AuroraMiddleware/v8
1
0
Fork 0
Code Issues 2 Pull Requests Releases Wiki Activity

Pass the context from which a given receiver is accessed explicitly

Browse Source 
This will allow for probing access from any context to any receiver in a
future CL.

BUG=none
R=jkummerow@chromium.org,verwaest@chromium.org
LOG=n

Review URL: https://codereview.chromium.org/1398093002

Cr-Commit-Position: refs/heads/master@{#31196}
This commit is contained in:
jochen 2015-10-09 06:25:39 -07:00 committed by Commit bot
parent 2e8181acd5
commit 5e47350645
8 changed files with 44 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/api.cc
View File

@ -3498,7 +3498,8 @@ Maybe<bool> v8::Object::DefineOwnProperty(v8::Local<v8::Context> context,
auto key_obj = Utils::OpenHandle(*key);
auto value_obj = Utils::OpenHandle(*value);
if (self->IsAccessCheckNeeded() && !isolate->MayAccess(self)) {
if (self->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), self)) {
isolate->ReportFailedAccessCheck(self);
return Nothing<bool>();
}

2
src/builtins.cc
View File

@ -1646,7 +1646,7 @@ MUST_USE_RESULT static MaybeHandle<Object> HandleApiCallHelper(
Handle<Object> receiver(&args[0]);
if (receiver->IsJSObject() && receiver->IsAccessCheckNeeded()) {
Handle<JSObject> js_receiver = Handle<JSObject>::cast(receiver);
if (!isolate->MayAccess(js_receiver)) {
if (!isolate->MayAccess(handle(isolate->context()), js_receiver)) {
isolate->ReportFailedAccessCheck(js_receiver);
RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
}

22
src/isolate.cc
View File

@ -782,12 +782,12 @@ bool Isolate::IsInternallyUsedPropertyName(Object* name) {
}
bool Isolate::MayAccess(Handle<JSObject> receiver) {
bool Isolate::MayAccess(Handle<Context> accessing_context,
Handle<JSObject> receiver) {
DCHECK(receiver->IsJSGlobalProxy() || receiver->IsAccessCheckNeeded());
// Check for compatibility between the security tokens in the
// current lexical context and the accessed object.
DCHECK(context());
{
DisallowHeapAllocation no_gc;
@ -801,7 +801,8 @@ bool Isolate::MayAccess(Handle<JSObject> receiver) {
// Get the native context of current top context.
// avoid using Isolate::native_context() because it uses Handle.
Context* native_context = context()->global_object()->native_context();
Context* native_context =
accessing_context->global_object()->native_context();
if (receiver_context == native_context) return true;
if (Context::cast(receiver_context)->security_token() ==
@ -824,11 +825,16 @@ bool Isolate::MayAccess(Handle<JSObject> receiver) {
LOG(this, ApiSecurityCheck());
// Leaving JavaScript.
VMState<EXTERNAL> state(this);
Handle<Object> key = factory()->undefined_value();
return callback(v8::Utils::ToLocal(receiver), v8::Utils::ToLocal(key),
v8::ACCESS_HAS, v8::Utils::ToLocal(data));
{
SaveContext save(this);
set_context(accessing_context->native_context());
// Leaving JavaScript.
VMState<EXTERNAL> state(this);
Handle<Object> key = factory()->undefined_value();
return callback(v8::Utils::ToLocal(receiver), v8::Utils::ToLocal(key),
v8::ACCESS_HAS, v8::Utils::ToLocal(data));
}
}

4
src/isolate.h
View File

@ -679,11 +679,11 @@ class Isolate {
Handle<JSArray> GetDetailedFromSimpleStackTrace(
Handle<JSObject> error_object);
// Returns if the top context may access the given global object. If
// Returns if the given context may access the given global object. If
// the result is false, the pending exception is guaranteed to be
// set.
bool MayAccess(Handle<Context> accessing_context, Handle<JSObject> receiver);
bool MayAccess(Handle<JSObject> receiver);
bool IsInternallyUsedPropertyName(Handle<Object> name);
bool IsInternallyUsedPropertyName(Object* name);

3
src/lookup.cc
View File

@ -134,7 +134,8 @@ Handle<JSObject> LookupIterator::GetStoreTarget() const {
bool LookupIterator::HasAccess() const {
DCHECK_EQ(ACCESS_CHECK, state_);
return isolate_->MayAccess(GetHolder<JSObject>());
return isolate_->MayAccess(handle(isolate_->context()),
GetHolder<JSObject>());
}

12
src/objects.cc
View File

@ -6001,7 +6001,8 @@ Maybe<bool> JSObject::PreventExtensionsInternal(Handle<JSObject> object) {
return PreventExtensionsWithTransition<NONE>(object);
}
if (object->IsAccessCheckNeeded() && !isolate->MayAccess(object)) {
if (object->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), object)) {
isolate->ReportFailedAccessCheck(object);
RETURN_VALUE_IF_SCHEDULED_EXCEPTION(isolate, Nothing<bool>());
UNREACHABLE();
@ -6067,7 +6068,8 @@ MaybeHandle<Object> JSObject::PreventExtensions(Handle<JSObject> object) {
bool JSObject::IsExtensible(Handle<JSObject> object) {
Isolate* isolate = object->GetIsolate();
if (object->IsAccessCheckNeeded() && !isolate->MayAccess(object)) {
if (object->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), object)) {
return true;
}
if (object->IsJSGlobalProxy()) {
@ -6113,7 +6115,8 @@ Maybe<bool> JSObject::PreventExtensionsWithTransition(Handle<JSObject> object) {
DCHECK(!object->map()->is_observed());
Isolate* isolate = object->GetIsolate();
if (object->IsAccessCheckNeeded() && !isolate->MayAccess(object)) {
if (object->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), object)) {
isolate->ReportFailedAccessCheck(object);
RETURN_VALUE_IF_SCHEDULED_EXCEPTION(isolate, Nothing<bool>());
UNREACHABLE();
@ -6921,7 +6924,8 @@ MaybeHandle<FixedArray> JSReceiver::GetKeys(Handle<JSReceiver> object,
Handle<JSObject> current = PrototypeIterator::GetCurrent<JSObject>(iter);
// Check access rights if required.
if (current->IsAccessCheckNeeded() && !isolate->MayAccess(current)) {
if (current->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), current)) {
if (iter.IsAtEnd(PrototypeIterator::END_AT_NON_HIDDEN)) {
isolate->ReportFailedAccessCheck(current);
RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, FixedArray);

12
src/runtime/runtime-classes.cc
View File

@ -269,7 +269,8 @@ static MaybeHandle<Object> LoadFromSuper(Isolate* isolate,
Handle<JSObject> home_object,
Handle<Name> name,
LanguageMode language_mode) {
if (home_object->IsAccessCheckNeeded() && !isolate->MayAccess(home_object)) {
if (home_object->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), home_object)) {
isolate->ReportFailedAccessCheck(home_object);
RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
}
@ -293,7 +294,8 @@ static MaybeHandle<Object> LoadElementFromSuper(Isolate* isolate,
Handle<JSObject> home_object,
uint32_t index,
LanguageMode language_mode) {
if (home_object->IsAccessCheckNeeded() && !isolate->MayAccess(home_object)) {
if (home_object->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), home_object)) {
isolate->ReportFailedAccessCheck(home_object);
RETURN_EXCEPTION_IF_SCHEDULED_EXCEPTION(isolate, Object);
}
@ -369,7 +371,8 @@ RUNTIME_FUNCTION(Runtime_LoadKeyedFromSuper) {
static Object* StoreToSuper(Isolate* isolate, Handle<JSObject> home_object,
Handle<Object> receiver, Handle<Name> name,
Handle<Object> value, LanguageMode language_mode) {
if (home_object->IsAccessCheckNeeded() && !isolate->MayAccess(home_object)) {
if (home_object->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), home_object)) {
isolate->ReportFailedAccessCheck(home_object);
RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
}
@ -393,7 +396,8 @@ static Object* StoreElementToSuper(Isolate* isolate,
Handle<Object> receiver, uint32_t index,
Handle<Object> value,
LanguageMode language_mode) {
if (home_object->IsAccessCheckNeeded() && !isolate->MayAccess(home_object)) {
if (home_object->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), home_object)) {
isolate->ReportFailedAccessCheck(home_object);
RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
}

10
src/runtime/runtime-object.cc
View File

@ -160,9 +160,11 @@ RUNTIME_FUNCTION(Runtime_GetPrototype) {
// We don't expect access checks to be needed on JSProxy objects.
DCHECK(!obj->IsAccessCheckNeeded() || obj->IsJSObject());
PrototypeIterator iter(isolate, obj, PrototypeIterator::START_AT_RECEIVER);
Handle<Context> context(isolate->context());
do {
if (PrototypeIterator::GetCurrent(iter)->IsAccessCheckNeeded() &&
!isolate->MayAccess(PrototypeIterator::GetCurrent<JSObject>(iter))) {
!isolate->MayAccess(context,
PrototypeIterator::GetCurrent<JSObject>(iter))) {
return isolate->heap()->null_value();
}
iter.AdvanceIgnoringProxies();
@ -193,7 +195,8 @@ RUNTIME_FUNCTION(Runtime_SetPrototype) {
DCHECK(args.length() == 2);
CONVERT_ARG_HANDLE_CHECKED(JSObject, obj, 0);
CONVERT_ARG_HANDLE_CHECKED(Object, prototype, 1);
if (obj->IsAccessCheckNeeded() && !isolate->MayAccess(obj)) {
if (obj->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), obj)) {
isolate->ReportFailedAccessCheck(obj);
RETURN_FAILURE_IF_SCHEDULED_EXCEPTION(isolate);
return isolate->heap()->undefined_value();
@ -849,7 +852,8 @@ RUNTIME_FUNCTION(Runtime_GetOwnPropertyNames) {
CHECK_EQ(total_property_count, next_copy_index);
if (object->IsAccessCheckNeeded() && !isolate->MayAccess(object)) {
if (object->IsAccessCheckNeeded() &&
!isolate->MayAccess(handle(isolate->context()), object)) {
for (int i = 0; i < total_property_count; i++) {
Handle<Name> name(Name::cast(names->get(i)));
if (name.is_identical_to(hidden_string)) continue;