// Same as above, but considering document.domain. bool AccessCheck::subsumesConsideringDomain(JSCompartment* a, JSCompartment* b) { nsIPrincipal* aprin = GetCompartmentPrincipal(a); nsIPrincipal* bprin = GetCompartmentPrincipal(b); return aprin->SubsumesConsideringDomain(bprin); }
bool AccessCheck::isChrome(JSCompartment* compartment) { bool privileged; nsIPrincipal* principal = GetCompartmentPrincipal(compartment); return NS_SUCCEEDED(nsXPConnect::SecurityManager()->IsSystemPrincipal(principal, &privileged)) && privileged; }
bool NoWaiverWrapper::enter(JSContext *cx, JSObject *wrapper, jsid id, Action act, bool *bp) { *bp = true; // always allowed nsIScriptSecurityManager *ssm = XPCWrapper::GetSecurityManager(); if (!ssm) { return true; } // Note: By the time enter is called here, JSCrossCompartmentWrapper has // already pushed the fake stack frame onto cx. Because of this, the frame // that we're clamping is the one that we want (the one in our compartment). JSStackFrame *fp = NULL; nsIPrincipal *principal = GetCompartmentPrincipal(wrappedObject(wrapper)->compartment()); nsresult rv = ssm->PushContextPrincipal(cx, JS_FrameIterator(cx, &fp), principal); if (NS_FAILED(rv)) { NS_WARNING("Not allowing call because we're out of memory"); JS_ReportOutOfMemory(cx); return false; } return true; }
nsIPrincipal* AccessCheck::getPrincipal(JSCompartment* compartment) { return GetCompartmentPrincipal(compartment); }
nsIPrincipal* GetObjectPrincipal(JSObject* obj) { return GetCompartmentPrincipal(js::GetObjectCompartment(obj)); }