diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 00:47:55 +0000 |
commit | 26a029d407be480d791972afb5975cf62c9360a6 (patch) | |
tree | f435a8308119effd964b339f76abb83a57c29483 /js/xpconnect/wrappers/WrapperFactory.h | |
parent | Initial commit. (diff) | |
download | firefox-26a029d407be480d791972afb5975cf62c9360a6.tar.xz firefox-26a029d407be480d791972afb5975cf62c9360a6.zip |
Adding upstream version 124.0.1.upstream/124.0.1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'js/xpconnect/wrappers/WrapperFactory.h')
-rw-r--r-- | js/xpconnect/wrappers/WrapperFactory.h | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/js/xpconnect/wrappers/WrapperFactory.h b/js/xpconnect/wrappers/WrapperFactory.h new file mode 100644 index 0000000000..f1200bf765 --- /dev/null +++ b/js/xpconnect/wrappers/WrapperFactory.h @@ -0,0 +1,114 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef _xpc_WRAPPERFACTORY_H +#define _xpc_WRAPPERFACTORY_H + +#include "js/Wrapper.h" + +namespace xpc { + +/** + * A wrapper that's only used for cross-origin objects. This should be + * just like a CrossCompartmentWrapper but (as an implementation + * detail) doesn't actually do any compartment-entering and (as an + * implementation detail) delegates all the security decisions and + * compartment-entering to the target object, which is always a + * proxy. + * + * We could also inherit from CrossCompartmentWrapper but then we + * would need to override all the proxy hooks to avoid the + * compartment-entering bits. + */ +class CrossOriginObjectWrapper : public js::Wrapper { + public: + // We want to claim to have a security policy, so code doesn't just + // CheckedUnwrap us willy-nilly. But we're OK with the BaseProxyHandler + // implementation of enter(), which allows entering. Our target is what + // really does the security checks. + // + // We don't want to inherit from CrossCompartmentWrapper, because we don't + // want the compartment-entering behavior it has. But we do want to set the + // CROSS_COMPARTMENT flag on js::Wrapper so that we test true for + // is<js::CrossCompartmentWrapperObject> and so forth. + constexpr explicit CrossOriginObjectWrapper() + : js::Wrapper(CROSS_COMPARTMENT, /* aHasPrototype = */ false, + /* aHasSecurityPolicy = */ true) {} + + bool dynamicCheckedUnwrapAllowed(JS::Handle<JSObject*> obj, + JSContext* cx) const override; + + // Cross origin objects should not participate in private fields. + virtual bool throwOnPrivateField() const override { return true; } + + static const CrossOriginObjectWrapper singleton; +}; + +class WrapperFactory { + public: + enum { + WAIVE_XRAY_WRAPPER_FLAG = js::Wrapper::LAST_USED_FLAG << 1, + IS_XRAY_WRAPPER_FLAG = WAIVE_XRAY_WRAPPER_FLAG << 1 + }; + + // Return true if any of any of the nested wrappers have the flag set. + static bool HasWrapperFlag(JSObject* wrapper, unsigned flag) { + unsigned flags = 0; + js::UncheckedUnwrap(wrapper, true, &flags); + return !!(flags & flag); + } + + static bool IsXrayWrapper(JSObject* wrapper) { + return HasWrapperFlag(wrapper, IS_XRAY_WRAPPER_FLAG); + } + + static bool IsCrossOriginWrapper(JSObject* obj) { + return (js::IsProxy(obj) && + js::GetProxyHandler(obj) == &CrossOriginObjectWrapper::singleton); + } + + static bool IsOpaqueWrapper(JSObject* obj); + + static bool HasWaiveXrayFlag(JSObject* wrapper) { + return HasWrapperFlag(wrapper, WAIVE_XRAY_WRAPPER_FLAG); + } + + static bool IsCOW(JSObject* wrapper); + + static JSObject* GetXrayWaiver(JS::Handle<JSObject*> obj); + // If allowExisting is true, there is an existing waiver for obj in + // its scope, but we want to replace it with the new one. + static JSObject* CreateXrayWaiver(JSContext* cx, JS::Handle<JSObject*> obj, + bool allowExisting = false); + static JSObject* WaiveXray(JSContext* cx, JSObject* obj); + + // Computes whether we should allow the creation of an Xray waiver from + // |target| to |origin|. + static bool AllowWaiver(JS::Compartment* target, JS::Compartment* origin); + + // Convenience method for the above, operating on a wrapper. + static bool AllowWaiver(JSObject* wrapper); + + // Prepare a given object for wrapping in a new compartment. + static void PrepareForWrapping(JSContext* cx, JS::Handle<JSObject*> scope, + JS::Handle<JSObject*> origObj, + JS::Handle<JSObject*> obj, + JS::Handle<JSObject*> objectPassedToWrap, + JS::MutableHandle<JSObject*> retObj); + + // Rewrap an object that is about to cross compartment boundaries. + static JSObject* Rewrap(JSContext* cx, JS::Handle<JSObject*> existing, + JS::Handle<JSObject*> obj); + + // Wrap wrapped object into a waiver wrapper and then re-wrap it. + static bool WaiveXrayAndWrap(JSContext* cx, JS::MutableHandle<JS::Value> vp); + static bool WaiveXrayAndWrap(JSContext* cx, + JS::MutableHandle<JSObject*> object); +}; + +} // namespace xpc + +#endif /* _xpc_WRAPPERFACTORY_H */ |