Bug 789224 - Remove capability manager stuff in nsScriptSecurityManager. r=mrbkap

caps/idl/nsIScriptSecurityManager.idl

@@ -10,7 +10,7 @@ interface nsIURI;
 interface nsIChannel;
 interface nsIDocShell;
 
-[scriptable, uuid(2182f772-16c8-4b6d-be65-921d4da5751d)]
+[scriptable, uuid(c7180b79-2a8e-42b1-a91f-beade3a3e992)]
 interface nsIScriptSecurityManager : nsIXPCSecurityManager
 {
     ///////////////// Security Checks //////////////////
@@ -182,33 +182,6 @@ interface nsIScriptSecurityManager : nsIXPCSecurityManager
      */
     nsIPrincipal getNoAppCodebasePrincipal(in nsIURI uri);
 
-    ///////////////// Capabilities API /////////////////////
-    /**
-     * Request that 'capability' can be enabled by scripts or applets
-     * running with 'principal'. Will prompt user if
-     * necessary. Returns nsIPrincipal::ENABLE_GRANTED or
-     * nsIPrincipal::ENABLE_DENIED based on user's choice.
-     */
-    [noscript] short requestCapability(in nsIPrincipal principal,
-                                       in string capability);
-
-    /**
-     * Return true if the currently executing script has 'capability' enabled.
-     */
-    boolean isCapabilityEnabled(in string capability);
-
-    /**
-     * Enable 'capability' in the innermost frame of the currently executing
-     * script.
-     */
-    void enableCapability(in string capability);
-
-    //////////////// Master Certificate Functions ////////////////////
-    /**
-     * Allow 'certificateID' to enable 'capability.' Can only be performed
-     * by code signed by the system certificate.
-     */
-
     ///////////////////////
     /**
      * Return the principal of the specified object in the specified context.

caps/include/nsScriptSecurityManager.h

@@ -389,6 +389,8 @@ private:
     nsScriptSecurityManager();
     virtual ~nsScriptSecurityManager();
 
+    bool SubjectIsPrivileged();
+
     static JSBool
     CheckObjectAccess(JSContext *cx, JSHandleObject obj,
                       JSHandleId id, JSAccessMode mode,
@@ -489,9 +491,6 @@ private:
                          JSStackFrame** frameResult,
                          nsresult* rv);
 
-    static void
-    FormatCapabilityString(nsAString& aCapability);
-
     /**
      * Check capability levels for an |aObj| that implements
      * nsISecurityCheckedComponent.

caps/src/nsScriptSecurityManager.cpp

@@ -78,6 +78,16 @@ nsIStringBundle *nsScriptSecurityManager::sStrBundle = nullptr;
 JSRuntime       *nsScriptSecurityManager::sRuntime   = 0;
 bool nsScriptSecurityManager::sStrictFileOriginPolicy = true;
 
+bool
+nsScriptSecurityManager::SubjectIsPrivileged()
+{
+    JSContext *cx = GetCurrentJSContext();
+    if (cx && xpc::IsUniversalXPConnectEnabled(cx))
+        return true;
+    bool isSystem = false;
+    return NS_SUCCEEDED(SubjectPrincipalIsSystem(&isSystem)) && isSystem;
+}
+
 ///////////////////////////
 // Convenience Functions //
 ///////////////////////////
@@ -737,12 +747,7 @@ nsScriptSecurityManager::CheckPropertyAccessImpl(uint32_t aAction,
 #ifdef DEBUG_CAPS_CheckPropertyAccessImpl
         printf("Cap:%s ", securityLevel.capability);
 #endif
-        bool capabilityEnabled = false;
-        rv = IsCapabilityEnabled(securityLevel.capability, &capabilityEnabled);
-        if (NS_FAILED(rv) || !capabilityEnabled)
-            rv = NS_ERROR_DOM_SECURITY_ERR;
-        else
-            rv = NS_OK;
+        rv = SubjectIsPrivileged() ? NS_OK : NS_ERROR_DOM_SECURITY_ERR;
     }
 
     if (NS_SUCCEEDED(rv))
@@ -1243,10 +1248,7 @@ nsScriptSecurityManager::CheckLoadURIFromScript(JSContext *cx, nsIURI *aURI)
         return NS_ERROR_FAILURE;
     if (isFile || isRes)
     {
-        bool enabled;
-        if (NS_FAILED(IsCapabilityEnabled("UniversalXPConnect", &enabled)))
-            return NS_ERROR_FAILURE;
-        if (enabled)
+        if (SubjectIsPrivileged())
             return NS_OK;
     }
 
@@ -2452,166 +2454,6 @@ nsScriptSecurityManager::old_doGetObjectPrincipal(JSObject *aObj,
 }
 #endif /* DEBUG */
 
-///////////////// Capabilities API /////////////////////
-NS_IMETHODIMP
-nsScriptSecurityManager::IsCapabilityEnabled(const char *capability,
-                                             bool *result)
-{
-    JSContext *cx = GetCurrentJSContext();
-    if (cx && (*result = xpc::IsUniversalXPConnectEnabled(cx)))
-        return NS_OK;
-    return SubjectPrincipalIsSystem(result);
-}
-
-void
-nsScriptSecurityManager::FormatCapabilityString(nsAString& aCapability)
-{
-    nsAutoString newcaps;
-    nsAutoString rawcap;
-    NS_NAMED_LITERAL_STRING(capdesc, "capdesc.");
-    int32_t pos;
-    int32_t index = kNotFound;
-    nsresult rv;
-
-    NS_ASSERTION(kNotFound == -1, "Basic constant changed, algorithm broken!");
-
-    do {
-        pos = index+1;
-        index = aCapability.FindChar(' ', pos);
-        rawcap = Substring(aCapability, pos,
-                           (index == kNotFound) ? index : index - pos);
-
-        nsXPIDLString capstr;
-        rv = sStrBundle->GetStringFromName(
-                            nsPromiseFlatString(capdesc+rawcap).get(),
-                            getter_Copies(capstr));
-        if (NS_SUCCEEDED(rv))
-            newcaps += capstr;
-        else
-        {
-            nsXPIDLString extensionCap;
-            const PRUnichar* formatArgs[] = { rawcap.get() };
-            rv = sStrBundle->FormatStringFromName(
-                                NS_LITERAL_STRING("ExtensionCapability").get(),
-                                formatArgs,
-                                ArrayLength(formatArgs),
-                                getter_Copies(extensionCap));
-            if (NS_SUCCEEDED(rv))
-                newcaps += extensionCap;
-            else
-                newcaps += rawcap;
-        }
-
-        newcaps += NS_LITERAL_STRING("\n");
-    } while (index != kNotFound);
-
-    aCapability = newcaps;
-}
-
-NS_IMETHODIMP
-nsScriptSecurityManager::RequestCapability(nsIPrincipal* aPrincipal,
-                                           const char *capability, int16_t* canEnable)
-{
-    if (NS_FAILED(aPrincipal->CanEnableCapability(capability, canEnable)))
-        return NS_ERROR_FAILURE;
-    // The confirm dialog is no longer supported. All of this stuff is going away
-    // real soon now anyhow.
-    if (*canEnable == nsIPrincipal::ENABLE_WITH_USER_PERMISSION)
-        *canEnable = nsIPrincipal::ENABLE_DENIED;
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-nsScriptSecurityManager::EnableCapability(const char *capability)
-{
-    JSContext *cx = GetCurrentJSContext();
-    JSStackFrame *fp;
-
-    //-- Error checks for capability string length (200)
-    if(PL_strlen(capability)>200)
-    {
-        static const char msg[] = "Capability name too long";
-        SetPendingException(cx, msg);
-        return NS_ERROR_FAILURE;
-    }
-
-    //-- Check capability string for valid characters
-    //
-    //   Logically we might have wanted this in nsPrincipal, but performance
-    //   worries dictate it can't go in IsCapabilityEnabled() and we may have
-    //   to show the capability on a dialog before we call the principal's
-    //   EnableCapability().
-    //
-    //   We don't need to validate the capability string on the other APIs
-    //   available to web content. Without the ability to enable junk then
-    //   isPrivilegeEnabled, disablePrivilege, and revertPrivilege all do
-    //   the right thing (effectively nothing) when passed unallowed chars.
-    for (const char *ch = capability; *ch; ++ch)
-    {
-        if (!NS_IS_ALPHA(*ch) && *ch != ' ' && !NS_IS_DIGIT(*ch)
-            && *ch != '_' && *ch != '-' && *ch != '.')
-        {
-            static const char msg[] = "Invalid character in capability name";
-            SetPendingException(cx, msg);
-            return NS_ERROR_FAILURE;
-        }
-    }
-
-    nsresult rv;
-    nsIPrincipal* principal = GetPrincipalAndFrame(cx, &fp, &rv);
-    if (NS_FAILED(rv))
-        return rv;
-    if (!principal)
-        return NS_ERROR_NOT_AVAILABLE;
-
-    void *annotation = JS_GetFrameAnnotation(cx, fp);
-    bool enabled;
-    if (NS_FAILED(principal->IsCapabilityEnabled(capability, annotation,
-                                                 &enabled)))
-        return NS_ERROR_FAILURE;
-    if (enabled)
-        return NS_OK;
-
-    int16_t canEnable;
-    if (NS_FAILED(RequestCapability(principal, capability, &canEnable)))
-        return NS_ERROR_FAILURE;
-
-    if (canEnable != nsIPrincipal::ENABLE_GRANTED)
-    {
-        nsAutoCString val;
-        bool hasCert;
-        nsresult rv;
-        principal->GetHasCertificate(&hasCert);
-        if (hasCert)
-            rv = principal->GetPrettyName(val);
-        else
-            rv = GetPrincipalDomainOrigin(principal, val);
-
-        if (NS_FAILED(rv))
-            return rv;
-
-        NS_ConvertUTF8toUTF16 location(val);
-        NS_ConvertUTF8toUTF16 cap(capability);
-        const PRUnichar *formatStrings[] = { location.get(), cap.get() };
-
-        nsXPIDLString message;
-        rv = sStrBundle->FormatStringFromName(NS_LITERAL_STRING("EnableCapabilityDenied").get(),
-                                              formatStrings,
-                                              ArrayLength(formatStrings),
-                                              getter_Copies(message));
-        if (NS_FAILED(rv))
-            return rv;
-
-        SetPendingException(cx, message.get());
-
-        return NS_ERROR_FAILURE; // XXX better error code?
-    }
-    if (NS_FAILED(principal->EnableCapability(capability, &annotation)))
-        return NS_ERROR_FAILURE;
-    JS_SetTopFrameAnnotation(cx, annotation);
-    return NS_OK;
-}
-
 ////////////////////////////////////////////////
 // Methods implementing nsIXPCSecurityManager //
 ////////////////////////////////////////////////
@@ -2779,9 +2621,8 @@ nsScriptSecurityManager::CheckXPCPermissions(JSContext* cx,
                                              nsIPrincipal* aSubjectPrincipal,
                                              const char* aObjectSecurityLevel)
 {
-    //-- Check for the all-powerful UniversalXPConnect privilege
-    bool ok = false;
-    if (NS_SUCCEEDED(IsCapabilityEnabled("UniversalXPConnect", &ok)) && ok)
+    // Check if the subject is privileged.
+    if (SubjectIsPrivileged())
         return NS_OK;
 
     //-- If the object implements nsISecurityCheckedComponent, it has a non-default policy.
@@ -2827,9 +2668,7 @@ nsScriptSecurityManager::CheckXPCPermissions(JSContext* cx,
         }
         else if (PL_strcasecmp(aObjectSecurityLevel, "noAccess") != 0)
         {
-            bool canAccess = false;
-            if (NS_SUCCEEDED(IsCapabilityEnabled(aObjectSecurityLevel, &canAccess)) &&
-                canAccess)
+            if (SubjectIsPrivileged())
                 return NS_OK;
         }
     }

ipc/testshell/XPCShellEnvironment.cpp

@@ -786,29 +786,6 @@ FullTrustSecMan::GetDocShellCodebasePrincipal(nsIURI *aURI,
     return GetSimpleCodebasePrincipal(aURI, _retval);
 }
 
-NS_IMETHODIMP
-FullTrustSecMan::RequestCapability(nsIPrincipal *principal,
-                                   const char *capability,
-                                   int16_t *_retval)
-{
-    *_retval = nsIPrincipal::ENABLE_GRANTED;
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-FullTrustSecMan::IsCapabilityEnabled(const char *capability,
-                                     bool *_retval)
-{
-    *_retval = true;
-    return NS_OK;
-}
-
-NS_IMETHODIMP
-FullTrustSecMan::EnableCapability(const char *capability)
-{
-    return NS_OK;;
-}
-
 NS_IMETHODIMP
 FullTrustSecMan::GetObjectPrincipal(JSContext * cx,
                                     JSObject * obj,

js/xpconnect/shell/xpcshell.cpp

@@ -1421,30 +1421,6 @@ FullTrustSecMan::GetDocShellCodebasePrincipal(nsIURI *aURI, nsIDocShell* aDocShe
     return GetSimpleCodebasePrincipal(aURI, _retval);
 }
 
-/* [noscript] short requestCapability (in nsIPrincipal principal, in string capability); */
-NS_IMETHODIMP
-FullTrustSecMan::RequestCapability(nsIPrincipal *principal,
-                                   const char *capability, int16_t *_retval)
-{
-    *_retval = nsIPrincipal::ENABLE_GRANTED;
-    return NS_OK;
-}
-
-/* boolean isCapabilityEnabled (in string capability); */
-NS_IMETHODIMP
-FullTrustSecMan::IsCapabilityEnabled(const char *capability, bool *_retval)
-{
-    *_retval = true;
-    return NS_OK;
-}
-
-/* void enableCapability (in string capability); */
-NS_IMETHODIMP
-FullTrustSecMan::EnableCapability(const char *capability)
-{
-    return NS_OK;;
-}
-
 /* [noscript] nsIPrincipal getObjectPrincipal (in JSContextPtr cx, in JSObjectPtr obj); */
 NS_IMETHODIMP
 FullTrustSecMan::GetObjectPrincipal(JSContext * cx, JSObject * obj,