Line data Source code
1 : /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /* vim: set ts=4 et sw=4 tw=80: */
3 : /* This Source Code Form is subject to the terms of the Mozilla Public
4 : * License, v. 2.0. If a copy of the MPL was not distributed with this
5 : * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 :
7 : #ifndef nsScriptSecurityManager_h__
8 : #define nsScriptSecurityManager_h__
9 :
10 : #include "nsIScriptSecurityManager.h"
11 :
12 : #include "nsIAddonPolicyService.h"
13 : #include "mozilla/Maybe.h"
14 : #include "nsIAddonPolicyService.h"
15 : #include "nsIPrincipal.h"
16 : #include "nsCOMPtr.h"
17 : #include "nsIObserver.h"
18 : #include "nsServiceManagerUtils.h"
19 : #include "plstr.h"
20 : #include "js/TypeDecls.h"
21 :
22 : #include <stdint.h>
23 :
24 : class nsCString;
25 : class nsIIOService;
26 : class nsIStringBundle;
27 : class SystemPrincipal;
28 :
29 : namespace mozilla {
30 : class OriginAttributes;
31 : } // namespace mozilla
32 :
33 : /////////////////////////////
34 : // nsScriptSecurityManager //
35 : /////////////////////////////
36 : #define NS_SCRIPTSECURITYMANAGER_CID \
37 : { 0x7ee2a4c0, 0x4b93, 0x17d3, \
38 : { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
39 :
40 : class nsScriptSecurityManager final : public nsIScriptSecurityManager,
41 : public nsIObserver
42 : {
43 : public:
44 : static void Shutdown();
45 :
46 : NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
47 :
48 : NS_DECL_ISUPPORTS
49 : NS_DECL_NSISCRIPTSECURITYMANAGER
50 : NS_DECL_NSIOBSERVER
51 :
52 : static nsScriptSecurityManager*
53 : GetScriptSecurityManager();
54 :
55 : // Invoked exactly once, by XPConnect.
56 : static void InitStatics();
57 :
58 : static SystemPrincipal*
59 : SystemPrincipalSingletonConstructor();
60 :
61 : /**
62 : * Utility method for comparing two URIs. For security purposes, two URIs
63 : * are equivalent if their schemes, hosts, and ports (if any) match. This
64 : * method returns true if aSubjectURI and aObjectURI have the same origin,
65 : * false otherwise.
66 : */
67 : static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
68 : static uint32_t SecurityHashURI(nsIURI* aURI);
69 :
70 : static nsresult
71 : ReportError(JSContext* cx, const nsAString& messageTag,
72 : nsIURI* aSource, nsIURI* aTarget);
73 :
74 : static uint32_t
75 : HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
76 :
77 : static bool
78 208 : GetStrictFileOriginPolicy()
79 : {
80 208 : return sStrictFileOriginPolicy;
81 : }
82 :
83 : void DeactivateDomainPolicy();
84 :
85 : private:
86 :
87 : // GetScriptSecurityManager is the only call that can make one
88 : nsScriptSecurityManager();
89 : virtual ~nsScriptSecurityManager();
90 :
91 : // Decides, based on CSP, whether or not eval() and stuff can be executed.
92 : static bool
93 : ContentSecurityPolicyPermitsJSAction(JSContext *cx);
94 :
95 : static bool
96 : JSPrincipalsSubsume(JSPrincipals *first, JSPrincipals *second);
97 :
98 : // Returns null if a principal cannot be found; generally callers
99 : // should error out at that point.
100 : static nsIPrincipal* doGetObjectPrincipal(JSObject* obj);
101 :
102 : nsresult
103 : Init();
104 :
105 : nsresult
106 : InitPrefs();
107 :
108 : inline void
109 : ScriptSecurityPrefChanged();
110 :
111 : inline void
112 : AddSitesToFileURIWhitelist(const nsCString& aSiteList);
113 :
114 : nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
115 : nsIPrincipal** aPrincipal,
116 : bool aIgnoreSandboxing);
117 :
118 : nsresult
119 : CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI, nsIURI* aSourceBaseURI,
120 : nsIURI* aTargetBaseURI, uint32_t aFlags);
121 :
122 : // Returns the file URI whitelist, initializing it if it has not been
123 : // initialized.
124 : const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIWhitelist();
125 :
126 : nsCOMPtr<nsIPrincipal> mSystemPrincipal;
127 : bool mPrefInitialized;
128 : bool mIsJavaScriptEnabled;
129 :
130 : // List of URIs whose domains and sub-domains are whitelisted to allow
131 : // access to file: URIs. Lazily initialized; isNothing() when not yet
132 : // initialized.
133 : mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIWhitelist;
134 :
135 : // This machinery controls new-style domain policies. The old-style
136 : // policy machinery will be removed soon.
137 : nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
138 :
139 : // Cached addon policy service. We can't generate this in Init() because
140 : // that's too early to get a service.
141 : mozilla::Maybe<nsCOMPtr<nsIAddonPolicyService>> mAddonPolicyService;
142 : nsIAddonPolicyService* GetAddonPolicyService()
143 : {
144 : if (mAddonPolicyService.isNothing()) {
145 : mAddonPolicyService.emplace(do_GetService("@mozilla.org/addons/policy-service;1"));
146 : }
147 : return mAddonPolicyService.ref();
148 : }
149 :
150 : static bool sStrictFileOriginPolicy;
151 :
152 : static nsIIOService *sIOService;
153 : static nsIStringBundle *sStrBundle;
154 : static JSContext *sContext;
155 : };
156 :
157 : #endif // nsScriptSecurityManager_h__
|
