caps/src/nsNullPrincipal.cpp

   1 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* This Source Code Form is subject to the terms of the Mozilla Public
   3  * License, v. 2.0. If a copy of the MPL was not distributed with this
   4  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   5
   6 /**
   7  * This is the principal that has no rights and can't be accessed by
   8  * anything other than itself and chrome; null principals are not
   9  * same-origin with anything but themselves.
  10  */
  11
  12 #include "mozilla/Util.h"
  13
  14 #include "nsNullPrincipal.h"
  15 #include "nsNullPrincipalURI.h"
  16 #include "nsMemory.h"
  17 #include "nsIUUIDGenerator.h"
  18 #include "nsID.h"
  19 #include "nsNetUtil.h"
  20 #include "nsIClassInfoImpl.h"
  21 #include "nsNetCID.h"
  22 #include "nsError.h"
  23 #include "nsIScriptSecurityManager.h"
  24 #include "nsScriptSecurityManager.h"
  25 #include "pratom.h"
  26
  27 using namespace mozilla;
  28
  29 NS_IMPL_CLASSINFO(nsNullPrincipal, nullptr, nsIClassInfo::MAIN_THREAD_ONLY,
  30                   NS_NULLPRINCIPAL_CID)
  31 NS_IMPL_QUERY_INTERFACE2_CI(nsNullPrincipal,
  32                             nsIPrincipal,
  33                             nsISerializable)
  34 NS_IMPL_CI_INTERFACE_GETTER2(nsNullPrincipal,
  35                              nsIPrincipal,
  36                              nsISerializable)
  37
  38 NS_IMETHODIMP_(nsrefcnt)
  39 nsNullPrincipal::AddRef()
  40 {
  41   NS_PRECONDITION(int32_t(refcount) >= 0, "illegal refcnt");
  42   nsrefcnt count = ++refcount;
  43   NS_LOG_ADDREF(this, count, "nsNullPrincipal", sizeof(*this));
  44   return count;
  45 }
  46
  47 NS_IMETHODIMP_(nsrefcnt)
  48 nsNullPrincipal::Release()
  49 {
  50   NS_PRECONDITION(0 != refcount, "dup release");
  51   nsrefcnt count = --refcount;
  52   NS_LOG_RELEASE(this, count, "nsNullPrincipal");
  53   if (count == 0) {
  54     delete this;
  55   }
  56
  57   return count;
  58 }
  59
  60 nsNullPrincipal::nsNullPrincipal()
  61 {
  62 }
  63
  64 nsNullPrincipal::~nsNullPrincipal()
  65 {
  66 }
  67
  68 #define NS_NULLPRINCIPAL_PREFIX NS_NULLPRINCIPAL_SCHEME ":"
  69
  70 nsresult
  71 nsNullPrincipal::Init()
  72 {
  73   // FIXME: bug 327161 -- make sure the uuid generator is reseeding-resistant.
  74   nsresult rv;
  75   nsCOMPtr<nsIUUIDGenerator> uuidgen =
  76     do_GetService("@mozilla.org/uuid-generator;1", &rv);
  77   NS_ENSURE_SUCCESS(rv, rv);
  78
  79   nsID id;
  80   rv = uuidgen->GenerateUUIDInPlace(&id);
  81   NS_ENSURE_SUCCESS(rv, rv);
  82
  83   char chars[NSID_LENGTH];
  84   id.ToProvidedString(chars);
  85
  86   uint32_t suffixLen = NSID_LENGTH - 1;
  87   uint32_t prefixLen = ArrayLength(NS_NULLPRINCIPAL_PREFIX) - 1;
  88
  89   // Use an nsCString so we only do the allocation once here and then share
  90   // with nsJSPrincipals
  91   nsCString str;
  92   str.SetCapacity(prefixLen + suffixLen);
  93
  94   str.Append(NS_NULLPRINCIPAL_PREFIX);
  95   str.Append(chars);
  96
  97   if (str.Length() != prefixLen + suffixLen) {
  98     NS_WARNING("Out of memory allocating null-principal URI");
  99     return NS_ERROR_OUT_OF_MEMORY;
 100   }
 101
 102   mURI = new nsNullPrincipalURI(str);
 103   NS_ENSURE_TRUE(mURI, NS_ERROR_OUT_OF_MEMORY);
 104
 105   return NS_OK;
 106 }
 107
 108 void
 109 nsNullPrincipal::GetScriptLocation(nsACString &aStr)
 110 {
 111   mURI->GetSpec(aStr);
 112 }
 113
 114 #ifdef DEBUG
 115 void nsNullPrincipal::dumpImpl()
 116 {
 117   nsAutoCString str;
 118   mURI->GetSpec(str);
 119   fprintf(stderr, "nsNullPrincipal (%p) = %s\n", this, str.get());
 120 }
 121 #endif
 122
 123 /**
 124  * nsIPrincipal implementation
 125  */
 126
 127 NS_IMETHODIMP
 128 nsNullPrincipal::Equals(nsIPrincipal *aOther, bool *aResult)
 129 {
 130   // Just equal to ourselves.  Note that nsPrincipal::Equals will return false
 131   // for us since we have a unique domain/origin/etc.
 132   *aResult = (aOther == this);
 133   return NS_OK;
 134 }
 135
 136 NS_IMETHODIMP
 137 nsNullPrincipal::EqualsIgnoringDomain(nsIPrincipal *aOther, bool *aResult)
 138 {
 139   return Equals(aOther, aResult);
 140 }
 141
 142 NS_IMETHODIMP
 143 nsNullPrincipal::GetHashValue(uint32_t *aResult)
 144 {
 145   *aResult = (NS_PTR_TO_INT32(this) >> 2);
 146   return NS_OK;
 147 }
 148
 149 NS_IMETHODIMP
 150 nsNullPrincipal::GetSecurityPolicy(void** aSecurityPolicy)
 151 {
 152   // Leftover from old security model, a "security policy" is a set of
 153   // rules for property access that can override the SOP. Policies are
 154   // associated with origins and since nsNullPinricipals never get the
 155   // same origin twice, it's not possible to specify a "security
 156   // policy" for it.  Hence, we do not cache the security policy.
 157   *aSecurityPolicy = nullptr;
 158   return NS_OK;
 159 }
 160
 161 NS_IMETHODIMP
 162 nsNullPrincipal::SetSecurityPolicy(void* aSecurityPolicy)
 163 {
 164   // Leftover from old security model, a "security policy" is a set of
 165   // rules for property access that can override the SOP. Policies are
 166   // associated with origins and since nsNullPinricipals never get the
 167   // same origin twice, it's not possible to specify a "security
 168   // policy" for it.  Hence, we do not cache the security policy.
 169   return NS_OK;
 170 }
 171
 172 NS_IMETHODIMP
 173 nsNullPrincipal::GetURI(nsIURI** aURI)
 174 {
 175   return NS_EnsureSafeToReturn(mURI, aURI);
 176 }
 177
 178 NS_IMETHODIMP
 179 nsNullPrincipal::GetCsp(nsIContentSecurityPolicy** aCsp)
 180 {
 181   NS_IF_ADDREF(*aCsp = mCSP);
 182   return NS_OK;
 183 }
 184
 185 NS_IMETHODIMP
 186 nsNullPrincipal::SetCsp(nsIContentSecurityPolicy* aCsp)
 187 {
 188   // If CSP was already set, it should not be destroyed!  Instead, it should
 189   // get set anew when a new principal is created.
 190   if (mCSP)
 191     return NS_ERROR_ALREADY_INITIALIZED;
 192
 193   mCSP = aCsp;
 194   return NS_OK;
 195 }
 196
 197 NS_IMETHODIMP
 198 nsNullPrincipal::GetDomain(nsIURI** aDomain)
 199 {
 200   return NS_EnsureSafeToReturn(mURI, aDomain);
 201 }
 202
 203 NS_IMETHODIMP
 204 nsNullPrincipal::SetDomain(nsIURI* aDomain)
 205 {
 206   // I think the right thing to do here is to just throw...  Silently failing
 207   // seems counterproductive.
 208   return NS_ERROR_NOT_AVAILABLE;
 209 }
 210
 211 NS_IMETHODIMP
 212 nsNullPrincipal::GetOrigin(char** aOrigin)
 213 {
 214   *aOrigin = nullptr;
 215
 216   nsAutoCString str;
 217   nsresult rv = mURI->GetSpec(str);
 218   NS_ENSURE_SUCCESS(rv, rv);
 219
 220   *aOrigin = ToNewCString(str);
 221   NS_ENSURE_TRUE(*aOrigin, NS_ERROR_OUT_OF_MEMORY);
 222
 223   return NS_OK;
 224 }
 225
 226 NS_IMETHODIMP
 227 nsNullPrincipal::Subsumes(nsIPrincipal *aOther, bool *aResult)
 228 {
 229   // We don't subsume anything except ourselves.  Note that nsPrincipal::Equals
 230   // will return false for us, since we're not about:blank and not Equals to
 231   // reasonable nsPrincipals.
 232   *aResult = (aOther == this);
 233   return NS_OK;
 234 }
 235
 236 NS_IMETHODIMP
 237 nsNullPrincipal::SubsumesIgnoringDomain(nsIPrincipal *aOther, bool *aResult)
 238 {
 239   return Subsumes(aOther, aResult);
 240 }
 241
 242 NS_IMETHODIMP
 243 nsNullPrincipal::CheckMayLoad(nsIURI* aURI, bool aReport, bool aAllowIfInheritsPrincipal)
 244  {
 245   if (aAllowIfInheritsPrincipal) {
 246     if (nsPrincipal::IsPrincipalInherited(aURI)) {
 247       return NS_OK;
 248     }
 249
 250     // Also allow the load if the principal of the URI being checked is exactly
 251     // us ie this.
 252     nsCOMPtr<nsIURIWithPrincipal> uriPrinc = do_QueryInterface(aURI);
 253     if (uriPrinc) {
 254       nsCOMPtr<nsIPrincipal> principal;
 255       uriPrinc->GetPrincipal(getter_AddRefs(principal));
 256
 257       if (principal && principal == this) {
 258         return NS_OK;
 259       }
 260     }
 261   }
 262
 263   if (aReport) {
 264     nsScriptSecurityManager::ReportError(
 265       nullptr, NS_LITERAL_STRING("CheckSameOriginError"), mURI, aURI);
 266   }
 267
 268   return NS_ERROR_DOM_BAD_URI;
 269 }
 270
 271 NS_IMETHODIMP
 272 nsNullPrincipal::GetJarPrefix(nsACString& aJarPrefix)
 273 {
 274   aJarPrefix.Truncate();
 275   return NS_OK;
 276 }
 277
 278 NS_IMETHODIMP
 279 nsNullPrincipal::GetAppStatus(uint16_t* aAppStatus)
 280 {
 281   *aAppStatus = nsIPrincipal::APP_STATUS_NOT_INSTALLED;
 282   return NS_OK;
 283 }
 284
 285 NS_IMETHODIMP
 286 nsNullPrincipal::GetAppId(uint32_t* aAppId)
 287 {
 288   *aAppId = nsIScriptSecurityManager::NO_APP_ID;
 289   return NS_OK;
 290 }
 291
 292 NS_IMETHODIMP
 293 nsNullPrincipal::GetIsInBrowserElement(bool* aIsInBrowserElement)
 294 {
 295   *aIsInBrowserElement = false;
 296   return NS_OK;
 297 }
 298
 299 NS_IMETHODIMP
 300 nsNullPrincipal::GetUnknownAppId(bool* aUnknownAppId)
 301 {
 302   *aUnknownAppId = false;
 303   return NS_OK;
 304 }
 305
 306 NS_IMETHODIMP
 307 nsNullPrincipal::GetIsNullPrincipal(bool* aIsNullPrincipal)
 308 {
 309   *aIsNullPrincipal = true;
 310   return NS_OK;
 311 }
 312
 313 NS_IMETHODIMP
 314 nsNullPrincipal::GetBaseDomain(nsACString& aBaseDomain)
 315 {
 316   // For a null principal, we use our unique uuid as the base domain.
 317   return mURI->GetPath(aBaseDomain);
 318 }
 319
 320 /**
 321  * nsISerializable implementation
 322  */
 323 NS_IMETHODIMP
 324 nsNullPrincipal::Read(nsIObjectInputStream* aStream)
 325 {
 326   // no-op: CID is sufficient to create a useful nsNullPrincipal, since the URI
 327   // is not really relevant.
 328   return NS_OK;
 329 }
 330
 331 NS_IMETHODIMP
 332 nsNullPrincipal::Write(nsIObjectOutputStream* aStream)
 333 {
 334   // no-op: CID is sufficient to create a useful nsNullPrincipal, since the URI
 335   // is not really relevant.
 336   return NS_OK;
 337 }
 338