out at that point.
|
// should error out at that point.
|
||||||
static nsIPrincipal*
|
static nsIPrincipal* doGetObjectPrincipal(JSObject *obj);
|
||||||
doGetObjectPrincipal(JSObject *obj
|
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
, bool aAllowShortCircuit = true
|
static nsIPrincipal*
|
||||||
|
old_doGetObjectPrincipal(JSObject *obj, bool aAllowShortCircuit = true);
|
||||||
#endif
|
#endif
|
||||||
);
|
|
||||||
|
|
||||||
// Returns null if a principal cannot be found. Note that rv can be NS_OK
|
// Returns null if a principal cannot be found. Note that rv can be NS_OK
|
||||||
// when this happens -- this means that there was no JS running.
|
// when this happens -- this means that there was no JS running.
|
||||||
|
|
|
||||||
|
|
@ -2398,19 +2398,33 @@ nsScriptSecurityManager::GetObjectPrincipal(JSContext *aCx, JSObject *aObj,
|
||||||
|
|
||||||
// static
|
// static
|
||||||
nsIPrincipal*
|
nsIPrincipal*
|
||||||
nsScriptSecurityManager::doGetObjectPrincipal(JSObject *aObj
|
nsScriptSecurityManager::doGetObjectPrincipal(JSObject *aObj)
|
||||||
|
{
|
||||||
|
JSCompartment *compartment = js::GetObjectCompartment(aObj);
|
||||||
|
JSPrincipals *principals = JS_GetCompartmentPrincipals(compartment);
|
||||||
|
nsIPrincipal *principal = nsJSPrincipals::get(principals);
|
||||||
|
|
||||||
|
// We leave the old code in for a little while to make sure that pulling
|
||||||
|
// object principals directly off the compartment always gives an equivalent
|
||||||
|
// result (from a security perspective).
|
||||||
#ifdef DEBUG
|
#ifdef DEBUG
|
||||||
, bool aAllowShortCircuit
|
nsIPrincipal *old = old_doGetObjectPrincipal(aObj);
|
||||||
|
MOZ_ASSERT(NS_SUCCEEDED(CheckSameOriginPrincipal(principal, old)));
|
||||||
#endif
|
#endif
|
||||||
)
|
|
||||||
|
return principal;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef DEBUG
|
||||||
|
// static
|
||||||
|
nsIPrincipal*
|
||||||
|
nsScriptSecurityManager::old_doGetObjectPrincipal(JSObject *aObj,
|
||||||
|
bool aAllowShortCircuit)
|
||||||
{
|
{
|
||||||
NS_ASSERTION(aObj, "Bad call to doGetObjectPrincipal()!");
|
NS_ASSERTION(aObj, "Bad call to doGetObjectPrincipal()!");
|
||||||
nsIPrincipal* result = nsnull;
|
nsIPrincipal* result = nsnull;
|
||||||
|
|
||||||
#ifdef DEBUG
|
|
||||||
JSObject* origObj = aObj;
|
JSObject* origObj = aObj;
|
||||||
#endif
|
|
||||||
|
|
||||||
js::Class *jsClass = js::GetObjectClass(aObj);
|
js::Class *jsClass = js::GetObjectClass(aObj);
|
||||||
|
|
||||||
// A common case seen in this code is that we enter this function
|
// A common case seen in this code is that we enter this function
|
||||||
|
|
@ -2444,12 +2458,7 @@ nsScriptSecurityManager::doGetObjectPrincipal(JSObject *aObj
|
||||||
|
|
||||||
if (IS_WRAPPER_CLASS(jsClass)) {
|
if (IS_WRAPPER_CLASS(jsClass)) {
|
||||||
result = sXPConnect->GetPrincipal(aObj,
|
result = sXPConnect->GetPrincipal(aObj,
|
||||||
#ifdef DEBUG
|
aAllowShortCircuit);
|
||||||
aAllowShortCircuit
|
|
||||||
#else
|
|
||||||
true
|
|
||||||
#endif
|
|
||||||
);
|
|
||||||
if (result) {
|
if (result) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
@ -2465,7 +2474,6 @@ nsScriptSecurityManager::doGetObjectPrincipal(JSObject *aObj
|
||||||
priv = nsnull;
|
priv = nsnull;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef DEBUG
|
|
||||||
if (aAllowShortCircuit) {
|
if (aAllowShortCircuit) {
|
||||||
nsCOMPtr<nsIXPConnectWrappedNative> xpcWrapper =
|
nsCOMPtr<nsIXPConnectWrappedNative> xpcWrapper =
|
||||||
do_QueryInterface(priv);
|
do_QueryInterface(priv);
|
||||||
|
|
@ -2475,7 +2483,6 @@ nsScriptSecurityManager::doGetObjectPrincipal(JSObject *aObj
|
||||||
"Uh, an nsIXPConnectWrappedNative with the "
|
"Uh, an nsIXPConnectWrappedNative with the "
|
||||||
"wrong JSClass or getObjectOps hooks!");
|
"wrong JSClass or getObjectOps hooks!");
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
nsCOMPtr<nsIScriptObjectPrincipal> objPrin =
|
nsCOMPtr<nsIScriptObjectPrincipal> objPrin =
|
||||||
do_QueryInterface(priv);
|
do_QueryInterface(priv);
|
||||||
|
|
@ -2497,9 +2504,8 @@ nsScriptSecurityManager::doGetObjectPrincipal(JSObject *aObj
|
||||||
jsClass = js::GetObjectClass(aObj);
|
jsClass = js::GetObjectClass(aObj);
|
||||||
} while (1);
|
} while (1);
|
||||||
|
|
||||||
#ifdef DEBUG
|
|
||||||
if (aAllowShortCircuit) {
|
if (aAllowShortCircuit) {
|
||||||
nsIPrincipal *principal = doGetObjectPrincipal(origObj, false);
|
nsIPrincipal *principal = old_doGetObjectPrincipal(origObj, false);
|
||||||
|
|
||||||
// Because of inner window reuse, we can have objects with one principal
|
// Because of inner window reuse, we can have objects with one principal
|
||||||
// living in a scope with a different (but same-origin) principal. So
|
// living in a scope with a different (but same-origin) principal. So
|
||||||
|
|
@ -2507,10 +2513,10 @@ nsScriptSecurityManager::doGetObjectPrincipal(JSObject *aObj
|
||||||
NS_ASSERTION(NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)),
|
NS_ASSERTION(NS_SUCCEEDED(CheckSameOriginPrincipal(result, principal)),
|
||||||
"Principal mismatch. Not good");
|
"Principal mismatch. Not good");
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
|
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
#endif /* DEBUG */
|
||||||
|
|
||||||
///////////////// Capabilities API /////////////////////
|
///////////////// Capabilities API /////////////////////
|
||||||
NS_IMETHODIMP
|
NS_IMETHODIMP
|
||||||
|
|
|
||||||
Загрузка…
Ссылка в новой задаче