js/public/Principals.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*-
   2  * vim: set ts=8 sts=4 et sw=4 tw=99:
   3  * This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 /* JSPrincipals and related interfaces. */
   8
   9 #ifndef js_Principals_h
  10 #define js_Principals_h
  11
  12 #include "mozilla/Atomics.h"
  13
  14 #include <stdint.h>
  15
  16 #include "jspubtd.h"
  17
  18 struct JSPrincipals {
  19     /* Don't call "destroy"; use reference counting macros below. */
  20     mozilla::Atomic<int32_t> refcount;
  21
  22 #ifdef JS_DEBUG
  23     /* A helper to facilitate principals debugging. */
  24     uint32_t    debugToken;
  25 #endif
  26
  27     JSPrincipals() : refcount(0) {}
  28
  29     void setDebugToken(uint32_t token) {
  30 # ifdef JS_DEBUG
  31         debugToken = token;
  32 # endif
  33     }
  34
  35     /*
  36      * This is not defined by the JS engine but should be provided by the
  37      * embedding.
  38      */
  39     JS_PUBLIC_API(void) dump();
  40 };
  41
  42 extern JS_PUBLIC_API(void)
  43 JS_HoldPrincipals(JSPrincipals* principals);
  44
  45 extern JS_PUBLIC_API(void)
  46 JS_DropPrincipals(JSRuntime* rt, JSPrincipals* principals);
  47
  48 // Return whether the first principal subsumes the second. The exact meaning of
  49 // 'subsumes' is left up to the browser. Subsumption is checked inside the JS
  50 // engine when determining, e.g., which stack frames to display in a backtrace.
  51 typedef bool
  52 (* JSSubsumesOp)(JSPrincipals* first, JSPrincipals* second);
  53
  54 /*
  55  * Used to check if a CSP instance wants to disable eval() and friends.
  56  * See js_CheckCSPPermitsJSAction() in jsobj.
  57  */
  58 typedef bool
  59 (* JSCSPEvalChecker)(JSContext* cx);
  60
  61 struct JSSecurityCallbacks {
  62     JSCSPEvalChecker           contentSecurityPolicyAllows;
  63     JSSubsumesOp               subsumes;
  64 };
  65
  66 extern JS_PUBLIC_API(void)
  67 JS_SetSecurityCallbacks(JSRuntime* rt, const JSSecurityCallbacks* callbacks);
  68
  69 extern JS_PUBLIC_API(const JSSecurityCallbacks*)
  70 JS_GetSecurityCallbacks(JSRuntime* rt);
  71
  72 /*
  73  * Code running with "trusted" principals will be given a deeper stack
  74  * allocation than ordinary scripts. This allows trusted script to run after
  75  * untrusted script has exhausted the stack. This function sets the
  76  * runtime-wide trusted principal.
  77  *
  78  * This principals is not held (via JS_HoldPrincipals/JS_DropPrincipals) since
  79  * there is no available JSContext. Instead, the caller must ensure that the
  80  * given principals stays valid for as long as 'rt' may point to it. If the
  81  * principals would be destroyed before 'rt', JS_SetTrustedPrincipals must be
  82  * called again, passing nullptr for 'prin'.
  83  */
  84 extern JS_PUBLIC_API(void)
  85 JS_SetTrustedPrincipals(JSRuntime* rt, const JSPrincipals* prin);
  86
  87 typedef void
  88 (* JSDestroyPrincipalsOp)(JSPrincipals* principals);
  89
  90 /*
  91  * Initialize the callback that is called to destroy JSPrincipals instance
  92  * when its reference counter drops to zero. The initialization can be done
  93  * only once per JS runtime.
  94  */
  95 extern JS_PUBLIC_API(void)
  96 JS_InitDestroyPrincipalsCallback(JSRuntime* rt, JSDestroyPrincipalsOp destroyPrincipals);
  97
  98 #endif  /* js_Principals_h */