caps/nsScriptSecurityManager.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=4 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef nsScriptSecurityManager_h__
   8 #define nsScriptSecurityManager_h__
   9
  10 #include "nsIScriptSecurityManager.h"
  11
  12 #include "mozilla/Maybe.h"
  13 #include "nsIPrincipal.h"
  14 #include "nsCOMPtr.h"
  15 #include "nsServiceManagerUtils.h"
  16 #include "nsStringFwd.h"
  17 #include "js/TypeDecls.h"
  18
  19 #include <stdint.h>
  20
  21 class nsIIOService;
  22 class nsIStringBundle;
  23
  24 namespace mozilla {
  25 class OriginAttributes;
  26 class SystemPrincipal;
  27 }  // namespace mozilla
  28
  29 namespace JS {
  30 enum class RuntimeCode;
  31 }  // namespace JS
  32
  33 /////////////////////////////
  34 // nsScriptSecurityManager //
  35 /////////////////////////////
  36 #define NS_SCRIPTSECURITYMANAGER_CID                 \
  37   {                                                  \
  38     0x7ee2a4c0, 0x4b93, 0x17d3, {                    \
  39       0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 \
  40     }                                                \
  41   }
  42
  43 class nsScriptSecurityManager final : public nsIScriptSecurityManager {
  44  public:
  45   static void Shutdown();
  46
  47   NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
  48
  49   NS_DECL_ISUPPORTS
  50   NS_DECL_NSISCRIPTSECURITYMANAGER
  51
  52   static nsScriptSecurityManager* GetScriptSecurityManager();
  53
  54   // Invoked exactly once, by XPConnect.
  55   static void InitStatics();
  56
  57   void InitJSCallbacks(JSContext* aCx);
  58
  59   // This has to be static because it is called after gScriptSecMan is cleared.
  60   static void ClearJSCallbacks(JSContext* aCx);
  61
  62   static already_AddRefed<mozilla::SystemPrincipal>
  63   SystemPrincipalSingletonConstructor();
  64
  65   /**
  66    * Utility method for comparing two URIs.  For security purposes, two URIs
  67    * are equivalent if their schemes, hosts, and ports (if any) match.  This
  68    * method returns true if aSubjectURI and aObjectURI have the same origin,
  69    * false otherwise.
  70    */
  71   static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
  72   static uint32_t SecurityHashURI(nsIURI* aURI);
  73
  74   static nsresult ReportError(const char* aMessageTag, nsIURI* aSource,
  75                               nsIURI* aTarget, bool aFromPrivateWindow,
  76                               uint64_t aInnerWindowID = 0);
  77   static nsresult ReportError(const char* aMessageTag,
  78                               const nsACString& sourceSpec,
  79                               const nsACString& targetSpec,
  80                               bool aFromPrivateWindow,
  81                               uint64_t aInnerWindowID = 0);
  82
  83   static uint32_t HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
  84
  85   static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
  86
  87   void DeactivateDomainPolicy();
  88
  89  private:
  90   // GetScriptSecurityManager is the only call that can make one
  91   nsScriptSecurityManager();
  92   virtual ~nsScriptSecurityManager();
  93
  94   // Decides, based on CSP, whether or not eval() and stuff can be executed.
  95   static bool ContentSecurityPolicyPermitsJSAction(JSContext* cx,
  96                                                    JS::RuntimeCode kind,
  97                                                    JS::Handle<JSString*> aCode);
  98
  99   static bool JSPrincipalsSubsume(JSPrincipals* first, JSPrincipals* second);
 100
 101   nsresult Init();
 102
 103   nsresult InitPrefs();
 104
 105   static void ScriptSecurityPrefChanged(const char* aPref, void* aSelf);
 106   void ScriptSecurityPrefChanged(const char* aPref = nullptr);
 107
 108   inline void AddSitesToFileURIAllowlist(const nsCString& aSiteList);
 109
 110   nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
 111                                      nsIPrincipal** aPrincipal,
 112                                      bool aIgnoreSandboxing);
 113
 114   nsresult CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI,
 115                              nsIURI* aSourceBaseURI, nsIURI* aTargetBaseURI,
 116                              uint32_t aFlags, bool aFromPrivateWindow,
 117                              uint64_t aInnerWindowID);
 118
 119   // Returns the file URI allowlist, initializing it if it has not been
 120   // initialized.
 121   const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIAllowlist();
 122
 123   nsCOMPtr<nsIPrincipal> mSystemPrincipal;
 124   bool mPrefInitialized;
 125   bool mIsJavaScriptEnabled;
 126
 127   // List of URIs whose domains and sub-domains are allowlisted to allow
 128   // access to file: URIs.  Lazily initialized; isNothing() when not yet
 129   // initialized.
 130   mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIAllowlist;
 131
 132   // This machinery controls new-style domain policies. The old-style
 133   // policy machinery will be removed soon.
 134   nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
 135
 136   static std::atomic<bool> sStrictFileOriginPolicy;
 137
 138   static mozilla::StaticRefPtr<nsIIOService> sIOService;
 139   static nsIStringBundle* sStrBundle;
 140 };
 141
 142 #endif  // nsScriptSecurityManager_h__