Last Comment Bug 451729 - Allow runtime's security callbacks to be overridden by a context
: Allow runtime's security callbacks to be overridden by a context
Status: RESOLVED FIXED
: dev-doc-needed
Product: Core
Classification: Components
Component: JavaScript Engine (show other bugs)
: unspecified
: All All
: -- normal (vote)
: mozilla1.9.1
Assigned To: Jason Orendorff [:jorendorff]
:
: Jason Orendorff [:jorendorff]
Mentors:
: 453373 (view as bug list)
Depends on:
Blocks: 450449 451731 453380
  Show dependency treegraph
 
Reported: 2008-08-22 10:14 PDT by Ben Turner (not reading bugmail, use the needinfo flag!)
Modified: 2011-03-08 09:51 PST (History)
10 users (show)
bob: in‑testsuite-
bob: in‑litmus-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
Move checkObjectAccess to JSContext, v1 (7.25 KB, patch)
2008-08-22 10:14 PDT, Ben Turner (not reading bugmail, use the needinfo flag!)
brendan: review+
Details | Diff | Splinter Review
Make callbacks overridable on the context, v1 (21.57 KB, patch)
2008-09-03 15:18 PDT, Ben Turner (not reading bugmail, use the needinfo flag!)
brendan: review+
Details | Diff | Splinter Review

Description Ben Turner (not reading bugmail, use the needinfo flag!) 2008-08-22 10:14:49 PDT
Created attachment 335066 [details] [diff] [review]
Move checkObjectAccess to JSContext, v1

checkObjectAccess is currently set on the JSRuntime and so my background threads are using caps (which is not threadsafe). I have my own sandbox so I'd like to make the checkObjectAccess settable from the context as I control the lifetime of the contexts I'm using. Patch attached.
Comment 1 Ben Turner (not reading bugmail, use the needinfo flag!) 2008-08-22 10:15:49 PDT
I'll file a followup to fix xpconnect, dom, and caps.
Comment 2 Ben Turner (not reading bugmail, use the needinfo flag!) 2008-08-22 10:20:50 PDT
(In reply to comment #1)
> I'll file a followup to fix xpconnect, dom, and caps.

Bug 451731.
Comment 3 Brendan Eich [:brendan] 2008-08-29 13:21:39 PDT
Comment on attachment 335066 [details] [diff] [review]
Move checkObjectAccess to JSContext, v1

Great, thanks. Who will do the dev-doc-needed deed? Do we even have API doc on this callback?

/be
Comment 4 Ben Turner (not reading bugmail, use the needinfo flag!) 2008-09-03 15:18:41 PDT
Created attachment 336732 [details] [diff] [review]
Make callbacks overridable on the context, v1

Talking about this with jst and brendan we decided to change directions here. We're going to leave the callbacks on the runtime as defaults that can be overridden by individual contexts. Also they've moved into their own callback struct.
Comment 5 Ben Turner (not reading bugmail, use the needinfo flag!) 2008-09-03 15:30:09 PDT
*** Bug 453373 has been marked as a duplicate of this bug. ***
Comment 6 Brendan Eich [:brendan] 2008-09-05 13:16:56 PDT
Comment on attachment 336732 [details] [diff] [review]
Make callbacks overridable on the context, v1

>+extern JS_PUBLIC_API(JSSecurityCallbacks *)
>+JS_SetSecurityCallbacksRT(JSRuntime *rt, JSSecurityCallbacks *callbacks);
>+
>+extern JS_PUBLIC_API(JSSecurityCallbacks *)
>+JS_GetSecurityCallbacksRT(JSRuntime *rt);
>+
>+extern JS_PUBLIC_API(JSSecurityCallbacks *)
>+JS_SetSecurityCallbacks(JSContext *cx, JSSecurityCallbacks *callbacks);

These are misnamed -- elsewhere, the RT suffix just means a change of parameters, not a change of semantics. Suggest JS_SetRuntimeSecurityCallbacks, JS_GetRuntimeSecurityCallbacks, and JS_SetContextSecurityCallbacks.

>+extern JS_PUBLIC_API(JSSecurityCallbacks *)
>+JS_GetSecurityCallbacks(JSContext *cx);

This one is different, and well-named. I can't think of a longer name that conveys how it falls back on the runtime's callbacks if the context has none set.

Looks great otherwise, r=me with name fixage.

/be
Comment 7 Ben Turner (not reading bugmail, use the needinfo flag!) 2008-09-05 17:32:47 PDT
Pushed changeset 7da53f4cd712 to mozilla-central with brendan's comments addressed.
Comment 8 Ben Turner (not reading bugmail, use the needinfo flag!) 2008-09-07 12:43:50 PDT
We're going to need some documentation updated for this change.

JS_SetCheckObjectAccessCallback, JS_SetPrincipalsTranscoder, and JS_SetObjectPrincipalsFinder have been superseded by JS_SetRuntimeSecurityCallbacks and JS_SetContextSecurityCallbacks.

Consumers that wish to use one of the callback functions should call JS_GetSecurityCallbacks which will favor the callbacks set on the context over those on the runtime.
Comment 9 Eric Shepherd [:sheppy] 2009-02-14 19:18:25 PST
Is someone going to write this up, or do I need to beg for details on these and do it myself? :)
Comment 10 Jason Orendorff [:jorendorff] 2009-02-18 13:27:47 PST
I added a bullet in the 1.8 release notes mentioning that the old APIs are deprecated and will be removed in 1.8.1.

I did some preliminary dev-doc stuff too but it's not done.
Comment 11 Eric Shepherd [:sheppy] 2009-04-22 13:35:21 PDT
jorend - any chance you can find time to finish these up?  I suspect it's much more efficient for you to do it than for me; if you can't, I'll take a whack at it though.
Comment 12 Eric Shepherd [:sheppy] 2009-05-21 07:38:46 PDT
Assigning to jorend for doc purposes.
Comment 13 Eric Shepherd [:sheppy] 2011-03-08 09:51:39 PST
In part, the docs would be here:

https://developer.mozilla.org/En/SpiderMonkey/JSAPI_Reference/JS_GetSecurityCallbacks

Note You need to log in before you can comment on or make changes to this bug.