diff --git a/caps/include/nsScriptSecurityManager.h b/caps/include/nsScriptSecurityManager.h index ce2d8f33d76..fa531a8cdb4 100644 --- a/caps/include/nsScriptSecurityManager.h +++ b/caps/include/nsScriptSecurityManager.h @@ -537,32 +537,22 @@ private: * has set the "security.xpconnect.plugin.unrestricted" pref to allow * anybody to script plugin objects from anywhere. * - * @param cx The context we're running on. - * NB: If null, "sameOrigin" does not have any effect. * @param aObj The nsISupports representation of the object in question * object, possibly null. - * @param aJSObject The JSObject representation of the object in question - * if |cx| is non-null and |aObjectSecurityLevel| is - * "sameOrigin". If null will be calculated from aObj (if - * non-null) if and only if aObj is an XPCWrappedJS. The - * rationale behind this is that if we're creating a JS - * wrapper for an XPCWrappedJS, this object definitely - * expects to be exposed to JS. + * @param aJSObject The JSObject representation of the object in question. + * Only used if |aObjectSecurityLevel| is "sameOrigin". * @param aSubjectPrincipal The nominal subject principal used when - * aObjectSecurityLevel is "sameOrigin". If null, - * this is calculated if it's needed. + * aObjectSecurityLevel is "sameOrigin". * @param aObjectSecurityLevel Can be one of three values: * - allAccess: Allow access no matter what. * - noAccess: Deny access no matter what. - * - sameOrigin: If |cx| is null, behave like noAccess. - * Otherwise, possibly compute a subject - * and object principal and return true if - * and only if the subject has greater than - * or equal privileges to the object. + * - sameOrigin: If both a subject principal and JS + * object have been passed in, returns + * true if the subject subsumes the object, + * otherwise, behaves like noAccess. */ nsresult - CheckXPCPermissions(JSContext* cx, - nsISupports* aObj, JSObject* aJSObject, + CheckXPCPermissions(nsISupports* aObj, JSObject* aJSObject, nsIPrincipal* aSubjectPrincipal, const char* aObjectSecurityLevel); diff --git a/caps/src/nsScriptSecurityManager.cpp b/caps/src/nsScriptSecurityManager.cpp index 9f63b71ddb4..30277d4c419 100644 --- a/caps/src/nsScriptSecurityManager.cpp +++ b/caps/src/nsScriptSecurityManager.cpp @@ -784,7 +784,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(PRUint32 aAction, } } } - rv = CheckXPCPermissions(cx, aObj, aJSObject, subjectPrincipal, + rv = CheckXPCPermissions(aObj, aJSObject, subjectPrincipal, objectSecurityLevel); #ifdef DEBUG_CAPS_CheckPropertyAccessImpl if(NS_SUCCEEDED(rv)) @@ -2859,7 +2859,7 @@ nsScriptSecurityManager::CanCreateWrapper(JSContext *cx, if (checkedComponent) checkedComponent->CanCreateWrapper((nsIID *)&aIID, getter_Copies(objectSecurityLevel)); - nsresult rv = CheckXPCPermissions(cx, aObj, nsnull, nsnull, objectSecurityLevel); + nsresult rv = CheckXPCPermissions(aObj, nsnull, nsnull, objectSecurityLevel); if (NS_FAILED(rv)) { //-- Access denied, report an error @@ -2970,7 +2970,7 @@ nsScriptSecurityManager::CanCreateInstance(JSContext *cx, nsCRT::free(cidStr); #endif - nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull, nsnull); + nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull); if (NS_FAILED(rv)) #ifdef XPC_IDISPATCH_SUPPORT { @@ -3007,7 +3007,7 @@ nsScriptSecurityManager::CanGetService(JSContext *cx, nsCRT::free(cidStr); #endif - nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull, nsnull); + nsresult rv = CheckXPCPermissions(nsnull, nsnull, nsnull, nsnull); if (NS_FAILED(rv)) { //-- Access denied, report an error @@ -3046,8 +3046,7 @@ nsScriptSecurityManager::CanAccess(PRUint32 aAction, } nsresult -nsScriptSecurityManager::CheckXPCPermissions(JSContext* cx, - nsISupports* aObj, JSObject* aJSObject, +nsScriptSecurityManager::CheckXPCPermissions(nsISupports* aObj, JSObject* aJSObject, nsIPrincipal* aSubjectPrincipal, const char* aObjectSecurityLevel) { @@ -3061,40 +3060,20 @@ nsScriptSecurityManager::CheckXPCPermissions(JSContext* cx, { if (PL_strcasecmp(aObjectSecurityLevel, "allAccess") == 0) return NS_OK; - if (cx && PL_strcasecmp(aObjectSecurityLevel, "sameOrigin") == 0) + if (aSubjectPrincipal && aJSObject && + PL_strcasecmp(aObjectSecurityLevel, "sameOrigin") == 0) { - nsresult rv; - if (!aJSObject) - { - nsCOMPtr xpcwrappedjs = - do_QueryInterface(aObj); - if (xpcwrappedjs) - { - rv = xpcwrappedjs->GetJSObject(&aJSObject); - NS_ENSURE_SUCCESS(rv, rv); - } - } + nsIPrincipal* objectPrincipal = doGetObjectPrincipal(aJSObject); - if (!aSubjectPrincipal) + // Only do anything if we have both a subject and object + // principal. + if (objectPrincipal) { - // No subject principal passed in. Compute it. - aSubjectPrincipal = GetSubjectPrincipal(cx, &rv); + PRBool subsumes; + nsresult rv = aSubjectPrincipal->Subsumes(objectPrincipal, &subsumes); NS_ENSURE_SUCCESS(rv, rv); - } - if (aSubjectPrincipal && aJSObject) - { - nsIPrincipal* objectPrincipal = doGetObjectPrincipal(aJSObject); - - // Only do anything if we have both a subject and object - // principal. - if (objectPrincipal) - { - PRBool subsumes; - rv = aSubjectPrincipal->Subsumes(objectPrincipal, &subsumes); - NS_ENSURE_SUCCESS(rv, rv); - if (subsumes) - return NS_OK; - } + if (subsumes) + return NS_OK; } } else if (PL_strcasecmp(aObjectSecurityLevel, "noAccess") != 0)