Initial import of the Chrome Frame codebase. Integration in chrome.gyp coming...

chrome_frame/ff_30_privilege_check.cc

+// Copyright (c) 2009 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+// This file relies on the 1.9 version of the unfrozen interfaces
+// "nsIScriptSecurityManager" and "nsIScriptObjectPrincipal"
+// from gecko 1.9, which means that this implementation is specific to
+// FireFox 3.0 and any other browsers built from the same gecko version.
+// See [http://en.wikipedia.org/wiki/Gecko_(layout_engine]
+// It's a good bet that nsIScriptSecurityManager will change for gecko
+// 1.9.1 and FireFox 3.5, in which case we'll need another instance of this
+// code for the 3.5 version of FireFox.
+
+// Gecko headers need this on Windows.
+#define XP_WIN
+#include "chrome_frame/script_security_manager.h"
+#include "third_party/xulrunner-sdk/win/include/dom/nsIScriptObjectPrincipal.h"
+#include "third_party/xulrunner-sdk/win/include/xpcom/nsIServiceManager.h"
+
+// These are needed to work around typedef conflicts in chrome headers.
+#define _UINT32
+#define _INT32
+
+#include "chrome_frame/np_browser_functions.h"
+#include "chrome_frame/scoped_ns_ptr_win.h"
+#include "chrome_frame/ns_associate_iid_win.h"
+#include "base/logging.h"
+
+ASSOCIATE_IID(NS_ISERVICEMANAGER_IID_STR, nsIServiceManager);
+
+namespace {
+// Unfortunately no NS_ISCRIPTOBJECTPRINCIPAL_IID_STR
+// defined for this interface
+nsIID IID_nsIScriptObjectPrincipal = NS_ISCRIPTOBJECTPRINCIPAL_IID;
+}  // namespace
+
+// Returns true iff we're being instantiated into a document
+// that has the system principal's privileges
+bool IsFireFoxPrivilegedInvocation(NPP instance) {
+  ScopedNsPtr<nsIServiceManager> service_manager;
+  NPError nperr = npapi::GetValue(instance, NPNVserviceManager,
+                                  service_manager.Receive());
+  if (nperr != NPERR_NO_ERROR || !service_manager.get())
+    return false;
+  DCHECK(service_manager);
+
+  // Get the document.
+  ScopedNsPtr<nsISupports> window;
+  nperr = npapi::GetValue(instance, NPNVDOMWindow, window.Receive());
+  if (nperr != NPERR_NO_ERROR || !window.get())
+    return false;
+  DCHECK(window);
+
+  // This interface allows us access to the window's principal.
+  ScopedNsPtr<nsIScriptObjectPrincipal, &IID_nsIScriptObjectPrincipal>
+      script_object_principal;
+  nsresult err = script_object_principal.QueryFrom(window);
+  if (NS_FAILED(err) || !script_object_principal.get())
+    return false;
+  DCHECK(script_object_principal);
+
+  // For regular HTML windows, this will be a principal encoding the
+  // document's origin. For browser XUL, this will be the all-powerful
+  // system principal.
+  nsIPrincipal* window_principal = script_object_principal->GetPrincipal();
+  DCHECK(window_principal);
+  if (!window_principal)
+    return false;
+
+  // Get the script security manager.
+  ScopedNsPtr<nsIScriptSecurityManager_FF35> security_manager_ff35;
+  PRBool is_system = PR_FALSE;
+
+  err = service_manager->GetServiceByContractID(
+      NS_SCRIPTSECURITYMANAGER_CONTRACTID,
+      nsIScriptSecurityManager_FF35::GetIID(),
+      reinterpret_cast<void**>(security_manager_ff35.Receive()));
+  if (NS_SUCCEEDED(err) && security_manager_ff35.get()) {
+    err = security_manager_ff35->IsSystemPrincipal(window_principal,
+                                                   &is_system);
+    if (NS_FAILED(err))
+      is_system = PR_FALSE;
+  } else {
+    ScopedNsPtr<nsIScriptSecurityManager_FF30> security_manager_ff30;
+    err = service_manager->GetServiceByContractID(
+        NS_SCRIPTSECURITYMANAGER_CONTRACTID,
+        nsIScriptSecurityManager_FF30::GetIID(),
+        reinterpret_cast<void**>(security_manager_ff30.Receive()));
+    if (NS_SUCCEEDED(err) && security_manager_ff30.get()) {
+      err = security_manager_ff30->IsSystemPrincipal(window_principal,
+                                                     &is_system);
+    }
+
+    if (NS_FAILED(err))
+      is_system = PR_FALSE;
+  }
+
+  return is_system == PR_TRUE;
+}