1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /* vim: set ts=4 et sw=4 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this
5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef nsScriptSecurityManager_h__
8 #define nsScriptSecurityManager_h__
10 #include "nsIScriptSecurityManager.h"
11 #include "nsIPrincipal.h"
13 #include "nsIChannelEventSink.h"
14 #include "nsIObserver.h"
16 #include "js/TypeDecls.h"
24 class nsIStringBundle
;
25 class nsSystemPrincipal
;
28 /////////////////////////////
29 // nsScriptSecurityManager //
30 /////////////////////////////
31 #define NS_SCRIPTSECURITYMANAGER_CID \
32 { 0x7ee2a4c0, 0x4b93, 0x17d3, \
33 { 0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 }}
35 class nsScriptSecurityManager
: public nsIScriptSecurityManager
,
36 public nsIChannelEventSink
,
40 static void Shutdown();
42 NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID
)
45 NS_DECL_NSISCRIPTSECURITYMANAGER
46 NS_DECL_NSICHANNELEVENTSINK
49 static nsScriptSecurityManager
*
50 GetScriptSecurityManager();
52 // Invoked exactly once, by XPConnect.
53 static void InitStatics();
55 static nsSystemPrincipal
*
56 SystemPrincipalSingletonConstructor();
58 JSContext
* GetCurrentJSContext();
60 JSContext
* GetSafeJSContext();
63 * Utility method for comparing two URIs. For security purposes, two URIs
64 * are equivalent if their schemes, hosts, and ports (if any) match. This
65 * method returns true if aSubjectURI and aObjectURI have the same origin,
68 static bool SecurityCompareURIs(nsIURI
* aSourceURI
, nsIURI
* aTargetURI
);
69 static uint32_t SecurityHashURI(nsIURI
* aURI
);
71 static uint16_t AppStatusForPrincipal(nsIPrincipal
*aPrin
);
74 ReportError(JSContext
* cx
, const nsAString
& messageTag
,
75 nsIURI
* aSource
, nsIURI
* aTarget
);
78 HashPrincipalByOrigin(nsIPrincipal
* aPrincipal
);
81 GetStrictFileOriginPolicy()
83 return sStrictFileOriginPolicy
;
87 * Returns true if the two principals share the same app attributes.
89 * App attributes are appId and the inBrowserElement flag.
90 * Two principals have the same app attributes if those information are
92 * This method helps keeping principals from different apps isolated from
93 * each other. Also, it helps making sure mozbrowser (web views) and their
94 * parent are isolated from each other. All those entities do not share the
95 * same data (cookies, IndexedDB, localStorage, etc.) so we shouldn't allow
96 * violating that principle.
99 AppAttributesEqual(nsIPrincipal
* aFirst
,
100 nsIPrincipal
* aSecond
);
102 void DeactivateDomainPolicy();
106 // GetScriptSecurityManager is the only call that can make one
107 nsScriptSecurityManager();
108 virtual ~nsScriptSecurityManager();
110 // Decides, based on CSP, whether or not eval() and stuff can be executed.
112 ContentSecurityPolicyPermitsJSAction(JSContext
*cx
);
115 JSPrincipalsSubsume(JSPrincipals
*first
, JSPrincipals
*second
);
117 // Returns null if a principal cannot be found; generally callers
118 // should error out at that point.
119 static nsIPrincipal
* doGetObjectPrincipal(JSObject
* obj
);
122 GetCodebasePrincipalInternal(nsIURI
* aURI
, uint32_t aAppId
,
124 nsIPrincipal
** result
);
127 CreateCodebasePrincipal(nsIURI
* aURI
, uint32_t aAppId
, bool aInMozBrowser
,
128 nsIPrincipal
** result
);
137 ScriptSecurityPrefChanged();
140 AddSitesToFileURIWhitelist(const nsCString
& aSiteList
);
142 nsCOMPtr
<nsIPrincipal
> mSystemPrincipal
;
143 bool mPrefInitialized
;
144 bool mIsJavaScriptEnabled
;
145 nsTArray
<nsCOMPtr
<nsIURI
>> mFileURIWhitelist
;
147 // This machinery controls new-style domain policies. The old-style
148 // policy machinery will be removed soon.
149 nsCOMPtr
<nsIDomainPolicy
> mDomainPolicy
;
151 static bool sStrictFileOriginPolicy
;
153 static nsIIOService
*sIOService
;
154 static nsIStringBundle
*sStrBundle
;
155 static JSRuntime
*sRuntime
;
161 GetJarPrefix(uint32_t aAppid
,
163 nsACString
& aJarPrefix
);
165 } // namespace mozilla
167 #endif // nsScriptSecurityManager_h__