1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*-
2 * vim: set ts=8 sts=2 et sw=2 tw=80:
3 * This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 /* JSPrincipals and related interfaces. */
9 #ifndef js_Principals_h
10 #define js_Principals_h
12 #include "mozilla/Atomics.h"
18 #include "js/TypeDecls.h"
20 struct JSStructuredCloneReader
;
21 struct JSStructuredCloneWriter
;
24 /* Don't call "destroy"; use reference counting macros below. */
25 mozilla::Atomic
<int32_t, mozilla::SequentiallyConsistent
> refcount
{0};
28 /* A helper to facilitate principals debugging. */
32 JSPrincipals() = default;
34 void setDebugToken(uint32_t token
) {
41 * Write the principals with the given |writer|. Return false on failure,
44 virtual bool write(JSContext
* cx
, JSStructuredCloneWriter
* writer
) = 0;
47 * Whether the principal corresponds to a System or AddOn Principal.
48 * Technically this also checks for an ExpandedAddonPrincipal.
50 virtual bool isSystemOrAddonPrincipal() = 0;
53 * This is not defined by the JS engine but should be provided by the
56 JS_PUBLIC_API
void dump();
59 extern JS_PUBLIC_API
void JS_HoldPrincipals(JSPrincipals
* principals
);
61 extern JS_PUBLIC_API
void JS_DropPrincipals(JSContext
* cx
,
62 JSPrincipals
* principals
);
64 // Return whether the first principal subsumes the second. The exact meaning of
65 // 'subsumes' is left up to the browser. Subsumption is checked inside the JS
66 // engine when determining, e.g., which stack frames to display in a backtrace.
67 typedef bool (*JSSubsumesOp
)(JSPrincipals
* first
, JSPrincipals
* second
);
70 enum class RuntimeCode
{ JS
, WASM
};
74 * Used to check if a CSP instance wants to disable eval() and friends.
75 * See JSContext::isRuntimeCodeGenEnabled() in vm/JSContext.cpp.
77 * `code` is the JavaScript source code passed to eval/Function, but nullptr
80 * Returning `false` from this callback will prevent the execution/compilation
83 typedef bool (*JSCSPEvalChecker
)(JSContext
* cx
, JS::RuntimeCode kind
,
84 JS::HandleString code
);
86 struct JSSecurityCallbacks
{
87 JSCSPEvalChecker contentSecurityPolicyAllows
;
88 JSSubsumesOp subsumes
;
91 extern JS_PUBLIC_API
void JS_SetSecurityCallbacks(
92 JSContext
* cx
, const JSSecurityCallbacks
* callbacks
);
94 extern JS_PUBLIC_API
const JSSecurityCallbacks
* JS_GetSecurityCallbacks(
98 * Code running with "trusted" principals will be given a deeper stack
99 * allocation than ordinary scripts. This allows trusted script to run after
100 * untrusted script has exhausted the stack. This function sets the
101 * runtime-wide trusted principal.
103 * This principals is not held (via JS_HoldPrincipals/JS_DropPrincipals).
104 * Instead, the caller must ensure that the given principals stays valid for as
105 * long as 'cx' may point to it. If the principals would be destroyed before
106 * 'cx', JS_SetTrustedPrincipals must be called again, passing nullptr for
109 extern JS_PUBLIC_API
void JS_SetTrustedPrincipals(JSContext
* cx
,
112 typedef void (*JSDestroyPrincipalsOp
)(JSPrincipals
* principals
);
115 * Initialize the callback that is called to destroy JSPrincipals instance
116 * when its reference counter drops to zero. The initialization can be done
117 * only once per JS runtime.
119 extern JS_PUBLIC_API
void JS_InitDestroyPrincipalsCallback(
120 JSContext
* cx
, JSDestroyPrincipalsOp destroyPrincipals
);
123 * Read a JSPrincipals instance from the given |reader| and initialize the out
124 * paratemer |outPrincipals| to the JSPrincipals instance read.
126 * Return false on failure, true on success. The |outPrincipals| parameter
127 * should not be modified if false is returned.
129 * The caller is not responsible for calling JS_HoldPrincipals on the resulting
130 * JSPrincipals instance, the JSReadPrincipalsOp must increment the refcount of
131 * the resulting JSPrincipals on behalf of the caller.
133 using JSReadPrincipalsOp
= bool (*)(JSContext
* cx
,
134 JSStructuredCloneReader
* reader
,
135 JSPrincipals
** outPrincipals
);
138 * Initialize the callback that is called to read JSPrincipals instances from a
139 * buffer. The initialization can be done only once per JS runtime.
141 extern JS_PUBLIC_API
void JS_InitReadPrincipalsCallback(
142 JSContext
* cx
, JSReadPrincipalsOp read
);
146 class MOZ_RAII AutoHoldPrincipals
{
148 JSPrincipals
* principals_
= nullptr;
151 explicit AutoHoldPrincipals(JSContext
* cx
, JSPrincipals
* principals
= nullptr)
156 ~AutoHoldPrincipals() { reset(nullptr); }
158 void reset(JSPrincipals
* principals
) {
160 JS_HoldPrincipals(principals
);
163 JS_DropPrincipals(cx_
, principals_
);
165 principals_
= principals
;
168 JSPrincipals
* get() const { return principals_
; }
173 #endif /* js_Principals_h */