Add API for access checks on observed objects

src/isolate.cc

 // Copyright 2012 the V8 project authors. All rights reserved.
 // Redistribution and use in source and binary forms, with or without
 // modification, are permitted provided that the following conditions are
 // met:
 //
 //     * Redistributions of source code must retain the above copyright
 //       notice, this list of conditions and the following disclaimer.
 //     * Redistributions in binary form must reproduce the above
 //       copyright notice, this list of conditions and the following
 //       disclaimer in the documentation and/or other materials provided
@@ skipping 861 matching lines @@
   }
 }
 
 
 enum MayAccessDecision {
   YES, NO, UNKNOWN
 };
 
 
 static MayAccessDecision MayAccessPreCheck(Isolate* isolate,
-                                           JSObject* receiver,
-                                           v8::AccessType type) {
+                                           JSObject* receiver) {
   // During bootstrapping, callback functions are not enabled yet.
   if (isolate->bootstrapper()->IsActive()) return YES;
 
   if (receiver->IsJSGlobalProxy()) {
     Object* receiver_context = JSGlobalProxy::cast(receiver)->native_context();
     if (!receiver_context->IsContext()) return NO;
 
     // Get the native context of current top context.
     // avoid using Isolate::native_context() because it uses Handle.
     Context* native_context =
@@ skipping 17 matching lines @@
   AssertNoAllocation no_gc;
 
   // Skip checks for hidden properties access.  Note, we do not
   // require existence of a context in this case.
   if (key == heap_.hidden_symbol()) return true;
 
   // Check for compatibility between the security tokens in the
   // current lexical context and the accessed object.
   ASSERT(context());
 
-  MayAccessDecision decision = MayAccessPreCheck(this, receiver, type);
+  MayAccessDecision decision = MayAccessPreCheck(this, receiver);
   if (decision != UNKNOWN) return decision == YES;
 
   // Get named access check callback
   JSFunction* constructor = JSFunction::cast(receiver->map()->constructor());
   if (!constructor->shared()->IsApiFunction()) return false;
 
   Object* data_obj =
      constructor->shared()->get_api_func_data()->access_check_info();
   if (data_obj == heap_.undefined_value()) return false;
 
@@ skipping 22 matching lines @@
 
 
 bool Isolate::MayIndexedAccess(JSObject* receiver,
                                uint32_t index,
                                v8::AccessType type) {
   ASSERT(receiver->IsAccessCheckNeeded());
   // Check for compatibility between the security tokens in the
   // current lexical context and the accessed object.
   ASSERT(context());
 
-  MayAccessDecision decision = MayAccessPreCheck(this, receiver, type);
+  MayAccessDecision decision = MayAccessPreCheck(this, receiver);
   if (decision != UNKNOWN) return decision == YES;
 
   // Get indexed access check callback
   JSFunction* constructor = JSFunction::cast(receiver->map()->constructor());
   if (!constructor->shared()->IsApiFunction()) return false;
 
   Object* data_obj =
       constructor->shared()->get_api_func_data()->access_check_info();
   if (data_obj == heap_.undefined_value()) return false;
 
@@ skipping 13 matching lines @@
     VMState state(this, EXTERNAL);
     result = callback(v8::Utils::ToLocal(receiver_handle),
                       index,
                       type,
                       v8::Utils::ToLocal(data));
   }
   return result;
 }
 
 
+bool Isolate::MayObserveAccess(JSObject* receiver) {
+  ASSERT(receiver->IsAccessCheckNeeded());
+  // Check for compatibility between the security tokens in the
+  // current lexical context and the accessed object.
+  ASSERT(context());
+
+  MayAccessDecision decision = MayAccessPreCheck(this, receiver);
+  if (decision != UNKNOWN) return decision == YES;
+
+  JSFunction* constructor = JSFunction::cast(receiver->map()->constructor());
+  if (!constructor->shared()->IsApiFunction()) return false;
+
+  Object* data_obj =
+      constructor->shared()->get_api_func_data()->access_check_info();
+  if (data_obj == heap_.undefined_value()) return false;
+
+  Object* fun_obj = AccessCheckInfo::cast(data_obj)->observe_callback();
+  v8::ObserveSecurityCallback callback =
+      v8::ToCData<v8::ObserveSecurityCallback>(fun_obj);
+
+  if (!callback) return false;
+
+  HandleScope scope(this);
+  Handle<JSObject> receiver_handle(receiver, this);
+  Handle<Object> data(AccessCheckInfo::cast(data_obj)->data(), this);
+  bool result = false;
+  {
+    // Leaving JavaScript.
+    VMState state(this, EXTERNAL);
+    result = callback(v8::Utils::ToLocal(receiver_handle),
+                      v8::Utils::ToLocal(data));
+  }
+  return result;
+}
+
+
 const char* const Isolate::kStackOverflowMessage =
   "Uncaught RangeError: Maximum call stack size exceeded";
 
 
 Failure* Isolate::StackOverflow() {
   HandleScope scope;
   // At this point we cannot create an Error object using its javascript
   // constructor.  Instead, we copy the pre-constructed boilerplate and
   // attach the stack trace as a hidden property.
   Handle<String> key = factory()->stack_overflow_symbol();
@@ skipping 1202 matching lines @@
 
 #ifdef DEBUG
 #define ISOLATE_FIELD_OFFSET(type, name, ignored)                       \
 const intptr_t Isolate::name##_debug_offset_ = OFFSET_OF(Isolate, name##_);
 ISOLATE_INIT_LIST(ISOLATE_FIELD_OFFSET)
 ISOLATE_INIT_ARRAY_LIST(ISOLATE_FIELD_OFFSET)
 #undef ISOLATE_FIELD_OFFSET
 #endif
 
 } }  // namespace v8::internal