From 72ca8d1730c9468516257672cba3c79129048588 Mon Sep 17 00:00:00 2001 From: Boris Zbarsky Date: Thu, 2 Feb 2017 12:48:49 -0500 Subject: [PATCH] Bug 1335654 part 2. Change the deny() methods of our wrapper security policies to take a JSContext and a mayThrow boolean. r=bholley --- js/xpconnect/wrappers/AccessCheck.cpp | 6 ++++-- js/xpconnect/wrappers/AccessCheck.h | 12 ++++++++---- js/xpconnect/wrappers/FilteringWrapper.cpp | 3 ++- 3 files changed, 14 insertions(+), 7 deletions(-) diff --git a/js/xpconnect/wrappers/AccessCheck.cpp b/js/xpconnect/wrappers/AccessCheck.cpp index 085e7100ef87..43f6c63f1ae9 100644 --- a/js/xpconnect/wrappers/AccessCheck.cpp +++ b/js/xpconnect/wrappers/AccessCheck.cpp @@ -441,13 +441,15 @@ ExposedPropertiesOnly::check(JSContext* cx, HandleObject wrapper, HandleId id, W } bool -ExposedPropertiesOnly::deny(js::Wrapper::Action act, HandleId id) +ExposedPropertiesOnly::deny(JSContext* cx, js::Wrapper::Action act, HandleId id, + bool mayThrow) { // Fail silently for GET, ENUMERATE, and GET_PROPERTY_DESCRIPTOR. if (act == js::Wrapper::GET || act == js::Wrapper::ENUMERATE || act == js::Wrapper::GET_PROPERTY_DESCRIPTOR) { - AutoJSContext cx; + // Note that ReportWrapperDenial doesn't do any _exception_ reporting, + // so we want to do this regardless of the value of mayThrow. return ReportWrapperDenial(cx, id, WrapperDenialForCOW, "Access to privileged JS object not permitted"); } diff --git a/js/xpconnect/wrappers/AccessCheck.h b/js/xpconnect/wrappers/AccessCheck.h index 488cceac0e23..7e4e356e9e9c 100644 --- a/js/xpconnect/wrappers/AccessCheck.h +++ b/js/xpconnect/wrappers/AccessCheck.h @@ -49,7 +49,8 @@ struct Opaque : public Policy { static bool check(JSContext* cx, JSObject* wrapper, jsid id, js::Wrapper::Action act) { return false; } - static bool deny(js::Wrapper::Action act, JS::HandleId id) { + static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id, + bool mayThrow) { return false; } static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) { @@ -62,7 +63,8 @@ struct OpaqueWithCall : public Policy { static bool check(JSContext* cx, JSObject* wrapper, jsid id, js::Wrapper::Action act) { return act == js::Wrapper::CALL; } - static bool deny(js::Wrapper::Action act, JS::HandleId id) { + static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id, + bool mayThrow) { return false; } static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) { @@ -79,7 +81,8 @@ struct CrossOriginAccessiblePropertiesOnly : public Policy { static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act) { return AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act); } - static bool deny(js::Wrapper::Action act, JS::HandleId id) { + static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id, + bool mayThrow) { // Silently fail for enumerate-like operations. if (act == js::Wrapper::ENUMERATE) return true; @@ -95,7 +98,8 @@ struct CrossOriginAccessiblePropertiesOnly : public Policy { struct ExposedPropertiesOnly : public Policy { static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act); - static bool deny(js::Wrapper::Action act, JS::HandleId id); + static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id, + bool mayThrow); static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) { return false; } diff --git a/js/xpconnect/wrappers/FilteringWrapper.cpp b/js/xpconnect/wrappers/FilteringWrapper.cpp index ac46eae37477..7ad7f3b42c7e 100644 --- a/js/xpconnect/wrappers/FilteringWrapper.cpp +++ b/js/xpconnect/wrappers/FilteringWrapper.cpp @@ -196,7 +196,8 @@ FilteringWrapper::enter(JSContext* cx, HandleObject wrapper, bool mayThrow, bool* bp) const { if (!Policy::check(cx, wrapper, id, act)) { - *bp = JS_IsExceptionPending(cx) ? false : Policy::deny(act, id); + *bp = JS_IsExceptionPending(cx) ? + false : Policy::deny(cx, act, id, mayThrow); return false; } *bp = true;