Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst

This commit is contained in:
Blake Kaplan 2009-05-14 15:17:56 -07:00
Родитель 640adc4760
Коммит 8434b97074
2 изменённых файлов: 23 добавлений и 54 удалений

Просмотреть файл

@ -537,32 +537,22 @@ private:
* has set the "security.xpconnect.plugin.unrestricted" pref to allow
* anybody to script plugin objects from anywhere.
*
* @param cx The context we're running on.
* NB: If null, "sameOrigin" does not have any effect.
* @param aObj The nsISupports representation of the object in question
* object, possibly null.
* @param aJSObject The JSObject representation of the object in question
* if |cx| is non-null and |aObjectSecurityLevel| is
* "sameOrigin". If null will be calculated from aObj (if
* non-null) if and only if aObj is an XPCWrappedJS. The
* rationale behind this is that if we're creating a JS
* wrapper for an XPCWrappedJS, this object definitely
* expects to be exposed to JS.
* @param aJSObject The JSObject representation of the object in question.
* Only used if |aObjectSecurityLevel| is "sameOrigin".
* @param aSubjectPrincipal The nominal subject principal used when
* aObjectSecurityLevel is "sameOrigin". If null,
* this is calculated if it's needed.
* aObjectSecurityLevel is "sameOrigin".
* @param aObjectSecurityLevel Can be one of three values:
* - allAccess: Allow access no matter what.
* - noAccess: Deny access no matter what.
* - sameOrigin: If |cx| is null, behave like noAccess.
* Otherwise, possibly compute a subject
* and object principal and return true if
* and only if the subject has greater than
* or equal privileges to the object.
* - sameOrigin: If both a subject principal and JS
* object have been passed in, returns
* true if the subject subsumes the object,
* otherwise, behaves like noAccess.
*/
nsresult
CheckXPCPermissions(JSContext* cx,
nsISupports* aObj, JSObject* aJSObject,
CheckXPCPermissions(nsISupports* aObj, JSObject* aJSObject,
nsIPrincipal* aSubjectPrincipal,
const char* aObjectSecurityLevel);

Просмотреть файл

@ -784,7 +784,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
}
}
}
rv = CheckXPCPermissions(cx, aObj, aJSObject, subjectPrincipal,
rv = CheckXPCPermissions(aObj, aJSObject, subjectPrincipal,
objectSecurityLevel);
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
if(NS_SUCCEEDED(rv))
@ -2859,7 +2859,7 @@ nsScriptSecurityManager::CanCreateWrapper(JSContext *cx,
if (checkedComponent)
checkedComponent->CanCreateWrapper((nsIID *)&aIID, getter_Copies(objectSecurityLevel));
nsresult rv = CheckXPCPermissions(cx, aObj, nsnull, nsnull, objectSecurityLevel);
nsresult rv = CheckXPCPermissions(aObj, nsnull, nsnull, objectSecurityLevel);
if (NS_FAILED(rv))
{
//-- Access denied, report an error
@ -2970,7 +2970,7 @@ nsScriptSecurityManager::CanCreateInstance(JSContext *cx,
nsCRT::free(cidStr);
#endif
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull, nsnull);
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull);
if (NS_FAILED(rv))
#ifdef XPC_IDISPATCH_SUPPORT
{
@ -3007,7 +3007,7 @@ nsScriptSecurityManager::CanGetService(JSContext *cx,
nsCRT::free(cidStr);
#endif
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull, nsnull);
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull);
if (NS_FAILED(rv))
{
//-- Access denied, report an error
@ -3046,8 +3046,7 @@ nsScriptSecurityManager::CanAccess(PRUint32 aAction,
}
nsresult
nsScriptSecurityManager::CheckXPCPermissions(JSContext* cx,
nsISupports* aObj, JSObject* aJSObject,
nsScriptSecurityManager::CheckXPCPermissions(nsISupports* aObj, JSObject* aJSObject,
nsIPrincipal* aSubjectPrincipal,
const char* aObjectSecurityLevel)
{
@ -3061,40 +3060,20 @@ nsScriptSecurityManager::CheckXPCPermissions(JSContext* cx,
{
if (PL_strcasecmp(aObjectSecurityLevel, "allAccess") == 0)
return NS_OK;
if (cx && PL_strcasecmp(aObjectSecurityLevel, "sameOrigin") == 0)
if (aSubjectPrincipal && aJSObject &&
PL_strcasecmp(aObjectSecurityLevel, "sameOrigin") == 0)
{
nsresult rv;
if (!aJSObject)
{
nsCOMPtr<nsIXPConnectWrappedJS> xpcwrappedjs =
do_QueryInterface(aObj);
if (xpcwrappedjs)
{
rv = xpcwrappedjs->GetJSObject(&aJSObject);
NS_ENSURE_SUCCESS(rv, rv);
}
}
nsIPrincipal* objectPrincipal = doGetObjectPrincipal(aJSObject);
if (!aSubjectPrincipal)
// Only do anything if we have both a subject and object
// principal.
if (objectPrincipal)
{
// No subject principal passed in. Compute it.
aSubjectPrincipal = GetSubjectPrincipal(cx, &rv);
PRBool subsumes;
nsresult rv = aSubjectPrincipal->Subsumes(objectPrincipal, &subsumes);
NS_ENSURE_SUCCESS(rv, rv);
}
if (aSubjectPrincipal && aJSObject)
{
nsIPrincipal* objectPrincipal = doGetObjectPrincipal(aJSObject);
// Only do anything if we have both a subject and object
// principal.
if (objectPrincipal)
{
PRBool subsumes;
rv = aSubjectPrincipal->Subsumes(objectPrincipal, &subsumes);
NS_ENSURE_SUCCESS(rv, rv);
if (subsumes)
return NS_OK;
}
if (subsumes)
return NS_OK;
}
}
else if (PL_strcasecmp(aObjectSecurityLevel, "noAccess") != 0)