mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 750859 - Remove (most of) SetCanEnableCapability. r=bz

This commit is contained in:
Bobby Holley 2012-05-02 23:57:34 +02:00
Родитель c532e2d4c3
Коммит e6e34db54d
10 изменённых файлов: 6 добавлений и 170 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
caps/idl/nsIPrincipal.idl
Просмотреть файл

@ -52,7 +52,7 @@ interface nsIContentSecurityPolicy;
[ptr] native JSContext(JSContext);
[ptr] native JSPrincipals(JSPrincipals);
[scriptable, uuid(f8c4c89a-d726-421b-8415-3e34b241175b)]
[scriptable, uuid(fb783979-b3f8-4e0d-980f-f0f83b0f505d)]
interface nsIPrincipal : nsISerializable
{
/**
@ -115,8 +115,6 @@ interface nsIPrincipal : nsISerializable
// XXXbz again, what if this lives in our hashtable and someone
// messes with it? Is that OK?
[noscript] short canEnableCapability(in string capability);
[noscript] void setCanEnableCapability(in string capability,
in short canEnable);
[noscript] boolean isCapabilityEnabled(in string capability,
in voidPtr annotation);
[noscript] void enableCapability(in string capability,

8
caps/idl/nsIScriptSecurityManager.idl
Просмотреть файл

@ -41,7 +41,7 @@
interface nsIURI;
interface nsIChannel;
[scriptable, uuid(50eda256-4dd2-4c7c-baed-96983910af9f)]
[scriptable, uuid(d6cf287a-476a-43ba-aa03-70af4a01044e)]
interface nsIScriptSecurityManager : nsIXPCSecurityManager
{
///////////////// Security Checks //////////////////
@ -245,12 +245,6 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
* Allow 'certificateID' to enable 'capability.' Can only be performed
* by code signed by the system certificate.
*/
// XXXbz Capabilities can't have non-ascii chars?
// XXXbz ideally we'd pass a subjectName here too, and the nsISupports
// cert we're enabling for...
void setCanEnableCapability(in AUTF8String certificateFingerprint,
in string capability,
in short canEnable);
///////////////////////
/**

3
caps/include/nsPrincipal.h
Просмотреть файл

@ -107,6 +107,9 @@ public:
#endif
protected:
// Formerly an IDL method. Now just a protected helper.
nsresult SetCanEnableCapability(const char *capability, PRInt16 canEnable);
nsTArray< nsAutoPtr<nsHashtable> > mAnnotations;
nsHashtable* mCapabilities;
nsCString mPrefName;

3
caps/include/nsScriptSecurityManager.h
Просмотреть файл

@ -526,9 +526,6 @@ private:
static void
FormatCapabilityString(nsAString& aCapability);
nsresult
SavePrincipal(nsIPrincipal* aToSave);
/**
* Check capability levels for an |aObj| that implements
* nsISecurityCheckedComponent.

8
caps/src/nsNullPrincipal.cpp
Просмотреть файл

@ -220,14 +220,6 @@ nsNullPrincipal::CanEnableCapability(const char *aCapability,
return NS_OK;
}
NS_IMETHODIMP
nsNullPrincipal::SetCanEnableCapability(const char *aCapability,
PRInt16 aCanEnable)
{
return NS_ERROR_NOT_AVAILABLE;
}
NS_IMETHODIMP
nsNullPrincipal::IsCapabilityEnabled(const char *aCapability,
void *aAnnotation,

2
caps/src/nsPrincipal.cpp
Просмотреть файл

@ -542,7 +542,7 @@ nsPrincipal::CanEnableCapability(const char *capability, PRInt16 *result)
return NS_OK;
}
NS_IMETHODIMP
nsresult
nsPrincipal::SetCanEnableCapability(const char *capability,
PRInt16 canEnable)
{

123
caps/src/nsScriptSecurityManager.cpp
Просмотреть файл

@ -2536,64 +2536,6 @@ nsScriptSecurityManager::doGetObjectPrincipal(JSObject *aObj
return result;
}
nsresult
nsScriptSecurityManager::SavePrincipal(nsIPrincipal* aToSave)
{
//-- Save to mPrincipals
mPrincipals.Put(aToSave, aToSave);
//-- Save to prefs
nsXPIDLCString idPrefName;
nsXPIDLCString id;
nsXPIDLCString subjectName;
nsXPIDLCString grantedList;
nsXPIDLCString deniedList;
bool isTrusted;
nsresult rv = aToSave->GetPreferences(getter_Copies(idPrefName),
getter_Copies(id),
getter_Copies(subjectName),
getter_Copies(grantedList),
getter_Copies(deniedList),
&isTrusted);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
nsCAutoString grantedPrefName;
nsCAutoString deniedPrefName;
nsCAutoString subjectNamePrefName;
rv = GetPrincipalPrefNames( idPrefName,
grantedPrefName,
deniedPrefName,
subjectNamePrefName );
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
mIsWritingPrefs = true;
if (grantedList) {
Preferences::SetCString(grantedPrefName.get(), grantedList);
} else {
Preferences::ClearUser(grantedPrefName.get());
}
if (deniedList) {
Preferences::SetCString(deniedPrefName.get(), deniedList);
} else {
Preferences::ClearUser(deniedPrefName.get());
}
if (grantedList || deniedList) {
Preferences::SetCString(idPrefName, id);
Preferences::SetCString(subjectNamePrefName.get(), subjectName);
} else {
Preferences::ClearUser(idPrefName);
Preferences::ClearUser(subjectNamePrefName.get());
}
mIsWritingPrefs = false;
nsIPrefService* prefService = Preferences::GetService();
NS_ENSURE_TRUE(prefService, NS_ERROR_FAILURE);
return prefService->SavePrefFile(nsnull);
}
///////////////// Capabilities API /////////////////////
NS_IMETHODIMP
nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
@ -2864,71 +2806,6 @@ nsScriptSecurityManager::DisableCapability(const char *capability)
return NS_OK;
}
//////////////// Master Certificate Functions ///////////////////////////////////////
NS_IMETHODIMP
nsScriptSecurityManager::SetCanEnableCapability(const nsACString& certFingerprint,
const char* capability,
PRInt16 canEnable)
{
NS_ENSURE_ARG(!certFingerprint.IsEmpty());
nsresult rv;
nsIPrincipal* subjectPrincipal = doGetSubjectPrincipal(&rv);
if (NS_FAILED(rv))
return rv;
//-- Get the system certificate
if (!mSystemCertificate)
{
nsCOMPtr<nsIFile> systemCertFile;
nsCOMPtr<nsIProperties> directoryService =
do_GetService(NS_DIRECTORY_SERVICE_CONTRACTID, &rv);
if (!directoryService) return NS_ERROR_FAILURE;
rv = directoryService->Get(NS_XPCOM_CURRENT_PROCESS_DIR, NS_GET_IID(nsIFile),
getter_AddRefs(systemCertFile));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
systemCertFile->AppendNative(NS_LITERAL_CSTRING("systemSignature.jar"));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
nsCOMPtr<nsIZipReader> systemCertZip = do_CreateInstance(kZipReaderCID, &rv);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
rv = systemCertZip->Open(systemCertFile);
if (NS_SUCCEEDED(rv))
{
rv = systemCertZip->GetCertificatePrincipal(EmptyCString(),
getter_AddRefs(mSystemCertificate));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
}
}
//-- Make sure the caller's principal is the system certificate
bool isEqual = false;
if (mSystemCertificate)
{
rv = mSystemCertificate->Equals(subjectPrincipal, &isEqual);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
}
if (!isEqual)
{
JSContext* cx = GetCurrentJSContext();
if (!cx) return NS_ERROR_FAILURE;
static const char msg1[] = "Only code signed by the system certificate may call SetCanEnableCapability or Invalidate";
static const char msg2[] = "Attempt to call SetCanEnableCapability or Invalidate when no system certificate has been established";
SetPendingException(cx, mSystemCertificate ? msg1 : msg2);
return NS_ERROR_FAILURE;
}
//-- Get the target principal
nsCOMPtr<nsIPrincipal> objectPrincipal;
rv = DoGetCertificatePrincipal(certFingerprint, EmptyCString(),
EmptyCString(), nsnull,
nsnull, false,
getter_AddRefs(objectPrincipal));
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
rv = objectPrincipal->SetCanEnableCapability(capability, canEnable);
if (NS_FAILED(rv)) return NS_ERROR_FAILURE;
return SavePrincipal(objectPrincipal);
}
////////////////////////////////////////////////
// Methods implementing nsIXPCSecurityManager //
////////////////////////////////////////////////

8
caps/src/nsSystemPrincipal.cpp
Просмотреть файл

@ -167,14 +167,6 @@ nsSystemPrincipal::CanEnableCapability(const char *capability,
return NS_OK;
}
NS_IMETHODIMP
nsSystemPrincipal::SetCanEnableCapability(const char *capability,
PRInt16 canEnable)
{
return NS_ERROR_FAILURE;
}
NS_IMETHODIMP
nsSystemPrincipal::IsCapabilityEnabled(const char *capability,
void *annotation,

8
ipc/testshell/XPCShellEnvironment.cpp
Просмотреть файл

@ -872,14 +872,6 @@ FullTrustSecMan::DisableCapability(const char *capability)
return NS_OK;
}
NS_IMETHODIMP
FullTrustSecMan::SetCanEnableCapability(const nsACString & certificateFingerprint,
const char *capability,
PRInt16 canEnable)
{
return NS_OK;
}
NS_IMETHODIMP
FullTrustSecMan::GetObjectPrincipal(JSContext * cx,
JSObject * obj,

9
js/xpconnect/shell/xpcshell.cpp
Просмотреть файл

@ -1521,15 +1521,6 @@ FullTrustSecMan::DisableCapability(const char *capability)
return NS_OK;
}
/* void setCanEnableCapability (in AUTF8String certificateFingerprint, in string capability, in short canEnable); */
NS_IMETHODIMP
FullTrustSecMan::SetCanEnableCapability(const nsACString & certificateFingerprint,
const char *capability,
PRInt16 canEnable)
{
return NS_OK;
}
/* [noscript] nsIPrincipal getObjectPrincipal (in JSContextPtr cx, in JSObjectPtr obj); */
NS_IMETHODIMP
FullTrustSecMan::GetObjectPrincipal(JSContext * cx, JSObject * obj,