This document outlines the basic concepts on which the Gecko security model is based.
The Gecko security model is designed to answer questions of the form "Can A do V to O?" Answering such a question requires knowing something about the entity performing the action (in this case A for "actor"), the action being performed (in this case V for "verb") and the object the action is being performed on (in this case O for "object").
In Gecko, there is a limited set of verbs: "get property X", "set property X", "call function F", etc.
Both the actor and the object are represented by principals.
A principal represents a security context. For example, on the web a typical principal is a scheme + host + port combination.
When asking the question, "Can A do V to O?", A (the entity performing the action) is called the subject principal. O (the object being operated on) is called the object principal
- the first type just holds a pointer to a C function and when invoked, calls that C function, passing to it the
thisobject it was invoked on, the arguments, etc. An example of native function is
Array.sort. When called, it calls a C sorting function and passes it the Array object that sort() was called on.
For security purposes, the main difference between the two types of functions is that scripted functions have principals compiled into them. That is, they know the principal of the page in whose context the script that defined them was executed.
Determining the subject principal
Determining the object principal
__parent__ chain until it gets to an object that knows its own object principal (typically a
Document). This is then used as the object principal for the object in question.