summaryrefslogtreecommitdiffstats
path: root/js/xpconnect/wrappers/WrapperFactory.h
blob: f1200bf765e1193154dc2f5e3309db2ad95e68ba (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
/* vim: set ts=8 sts=2 et sw=2 tw=80: */
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

#ifndef _xpc_WRAPPERFACTORY_H
#define _xpc_WRAPPERFACTORY_H

#include "js/Wrapper.h"

namespace xpc {

/**
 * A wrapper that's only used for cross-origin objects. This should be
 * just like a CrossCompartmentWrapper but (as an implementation
 * detail) doesn't actually do any compartment-entering and (as an
 * implementation detail) delegates all the security decisions and
 * compartment-entering to the target object, which is always a
 * proxy.
 *
 * We could also inherit from CrossCompartmentWrapper but then we
 * would need to override all the proxy hooks to avoid the
 * compartment-entering bits.
 */
class CrossOriginObjectWrapper : public js::Wrapper {
 public:
  // We want to claim to have a security policy, so code doesn't just
  // CheckedUnwrap us willy-nilly.  But we're OK with the BaseProxyHandler
  // implementation of enter(), which allows entering.  Our target is what
  // really does the security checks.
  //
  // We don't want to inherit from CrossCompartmentWrapper, because we don't
  // want the compartment-entering behavior it has.  But we do want to set the
  // CROSS_COMPARTMENT flag on js::Wrapper so that we test true for
  // is<js::CrossCompartmentWrapperObject> and so forth.
  constexpr explicit CrossOriginObjectWrapper()
      : js::Wrapper(CROSS_COMPARTMENT, /* aHasPrototype = */ false,
                    /* aHasSecurityPolicy = */ true) {}

  bool dynamicCheckedUnwrapAllowed(JS::Handle<JSObject*> obj,
                                   JSContext* cx) const override;

  // Cross origin objects should not participate in private fields.
  virtual bool throwOnPrivateField() const override { return true; }

  static const CrossOriginObjectWrapper singleton;
};

class WrapperFactory {
 public:
  enum {
    WAIVE_XRAY_WRAPPER_FLAG = js::Wrapper::LAST_USED_FLAG << 1,
    IS_XRAY_WRAPPER_FLAG = WAIVE_XRAY_WRAPPER_FLAG << 1
  };

  // Return true if any of any of the nested wrappers have the flag set.
  static bool HasWrapperFlag(JSObject* wrapper, unsigned flag) {
    unsigned flags = 0;
    js::UncheckedUnwrap(wrapper, true, &flags);
    return !!(flags & flag);
  }

  static bool IsXrayWrapper(JSObject* wrapper) {
    return HasWrapperFlag(wrapper, IS_XRAY_WRAPPER_FLAG);
  }

  static bool IsCrossOriginWrapper(JSObject* obj) {
    return (js::IsProxy(obj) &&
            js::GetProxyHandler(obj) == &CrossOriginObjectWrapper::singleton);
  }

  static bool IsOpaqueWrapper(JSObject* obj);

  static bool HasWaiveXrayFlag(JSObject* wrapper) {
    return HasWrapperFlag(wrapper, WAIVE_XRAY_WRAPPER_FLAG);
  }

  static bool IsCOW(JSObject* wrapper);

  static JSObject* GetXrayWaiver(JS::Handle<JSObject*> obj);
  // If allowExisting is true, there is an existing waiver for obj in
  // its scope, but we want to replace it with the new one.
  static JSObject* CreateXrayWaiver(JSContext* cx, JS::Handle<JSObject*> obj,
                                    bool allowExisting = false);
  static JSObject* WaiveXray(JSContext* cx, JSObject* obj);

  // Computes whether we should allow the creation of an Xray waiver from
  // |target| to |origin|.
  static bool AllowWaiver(JS::Compartment* target, JS::Compartment* origin);

  // Convenience method for the above, operating on a wrapper.
  static bool AllowWaiver(JSObject* wrapper);

  // Prepare a given object for wrapping in a new compartment.
  static void PrepareForWrapping(JSContext* cx, JS::Handle<JSObject*> scope,
                                 JS::Handle<JSObject*> origObj,
                                 JS::Handle<JSObject*> obj,
                                 JS::Handle<JSObject*> objectPassedToWrap,
                                 JS::MutableHandle<JSObject*> retObj);

  // Rewrap an object that is about to cross compartment boundaries.
  static JSObject* Rewrap(JSContext* cx, JS::Handle<JSObject*> existing,
                          JS::Handle<JSObject*> obj);

  // Wrap wrapped object into a waiver wrapper and then re-wrap it.
  static bool WaiveXrayAndWrap(JSContext* cx, JS::MutableHandle<JS::Value> vp);
  static bool WaiveXrayAndWrap(JSContext* cx,
                               JS::MutableHandle<JSObject*> object);
};

}  // namespace xpc

#endif /* _xpc_WRAPPERFACTORY_H */