зеркало из https://github.com/mozilla/pjs.git
Bug 493074 - Compute fewer things to try to clear up a performance regression. r+sr=jst
This commit is contained in:
Родитель
640adc4760
Коммит
8434b97074
|
@ -537,32 +537,22 @@ private:
|
|||
* has set the "security.xpconnect.plugin.unrestricted" pref to allow
|
||||
* anybody to script plugin objects from anywhere.
|
||||
*
|
||||
* @param cx The context we're running on.
|
||||
* NB: If null, "sameOrigin" does not have any effect.
|
||||
* @param aObj The nsISupports representation of the object in question
|
||||
* object, possibly null.
|
||||
* @param aJSObject The JSObject representation of the object in question
|
||||
* if |cx| is non-null and |aObjectSecurityLevel| is
|
||||
* "sameOrigin". If null will be calculated from aObj (if
|
||||
* non-null) if and only if aObj is an XPCWrappedJS. The
|
||||
* rationale behind this is that if we're creating a JS
|
||||
* wrapper for an XPCWrappedJS, this object definitely
|
||||
* expects to be exposed to JS.
|
||||
* @param aJSObject The JSObject representation of the object in question.
|
||||
* Only used if |aObjectSecurityLevel| is "sameOrigin".
|
||||
* @param aSubjectPrincipal The nominal subject principal used when
|
||||
* aObjectSecurityLevel is "sameOrigin". If null,
|
||||
* this is calculated if it's needed.
|
||||
* aObjectSecurityLevel is "sameOrigin".
|
||||
* @param aObjectSecurityLevel Can be one of three values:
|
||||
* - allAccess: Allow access no matter what.
|
||||
* - noAccess: Deny access no matter what.
|
||||
* - sameOrigin: If |cx| is null, behave like noAccess.
|
||||
* Otherwise, possibly compute a subject
|
||||
* and object principal and return true if
|
||||
* and only if the subject has greater than
|
||||
* or equal privileges to the object.
|
||||
* - sameOrigin: If both a subject principal and JS
|
||||
* object have been passed in, returns
|
||||
* true if the subject subsumes the object,
|
||||
* otherwise, behaves like noAccess.
|
||||
*/
|
||||
nsresult
|
||||
CheckXPCPermissions(JSContext* cx,
|
||||
nsISupports* aObj, JSObject* aJSObject,
|
||||
CheckXPCPermissions(nsISupports* aObj, JSObject* aJSObject,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
const char* aObjectSecurityLevel);
|
||||
|
||||
|
|
|
@ -784,7 +784,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction,
|
|||
}
|
||||
}
|
||||
}
|
||||
rv = CheckXPCPermissions(cx, aObj, aJSObject, subjectPrincipal,
|
||||
rv = CheckXPCPermissions(aObj, aJSObject, subjectPrincipal,
|
||||
objectSecurityLevel);
|
||||
#ifdef DEBUG_CAPS_CheckPropertyAccessImpl
|
||||
if(NS_SUCCEEDED(rv))
|
||||
|
@ -2859,7 +2859,7 @@ nsScriptSecurityManager::CanCreateWrapper(JSContext *cx,
|
|||
if (checkedComponent)
|
||||
checkedComponent->CanCreateWrapper((nsIID *)&aIID, getter_Copies(objectSecurityLevel));
|
||||
|
||||
nsresult rv = CheckXPCPermissions(cx, aObj, nsnull, nsnull, objectSecurityLevel);
|
||||
nsresult rv = CheckXPCPermissions(aObj, nsnull, nsnull, objectSecurityLevel);
|
||||
if (NS_FAILED(rv))
|
||||
{
|
||||
//-- Access denied, report an error
|
||||
|
@ -2970,7 +2970,7 @@ nsScriptSecurityManager::CanCreateInstance(JSContext *cx,
|
|||
nsCRT::free(cidStr);
|
||||
#endif
|
||||
|
||||
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull, nsnull);
|
||||
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull);
|
||||
if (NS_FAILED(rv))
|
||||
#ifdef XPC_IDISPATCH_SUPPORT
|
||||
{
|
||||
|
@ -3007,7 +3007,7 @@ nsScriptSecurityManager::CanGetService(JSContext *cx,
|
|||
nsCRT::free(cidStr);
|
||||
#endif
|
||||
|
||||
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull, nsnull);
|
||||
nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull);
|
||||
if (NS_FAILED(rv))
|
||||
{
|
||||
//-- Access denied, report an error
|
||||
|
@ -3046,8 +3046,7 @@ nsScriptSecurityManager::CanAccess(PRUint32 aAction,
|
|||
}
|
||||
|
||||
nsresult
|
||||
nsScriptSecurityManager::CheckXPCPermissions(JSContext* cx,
|
||||
nsISupports* aObj, JSObject* aJSObject,
|
||||
nsScriptSecurityManager::CheckXPCPermissions(nsISupports* aObj, JSObject* aJSObject,
|
||||
nsIPrincipal* aSubjectPrincipal,
|
||||
const char* aObjectSecurityLevel)
|
||||
{
|
||||
|
@ -3061,40 +3060,20 @@ nsScriptSecurityManager::CheckXPCPermissions(JSContext* cx,
|
|||
{
|
||||
if (PL_strcasecmp(aObjectSecurityLevel, "allAccess") == 0)
|
||||
return NS_OK;
|
||||
if (cx && PL_strcasecmp(aObjectSecurityLevel, "sameOrigin") == 0)
|
||||
if (aSubjectPrincipal && aJSObject &&
|
||||
PL_strcasecmp(aObjectSecurityLevel, "sameOrigin") == 0)
|
||||
{
|
||||
nsresult rv;
|
||||
if (!aJSObject)
|
||||
{
|
||||
nsCOMPtr<nsIXPConnectWrappedJS> xpcwrappedjs =
|
||||
do_QueryInterface(aObj);
|
||||
if (xpcwrappedjs)
|
||||
{
|
||||
rv = xpcwrappedjs->GetJSObject(&aJSObject);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
}
|
||||
nsIPrincipal* objectPrincipal = doGetObjectPrincipal(aJSObject);
|
||||
|
||||
if (!aSubjectPrincipal)
|
||||
// Only do anything if we have both a subject and object
|
||||
// principal.
|
||||
if (objectPrincipal)
|
||||
{
|
||||
// No subject principal passed in. Compute it.
|
||||
aSubjectPrincipal = GetSubjectPrincipal(cx, &rv);
|
||||
PRBool subsumes;
|
||||
nsresult rv = aSubjectPrincipal->Subsumes(objectPrincipal, &subsumes);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
}
|
||||
if (aSubjectPrincipal && aJSObject)
|
||||
{
|
||||
nsIPrincipal* objectPrincipal = doGetObjectPrincipal(aJSObject);
|
||||
|
||||
// Only do anything if we have both a subject and object
|
||||
// principal.
|
||||
if (objectPrincipal)
|
||||
{
|
||||
PRBool subsumes;
|
||||
rv = aSubjectPrincipal->Subsumes(objectPrincipal, &subsumes);
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
if (subsumes)
|
||||
return NS_OK;
|
||||
}
|
||||
if (subsumes)
|
||||
return NS_OK;
|
||||
}
|
||||
}
|
||||
else if (PL_strcasecmp(aObjectSecurityLevel, "noAccess") != 0)
|
||||
|
|
Загрузка…
Ссылка в новой задаче