Bug 735280 - Part 3: Components object specific wrapper. r=bholley

joneschrisg · Apr 28, 2012 · 6c7b2b4 · 6c7b2b4
1 parent a8aaac2
commit 6c7b2b4
Show file tree

Hide file tree

Showing 11 changed files with 136 additions and 13 deletions.
diff --git a/caps/tests/mochitest/test_bug246699.html b/caps/tests/mochitest/test_bug246699.html
@@ -5,14 +5,14 @@
 -->
 <head>
   <title>Test for Bug 246699</title>
-  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>        
+  <script type="text/javascript" src="/tests/SimpleTest/SimpleTest.js"></script>
   <link rel="stylesheet" type="text/css" href="/tests/SimpleTest/test.css" />
 </head>
 <body>
 <a target="_blank" href="https://bugzilla.mozilla.org/show_bug.cgi?id=246699">Mozilla Bug 246699</a>
 <p id="display"></p>
 <div id="content" style="display: none">
-<iframe id="load-frame"></iframe>  
+<iframe id="load-frame"></iframe>
 </div>
 <pre id="test">
 <script class="testbody" type="text/javascript">
@@ -21,9 +21,14 @@
  ** Test for Bug 246699
  ** (should produce stack information for caps errors)
  **/
+function isError(e)
+{
+  return e.constructor.name === "Error" || e.constructor.name === "TypeError";
+}
+
 function hasStack(e)
 {
-  return e.constructor.name === "Error" && /inciteCaps/.test(e.stack);
+  return isError(e) && /inciteCaps/.test(e.stack);
 }
 
 function inciteCaps(f)

diff --git a/js/src/tests/js1_5/Regress/regress-328897.js b/js/src/tests/js1_5/Regress/regress-328897.js
@@ -1,4 +1,3 @@
-// |reftest| fails-if(browserIsRemote)
 /* -*- Mode: C++; tab-width: 2; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
 /* ***** BEGIN LICENSE BLOCK *****
  * Version: MPL 1.1/GPL 2.0/LGPL 2.1
@@ -52,7 +51,7 @@ if (typeof window == 'undefined')
 }
 else
 {
-  expect = /(Script error.|Permission denied for <file:\/\/> to get property XPCComponents.classes)/;
+  expect = /(Script error.|Permission denied to access property 'classes')/;
 
   window._onerror = window.onerror;
   window.onerror = (function (msg, page, line) { 
@@ -64,7 +63,8 @@ else
 
   gDelayTestDriverEnd = true;
 
-  window.location="javascript:Components.classes";
+  // Trying to set Components.classes will trigger a Permission denied exception
+  window.location="javascript:Components.classes = 42";
   actual = 'No Error';
 }
 

diff --git a/js/xpconnect/src/XPCComponents.cpp b/js/xpconnect/src/XPCComponents.cpp
@@ -60,6 +60,7 @@
 #include "nsContentUtils.h"
 #include "jsgc.h"
 #include "jsfriendapi.h"
+#include "AccessCheck.h"
 #include "mozilla/dom/bindings/Utils.h"
 
 using namespace mozilla;
@@ -4461,12 +4462,13 @@ nsXPCComponents::AttachComponentsObject(XPCCallContext& ccx,
         return false;
 
     jsid id = ccx.GetRuntime()->GetStringID(XPCJSRuntime::IDX_COMPONENTS);
-    JSObject* obj;
-
-    return NS_SUCCEEDED(wrapper->GetJSObject(&obj)) &&
-           obj && JS_DefinePropertyById(ccx, aGlobal, id, OBJECT_TO_JSVAL(obj),
-                                        nsnull, nsnull,
-                                        JSPROP_PERMANENT | JSPROP_READONLY);
+    JSObject* obj = wrapper->GetSameCompartmentSecurityWrapper(ccx);
+    if (!wrapper)
+        return false;
+
+    return JS_DefinePropertyById(ccx, aGlobal, id, OBJECT_TO_JSVAL(obj),
+                                 nsnull, nsnull,
+                                 JSPROP_PERMANENT | JSPROP_READONLY);
 }
 
 /* void lookupMethod (); */

diff --git a/js/xpconnect/src/XPCWrappedNative.cpp b/js/xpconnect/src/XPCWrappedNative.cpp
@@ -1683,6 +1683,8 @@ XPCWrappedNative::ReparentWrapperIfFound(XPCCallContext& ccx,
                 JSObject *ww = wrapper->GetWrapper();
                 if (ww) {
                     JSObject *newwrapper;
+                    MOZ_ASSERT(!xpc::WrapperFactory::IsComponentsObject(flat), 
+                               "Components object should never get here");
                     if (xpc::WrapperFactory::IsLocationObject(flat)) {
                         newwrapper = xpc::WrapperFactory::WrapLocationObject(ccx, newobj);
                         if (!newwrapper)
@@ -2240,6 +2242,10 @@ XPCWrappedNative::GetSameCompartmentSecurityWrapper(JSContext *cx)
         wrapper = xpc::WrapperFactory::WrapSOWObject(cx, flat);
         if (!wrapper)
             return NULL;
+    } else if (xpc::WrapperFactory::IsComponentsObject(flat)) {
+        wrapper = xpc::WrapperFactory::WrapComponentsObject(cx, flat);
+        if (!wrapper)
+            return NULL;
     }
 
     // If we made a wrapper, cache it and return it.

diff --git a/js/xpconnect/tests/unit/test_components.js b/js/xpconnect/tests/unit/test_components.js
@@ -0,0 +1,43 @@
+function run_test() {
+  var Cu = Components.utils;
+  var sb1 = Cu.Sandbox("http://www.blah.com");
+  var sb2 = Cu.Sandbox("http://www.blah.com");
+  var sb3 = Cu.Sandbox(this);
+  var sb4 = Cu.Sandbox("http://www.other.com");
+  var rv;
+
+  // non-chrome accessing chrome Components
+  sb1.C = Components;
+  rv = Cu.evalInSandbox("C.utils", sb1);
+  do_check_eq(rv, undefined);  
+  rv = Cu.evalInSandbox("C.interfaces", sb1);
+  do_check_neq(rv, undefined);
+
+  // non-chrome accessing own Components
+  rv = Cu.evalInSandbox("Components.utils", sb1);
+  do_check_eq(rv, undefined);
+  rv = Cu.evalInSandbox("Components.interfaces", sb1);
+  do_check_neq(rv, undefined); 
+
+  // non-chrome same origin
+  var C2 = Cu.evalInSandbox("Components", sb2);
+  do_check_neq(rv, C2.utils); 
+  sb1.C2 = C2;
+  rv = Cu.evalInSandbox("C2.utils", sb1);
+  do_check_eq(rv, undefined);
+  rv = Cu.evalInSandbox("C2.interfaces", sb1);
+  do_check_neq(rv, undefined);
+
+  // chrome accessing chrome
+  sb3.C = Components;
+  rv = Cu.evalInSandbox("C.utils", sb3);
+  do_check_eq(rv, Cu);
+
+  // non-chrome cross origin
+  sb4.C2 = C2;
+  rv = Cu.evalInSandbox("C2.interfaces", sb1);
+  do_check_neq(rv, undefined);
+  rv = Cu.evalInSandbox("C2.utils", sb1);
+  do_check_eq(rv, undefined);
+
+}
diff --git a/js/xpconnect/tests/unit/xpcshell.ini b/js/xpconnect/tests/unit/xpcshell.ini
@@ -25,3 +25,4 @@ fail-if = os == "android"
 [test_unload.js]
 [test_attributes.js]
 [test_params.js]
+[test_components.js]
diff --git a/js/xpconnect/wrappers/AccessCheck.cpp b/js/xpconnect/wrappers/AccessCheck.cpp
@@ -607,4 +607,29 @@ ExposedPropertiesOnly::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper:
     return true; // Allow
 }
 
+bool
+ComponentsObjectPolicy::check(JSContext *cx, JSObject *wrapper, jsid id, Wrapper::Action act,
+                              Permission &perm) 
+{
+    perm = DenyAccess;
+    JSAutoEnterCompartment ac;
+    if (!ac.enter(cx, wrapper))
+        return false;
+
+    if (JSID_IS_STRING(id) && act == Wrapper::GET) {
+        JSFlatString *flatId = JSID_TO_FLAT_STRING(id);
+        if (JS_FlatStringEqualsAscii(flatId, "isSuccessCode") ||
+            JS_FlatStringEqualsAscii(flatId, "lookupMethod") ||
+            JS_FlatStringEqualsAscii(flatId, "interfaces") ||
+            JS_FlatStringEqualsAscii(flatId, "interfacesByID") ||
+            JS_FlatStringEqualsAscii(flatId, "results"))
+        {
+            perm = PermitPropertyAccess;
+            return true;
+        }
+    }
+
+    return PermitIfUniversalXPConnect(cx, id, act, perm);  // Deny
+}
+
 }
diff --git a/js/xpconnect/wrappers/AccessCheck.h b/js/xpconnect/wrappers/AccessCheck.h
@@ -175,4 +175,10 @@ struct ExposedPropertiesOnly : public Policy {
                       Permission &perm);
 };
 
+// Components specific policy
+struct ComponentsObjectPolicy : public Policy {
+    static bool check(JSContext *cx, JSObject *wrapper, jsid id, js::Wrapper::Action act,
+                      Permission &perm);
+};
+
 }
diff --git a/js/xpconnect/wrappers/FilteringWrapper.cpp b/js/xpconnect/wrappers/FilteringWrapper.cpp
@@ -151,7 +151,10 @@ FilteringWrapper<Base, Policy>::enter(JSContext *cx, JSObject *wrapper, jsid id,
                                LocationPolicy>
 #define XLW   FilteringWrapper<XrayWrapper<CrossCompartmentSecurityWrapper>, \
                                LocationPolicy>
-
+#define CW FilteringWrapper<SameCompartmentSecurityWrapper, \
+                            ComponentsObjectPolicy>
+#define XCW FilteringWrapper<CrossCompartmentSecurityWrapper, \
+                            ComponentsObjectPolicy>
 template<> SOW SOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
                               WrapperFactory::SOW_FLAG);
 template<> SCSOW SCSOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
@@ -168,6 +171,9 @@ template<> NNXOW NNXOW::singleton(WrapperFactory::SCRIPT_ACCESS_ONLY_FLAG |
 template<> LW  LW::singleton(WrapperFactory::SHADOWING_FORBIDDEN);
 template<> XLW XLW::singleton(WrapperFactory::SHADOWING_FORBIDDEN);
 
+template<> CW CW::singleton(0);
+template<> XCW XCW::singleton(0);
+
 template class SOW;
 template class COW;
 template class XOW;

diff --git a/js/xpconnect/wrappers/WrapperFactory.cpp b/js/xpconnect/wrappers/WrapperFactory.cpp
@@ -366,6 +366,9 @@ WrapperFactory::Rewrap(JSContext *cx, JSObject *obj, JSObject *wrappedProto, JSO
             wrapper = &FilteringWrapper<XrayProxy, CrossOriginAccessiblePropertiesOnly>::singleton;
         } else if (mozilla::dom::bindings::IsDOMClass(JS_GetClass(obj))) {
             wrapper = &FilteringWrapper<XrayDOM, CrossOriginAccessiblePropertiesOnly>::singleton;
+        } else if (IsComponentsObject(obj)) {
+            wrapper = &FilteringWrapper<CrossCompartmentSecurityWrapper,
+                                        ComponentsObjectPolicy>::singleton;
         } else {
             wrapper = &FilteringWrapper<CrossCompartmentSecurityWrapper,
                                         ExposedPropertiesOnly>::singleton;
@@ -400,6 +403,9 @@ WrapperFactory::Rewrap(JSContext *cx, JSObject *obj, JSObject *wrappedProto, JSO
         if (AccessCheck::needsSystemOnlyWrapper(obj)) {
             wrapper = &FilteringWrapper<CrossCompartmentSecurityWrapper,
                                         OnlyIfSubjectIsSystem>::singleton;
+        } else if (IsComponentsObject(obj)) {
+            wrapper = &FilteringWrapper<CrossCompartmentSecurityWrapper,
+                                        ComponentsObjectPolicy>::singleton;
         } else if (!targetdata || !targetdata->wantXrays ||
                    (type = GetXrayType(obj)) == NotXray) {
             // Do the double-wrapping if need be.
@@ -524,4 +530,21 @@ WrapperFactory::WrapSOWObject(JSContext *cx, JSObject *obj)
     return wrapperObj;
 }
 
+bool
+WrapperFactory::IsComponentsObject(JSObject *obj)
+{
+    const char *name = js::GetObjectClass(obj)->name;
+    return name[0] == 'n' && !strcmp(name, "nsXPCComponents");
+}
+
+JSObject *
+WrapperFactory::WrapComponentsObject(JSContext *cx, JSObject *obj)
+{
+    JSObject *wrapperObj =
+        Wrapper::New(cx, obj, JS_GetPrototype(obj), JS_GetGlobalForObject(cx, obj),
+                     &FilteringWrapper<SameCompartmentSecurityWrapper, ComponentsObjectPolicy>::singleton);
+
+    return wrapperObj;
+}
+
 }
diff --git a/js/xpconnect/wrappers/WrapperFactory.h b/js/xpconnect/wrappers/WrapperFactory.h
@@ -110,6 +110,12 @@ class WrapperFactory {
 
     // Wrap a (same compartment) object in a SOW.
     static JSObject *WrapSOWObject(JSContext *cx, JSObject *obj);
+
+    // Return true if this is a Components object.
+    static bool IsComponentsObject(JSObject *obj);
+
+    // Wrap a (same compartment) Components object.
+    static JSObject *WrapComponentsObject(JSContext *cx, JSObject *obj);
 };
 
 extern js::Wrapper WaiveXrayWrapperWrapper;