tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

nsScriptSecurityManager.h (5020B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=4 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef nsScriptSecurityManager_h__
      8 #define nsScriptSecurityManager_h__
      9 
     10 #include "nsIScriptSecurityManager.h"
     11 
     12 #include "mozilla/Maybe.h"
     13 #include "nsIPrincipal.h"
     14 #include "nsCOMPtr.h"
     15 #include "nsServiceManagerUtils.h"
     16 #include "nsStringFwd.h"
     17 #include "js/TypeDecls.h"
     18 
     19 #include <stdint.h>
     20 
     21 class nsIIOService;
     22 class nsIStringBundle;
     23 
     24 namespace mozilla {
     25 class OriginAttributes;
     26 class SystemPrincipal;
     27 }  // namespace mozilla
     28 
     29 namespace JS {
     30 enum class RuntimeCode;
     31 enum class CompilationType;
     32 }  // namespace JS
     33 
     34 /////////////////////////////
     35 // nsScriptSecurityManager //
     36 /////////////////////////////
     37 #define NS_SCRIPTSECURITYMANAGER_CID \
     38  {0x7ee2a4c0, 0x4b93, 0x17d3, {0xba, 0x18, 0x00, 0x60, 0xb0, 0xf1, 0x99, 0xa2}}
     39 
     40 class nsScriptSecurityManager final : public nsIScriptSecurityManager {
     41 public:
     42  static void Shutdown();
     43 
     44  NS_DEFINE_STATIC_CID_ACCESSOR(NS_SCRIPTSECURITYMANAGER_CID)
     45 
     46  NS_DECL_ISUPPORTS
     47  NS_DECL_NSISCRIPTSECURITYMANAGER
     48 
     49  static nsScriptSecurityManager* GetScriptSecurityManager();
     50 
     51  // Invoked exactly once, by XPConnect.
     52  static void InitStatics();
     53 
     54  void InitJSCallbacks(JSContext* aCx);
     55 
     56  // This has to be static because it is called after gScriptSecMan is cleared.
     57  static void ClearJSCallbacks(JSContext* aCx);
     58 
     59  static already_AddRefed<mozilla::SystemPrincipal>
     60  SystemPrincipalSingletonConstructor();
     61 
     62  /**
     63   * Utility method for comparing two URIs.  For security purposes, two URIs
     64   * are equivalent if their schemes, hosts, and ports (if any) match.  This
     65   * method returns true if aSubjectURI and aObjectURI have the same origin,
     66   * false otherwise.
     67   */
     68  static bool SecurityCompareURIs(nsIURI* aSourceURI, nsIURI* aTargetURI);
     69  static uint32_t SecurityHashURI(nsIURI* aURI);
     70  static bool IsHttpOrHttpsAndCrossOrigin(nsIURI* aUriA, nsIURI* aUriB);
     71 
     72  static nsresult ReportError(const char* aMessageTag, nsIURI* aSource,
     73                              nsIURI* aTarget, bool aFromPrivateWindow,
     74                              uint64_t aInnerWindowID = 0);
     75  static nsresult ReportError(const char* aMessageTag,
     76                              const nsACString& sourceSpec,
     77                              const nsACString& targetSpec,
     78                              bool aFromPrivateWindow,
     79                              uint64_t aInnerWindowID = 0);
     80 
     81  static bool GetStrictFileOriginPolicy() { return sStrictFileOriginPolicy; }
     82 
     83  void DeactivateDomainPolicy();
     84 
     85 private:
     86  // GetScriptSecurityManager is the only call that can make one
     87  nsScriptSecurityManager();
     88  virtual ~nsScriptSecurityManager();
     89 
     90  // Decides, based on CSP, whether or not eval() and stuff can be executed.
     91  MOZ_CAN_RUN_SCRIPT static bool ContentSecurityPolicyPermitsJSAction(
     92      JSContext* aCx, JS::RuntimeCode aKind, JS::Handle<JSString*> aCodeString,
     93      JS::CompilationType aCompilationType,
     94      JS::Handle<JS::StackGCVector<JSString*>> aParameterStrings,
     95      JS::Handle<JSString*> aBodyString,
     96      JS::Handle<JS::StackGCVector<JS::Value>> aParameterArgs,
     97      JS::Handle<JS::Value> aBodyArg, bool* aOutCanCompileStrings);
     98 
     99  static bool JSPrincipalsSubsume(JSPrincipals* first, JSPrincipals* second);
    100 
    101  nsresult Init();
    102 
    103  nsresult InitPrefs();
    104 
    105  static void ScriptSecurityPrefChanged(const char* aPref, void* aSelf);
    106  void ScriptSecurityPrefChanged(const char* aPref = nullptr);
    107 
    108  inline void AddSitesToFileURIAllowlist(const nsCString& aSiteList);
    109 
    110  nsresult GetChannelResultPrincipal(nsIChannel* aChannel,
    111                                     nsIPrincipal** aPrincipal,
    112                                     bool aIgnoreSandboxing);
    113 
    114  nsresult CheckLoadURIFlags(nsIURI* aSourceURI, nsIURI* aTargetURI,
    115                             nsIURI* aSourceBaseURI, nsIURI* aTargetBaseURI,
    116                             uint32_t aFlags, bool aFromPrivateWindow,
    117                             uint64_t aInnerWindowID);
    118 
    119  // Returns the file URI allowlist, initializing it if it has not been
    120  // initialized.
    121  const nsTArray<nsCOMPtr<nsIURI>>& EnsureFileURIAllowlist();
    122 
    123  nsCOMPtr<nsIPrincipal> mSystemPrincipal;
    124  bool mPrefInitialized;
    125  bool mIsJavaScriptEnabled;
    126 
    127  // List of URIs whose domains and sub-domains are allowlisted to allow
    128  // access to file: URIs.  Lazily initialized; isNothing() when not yet
    129  // initialized.
    130  mozilla::Maybe<nsTArray<nsCOMPtr<nsIURI>>> mFileURIAllowlist;
    131 
    132  // This machinery controls new-style domain policies. The old-style
    133  // policy machinery will be removed soon.
    134  nsCOMPtr<nsIDomainPolicy> mDomainPolicy;
    135 
    136  static std::atomic<bool> sStrictFileOriginPolicy;
    137 
    138  static mozilla::StaticRefPtr<nsIIOService> sIOService;
    139  static nsIStringBundle* sStrBundle;
    140 };
    141 
    142 #endif  // nsScriptSecurityManager_h__