caps/nsScriptSecurityManager.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=4 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef nsScriptSecurityManager_h__
   8 #define nsScriptSecurityManager_h__
   9
  10 #include "nsIScriptSecurityManager.h"
  11
  12 #include "mozilla/Maybe.h"
  13 #include "nsIPrincipal.h"
  14 #include "nsCOMPtr.h"
  15 #include "nsServiceManagerUtils.h"
  16 #include "nsStringFwd.h"
  17 #include "js/TypeDecls.h"
  18
  19 #include <stdint.h>
  20
  21 class nsIIOService;
  22 class nsIStringBundle;
  23
  24 namespace mozilla {
  25 class OriginAttributes;
  26 class SystemPrincipal;
  27 }  // namespace mozilla
  28
  29 namespace JS {
  30 enum class RuntimeCode;
  31 }  // namespace JS
  32
  33 /////////////////////////////
  34 // nsScriptSecurityManager //
  35 /////////////////////////////
  36 #define NS_SCRIPTSECURITYMANAGER_CID                 \
  37   {                                                  \
  38     0x7ee2a4c0, 0x4b93, 0x17d3, {                    \
  39       0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 \
  40     }                                                \
  41   }
  42
  43 class nsScriptSecurityManager final : public nsIScriptSecurityManager {
  44  public:
  45   static void Shutdown();
  46
  47   NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
  48
  49   NS_DECL_ISUPPORTS
  50   NS_DECL_NSISCRIPTSECURITYMANAGER
  51
  52   static nsScriptSecurityManager* GetScriptSecurityManager();
  53
  54   // Invoked exactly once, by XPConnect.
  55   static void InitStatics();
  56
  57   void InitJSCallbacks(JSContext* aCx);
  58
  59   // This has to be static because it is called after gScriptSecMan is cleared.
  60   static void ClearJSCallbacks(JSContext* aCx);
  61
  62   static already_AddRefed<mozilla::SystemPrincipal>
  63   SystemPrincipalSingletonConstructor();
  64
  65   /**
  66    * Utility method for comparing two URIs.  For security purposes, two URIs
  67    * are equivalent if their schemes, hosts, and ports (if any) match.  This
  68    * method returns true if aSubjectURI and aObjectURI have the same origin,
  69    * false otherwise.
  70    */
  71   static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
  72   static uint32_t SecurityHashURI(nsIURI* aURI);
  73   static bool IsHttpOrHttpsAndCrossOrigin(nsIURI* aUriA, nsIURI* aUriB);
  74
  75   static nsresult ReportError(const char* aMessageTag, nsIURI* aSource,
  76                               nsIURI* aTarget, bool aFromPrivateWindow,
  77                               uint64_t aInnerWindowID = 0);
  78   static nsresult ReportError(const char* aMessageTag,
  79                               const nsACString& sourceSpec,
  80                               const nsACString& targetSpec,
  81                               bool aFromPrivateWindow,
  82                               uint64_t aInnerWindowID = 0);
  83
  84   static uint32_t HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
  85
  86   static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
  87
  88   void DeactivateDomainPolicy();
  89
  90  private:
  91   // GetScriptSecurityManager is the only call that can make one
  92   nsScriptSecurityManager();
  93   virtual ~nsScriptSecurityManager();
  94
  95   // Decides, based on CSP, whether or not eval() and stuff can be executed.
  96   static bool ContentSecurityPolicyPermitsJSAction(JSContext* cx,
  97                                                    JS::RuntimeCode kind,
  98                                                    JS::Handle<JSString*> aCode);
  99
 100   static bool JSPrincipalsSubsume(JSPrincipals* first, JSPrincipals* second);
 101
 102   nsresult Init();
 103
 104   nsresult InitPrefs();
 105
 106   static void ScriptSecurityPrefChanged(const char* aPref, void* aSelf);
 107   void ScriptSecurityPrefChanged(const char* aPref = nullptr);
 108
 109   inline void AddSitesToFileURIAllowlist(const nsCString& aSiteList);
 110
 111   nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
 112                                      nsIPrincipal** aPrincipal,
 113                                      bool aIgnoreSandboxing);
 114
 115   nsresult CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI,
 116                              nsIURI* aSourceBaseURI, nsIURI* aTargetBaseURI,
 117                              uint32_t aFlags, bool aFromPrivateWindow,
 118                              uint64_t aInnerWindowID);
 119
 120   // Returns the file URI allowlist, initializing it if it has not been
 121   // initialized.
 122   const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIAllowlist();
 123
 124   nsCOMPtr<nsIPrincipal> mSystemPrincipal;
 125   bool mPrefInitialized;
 126   bool mIsJavaScriptEnabled;
 127
 128   // List of URIs whose domains and sub-domains are allowlisted to allow
 129   // access to file: URIs.  Lazily initialized; isNothing() when not yet
 130   // initialized.
 131   mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIAllowlist;
 132
 133   // This machinery controls new-style domain policies. The old-style
 134   // policy machinery will be removed soon.
 135   nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
 136
 137   static std::atomic<bool> sStrictFileOriginPolicy;
 138
 139   static mozilla::StaticRefPtr<nsIIOService> sIOService;
 140   static nsIStringBundle* sStrBundle;
 141 };
 142
 143 #endif  // nsScriptSecurityManager_h__