Bug 1335654 part 2. Change the deny() methods of our wrapper security policies to take a JSContext and a mayThrow boolean. r=bholley

2017-02-02 12:48:49 -05:00 · 2017-02-02 12:48:49 -05:00 · 72ca8d1730
--- a/js/xpconnect/wrappers/AccessCheck.cpp
+++ b/js/xpconnect/wrappers/AccessCheck.cpp
@ -441,13 +441,15 @@ ExposedPropertiesOnly::check(JSContext* cx, HandleObject wrapper, HandleId id, W
 }

 bool
-ExposedPropertiesOnly::deny(js::Wrapper::Action act, HandleId id)
+ExposedPropertiesOnly::deny(JSContext* cx, js::Wrapper::Action act, HandleId id,
+                            bool mayThrow)
 {
    // Fail silently for GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR.
    if (act == js::Wrapper::GET || act == js::Wrapper::ENUMERATE ||
        act == js::Wrapper::GET_PROPERTY_DESCRIPTOR)
    {
-        AutoJSContext cx;
+        // Note that ReportWrapperDenial doesn't do any _exception_ reporting,
+        // so we want to do this regardless of the value of mayThrow.
        return ReportWrapperDenial(cx, id, WrapperDenialForCOW,
                                   "Access to privileged JS object not permitted");
    }
--- a/js/xpconnect/wrappers/AccessCheck.h
+++ b/js/xpconnect/wrappers/AccessCheck.h
@ -49,7 +49,8 @@ struct Opaque : public Policy {
    static bool check(JSContext* cx, JSObject* wrapper, jsid id, js::Wrapper::Action act) {
        return false;
    }
-    static bool deny(js::Wrapper::Action act, JS::HandleId id) {
+    static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
+                     bool mayThrow) {
        return false;
    }
    static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) {
@ -62,7 +63,8 @@ struct OpaqueWithCall : public Policy {
    static bool check(JSContext* cx, JSObject* wrapper, jsid id, js::Wrapper::Action act) {
        return act == js::Wrapper::CALL;
    }
-    static bool deny(js::Wrapper::Action act, JS::HandleId id) {
+    static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
+                     bool mayThrow) {
        return false;
    }
    static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) {
@ -79,7 +81,8 @@ struct CrossOriginAccessiblePropertiesOnly : public Policy {
    static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act) {
        return AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act);
    }
-    static bool deny(js::Wrapper::Action act, JS::HandleId id) {
+    static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
+                     bool mayThrow) {
        // Silently fail for enumerate-like operations.
        if (act == js::Wrapper::ENUMERATE)
            return true;
@ -95,7 +98,8 @@ struct CrossOriginAccessiblePropertiesOnly : public Policy {
 struct ExposedPropertiesOnly : public Policy {
    static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act);

-    static bool deny(js::Wrapper::Action act, JS::HandleId id);
+    static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
+                     bool mayThrow);
    static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) {
        return false;
    }
--- a/js/xpconnect/wrappers/FilteringWrapper.cpp
+++ b/js/xpconnect/wrappers/FilteringWrapper.cpp
@ -196,7 +196,8 @@ FilteringWrapper<Base, Policy>::enter(JSContext* cx, HandleObject wrapper,
                                      bool mayThrow, bool* bp) const
 {
    if (!Policy::check(cx, wrapper, id, act)) {
-        *bp = JS_IsExceptionPending(cx) ? false : Policy::deny(act, id);
+        *bp = JS_IsExceptionPending(cx) ?
+            false : Policy::deny(cx, act, id, mayThrow);
        return false;
    }
    *bp = true;