LCOV - output.info - js/xpconnect/wrappers/AccessCheck.h

LCOV - code coverage report

Current view:	top level - js/xpconnect/wrappers - AccessCheck.h (source / functions)		Hit	Total	Coverage
Test:	output.info	Lines:	0	29	0.0 %
Date:	2017-07-14 16:53:18	Functions:	0	12	0.0 %
Legend:	Lines: hit not hit

          Line data    Source code

       1             : /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
       2             : /* vim: set ts=8 sts=4 et sw=4 tw=99: */
       3             : /* This Source Code Form is subject to the terms of the Mozilla Public
       4             :  * License, v. 2.0. If a copy of the MPL was not distributed with this
       5             :  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
       6             : 
       7             : #ifndef __AccessCheck_h__
       8             : #define __AccessCheck_h__
       9             : 
      10             : #include "jswrapper.h"
      11             : #include "js/Id.h"
      12             : #include "nsStringGlue.h"
      13             : 
      14             : class nsIPrincipal;
      15             : 
      16             : namespace xpc {
      17             : 
      18             : class AccessCheck {
      19             :   public:
      20             :     static bool subsumes(JSCompartment* a, JSCompartment* b);
      21             :     static bool subsumes(JSObject* a, JSObject* b);
      22             :     static bool wrapperSubsumes(JSObject* wrapper);
      23             :     static bool subsumesConsideringDomain(JSCompartment* a, JSCompartment* b);
      24             :     static bool subsumesConsideringDomainIgnoringFPD(JSCompartment* a,
      25             :                                                      JSCompartment* b);
      26             :     static bool isChrome(JSCompartment* compartment);
      27             :     static bool isChrome(JSObject* obj);
      28             :     static nsIPrincipal* getPrincipal(JSCompartment* compartment);
      29             :     static bool isCrossOriginAccessPermitted(JSContext* cx, JS::HandleObject obj,
      30             :                                              JS::HandleId id, js::Wrapper::Action act);
      31             :     static bool checkPassToPrivilegedCode(JSContext* cx, JS::HandleObject wrapper,
      32             :                                           JS::HandleValue value);
      33             :     static bool checkPassToPrivilegedCode(JSContext* cx, JS::HandleObject wrapper,
      34             :                                           const JS::CallArgs& args);
      35             :     // Called to report the correct sort of exception when our policy denies and
      36             :     // should throw.  The accessType argument should be one of "access",
      37             :     // "define", "delete", depending on which operation is being denied.
      38             :     static void reportCrossOriginDenial(JSContext* cx, JS::HandleId id,
      39             :                                         const nsACString& accessType);
      40             : };
      41             : 
      42             : enum CrossOriginObjectType {
      43             :     CrossOriginWindow,
      44             :     CrossOriginLocation,
      45             :     CrossOriginOpaque
      46             : };
      47             : CrossOriginObjectType IdentifyCrossOriginObject(JSObject* obj);
      48             : 
      49             : struct Policy {
      50           0 :     static bool checkCall(JSContext* cx, JS::HandleObject wrapper, const JS::CallArgs& args) {
      51           0 :         MOZ_CRASH("As a rule, filtering wrappers are non-callable");
      52             :     }
      53             : };
      54             : 
      55             : // This policy allows no interaction with the underlying callable. Everything throws.
      56             : struct Opaque : public Policy {
      57           0 :     static bool check(JSContext* cx, JSObject* wrapper, jsid id, js::Wrapper::Action act) {
      58           0 :         return false;
      59             :     }
      60           0 :     static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
      61             :                      bool mayThrow) {
      62           0 :         return false;
      63             :     }
      64           0 :     static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) {
      65           0 :         return false;
      66             :     }
      67             : };
      68             : 
      69             : // Like the above, but allows CALL.
      70             : struct OpaqueWithCall : public Policy {
      71           0 :     static bool check(JSContext* cx, JSObject* wrapper, jsid id, js::Wrapper::Action act) {
      72           0 :         return act == js::Wrapper::CALL;
      73             :     }
      74           0 :     static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
      75             :                      bool mayThrow) {
      76           0 :         return false;
      77             :     }
      78           0 :     static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) {
      79           0 :         return false;
      80             :     }
      81           0 :     static bool checkCall(JSContext* cx, JS::HandleObject wrapper, const JS::CallArgs& args) {
      82           0 :         return AccessCheck::checkPassToPrivilegedCode(cx, wrapper, args);
      83             :     }
      84             : };
      85             : 
      86             : // This policy only permits access to properties that are safe to be used
      87             : // across origins.
      88             : struct CrossOriginAccessiblePropertiesOnly : public Policy {
      89           0 :     static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act) {
      90           0 :         return AccessCheck::isCrossOriginAccessPermitted(cx, wrapper, id, act);
      91             :     }
      92           0 :     static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
      93             :                      bool mayThrow) {
      94             :         // Silently fail for enumerate-like operations.
      95           0 :         if (act == js::Wrapper::ENUMERATE)
      96           0 :             return true;
      97           0 :         if (mayThrow)
      98           0 :             AccessCheck::reportCrossOriginDenial(cx, id,
      99           0 :                                                  NS_LITERAL_CSTRING("access"));
     100           0 :         return false;
     101             :     }
     102           0 :     static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) {
     103           0 :         return false;
     104             :     }
     105             : };
     106             : 
     107             : // This policy only permits access to properties if they appear in the
     108             : // objects exposed properties list.
     109             : struct ExposedPropertiesOnly : public Policy {
     110             :     static bool check(JSContext* cx, JS::HandleObject wrapper, JS::HandleId id, js::Wrapper::Action act);
     111             : 
     112             :     static bool deny(JSContext* cx, js::Wrapper::Action act, JS::HandleId id,
     113             :                      bool mayThrow);
     114           0 :     static bool allowNativeCall(JSContext* cx, JS::IsAcceptableThis test, JS::NativeImpl impl) {
     115           0 :         return false;
     116             :     }
     117             : };
     118             : 
     119             : } // namespace xpc
     120             : 
     121             : #endif /* __AccessCheck_h__ */

Generated by: LCOV version 1.13