1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ 2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */ 3 /* This Source Code Form is subject to the terms of the Mozilla Public 4 * License, v. 2.0. If a copy of the MPL was not distributed with this 5 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 6 7 #ifndef _xpc_WRAPPERFACTORY_H 8 #define _xpc_WRAPPERFACTORY_H 9 10 #include "js/Wrapper.h" 11 12 namespace xpc { 13 14 /** 15 * A wrapper that's only used for cross-origin objects. This should be 16 * just like a CrossCompartmentWrapper but (as an implementation 17 * detail) doesn't actually do any compartment-entering and (as an 18 * implementation detail) delegates all the security decisions and 19 * compartment-entering to the target object, which is always a 20 * proxy. 21 * 22 * We could also inherit from CrossCompartmentWrapper but then we 23 * would need to override all the proxy hooks to avoid the 24 * compartment-entering bits. 25 */ 26 class CrossOriginObjectWrapper : public js::Wrapper { 27 public: 28 // We want to claim to have a security policy, so code doesn't just 29 // CheckedUnwrap us willy-nilly. But we're OK with the BaseProxyHandler 30 // implementation of enter(), which allows entering. Our target is what 31 // really does the security checks. 32 // 33 // We don't want to inherit from CrossCompartmentWrapper, because we don't 34 // want the compartment-entering behavior it has. But we do want to set the 35 // CROSS_COMPARTMENT flag on js::Wrapper so that we test true for 36 // is<js::CrossCompartmentWrapperObject> and so forth. CrossOriginObjectWrapper()37 constexpr explicit CrossOriginObjectWrapper() 38 : js::Wrapper(CROSS_COMPARTMENT, /* aHasPrototype = */ false, 39 /* aHasSecurityPolicy = */ true) {} 40 41 bool dynamicCheckedUnwrapAllowed(JS::HandleObject obj, 42 JSContext* cx) const override; 43 44 static const CrossOriginObjectWrapper singleton; 45 }; 46 47 class WrapperFactory { 48 public: 49 enum { 50 WAIVE_XRAY_WRAPPER_FLAG = js::Wrapper::LAST_USED_FLAG << 1, 51 IS_XRAY_WRAPPER_FLAG = WAIVE_XRAY_WRAPPER_FLAG << 1 52 }; 53 54 // Return true if any of any of the nested wrappers have the flag set. HasWrapperFlag(JSObject * wrapper,unsigned flag)55 static bool HasWrapperFlag(JSObject* wrapper, unsigned flag) { 56 unsigned flags = 0; 57 js::UncheckedUnwrap(wrapper, true, &flags); 58 return !!(flags & flag); 59 } 60 IsXrayWrapper(JSObject * wrapper)61 static bool IsXrayWrapper(JSObject* wrapper) { 62 return HasWrapperFlag(wrapper, IS_XRAY_WRAPPER_FLAG); 63 } 64 IsCrossOriginWrapper(JSObject * obj)65 static bool IsCrossOriginWrapper(JSObject* obj) { 66 return (js::IsProxy(obj) && 67 js::GetProxyHandler(obj) == &CrossOriginObjectWrapper::singleton); 68 } 69 70 static bool IsOpaqueWrapper(JSObject* obj); 71 HasWaiveXrayFlag(JSObject * wrapper)72 static bool HasWaiveXrayFlag(JSObject* wrapper) { 73 return HasWrapperFlag(wrapper, WAIVE_XRAY_WRAPPER_FLAG); 74 } 75 76 static bool IsCOW(JSObject* wrapper); 77 78 static JSObject* GetXrayWaiver(JS::HandleObject obj); 79 // If allowExisting is true, there is an existing waiver for obj in 80 // its scope, but we want to replace it with the new one. 81 static JSObject* CreateXrayWaiver(JSContext* cx, JS::HandleObject obj, 82 bool allowExisting = false); 83 static JSObject* WaiveXray(JSContext* cx, JSObject* obj); 84 85 // Computes whether we should allow the creation of an Xray waiver from 86 // |target| to |origin|. 87 static bool AllowWaiver(JS::Compartment* target, JS::Compartment* origin); 88 89 // Convenience method for the above, operating on a wrapper. 90 static bool AllowWaiver(JSObject* wrapper); 91 92 // Prepare a given object for wrapping in a new compartment. 93 static void PrepareForWrapping(JSContext* cx, JS::HandleObject scope, 94 JS::HandleObject origObj, JS::HandleObject obj, 95 JS::HandleObject objectPassedToWrap, 96 JS::MutableHandleObject retObj); 97 98 // Rewrap an object that is about to cross compartment boundaries. 99 static JSObject* Rewrap(JSContext* cx, JS::HandleObject existing, 100 JS::HandleObject obj); 101 102 // Wrap wrapped object into a waiver wrapper and then re-wrap it. 103 static bool WaiveXrayAndWrap(JSContext* cx, JS::MutableHandleValue vp); 104 static bool WaiveXrayAndWrap(JSContext* cx, JS::MutableHandleObject object); 105 }; 106 107 } // namespace xpc 108 109 #endif /* _xpc_WRAPPERFACTORY_H */ 110