Line data Source code
1 : /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
2 : * vim: set ts=8 sts=4 et sw=4 tw=99:
3 : * This Source Code Form is subject to the terms of the Mozilla Public
4 : * License, v. 2.0. If a copy of the MPL was not distributed with this
5 : * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
6 :
7 : /* JSPrincipals and related interfaces. */
8 :
9 : #ifndef js_Principals_h
10 : #define js_Principals_h
11 :
12 : #include "mozilla/Atomics.h"
13 :
14 : #include <stdint.h>
15 :
16 : #include "jspubtd.h"
17 :
18 : #include "js/StructuredClone.h"
19 :
20 : namespace js {
21 : struct JS_PUBLIC_API(PerformanceGroup);
22 : } // namespace js
23 :
24 : struct JSPrincipals {
25 : /* Don't call "destroy"; use reference counting macros below. */
26 : mozilla::Atomic<int32_t> refcount;
27 :
28 : #ifdef JS_DEBUG
29 : /* A helper to facilitate principals debugging. */
30 : uint32_t debugToken;
31 : #endif
32 :
33 350 : JSPrincipals() : refcount(0) {}
34 :
35 520 : void setDebugToken(uint32_t token) {
36 : # ifdef JS_DEBUG
37 520 : debugToken = token;
38 : # endif
39 520 : }
40 :
41 : /*
42 : * Write the principals with the given |writer|. Return false on failure,
43 : * true on success.
44 : */
45 : virtual bool write(JSContext* cx, JSStructuredCloneWriter* writer) = 0;
46 :
47 : /*
48 : * This is not defined by the JS engine but should be provided by the
49 : * embedding.
50 : */
51 : JS_PUBLIC_API(void) dump();
52 : };
53 :
54 : extern JS_PUBLIC_API(void)
55 : JS_HoldPrincipals(JSPrincipals* principals);
56 :
57 : extern JS_PUBLIC_API(void)
58 : JS_DropPrincipals(JSContext* cx, JSPrincipals* principals);
59 :
60 : // Return whether the first principal subsumes the second. The exact meaning of
61 : // 'subsumes' is left up to the browser. Subsumption is checked inside the JS
62 : // engine when determining, e.g., which stack frames to display in a backtrace.
63 : typedef bool
64 : (* JSSubsumesOp)(JSPrincipals* first, JSPrincipals* second);
65 :
66 : /*
67 : * Used to check if a CSP instance wants to disable eval() and friends.
68 : * See js_CheckCSPPermitsJSAction() in jsobj.
69 : */
70 : typedef bool
71 : (* JSCSPEvalChecker)(JSContext* cx);
72 :
73 : struct JSSecurityCallbacks {
74 : JSCSPEvalChecker contentSecurityPolicyAllows;
75 : JSSubsumesOp subsumes;
76 : };
77 :
78 : extern JS_PUBLIC_API(void)
79 : JS_SetSecurityCallbacks(JSContext* cx, const JSSecurityCallbacks* callbacks);
80 :
81 : extern JS_PUBLIC_API(const JSSecurityCallbacks*)
82 : JS_GetSecurityCallbacks(JSContext* cx);
83 :
84 : /*
85 : * Code running with "trusted" principals will be given a deeper stack
86 : * allocation than ordinary scripts. This allows trusted script to run after
87 : * untrusted script has exhausted the stack. This function sets the
88 : * runtime-wide trusted principal.
89 : *
90 : * This principals is not held (via JS_HoldPrincipals/JS_DropPrincipals).
91 : * Instead, the caller must ensure that the given principals stays valid for as
92 : * long as 'cx' may point to it. If the principals would be destroyed before
93 : * 'cx', JS_SetTrustedPrincipals must be called again, passing nullptr for
94 : * 'prin'.
95 : */
96 : extern JS_PUBLIC_API(void)
97 : JS_SetTrustedPrincipals(JSContext* cx, JSPrincipals* prin);
98 :
99 : typedef void
100 : (* JSDestroyPrincipalsOp)(JSPrincipals* principals);
101 :
102 : /*
103 : * Initialize the callback that is called to destroy JSPrincipals instance
104 : * when its reference counter drops to zero. The initialization can be done
105 : * only once per JS runtime.
106 : */
107 : extern JS_PUBLIC_API(void)
108 : JS_InitDestroyPrincipalsCallback(JSContext* cx, JSDestroyPrincipalsOp destroyPrincipals);
109 :
110 : /*
111 : * Read a JSPrincipals instance from the given |reader| and initialize the out
112 : * paratemer |outPrincipals| to the JSPrincipals instance read.
113 : *
114 : * Return false on failure, true on success. The |outPrincipals| parameter
115 : * should not be modified if false is returned.
116 : *
117 : * The caller is not responsible for calling JS_HoldPrincipals on the resulting
118 : * JSPrincipals instance, the JSReadPrincipalsOp must increment the refcount of
119 : * the resulting JSPrincipals on behalf of the caller.
120 : */
121 : using JSReadPrincipalsOp = bool (*)(JSContext* cx, JSStructuredCloneReader* reader,
122 : JSPrincipals** outPrincipals);
123 :
124 : /*
125 : * Initialize the callback that is called to read JSPrincipals instances from a
126 : * buffer. The initialization can be done only once per JS runtime.
127 : */
128 : extern JS_PUBLIC_API(void)
129 : JS_InitReadPrincipalsCallback(JSContext* cx, JSReadPrincipalsOp read);
130 :
131 :
132 : #endif /* js_Principals_h */
|
