Issue %3005 - Centralize the Security Features and locate them to system/security

3 files changed, 0 insertions, 368 deletions

diff --git a/dom/interfaces/security/moz.build b/dom/interfaces/security/moz.build
deleted file mode 100644
index 2765b9869..000000000
--- a/dom/interfaces/security/moz.build
+++ /dev/null
@@ -1,12 +0,0 @@
-# -*- Mode: python; indent-tabs-mode: nil; tab-width: 40 -*-
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
-XPIDL_SOURCES += [
-    'nsIContentSecurityManager.idl',
-    'nsIContentSecurityPolicy.idl'
-]
-
-XPIDL_MODULE = 'dom_security'
-
diff --git a/dom/interfaces/security/nsIContentSecurityManager.idl b/dom/interfaces/security/nsIContentSecurityManager.idl
deleted file mode 100644
index 1a1c91021..000000000
--- a/dom/interfaces/security/nsIContentSecurityManager.idl
+++ /dev/null
@@ -1,56 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISupports.idl"
-
-interface nsIChannel;
-interface nsIPrincipal;
-interface nsIStreamListener;
-interface nsIURI;
-
-/**
- * nsIContentSecurityManager
- * Describes an XPCOM component used to perform security checks.
- */
-
-[scriptable, uuid(3a9a1818-2ae8-4ec5-a340-8b29d31fca3b)]
-interface nsIContentSecurityManager : nsISupports
-{
-  /**
-   * Checks whether a channel is allowed to access the given URI and
-   * whether the channel should be openend or should be blocked consulting
-   * internal security checks like Same Origin Policy, Content Security
-   * Policy, Mixed Content Blocker, etc.
-   *
-   * If security checks within performSecurityCheck fail, the function
-   * throws an exception.
-   *
-   * @param aChannel
-   *     The channel about to be openend
-   * @param aStreamListener
-   *     The Streamlistener of the channel potentially wrapped
-   *     into CORSListenerProxy.
-   * @return
-   *     The StreamListener of the channel wrapped into CORSListenerProxy.
-   *
-   * @throws NS_ERROR_DOM_BAD_URI
-   *     If accessing the URI is not allowed (e.g. prohibted by SOP)
-   * @throws NS_ERROR_CONTENT_BLOCKED
-   *     If any of the security policies (CSP, Mixed content) is violated
-   */
-   nsIStreamListener performSecurityCheck(in nsIChannel aChannel,
-                                          in nsIStreamListener aStreamListener);
-
-  /**
-   * Implementation of
-   * https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
-   *
-   * The value returned by this method feeds into the the Secure Context
-   * algorithm that determins the value of Window.isSecureContext and
-   * WorkerGlobalScope.isSecureContext.
-   *
-   * This method returns false instead of throwing upon errors.
-   */
-  boolean isOriginPotentiallyTrustworthy(in nsIPrincipal aPrincipal);
-};
diff --git a/dom/interfaces/security/nsIContentSecurityPolicy.idl b/dom/interfaces/security/nsIContentSecurityPolicy.idl
deleted file mode 100644
index da4297f33..000000000
--- a/dom/interfaces/security/nsIContentSecurityPolicy.idl
+++ /dev/null
@@ -1,300 +0,0 @@
-/* This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
-
-#include "nsISerializable.idl"
-#include "nsIContentPolicy.idl"
-
-interface nsIURI;
-interface nsIChannel;
-interface nsIDocShell;
-interface nsIDOMDocument;
-interface nsIPrincipal;
-interface nsIURI;
-
-/**
- * nsIContentSecurityPolicy
- * Describes an XPCOM component used to model and enforce CSPs.  Instances of
- * this class may have multiple policies within them, but there should only be
- * one of these per document/principal.
- */
-
-typedef unsigned short CSPDirective;
-
-%{C++
-class nsCSPPolicy;
-%}
-
-[ptr] native CSPPolicyPtr(const nsCSPPolicy);
-
-[scriptable, builtinclass, uuid(b3c4c0ae-bd5e-4cad-87e0-8d210dbb3f9f)]
-interface nsIContentSecurityPolicy : nsISerializable
-{
-  /**
-   * Directives supported by Content Security Policy.  These are enums for
-   * the CSPDirective type.
-   * The NO_DIRECTIVE entry is  used for checking default permissions and
-   * returning failure when asking CSP which directive to check.
-   *
-   * NOTE: When implementing a new directive, you will need to add it here but also
-   * add it to the CSPStrDirectives array in nsCSPUtils.h.
-   */
-  const unsigned short NO_DIRECTIVE                   = 0;
-  const unsigned short DEFAULT_SRC_DIRECTIVE          = 1;
-  const unsigned short SCRIPT_SRC_DIRECTIVE           = 2;
-  const unsigned short OBJECT_SRC_DIRECTIVE           = 3;
-  const unsigned short STYLE_SRC_DIRECTIVE            = 4;
-  const unsigned short IMG_SRC_DIRECTIVE              = 5;
-  const unsigned short MEDIA_SRC_DIRECTIVE            = 6;
-  const unsigned short FRAME_SRC_DIRECTIVE            = 7;
-  const unsigned short FONT_SRC_DIRECTIVE             = 8;
-  const unsigned short CONNECT_SRC_DIRECTIVE          = 9;
-  const unsigned short REPORT_URI_DIRECTIVE           = 10;
-  const unsigned short FRAME_ANCESTORS_DIRECTIVE      = 11;
-  const unsigned short REFLECTED_XSS_DIRECTIVE        = 12;
-  const unsigned short BASE_URI_DIRECTIVE             = 13;
-  const unsigned short FORM_ACTION_DIRECTIVE          = 14;
-  const unsigned short REFERRER_DIRECTIVE             = 15;
-  const unsigned short WEB_MANIFEST_SRC_DIRECTIVE     = 16;
-  const unsigned short UPGRADE_IF_INSECURE_DIRECTIVE  = 17;
-  const unsigned short CHILD_SRC_DIRECTIVE            = 18;
-  const unsigned short BLOCK_ALL_MIXED_CONTENT        = 19;
-  const unsigned short REQUIRE_SRI_FOR                = 20;
-  const unsigned short SANDBOX_DIRECTIVE              = 21;
-  const unsigned short WORKER_SRC_DIRECTIVE           = 22;
-
-  /**
-   * Accessor method for a read-only string version of the policy at a given
-   * index.
-   */
-  [binaryname(GetPolicyString)] AString getPolicy(in unsigned long index);
-
-  /**
-   * Accessor method for a read-only pointer the policy object at a given
-   * index. Returns a null pointer if the index is larger than the current
-   * policy count.
-   */
-  [noscript,notxpcom,nostdcall] CSPPolicyPtr GetPolicy(in unsigned long index);
-
-  /**
-   * Returns the number of policies attached to this CSP instance.  Useful with
-   * getPolicy().
-   */
-  readonly attribute unsigned long policyCount;
-
-  /**
-   * Returns whether this policy uses the directive upgrade-insecure-requests.
-   * Please note that upgrade-insecure-reqeusts also applies if the parent or
-   * including document (context) makes use of the directive.
-   */
-  readonly attribute bool upgradeInsecureRequests;
-
-  /**
-   * Returns whether this policy uses the directive block-all-mixed-content.
-   * Please note that block-all-mixed-content takes presedence in case the
-   * directive upgrade-insecure-requests is defined in the same policy and
-   * will therefore block all mixed content without even trying to perform
-   * an upgrade.
-   */
-  readonly attribute bool blockAllMixedContent;
-
-  /**
-   * Returns whether this policy enforces the frame-ancestors directive.
-   */
-  readonly attribute bool enforcesFrameAncestors;
-
-  /**
-   * Obtains the referrer policy (as integer) for this browsing context as
-   * specified in CSP.  If there are multiple policies and...
-   *  - only one sets a referrer policy: that policy is returned
-   *  - more than one sets different referrer policies: no-referrer is returned
-   *  - more than one set equivalent policies: that policy is returned
-   * For the enumeration of policies see ReferrerPolicy.h and nsIHttpChannel.
-   *
-   * @param aPolicy
-   *        The referrer policy to use for the protected resource.
-   * @return
-   *        true if a referrer policy is specified, false if it's unspecified.
-   */
-  bool getReferrerPolicy(out unsigned long policy);
-
-  /**
-   * Parse and install a CSP policy.
-   * @param aPolicy
-   *        String representation of the policy
-   *        (e.g., header value, meta content)
-   * @param reportOnly
-   *        Should this policy affect content, script and style processing or
-   *        just send reports if it is violated?
-   * @param deliveredViaMetaTag
-   *        Indicates whether the policy was delivered via the meta tag.
-   */
-  void appendPolicy(in AString policyString,
-                    in boolean reportOnly,
-                    in boolean deliveredViaMetaTag);
-
-  /*
-   * Whether this policy allows inline script or style.
-   * @param aContentPolicyType Either TYPE_SCRIPT or TYPE_STYLESHEET
-   * @param aNonce The nonce string to check against the policy
-   * @param aParserCreated If the script element was created by the HTML Parser
-   * @param aContent  The content of the inline resource to hash
-   *        (and compare to the hashes listed in the policy)
-   * @param aLineNumber The line number of the inline resource
-   *        (used for reporting)
-   * @return
-   *     Whether or not the effects of the inline style should be allowed
-   *     (block the rules if false).
-   */
-  boolean getAllowsInline(in nsContentPolicyType aContentPolicyType,
-                          in AString aNonce,
-                          in boolean aParserCreated,
-                          in AString aContent,
-                          in unsigned long aLineNumber);
-
-  /**
-   * whether this policy allows eval and eval-like functions
-   * such as setTimeout("code string", time).
-   * @param shouldReportViolations
-   *     Whether or not the use of eval should be reported.
-   *     This function returns "true" when violating report-only policies, but
-   *     when any policy (report-only or otherwise) is violated,
-   *     shouldReportViolations is true as well.
-   * @return
-   *     Whether or not the effects of the eval call should be allowed
-   *     (block the call if false).
-   */
-  boolean getAllowsEval(out boolean shouldReportViolations);
-
-  /**
-   * Delegate method called by the service when the protected document is loaded.
-   * Returns the union of all the sandbox flags contained in CSP policies. This is the most
-   * restrictive interpretation of flags set in multiple policies.
-   * See nsSandboxFlags.h for the possible flags.
-   *
-   * @return
-   *    sandbox flags or SANDBOXED_NONE if no sandbox directive exists
-   */
-  uint32_t getCSPSandboxFlags();
-
-  /**
-   * For each violated policy (of type violationType), log policy violation on
-   * the Error Console and send a report to report-uris present in the violated
-   * policies.
-   *
-   * @param violationType
-   *     one of the VIOLATION_TYPE_* constants, e.g. inline-script or eval
-   * @param sourceFile
-   *     name of the source file containing the violation (if available)
-   * @param contentSample
-   *     sample of the violating content (to aid debugging)
-   * @param lineNum
-   *     source line number of the violation (if available)
-   * @param aNonce
-   *     (optional) If this is a nonce violation, include the nonce so we can
-   *     recheck to determine which policies were violated and send the
-   *     appropriate reports.
-   * @param aContent
-   *     (optional) If this is a hash violation, include contents of the inline
-   *     resource in the question so we can recheck the hash in order to
-   *     determine which policies were violated and send the appropriate
-   *     reports.
-   */
-  void logViolationDetails(in unsigned short violationType,
-                           in AString sourceFile,
-                           in AString scriptSample,
-                           in int32_t lineNum,
-                           [optional] in AString nonce,
-                           [optional] in AString content);
-
-  const unsigned short VIOLATION_TYPE_INLINE_SCRIPT          = 1;
-  const unsigned short VIOLATION_TYPE_EVAL                   = 2;
-  const unsigned short VIOLATION_TYPE_INLINE_STYLE           = 3;
-  const unsigned short VIOLATION_TYPE_NONCE_SCRIPT           = 4;
-  const unsigned short VIOLATION_TYPE_NONCE_STYLE            = 5;
-  const unsigned short VIOLATION_TYPE_HASH_SCRIPT            = 6;
-  const unsigned short VIOLATION_TYPE_HASH_STYLE             = 7;
-  const unsigned short VIOLATION_TYPE_REQUIRE_SRI_FOR_STYLE  = 8;
-  const unsigned short VIOLATION_TYPE_REQUIRE_SRI_FOR_SCRIPT = 9;
-
-  /**
-   * Called after the CSP object is created to fill in appropriate request
-   * context. Either use
-   *  * aDocument (preferred), or if no document is available, then provide
-   *  * aPrincipal
-   */
-  void setRequestContext(in nsIDOMDocument aDocument,
-                         in nsIPrincipal aPrincipal);
-
-
-  /*
-   * Checks if a CSP requires Subresource Integrity (SRI)
-   * for a given nsContentPolicyType.
-   */
-  bool requireSRIForType(in nsContentPolicyType aContentType);
-
-  /**
-   * Verifies ancestry as permitted by the policy.
-   *
-   * NOTE: Calls to this may trigger violation reports when queried, so this
-   * value should not be cached.
-   *
-   * @param docShell
-   *    containing the protected resource
-   * @return
-   *    true if the frame's ancestors are all allowed by policy (except for
-   *    report-only policies, which will send reports and then return true
-   *    here when violated).
-   */
-  boolean permitsAncestry(in nsIDocShell docShell);
-
-
-  /**
-   * Checks if a specific directive permits loading of a URI.
-   *
-   * NOTE: Calls to this may trigger violation reports when queried, so the
-   * return value should not be cached.
-   *
-   * @param aURI
-   *    The URI about to be loaded or used.
-   * @param aDir
-   *    The CSPDirective to query (see above constants *_DIRECTIVE).
-   * @param aSpecific
-   *    If "true" and the directive is specified to fall back to "default-src"
-   *    when it's not explicitly provided, directivePermits will NOT try
-   *    default-src when the specific directive is not used.  Setting this to
-   *    "false" allows CSP to fall back to default-src.  This function
-   *    behaves the same for both values of canUseDefault when querying
-   *    directives that don't fall-back.
-   * @return
-   *    Whether or not the provided URI is allowed by CSP under the given
-   *    directive. (block the pending operation if false).
-   */
-  boolean permits(in nsIURI aURI, in CSPDirective aDir, in boolean aSpecific);
-
-  /**
-   * Delegate method called by the service when sub-elements of the protected
-   * document are being loaded.  Given a bit of information about the request,
-   * decides whether or not the policy is satisfied.
-   *
-   * Calls to this may trigger violation reports when queried, so
-   * this value should not be cached.
-   */
-  short shouldLoad(in nsContentPolicyType aContentType,
-                   in nsIURI          aContentLocation,
-                   in nsIURI          aRequestOrigin,
-                   in nsISupports     aContext,
-                   in ACString        aMimeTypeGuess,
-                   in nsISupports     aExtra);
-
-%{ C++
-// nsIObserver topic to fire when the policy encounters a violation.
-#define CSP_VIOLATION_TOPIC "csp-on-violate-policy"
-%}
-
-  /**
-   * Returns the CSP in JSON notation.
-   */
-  AString toJSON();
-
-};