1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
// Copyright (c) 2009 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
// This file relies on the 1.9 version of the unfrozen interfaces
// "nsIScriptSecurityManager" and "nsIScriptObjectPrincipal"
// from gecko 1.9, which means that this implementation is specific to
// FireFox 3.0 and any other browsers built from the same gecko version.
// See [http://en.wikipedia.org/wiki/Gecko_(layout_engine]
// It's a good bet that nsIScriptSecurityManager will change for gecko
// 1.9.1 and FireFox 3.5, in which case we'll need another instance of this
// code for the 3.5 version of FireFox.
// Gecko headers need this on Windows.
#define XP_WIN
#include "chrome_frame/script_security_manager.h"
#include "third_party/xulrunner-sdk/win/include/dom/nsIScriptObjectPrincipal.h"
#include "third_party/xulrunner-sdk/win/include/xpcom/nsIServiceManager.h"
// These are needed to work around typedef conflicts in chrome headers.
#define _UINT32
#define _INT32
#include "chrome_frame/np_browser_functions.h"
#include "chrome_frame/scoped_ns_ptr_win.h"
#include "chrome_frame/ns_associate_iid_win.h"
#include "base/logging.h"
ASSOCIATE_IID(NS_ISERVICEMANAGER_IID_STR, nsIServiceManager);
namespace {
// Unfortunately no NS_ISCRIPTOBJECTPRINCIPAL_IID_STR
// defined for this interface
nsIID IID_nsIScriptObjectPrincipal = NS_ISCRIPTOBJECTPRINCIPAL_IID;
} // namespace
// Returns true iff we're being instantiated into a document
// that has the system principal's privileges
bool IsFireFoxPrivilegedInvocation(NPP instance) {
ScopedNsPtr<nsIServiceManager> service_manager;
NPError nperr = npapi::GetValue(instance, NPNVserviceManager,
service_manager.Receive());
if (nperr != NPERR_NO_ERROR || !service_manager.get())
return false;
DCHECK(service_manager);
// Get the document.
ScopedNsPtr<nsISupports> window;
nperr = npapi::GetValue(instance, NPNVDOMWindow, window.Receive());
if (nperr != NPERR_NO_ERROR || !window.get())
return false;
DCHECK(window);
// This interface allows us access to the window's principal.
ScopedNsPtr<nsIScriptObjectPrincipal, &IID_nsIScriptObjectPrincipal>
script_object_principal;
nsresult err = script_object_principal.QueryFrom(window);
if (NS_FAILED(err) || !script_object_principal.get())
return false;
DCHECK(script_object_principal);
// For regular HTML windows, this will be a principal encoding the
// document's origin. For browser XUL, this will be the all-powerful
// system principal.
nsIPrincipal* window_principal = script_object_principal->GetPrincipal();
DCHECK(window_principal);
if (!window_principal)
return false;
// Get the script security manager.
ScopedNsPtr<nsIScriptSecurityManager_FF35> security_manager_ff35;
PRBool is_system = PR_FALSE;
err = service_manager->GetServiceByContractID(
NS_SCRIPTSECURITYMANAGER_CONTRACTID,
nsIScriptSecurityManager_FF35::GetIID(),
reinterpret_cast<void**>(security_manager_ff35.Receive()));
if (NS_SUCCEEDED(err) && security_manager_ff35.get()) {
err = security_manager_ff35->IsSystemPrincipal(window_principal,
&is_system);
if (NS_FAILED(err))
is_system = PR_FALSE;
} else {
ScopedNsPtr<nsIScriptSecurityManager_FF30> security_manager_ff30;
err = service_manager->GetServiceByContractID(
NS_SCRIPTSECURITYMANAGER_CONTRACTID,
nsIScriptSecurityManager_FF30::GetIID(),
reinterpret_cast<void**>(security_manager_ff30.Receive()));
if (NS_SUCCEEDED(err) && security_manager_ff30.get()) {
err = security_manager_ff30->IsSystemPrincipal(window_principal,
&is_system);
}
if (NS_FAILED(err))
is_system = PR_FALSE;
}
return is_system == PR_TRUE;
}
|