Add API for access checks on observed objects

src/isolate.cc

Index: src/isolate.cc
diff --git a/src/isolate.cc b/src/isolate.cc
index 60e3379e15a4d848aad2fed45fdadd58c14d7354..c8e306871a75b051083c60f6e64dc299b4b506bd 100644
--- a/src/isolate.cc
+++ b/src/isolate.cc
@@ -879,8 +879,7 @@ enum MayAccessDecision {
 
 
 static MayAccessDecision MayAccessPreCheck(Isolate* isolate,
-                                           JSObject* receiver,
-                                           v8::AccessType type) {
+                                           JSObject* receiver) {
   // During bootstrapping, callback functions are not enabled yet.
   if (isolate->bootstrapper()->IsActive()) return YES;
 
@@ -918,7 +917,7 @@ bool Isolate::MayNamedAccess(JSObject* receiver, Object* key,
   // current lexical context and the accessed object.
   ASSERT(context());
 
-  MayAccessDecision decision = MayAccessPreCheck(this, receiver, type);
+  MayAccessDecision decision = MayAccessPreCheck(this, receiver);
   if (decision != UNKNOWN) return decision == YES;
 
   // Get named access check callback
@@ -961,7 +960,7 @@ bool Isolate::MayIndexedAccess(JSObject* receiver,
   // current lexical context and the accessed object.
   ASSERT(context());
 
-  MayAccessDecision decision = MayAccessPreCheck(this, receiver, type);
+  MayAccessDecision decision = MayAccessPreCheck(this, receiver);
   if (decision != UNKNOWN) return decision == YES;
 
   // Get indexed access check callback
@@ -995,6 +994,42 @@ bool Isolate::MayIndexedAccess(JSObject* receiver,
 }
 
 
+bool Isolate::MayObserveAccess(JSObject* receiver) {
+  ASSERT(receiver->IsAccessCheckNeeded());
+  // Check for compatibility between the security tokens in the
+  // current lexical context and the accessed object.
+  ASSERT(context());
+
+  MayAccessDecision decision = MayAccessPreCheck(this, receiver);
+  if (decision != UNKNOWN) return decision == YES;
+
+  JSFunction* constructor = JSFunction::cast(receiver->map()->constructor());
+  if (!constructor->shared()->IsApiFunction()) return false;
+
+  Object* data_obj =
+      constructor->shared()->get_api_func_data()->access_check_info();
+  if (data_obj == heap_.undefined_value()) return false;
+
+  Object* fun_obj = AccessCheckInfo::cast(data_obj)->observe_callback();
+  v8::ObserveSecurityCallback callback =
+      v8::ToCData<v8::ObserveSecurityCallback>(fun_obj);
+
+  if (!callback) return false;
+
+  HandleScope scope(this);
+  Handle<JSObject> receiver_handle(receiver, this);
+  Handle<Object> data(AccessCheckInfo::cast(data_obj)->data(), this);
+  bool result = false;
+  {
+    // Leaving JavaScript.
+    VMState state(this, EXTERNAL);
+    result = callback(v8::Utils::ToLocal(receiver_handle),
+                      v8::Utils::ToLocal(data));
+  }
+  return result;
+}
+
+
 const char* const Isolate::kStackOverflowMessage =
   "Uncaught RangeError: Maximum call stack size exceeded";