Mercurial > spidermonkey-playground

changeset 10:16a605ff036c

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
The TCB can now define a global checkAccess() handler. It also has access to a lookupProperty() function that can retrieve an attribute of an object without initiating security checks or property getters.
author Atul Varma <varmaa@toolness.com>
date Fri, 19 Jun 2009 14:44:39 -0700
parents fcefc3e5a9df
children bde6607a3620
files spidermonkey-playground.cpp tcb.js
diffstat 2 files changed, 40 insertions(+), 17 deletions(-) [+]
line wrap: on
line diff
--- a/spidermonkey-playground.cpp	Fri Jun 19 12:50:42 2009 -0700
+++ b/spidermonkey-playground.cpp	Fri Jun 19 14:44:39 2009 -0700
@@ -7,6 +7,9 @@
 #define MAX_SCRIPT_SIZE 100000
 #define TCB_FILENAME "tcb.js"
 
+static JSContext *tcb_cx;
+static JSObject  *tcb_global;
+
 /* The class of the global object. */
 static JSClass global_class = {
   "global", JSCLASS_GLOBAL_FLAGS,
@@ -87,6 +90,22 @@
   return JS_TRUE;
 }
 
+static JSBool lookupProperty(JSContext *cx, JSObject *obj, uintN argc,
+                             jsval *argv, jsval *rval)
+{
+  JSObject *target;
+
+  if (argc < 2) {
+    JS_ReportError(cx, "Must provide id to lookup.");
+    return JS_FALSE;
+  }
+
+  if (!JS_ConvertArguments(cx, argc, argv, "o", &target))
+    return JS_FALSE;
+
+  return JS_LookupPropertyById(cx, target, argv[1], rval);
+}
+
 static JSBool stack(JSContext *cx, JSObject *obj, uintN argc, jsval *argv,
                     jsval *rval)
 {
@@ -191,14 +210,18 @@
 static JSBool checkAccess(JSContext *cx, JSObject *obj, jsval id,
                           JSAccessMode mode, jsval *vp)
 {
-  if (JSVAL_IS_STRING(id)) {
-    char *str;
-    if (!JS_ConvertArguments(cx, 1, &id, "s", &str)) {
-      printf("checkAccess() string conversion failed!\n");
-      return JS_FALSE;
-    }
-    printf("checkAccess: %s\n", str);
+  jsval checkAccess;
+  if (tcb_global && JS_GetProperty(tcb_cx, tcb_global, "checkAccess",
+                                   &checkAccess) &&
+      JSVAL_IS_OBJECT(checkAccess) &&
+      JS_ObjectIsFunction(tcb_cx, JSVAL_TO_OBJECT(checkAccess))) {
+    jsval argv[2];
+    argv[0] = OBJECT_TO_JSVAL(obj);
+    argv[1] = id;
+    return JS_CallFunctionValue(tcb_cx, tcb_global, checkAccess, 2, argv,
+                                vp);
   }
+
   return JS_LookupPropertyById(cx, obj, id, vp);
 }
 
@@ -207,6 +230,7 @@
   JS_FS("wrap",    wrap,    2, 0, 0),
   JS_FS("stack",   stack,   0, 0, 0),
   JS_FS("require", require, 2, 0, 0),
+  JS_FS("lookupProperty", lookupProperty, 2, 0, 0),
   JS_FS_END
 };
 
@@ -220,8 +244,6 @@
 {
   /* JS variables. */
   JSRuntime *rt;
-  JSContext *tcb_cx;
-  JSObject  *tcb_global;
 
   /* Create a JS runtime. */
   rt = JS_NewRuntime(8L * 1024L * 1024L);
--- a/tcb.js	Fri Jun 19 12:50:42 2009 -0700
+++ b/tcb.js	Fri Jun 19 14:44:39 2009 -0700
@@ -1,3 +1,12 @@
+// This security function is called by the platform whenever a
+// particular property needs to be accessed on a particular object.
+function checkAccess(obj, id) {
+  var frame = stack();
+  if (frame.filename != "tcb.js")
+    print("access request from " + frame.filename);
+  return lookupProperty(obj, id);
+}
+
 // This function is called by the platform whenever an uncaught exception
 // occurs.
 function handleError() {
@@ -19,10 +28,6 @@
   print(lines.join('\n'));
 }
 
-function showInfo() {
-  print("Hello World.");
-}
-
 function throwError() {
   function innerThrowError() {
     throw new Error("hi");
@@ -30,13 +35,9 @@
   innerThrowError();
 }
 
-showInfo();
 try {
-  print("about to throw.");
   throwError();
 } catch (e) {
-  printTraceback(lastExceptionTraceback);
-  print(e);
 }
 
 var module = require("sample-module.js", {blop: "hello"});