tor-browser

The Tor Browser
git clone https://git.dasho.dev/tor-browser.git
Log | Files | Refs | README | LICENSE

SandboxPrivate.h (4873B)

      1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
      2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
      3 /* This Source Code Form is subject to the terms of the Mozilla Public
      4 * License, v. 2.0. If a copy of the MPL was not distributed with this
      5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
      6 
      7 #ifndef __SANDBOXPRIVATE_H__
      8 #define __SANDBOXPRIVATE_H__
      9 
     10 #include "mozilla/SchedulerGroup.h"
     11 #include "mozilla/StaticPrefs_dom.h"
     12 #include "mozilla/StorageAccess.h"
     13 #include "mozilla/WeakPtr.h"
     14 #include "mozilla/net/CookieJarSettings.h"
     15 #include "nsContentUtils.h"
     16 #include "nsIGlobalObject.h"
     17 #include "nsIScriptObjectPrincipal.h"
     18 #include "nsIPrincipal.h"
     19 #include "nsWeakReference.h"
     20 #include "nsWrapperCache.h"
     21 
     22 #include "js/loader/ModuleLoaderBase.h"
     23 
     24 #include "js/Object.h"  // JS::GetPrivate, JS::SetPrivate
     25 #include "js/RootingAPI.h"
     26 
     27 class SandboxPrivate final : public nsIGlobalObject,
     28                             public nsIScriptObjectPrincipal,
     29                             public nsSupportsWeakReference,
     30                             public mozilla::SupportsWeakPtr,
     31                             public nsWrapperCache {
     32 public:
     33  NS_DECL_CYCLE_COLLECTING_ISUPPORTS
     34  NS_DECL_CYCLE_COLLECTION_WRAPPERCACHE_CLASS_AMBIGUOUS(SandboxPrivate,
     35                                                        nsIGlobalObject)
     36 
     37  static void Create(nsIPrincipal* principal, JS::Handle<JSObject*> global) {
     38    RefPtr<SandboxPrivate> sbp = new SandboxPrivate(principal);
     39    sbp->SetWrapper(global);
     40    sbp->PreserveWrapper(ToSupports(sbp.get()));
     41 
     42    // Pass on ownership of sbp to |global|.
     43    // The type used to cast to void needs to match the one in GetPrivate.
     44    nsIScriptObjectPrincipal* sop =
     45        static_cast<nsIScriptObjectPrincipal*>(sbp.forget().take());
     46    JS::SetObjectISupports(global, sop);
     47 
     48    JS::SetRealmReduceTimerPrecisionCallerType(
     49        js::GetNonCCWObjectRealm(global),
     50        RTPCallerTypeToToken(GetPrivate(global)->GetRTPCallerType()));
     51  }
     52 
     53  static SandboxPrivate* GetPrivate(JSObject* obj) {
     54    // The type used to cast to void needs to match the one in Create.
     55    nsIScriptObjectPrincipal* sop =
     56        JS::GetObjectISupports<nsIScriptObjectPrincipal>(obj);
     57    return static_cast<SandboxPrivate*>(sop);
     58  }
     59 
     60  mozilla::OriginTrials Trials() const final { return {}; }
     61 
     62  nsIPrincipal* GetPrincipal() override { return mPrincipal; }
     63 
     64  nsIPrincipal* GetEffectiveCookiePrincipal() override { return mPrincipal; }
     65 
     66  nsIPrincipal* GetEffectiveStoragePrincipal() override { return mPrincipal; }
     67 
     68  nsIPrincipal* PartitionedPrincipal() override { return mPrincipal; }
     69 
     70  JSObject* GetGlobalJSObject() override { return GetWrapper(); }
     71  JSObject* GetGlobalJSObjectPreserveColor() const override {
     72    return GetWrapperPreserveColor();
     73  }
     74 
     75  nsICookieJarSettings* GetCookieJarSettings() override {
     76    MOZ_ASSERT(NS_IsMainThread());
     77    return mCookieJarSettings;
     78  }
     79 
     80  mozilla::StorageAccess GetStorageAccess() final {
     81    MOZ_ASSERT(NS_IsMainThread());
     82    if (mozilla::StaticPrefs::dom_serviceWorkers_testing_enabled()) {
     83      // XXX: This is a hack to workaround bug 1732159 and is not intended
     84      return mozilla::StorageAccess::eAllow;
     85    }
     86 
     87    return mozilla::StorageAllowedForServiceWorker(mPrincipal,
     88                                                   mCookieJarSettings);
     89  }
     90 
     91  void ForgetGlobalObject(JSObject* obj) { ClearWrapper(obj); }
     92 
     93  nsISerialEventTarget* SerialEventTarget() const final {
     94    return mozilla::GetMainThreadSerialEventTarget();
     95  }
     96  nsresult Dispatch(already_AddRefed<nsIRunnable>&& aRunnable) const final {
     97    return mozilla::SchedulerGroup::Dispatch(std::move(aRunnable));
     98  }
     99 
    100  virtual JSObject* WrapObject(JSContext* cx,
    101                               JS::Handle<JSObject*> aGivenProto) override {
    102    MOZ_CRASH("SandboxPrivate doesn't use DOM bindings!");
    103  }
    104 
    105  JS::loader::ModuleLoaderBase* GetModuleLoader(JSContext* aCx) override;
    106 
    107  mozilla::Result<mozilla::ipc::PrincipalInfo, nsresult> GetStorageKey()
    108      override;
    109 
    110  size_t ObjectMoved(JSObject* obj, JSObject* old) {
    111    UpdateWrapper(obj, old);
    112    return 0;
    113  }
    114 
    115  bool ShouldResistFingerprinting(RFPTarget aTarget) const override {
    116    return nsContentUtils::ShouldResistFingerprinting(
    117        "Presently we don't have enough context to make an informed decision"
    118        "on JS Sandboxes. See 1782853",
    119        aTarget);
    120  }
    121 
    122  bool IsXPCSandbox() override { return true; }
    123 
    124 private:
    125  explicit SandboxPrivate(nsIPrincipal* principal)
    126      : mPrincipal(principal),
    127        mCookieJarSettings(
    128            mozilla::net::CookieJarSettings::Create(mPrincipal)) {}
    129 
    130  virtual ~SandboxPrivate() = default;
    131 
    132  nsCOMPtr<nsIPrincipal> mPrincipal;
    133 
    134  nsCOMPtr<nsICookieJarSettings> mCookieJarSettings;
    135 
    136  RefPtr<JS::loader::ModuleLoaderBase> mModuleLoader;
    137 };
    138 
    139 #endif  // __SANDBOXPRIVATE_H__