caps/nsScriptSecurityManager.h

   1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
   2 /* vim: set ts=4 et sw=2 tw=80: */
   3 /* This Source Code Form is subject to the terms of the Mozilla Public
   4  * License, v. 2.0. If a copy of the MPL was not distributed with this
   5  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
   6
   7 #ifndef nsScriptSecurityManager_h__
   8 #define nsScriptSecurityManager_h__
   9
  10 #include "nsIScriptSecurityManager.h"
  11
  12 #include "mozilla/Maybe.h"
  13 #include "nsIPrincipal.h"
  14 #include "nsCOMPtr.h"
  15 #include "nsServiceManagerUtils.h"
  16 #include "nsStringFwd.h"
  17 #include "plstr.h"
  18 #include "js/TypeDecls.h"
  19
  20 #include <stdint.h>
  21
  22 class nsIIOService;
  23 class nsIStringBundle;
  24
  25 namespace mozilla {
  26 class OriginAttributes;
  27 class SystemPrincipal;
  28 }  // namespace mozilla
  29
  30 /////////////////////////////
  31 // nsScriptSecurityManager //
  32 /////////////////////////////
  33 #define NS_SCRIPTSECURITYMANAGER_CID                 \
  34   {                                                  \
  35     0x7ee2a4c0, 0x4b93, 0x17d3, {                    \
  36       0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2 \
  37     }                                                \
  38   }
  39
  40 class nsScriptSecurityManager final : public nsIScriptSecurityManager {
  41  public:
  42   static void Shutdown();
  43
  44   NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
  45
  46   NS_DECL_ISUPPORTS
  47   NS_DECL_NSISCRIPTSECURITYMANAGER
  48
  49   static nsScriptSecurityManager* GetScriptSecurityManager();
  50
  51   // Invoked exactly once, by XPConnect.
  52   static void InitStatics();
  53
  54   void InitJSCallbacks(JSContext* aCx);
  55
  56   // This has to be static because it is called after gScriptSecMan is cleared.
  57   static void ClearJSCallbacks(JSContext* aCx);
  58
  59   static already_AddRefed<mozilla::SystemPrincipal>
  60   SystemPrincipalSingletonConstructor();
  61
  62   /**
  63    * Utility method for comparing two URIs.  For security purposes, two URIs
  64    * are equivalent if their schemes, hosts, and ports (if any) match.  This
  65    * method returns true if aSubjectURI and aObjectURI have the same origin,
  66    * false otherwise.
  67    */
  68   static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
  69   static uint32_t SecurityHashURI(nsIURI* aURI);
  70
  71   static nsresult ReportError(const char* aMessageTag, nsIURI* aSource,
  72                               nsIURI* aTarget, bool aFromPrivateWindow,
  73                               uint64_t aInnerWindowID = 0);
  74   static nsresult ReportError(const char* aMessageTag,
  75                               const nsACString& sourceSpec,
  76                               const nsACString& targetSpec,
  77                               bool aFromPrivateWindow,
  78                               uint64_t aInnerWindowID = 0);
  79
  80   static uint32_t HashPrincipalByOrigin(nsIPrincipal* aPrincipal);
  81
  82   static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
  83
  84   void DeactivateDomainPolicy();
  85
  86  private:
  87   // GetScriptSecurityManager is the only call that can make one
  88   nsScriptSecurityManager();
  89   virtual ~nsScriptSecurityManager();
  90
  91   // Decides, based on CSP, whether or not eval() and stuff can be executed.
  92   static bool ContentSecurityPolicyPermitsJSAction(JSContext* cx,
  93                                                    JS::HandleString aCode);
  94
  95   static bool JSPrincipalsSubsume(JSPrincipals* first, JSPrincipals* second);
  96
  97   nsresult Init();
  98
  99   nsresult InitPrefs();
 100
 101   static void ScriptSecurityPrefChanged(const char* aPref, void* aSelf);
 102   void ScriptSecurityPrefChanged(const char* aPref = nullptr);
 103
 104   inline void AddSitesToFileURIAllowlist(const nsCString& aSiteList);
 105
 106   nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
 107                                      nsIPrincipal** aPrincipal,
 108                                      bool aIgnoreSandboxing);
 109
 110   nsresult CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI,
 111                              nsIURI* aSourceBaseURI, nsIURI* aTargetBaseURI,
 112                              uint32_t aFlags, bool aFromPrivateWindow,
 113                              uint64_t aInnerWindowID);
 114
 115   // Returns the file URI allowlist, initializing it if it has not been
 116   // initialized.
 117   const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIAllowlist();
 118
 119   nsCOMPtr<nsIPrincipal> mSystemPrincipal;
 120   bool mPrefInitialized;
 121   bool mIsJavaScriptEnabled;
 122
 123   // List of URIs whose domains and sub-domains are allowlisted to allow
 124   // access to file: URIs.  Lazily initialized; isNothing() when not yet
 125   // initialized.
 126   mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIAllowlist;
 127
 128   // This machinery controls new-style domain policies. The old-style
 129   // policy machinery will be removed soon.
 130   nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
 131
 132   static bool sStrictFileOriginPolicy;
 133
 134   static nsIIOService* sIOService;
 135   static nsIStringBundle* sStrBundle;
 136 };
 137
 138 #endif  // nsScriptSecurityManager_h__