зеркало из https://github.com/mozilla/gecko-dev.git
176 строки
6.4 KiB
C++
176 строки
6.4 KiB
C++
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/* vim: set ts=4 sw=4 et tw=99 ft=cpp: */
|
|
/* ***** BEGIN LICENSE BLOCK *****
|
|
* Version: MPL 1.1/GPL 2.0/LGPL 2.1
|
|
*
|
|
* The contents of this file are subject to the Mozilla Public License Version
|
|
* 1.1 (the "License"); you may not use this file except in compliance with
|
|
* the License. You may obtain a copy of the License at
|
|
* http://www.mozilla.org/MPL/
|
|
*
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
* for the specific language governing rights and limitations under the
|
|
* License.
|
|
*
|
|
* The Original Code is mozilla.org code, released
|
|
* June 24, 2010.
|
|
*
|
|
* The Initial Developer of the Original Code is
|
|
* the Mozilla Foundation.
|
|
* Portions created by the Initial Developer are Copyright (C) 2010
|
|
* the Initial Developer. All Rights Reserved.
|
|
*
|
|
* Contributor(s):
|
|
* Andreas Gal <gal@mozilla.com>
|
|
*
|
|
* Alternatively, the contents of this file may be used under the terms of
|
|
* either of the GNU General Public License Version 2 or later (the "GPL"),
|
|
* or the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
|
|
* in which case the provisions of the GPL or the LGPL are applicable instead
|
|
* of those above. If you wish to allow use of your version of this file only
|
|
* under the terms of either the GPL or the LGPL, and not to allow others to
|
|
* use your version of this file under the terms of the MPL, indicate your
|
|
* decision by deleting the provisions above and replace them with the notice
|
|
* and other provisions required by the GPL or the LGPL. If you do not delete
|
|
* the provisions above, a recipient may use your version of this file under
|
|
* the terms of any one of the MPL, the GPL or the LGPL.
|
|
*
|
|
* ***** END LICENSE BLOCK ***** */
|
|
|
|
#include "FilteringWrapper.h"
|
|
#include "AccessCheck.h"
|
|
#include "CrossOriginWrapper.h"
|
|
#include "XrayWrapper.h"
|
|
#include "WrapperFactory.h"
|
|
|
|
#include "XPCWrapper.h"
|
|
|
|
#include "jsapi.h"
|
|
|
|
using namespace js;
|
|
|
|
namespace xpc {
|
|
|
|
template <typename Base, typename Policy>
|
|
FilteringWrapper<Base, Policy>::FilteringWrapper(uintN flags) : Base(flags)
|
|
{
|
|
}
|
|
|
|
template <typename Base, typename Policy>
|
|
FilteringWrapper<Base, Policy>::~FilteringWrapper()
|
|
{
|
|
}
|
|
|
|
typedef Wrapper::Permission Permission;
|
|
|
|
static const Permission PermitObjectAccess = Wrapper::PermitObjectAccess;
|
|
static const Permission PermitPropertyAccess = Wrapper::PermitPropertyAccess;
|
|
static const Permission DenyAccess = Wrapper::DenyAccess;
|
|
|
|
template <typename Policy>
|
|
static bool
|
|
Filter(JSContext *cx, JSObject *wrapper, AutoIdVector &props)
|
|
{
|
|
size_t w = 0;
|
|
for (size_t n = 0; n < props.length(); ++n) {
|
|
jsid id = props[n];
|
|
Permission perm;
|
|
if (!Policy::check(cx, wrapper, id, Wrapper::GET, perm))
|
|
return false; // Error
|
|
if (perm != DenyAccess)
|
|
props[w++] = id;
|
|
}
|
|
props.resize(w);
|
|
return true;
|
|
}
|
|
|
|
template <typename Base, typename Policy>
|
|
bool
|
|
FilteringWrapper<Base, Policy>::getOwnPropertyNames(JSContext *cx, JSObject *wrapper, AutoIdVector &props)
|
|
{
|
|
return Base::getOwnPropertyNames(cx, wrapper, props) &&
|
|
Filter<Policy>(cx, wrapper, props);
|
|
}
|
|
|
|
template <typename Base, typename Policy>
|
|
bool
|
|
FilteringWrapper<Base, Policy>::enumerate(JSContext *cx, JSObject *wrapper, AutoIdVector &props)
|
|
{
|
|
return Base::enumerate(cx, wrapper, props) &&
|
|
Filter<Policy>(cx, wrapper, props);
|
|
}
|
|
|
|
template <typename Base, typename Policy>
|
|
bool
|
|
FilteringWrapper<Base, Policy>::keys(JSContext *cx, JSObject *wrapper, AutoIdVector &props)
|
|
{
|
|
return Base::keys(cx, wrapper, props) &&
|
|
Filter<Policy>(cx, wrapper, props);
|
|
}
|
|
|
|
template <typename Base, typename Policy>
|
|
bool
|
|
FilteringWrapper<Base, Policy>::iterate(JSContext *cx, JSObject *wrapper, uintN flags, Value *vp)
|
|
{
|
|
// We refuse to trigger the iterator hook across chrome wrappers because
|
|
// we don't know how to censor custom iterator objects. Instead we trigger
|
|
// the default proxy iterate trap, which will ask enumerate() for the list
|
|
// of (consored) ids.
|
|
return js::ProxyHandler::iterate(cx, wrapper, flags, vp);
|
|
}
|
|
|
|
template <typename Base, typename Policy>
|
|
bool
|
|
FilteringWrapper<Base, Policy>::enter(JSContext *cx, JSObject *wrapper, jsid id,
|
|
Wrapper::Action act, bool *bp)
|
|
{
|
|
Permission perm;
|
|
if (!Policy::check(cx, wrapper, id, act, perm)) {
|
|
*bp = false;
|
|
return false;
|
|
}
|
|
*bp = true;
|
|
if (perm == DenyAccess)
|
|
return false;
|
|
return Base::enter(cx, wrapper, id, act, bp);
|
|
}
|
|
|
|
#define SOW FilteringWrapper<CrossCompartmentSecurityWrapper, OnlyIfSubjectIsSystem>
|
|
#define SCSOW FilteringWrapper<SameCompartmentSecurityWrapper, OnlyIfSubjectIsSystem>
|
|
#define COW FilteringWrapper<CrossCompartmentSecurityWrapper, ExposedPropertiesOnly>
|
|
#define XOW FilteringWrapper<XrayWrapper<CrossCompartmentSecurityWrapper>, \
|
|
CrossOriginAccessiblePropertiesOnly>
|
|
#define PXOW FilteringWrapper<XrayProxy, \
|
|
CrossOriginAccessiblePropertiesOnly>
|
|
#define NNXOW FilteringWrapper<CrossCompartmentSecurityWrapper, \
|
|
CrossOriginAccessiblePropertiesOnly>
|
|
#define LW FilteringWrapper<XrayWrapper<SameCompartmentSecurityWrapper>, \
|
|
SameOriginOrCrossOriginAccessiblePropertiesOnly>
|
|
#define XLW FilteringWrapper<XrayWrapper<CrossCompartmentSecurityWrapper>, \
|
|
SameOriginOrCrossOriginAccessiblePropertiesOnly>
|
|
|
|
template<> SOW SOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
|
WrapperFactory::SOW_FLAG);
|
|
template<> SCSOW SCSOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
|
WrapperFactory::SOW_FLAG);
|
|
template<> COW COW::singleton(0);
|
|
template<> XOW XOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
|
WrapperFactory::PARTIALLY_TRANSPARENT);
|
|
template<> PXOW PXOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
|
WrapperFactory::PARTIALLY_TRANSPARENT);
|
|
template<> NNXOW NNXOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
|
|
WrapperFactory::PARTIALLY_TRANSPARENT);
|
|
template<> LW LW::singleton(0);
|
|
template<> XLW XLW::singleton(0);
|
|
|
|
template class SOW;
|
|
template class COW;
|
|
template class XOW;
|
|
template class PXOW;
|
|
template class NNXOW;
|
|
template class LW;
|
|
template class XLW;
|
|
|
|
}
|