Bug 1379786, part 4 - Use GetIsSystemPrincipal() method instead of going through secman in CHECK_PRINCIPAL_AND_DATA. r=mrbkap
MozReview-Commit-ID: INBsjjxbXZz
--- a/dom/base/WebSocket.cpp
+++ b/dom/base/WebSocket.cpp
@@ -1587,18 +1587,17 @@ WebSocketImpl::Init(JSContext* aCx,
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_WEBSOCKET,
uri,
aPrincipal,
originDoc,
EmptyCString(),
nullptr,
&shouldLoad,
- nsContentUtils::GetContentPolicy(),
- nsContentUtils::GetSecurityManager());
+ nsContentUtils::GetContentPolicy());
NS_ENSURE_SUCCESS(rv, rv);
if (NS_CP_REJECTED(shouldLoad)) {
// Disallowed by content policy
return NS_ERROR_CONTENT_BLOCKED;
}
}
--- a/dom/base/nsContentPolicyUtils.h
+++ b/dom/base/nsContentPolicyUtils.h
@@ -168,103 +168,92 @@ NS_CP_ContentTypeName(uint32_t contentTy
* origin URI to use.
*
* Note: requestOrigin is scoped outside the PR_BEGIN_MACRO/PR_END_MACRO on
* purpose */
#define CHECK_PRINCIPAL_AND_DATA(action) \
nsCOMPtr<nsIURI> requestOrigin; \
PR_BEGIN_MACRO \
if (originPrincipal) { \
- nsCOMPtr<nsIScriptSecurityManager> secMan = aSecMan; \
- if (!secMan) { \
- secMan = do_GetService(NS_SCRIPTSECURITYMANAGER_CONTRACTID); \
- } \
- if (secMan) { \
- bool isSystem; \
- nsresult rv = secMan->IsSystemPrincipal(originPrincipal, \
- &isSystem); \
- NS_ENSURE_SUCCESS(rv, rv); \
- if (isSystem && contentType != nsIContentPolicy::TYPE_DOCUMENT) { \
- *decision = nsIContentPolicy::ACCEPT; \
- nsCOMPtr<nsINode> n = do_QueryInterface(context); \
- if (!n) { \
- nsCOMPtr<nsPIDOMWindowOuter> win = do_QueryInterface(context);\
- n = win ? win->GetExtantDoc() : nullptr; \
- } \
- if (n) { \
- nsIDocument* d = n->OwnerDoc(); \
- if (d->IsLoadedAsData() || d->IsBeingUsedAsImage() || \
- d->IsResourceDoc()) { \
- nsCOMPtr<nsIContentPolicy> dataPolicy = \
- do_GetService( \
+ bool isSystem = originPrincipal->GetIsSystemPrincipal(); \
+ if (isSystem && contentType != nsIContentPolicy::TYPE_DOCUMENT) { \
+ *decision = nsIContentPolicy::ACCEPT; \
+ nsCOMPtr<nsINode> n = do_QueryInterface(context); \
+ if (!n) { \
+ nsCOMPtr<nsPIDOMWindowOuter> win = do_QueryInterface(context); \
+ n = win ? win->GetExtantDoc() : nullptr; \
+ } \
+ if (n) { \
+ nsIDocument* d = n->OwnerDoc(); \
+ if (d->IsLoadedAsData() || d->IsBeingUsedAsImage() || \
+ d->IsResourceDoc()) { \
+ nsCOMPtr<nsIContentPolicy> dataPolicy = \
+ do_GetService( \
"@mozilla.org/data-document-content-policy;1"); \
- if (dataPolicy) { \
- nsContentPolicyType externalType = \
- nsContentUtils::InternalContentPolicyTypeToExternal(contentType);\
- dataPolicy-> action (externalType, contentLocation, \
- requestOrigin, context, \
- mimeType, extra, \
- originPrincipal, decision); \
- } \
+ if (dataPolicy) { \
+ nsContentPolicyType externalType = \
+ nsContentUtils::InternalContentPolicyTypeToExternal(contentType); \
+ dataPolicy-> action (externalType, contentLocation, \
+ requestOrigin, context, \
+ mimeType, extra, \
+ originPrincipal, decision); \
} \
} \
- return NS_OK; \
} \
+ return NS_OK; \
} \
nsresult rv = originPrincipal->GetURI(getter_AddRefs(requestOrigin)); \
NS_ENSURE_SUCCESS(rv, rv); \
} \
PR_END_MACRO
/**
* Alias for calling ShouldLoad on the content policy service. Parameters are
* the same as nsIContentPolicy::shouldLoad, except for the originPrincipal
- * parameter, which should be non-null if possible, and the last two
- * parameters, which can be used to pass in pointer to some useful services if
- * the caller already has them. The origin URI to pass to shouldLoad will be
- * the URI of originPrincipal, unless originPrincipal is null (in which case a
- * null origin URI will be passed).
+ * parameter, which should be non-null if possible, and the last parameter,
+ * which can be used to pass in a pointer to a useful service if the caller
+ * already has it. The origin URI to pass to shouldLoad will be the URI of
+ * originPrincipal, unless originPrincipal is null (in which case a null origin
+ * URI will be passed).
*/
inline nsresult
NS_CheckContentLoadPolicy(uint32_t contentType,
nsIURI *contentLocation,
nsIPrincipal *originPrincipal,
nsISupports *context,
const nsACString &mimeType,
nsISupports *extra,
int16_t *decision,
- nsIContentPolicy *policyService = nullptr,
- nsIScriptSecurityManager* aSecMan = nullptr)
+ nsIContentPolicy *policyService = nullptr)
{
CHECK_PRINCIPAL_AND_DATA(ShouldLoad);
if (policyService) {
CHECK_CONTENT_POLICY_WITH_SERVICE(ShouldLoad, policyService);
}
CHECK_CONTENT_POLICY(ShouldLoad);
}
/**
* Alias for calling ShouldProcess on the content policy service. Parameters
* are the same as nsIContentPolicy::shouldLoad, except for the originPrincipal
- * parameter, which should be non-null if possible, and the last two
- * parameters, which can be used to pass in pointer to some useful services if
- * the caller already has them. The origin URI to pass to shouldLoad will be
- * the URI of originPrincipal, unless originPrincipal is null (in which case a
- * null origin URI will be passed).
+ * parameter, which should be non-null if possible, and the last parameter,
+ * which can be used to pass in a pointer to a useful service if the caller
+ * already has it. The origin URI to pass to shouldLoad will be the URI of
+ * originPrincipal, unless originPrincipal is null (in which case a null origin
+ * URI will be passed).
*/
inline nsresult
NS_CheckContentProcessPolicy(uint32_t contentType,
nsIURI *contentLocation,
nsIPrincipal *originPrincipal,
nsISupports *context,
const nsACString &mimeType,
nsISupports *extra,
int16_t *decision,
- nsIContentPolicy *policyService = nullptr,
- nsIScriptSecurityManager* aSecMan = nullptr)
+ nsIContentPolicy *policyService = nullptr)
{
CHECK_PRINCIPAL_AND_DATA(ShouldProcess);
if (policyService) {
CHECK_CONTENT_POLICY_WITH_SERVICE(ShouldProcess, policyService);
}
CHECK_CONTENT_POLICY(ShouldProcess);
}
--- a/dom/base/nsContentUtils.cpp
+++ b/dom/base/nsContentUtils.cpp
@@ -3524,18 +3524,17 @@ nsContentUtils::CanLoadImage(nsIURI* aUR
rv = NS_CheckContentLoadPolicy(aContentType,
aURI,
aLoadingPrincipal,
aContext,
EmptyCString(), //mime guess
nullptr, //extra
&decision,
- GetContentPolicy(),
- sSecurityManager);
+ GetContentPolicy());
if (aImageBlockingStatus) {
*aImageBlockingStatus =
NS_FAILED(rv) ? nsIContentPolicy::REJECT_REQUEST : decision;
}
return NS_FAILED(rv) ? false : NS_CP_ACCEPTED(decision);
}
--- a/dom/base/nsObjectLoadingContent.cpp
+++ b/dom/base/nsObjectLoadingContent.cpp
@@ -1557,18 +1557,17 @@ nsObjectLoadingContent::CheckLoadPolicy(
*aContentPolicy = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(contentPolicyType,
mURI,
doc->NodePrincipal(),
thisContent,
mContentType,
nullptr, //extra
aContentPolicy,
- nsContentUtils::GetContentPolicy(),
- nsContentUtils::GetSecurityManager());
+ nsContentUtils::GetContentPolicy());
NS_ENSURE_SUCCESS(rv, false);
if (NS_CP_REJECTED(*aContentPolicy)) {
LOG(("OBJLC [%p]: Content policy denied load of %s",
this, mURI->GetSpecOrDefault().get()));
return false;
}
return true;
@@ -1611,18 +1610,17 @@ nsObjectLoadingContent::CheckProcessPoli
nsresult rv =
NS_CheckContentProcessPolicy(objectType,
mURI ? mURI : mBaseURI,
doc->NodePrincipal(),
static_cast<nsIImageLoadingContent*>(this),
mContentType,
nullptr, //extra
aContentPolicy,
- nsContentUtils::GetContentPolicy(),
- nsContentUtils::GetSecurityManager());
+ nsContentUtils::GetContentPolicy());
NS_ENSURE_SUCCESS(rv, false);
if (NS_CP_REJECTED(*aContentPolicy)) {
LOG(("OBJLC [%p]: CheckContentProcessPolicy rejected load", this));
return false;
}
return true;
--- a/dom/html/ImageDocument.cpp
+++ b/dom/html/ImageDocument.cpp
@@ -105,18 +105,17 @@ ImageListener::OnStartRequest(nsIRequest
int16_t decision = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentProcessPolicy(nsIContentPolicy::TYPE_INTERNAL_IMAGE,
channelURI,
channelPrincipal,
domWindow->GetFrameElementInternal(),
mimeType,
nullptr,
&decision,
- nsContentUtils::GetContentPolicy(),
- secMan);
+ nsContentUtils::GetContentPolicy());
if (NS_FAILED(rv) || NS_CP_REJECTED(decision)) {
request->Cancel(NS_ERROR_CONTENT_BLOCKED);
return NS_OK;
}
if (!imgDoc->mObservingImageLoader) {
nsCOMPtr<nsIImageLoadingContent> imageLoader = do_QueryInterface(imgDoc->mImageContent);
--- a/dom/script/ScriptLoader.cpp
+++ b/dom/script/ScriptLoader.cpp
@@ -295,18 +295,17 @@ ScriptLoader::CheckContentPolicy(nsIDocu
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(contentPolicyType,
aURI,
aDocument->NodePrincipal(),
aContext,
NS_LossyConvertUTF16toASCII(aType),
nullptr, //extra
&shouldLoad,
- nsContentUtils::GetContentPolicy(),
- nsContentUtils::GetSecurityManager());
+ nsContentUtils::GetContentPolicy());
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
if (NS_FAILED(rv) || shouldLoad != nsIContentPolicy::REJECT_TYPE) {
return NS_ERROR_CONTENT_BLOCKED;
}
return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
}
return NS_OK;
--- a/dom/security/nsContentSecurityManager.cpp
+++ b/dom/security/nsContentSecurityManager.cpp
@@ -391,18 +391,17 @@ DoContentSecurityChecks(nsIChannel* aCha
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(internalContentPolicyType,
uri,
principal,
requestingContext,
mimeTypeGuess,
nullptr, //extra,
&shouldLoad,
- nsContentUtils::GetContentPolicy(),
- nsContentUtils::GetSecurityManager());
+ nsContentUtils::GetContentPolicy());
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
if ((NS_SUCCEEDED(rv) && shouldLoad == nsIContentPolicy::REJECT_TYPE) &&
(contentPolicyType == nsIContentPolicy::TYPE_DOCUMENT ||
contentPolicyType == nsIContentPolicy::TYPE_SUBDOCUMENT)) {
// for docshell loads we might have to return SHOW_ALT.
return NS_ERROR_CONTENT_BLOCKED_SHOW_ALT;
}
--- a/dom/xml/nsXMLContentSink.cpp
+++ b/dom/xml/nsXMLContentSink.cpp
@@ -703,18 +703,17 @@ nsXMLContentSink::ProcessStyleLink(nsICo
int16_t decision = nsIContentPolicy::ACCEPT;
rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_XSLT,
url,
mDocument->NodePrincipal(),
aElement,
type,
nullptr,
&decision,
- nsContentUtils::GetContentPolicy(),
- nsContentUtils::GetSecurityManager());
+ nsContentUtils::GetContentPolicy());
NS_ENSURE_SUCCESS(rv, rv);
if (NS_CP_REJECTED(decision)) {
return NS_OK;
}
return LoadXSLStyleSheet(url);
--- a/image/imgLoader.cpp
+++ b/image/imgLoader.cpp
@@ -578,18 +578,17 @@ ShouldLoadCachedImage(imgRequest* aImgRe
int16_t decision = nsIContentPolicy::REJECT_REQUEST;
rv = NS_CheckContentLoadPolicy(aPolicyType,
contentLocation,
aLoadingPrincipal,
aLoadingContext,
EmptyCString(), //mime guess
nullptr, //aExtra
&decision,
- nsContentUtils::GetContentPolicy(),
- nsContentUtils::GetSecurityManager());
+ nsContentUtils::GetContentPolicy());
if (NS_FAILED(rv) || !NS_CP_ACCEPTED(decision)) {
return false;
}
// We call all Content Policies above, but we also have to call mcb
// individually to check the intermediary redirect hops are secure.
if (insecureRedirect) {
// Bug 1314356: If the image ended up in the cache upgraded by HSTS and the page
--- a/layout/style/FontFaceSet.cpp
+++ b/layout/style/FontFaceSet.cpp
@@ -1384,18 +1384,17 @@ FontFaceSet::IsFontLoadAllowed(nsIURI* a
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(nsIContentPolicy::TYPE_FONT,
aFontLocation,
aPrincipal,
mDocument,
EmptyCString(), // mime type
nullptr, // aExtra
&shouldLoad,
- nsContentUtils::GetContentPolicy(),
- nsContentUtils::GetSecurityManager());
+ nsContentUtils::GetContentPolicy());
return NS_SUCCEEDED(rv) && NS_CP_ACCEPTED(shouldLoad);
}
nsresult
FontFaceSet::SyncLoadFontData(gfxUserFontEntry* aFontToLoad,
const gfxFontFaceSrc* aFontFaceSrc,
uint8_t*& aBuffer,
--- a/layout/style/Loader.cpp
+++ b/layout/style/Loader.cpp
@@ -1073,18 +1073,17 @@ Loader::CheckContentPolicy(nsIPrincipal*
int16_t shouldLoad = nsIContentPolicy::ACCEPT;
nsresult rv = NS_CheckContentLoadPolicy(contentPolicyType,
aTargetURI,
aSourcePrincipal,
aContext,
NS_LITERAL_CSTRING("text/css"),
nullptr, //extra param
&shouldLoad,
- nsContentUtils::GetContentPolicy(),
- nsContentUtils::GetSecurityManager());
+ nsContentUtils::GetContentPolicy());
if (NS_FAILED(rv) || NS_CP_REJECTED(shouldLoad)) {
return NS_ERROR_CONTENT_BLOCKED;
}
return NS_OK;
}
/**
* CreateSheet() creates a CSSStyleSheet object for the given URI,