caps/nsScriptSecurityManager.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=4 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef nsScriptSecurityManager_h__
   8 #define nsScriptSecurityManager_h__
   9
  10 #include "nsIScriptSecurityManager.h"
  11
  12 #include "mozilla/Maybe.h"
  13 #include "nsIPrincipal.h"
  14 #include "nsCOMPtr.h"
  15 #include "nsServiceManagerUtils.h"
  16 #include "nsStringFwd.h"
  17 #include "plstr.h"
  18 #include "js/TypeDecls.h"
  19
  20 #include <stdint.h>
  21
  22 class nsIIOService;
  23 class nsIStringBundle;
  24
  25 namespace mozilla {
  26 class OriginAttributes;
  27 class SystemPrincipal;
  28 }  // namespace mozilla
  29
  30 namespace JS {
  31 enum class RuntimeCode;
  32 }  // namespace JS
  33
  34 /////////////////////////////
  35 // nsScriptSecurityManager //
  36 /////////////////////////////
  37 #define NS_SCRIPTSECURITYMANAGER_CID                 \
  38   {                                                  \
  39     0x7ee2a4c0, 0x4b93, 0x17d3, {                    \
  40       0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 \
  41     }                                                \
  42   }
  43
  44 class nsScriptSecurityManager final : public nsIScriptSecurityManager {
  45  public:
  46   static void Shutdown();
  47
  48   NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
  49
  50   NS_DECL_ISUPPORTS
  51   NS_DECL_NSISCRIPTSECURITYMANAGER
  52
  53   static nsScriptSecurityManager* GetScriptSecurityManager();
  54
  55   // Invoked exactly once, by XPConnect.
  56   static void InitStatics();
  57
  58   void InitJSCallbacks(JSContext* aCx);
  59
  60   // This has to be static because it is called after gScriptSecMan is cleared.
  61   static void ClearJSCallbacks(JSContext* aCx);
  62
  63   static already_AddRefed<mozilla::SystemPrincipal>
  64   SystemPrincipalSingletonConstructor();
  65
  66   /**
  67    * Utility method for comparing two URIs.  For security purposes, two URIs
  68    * are equivalent if their schemes, hosts, and ports (if any) match.  This
  69    * method returns true if aSubjectURI and aObjectURI have the same origin,
  70    * false otherwise.
  71    */
  72   static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
  73   static uint32_t SecurityHashURI(nsIURI* aURI);
  74
  75   static nsresult ReportError(const char* aMessageTag, nsIURI* aSource,
  76                               nsIURI* aTarget, bool aFromPrivateWindow,
  77                               uint64_t aInnerWindowID = 0);
  78   static nsresult ReportError(const char* aMessageTag,
  79                               const nsACString& sourceSpec,
  80                               const nsACString& targetSpec,
  81                               bool aFromPrivateWindow,
  82                               uint64_t aInnerWindowID = 0);
  83
  84   static uint32_t HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
  85
  86   static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
  87
  88   void DeactivateDomainPolicy();
  89
  90  private:
  91   // GetScriptSecurityManager is the only call that can make one
  92   nsScriptSecurityManager();
  93   virtual ~nsScriptSecurityManager();
  94
  95   // Decides, based on CSP, whether or not eval() and stuff can be executed.
  96   static bool ContentSecurityPolicyPermitsJSAction(JSContext* cx,
  97                                                    JS::RuntimeCode kind,
  98                                                    JS::Handle<JSString*> aCode);
  99
 100   static bool JSPrincipalsSubsume(JSPrincipals* first, JSPrincipals* second);
 101
 102   nsresult Init();
 103
 104   nsresult InitPrefs();
 105
 106   static void ScriptSecurityPrefChanged(const char* aPref, void* aSelf);
 107   void ScriptSecurityPrefChanged(const char* aPref = nullptr);
 108
 109   inline void AddSitesToFileURIAllowlist(const nsCString& aSiteList);
 110
 111   nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
 112                                      nsIPrincipal** aPrincipal,
 113                                      bool aIgnoreSandboxing);
 114
 115   nsresult CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI,
 116                              nsIURI* aSourceBaseURI, nsIURI* aTargetBaseURI,
 117                              uint32_t aFlags, bool aFromPrivateWindow,
 118                              uint64_t aInnerWindowID);
 119
 120   // Returns the file URI allowlist, initializing it if it has not been
 121   // initialized.
 122   const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIAllowlist();
 123
 124   nsCOMPtr<nsIPrincipal> mSystemPrincipal;
 125   bool mPrefInitialized;
 126   bool mIsJavaScriptEnabled;
 127
 128   // List of URIs whose domains and sub-domains are allowlisted to allow
 129   // access to file: URIs.  Lazily initialized; isNothing() when not yet
 130   // initialized.
 131   mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIAllowlist;
 132
 133   // This machinery controls new-style domain policies. The old-style
 134   // policy machinery will be removed soon.
 135   nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
 136
 137   static std::atomic<bool> sStrictFileOriginPolicy;
 138
 139   static nsIIOService* sIOService;
 140   static nsIStringBundle* sStrBundle;
 141 };
 142
 143 #endif  // nsScriptSecurityManager_h__