зеркало из https://github.com/mozilla/gecko-dev.git
Bug 809652 - Deny nativeCall for SecurityWrapper except under specific circumstances. r=jorendorff
This commit is contained in:
Родитель
4c226c845b
Коммит
f681aaffe9
|
@ -795,11 +795,8 @@ SecurityWrapper<Base>::enter(JSContext *cx, JSObject *wrapper, jsid id,
|
|||
SecurityWrapper<Base>::nativeCall(JSContext *cx, IsAcceptableThis test, NativeImpl impl,
|
||||
CallArgs args)
|
||||
{
|
||||
/*
|
||||
* Let this through until compartment-per-global lets us have stronger
|
||||
* invariants wrt document.domain (bug 714547).
|
||||
*/
|
||||
return Base::nativeCall(cx, test, impl, args);
|
||||
JS_ReportErrorNumber(cx, js_GetErrorMessage, NULL, JSMSG_UNWRAP_DENIED);
|
||||
return false;
|
||||
}
|
||||
|
||||
template <class Base>
|
||||
|
|
|
@ -187,6 +187,13 @@ class JS_FRIEND_API(SecurityWrapper) : public Base
|
|||
CallArgs args) MOZ_OVERRIDE;
|
||||
virtual bool objectClassIs(JSObject *obj, ESClassValue classValue, JSContext *cx) MOZ_OVERRIDE;
|
||||
virtual bool regexp_toShared(JSContext *cx, JSObject *proxy, RegExpGuard *g) MOZ_OVERRIDE;
|
||||
|
||||
/*
|
||||
* Allow our subclasses to select the superclass behavior they want without
|
||||
* needing to specify an exact superclass.
|
||||
*/
|
||||
typedef Base Permissive;
|
||||
typedef SecurityWrapper<Base> Restrictive;
|
||||
};
|
||||
|
||||
typedef SecurityWrapper<Wrapper> SameCompartmentSecurityWrapper;
|
||||
|
|
|
@ -446,6 +446,13 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
|
|||
return true;
|
||||
}
|
||||
|
||||
bool
|
||||
ExposedPropertiesOnly::allowNativeCall(JSContext *cx, JS::IsAcceptableThis test,
|
||||
JS::NativeImpl impl)
|
||||
{
|
||||
return js::IsReadOnlyDateMethod(test, impl) || js::IsTypedArrayThisCheck(test);
|
||||
}
|
||||
|
||||
bool
|
||||
ComponentsObjectPolicy::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper::Action act)
|
||||
{
|
||||
|
|
|
@ -51,6 +51,11 @@ struct OnlyIfSubjectIsSystem : public Policy {
|
|||
AccessCheck::deny(cx, id);
|
||||
return false;
|
||||
}
|
||||
|
||||
static bool allowNativeCall(JSContext *cx, JS::IsAcceptableThis test, JS::NativeImpl impl)
|
||||
{
|
||||
return AccessCheck::isSystemOnlyAccessPermitted(cx);
|
||||
}
|
||||
};
|
||||
|
||||
// This policy only permits access to properties that are safe to be used
|
||||
|
@ -63,6 +68,10 @@ struct CrossOriginAccessiblePropertiesOnly : public Policy {
|
|||
AccessCheck::deny(cx, id);
|
||||
return false;
|
||||
}
|
||||
static bool allowNativeCall(JSContext *cx, JS::IsAcceptableThis test, JS::NativeImpl impl)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
// This policy only permits access to properties if they appear in the
|
||||
|
@ -78,6 +87,7 @@ struct ExposedPropertiesOnly : public Policy {
|
|||
AccessCheck::deny(cx, id);
|
||||
return false;
|
||||
}
|
||||
static bool allowNativeCall(JSContext *cx, JS::IsAcceptableThis test, JS::NativeImpl impl);
|
||||
};
|
||||
|
||||
// Components specific policy
|
||||
|
@ -88,6 +98,9 @@ struct ComponentsObjectPolicy : public Policy {
|
|||
AccessCheck::deny(cx, id);
|
||||
return false;
|
||||
}
|
||||
static bool allowNativeCall(JSContext *cx, JS::IsAcceptableThis test, JS::NativeImpl impl) {
|
||||
return false;
|
||||
}
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
@ -113,6 +113,16 @@ FilteringWrapper<Base, Policy>::iterate(JSContext *cx, JSObject *wrapper, unsign
|
|||
return js::BaseProxyHandler::iterate(cx, wrapper, flags, vp);
|
||||
}
|
||||
|
||||
template <typename Base, typename Policy>
|
||||
bool
|
||||
FilteringWrapper<Base, Policy>::nativeCall(JSContext *cx, JS::IsAcceptableThis test,
|
||||
JS::NativeImpl impl, JS::CallArgs args)
|
||||
{
|
||||
if (Policy::allowNativeCall(cx, test, impl))
|
||||
return Base::Permissive::nativeCall(cx, test, impl, args);
|
||||
return Base::Restrictive::nativeCall(cx, test, impl, args);
|
||||
}
|
||||
|
||||
template <typename Base, typename Policy>
|
||||
bool
|
||||
FilteringWrapper<Base, Policy>::enter(JSContext *cx, JSObject *wrapper, jsid id,
|
||||
|
|
|
@ -25,6 +25,8 @@ class FilteringWrapper : public Base {
|
|||
virtual bool enumerate(JSContext *cx, JSObject *wrapper, js::AutoIdVector &props) MOZ_OVERRIDE;
|
||||
virtual bool keys(JSContext *cx, JSObject *wrapper, js::AutoIdVector &props) MOZ_OVERRIDE;
|
||||
virtual bool iterate(JSContext *cx, JSObject *proxy, unsigned flags, js::Value *vp) MOZ_OVERRIDE;
|
||||
virtual bool nativeCall(JSContext *cx, JS::IsAcceptableThis test, JS::NativeImpl impl,
|
||||
JS::CallArgs args) MOZ_OVERRIDE;
|
||||
|
||||
virtual bool enter(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act, bool *bp) MOZ_OVERRIDE;
|
||||
|
||||
|
|
Загрузка…
Ссылка в новой задаче