Policies.jsm 8.57 KB
Newer Older
1
2
3
4
5
6
/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
 * You can obtain one at http://mozilla.org/MPL/2.0/. */

"use strict";

7
8
ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
ChromeUtils.import("resource://gre/modules/Services.jsm");
9
10
11
XPCOMUtils.defineLazyServiceGetter(this, "gXulStore",
                                   "@mozilla.org/xul/xulstore;1",
                                   "nsIXULStore");
12

13
14
15
16
XPCOMUtils.defineLazyModuleGetters(this, {
  BookmarksPolicies: "resource:///modules/policies/BookmarksPolicies.jsm",
});

17
const PREF_LOGLEVEL           = "browser.policies.loglevel";
18
19
const PREF_MENU_ALREADY_DISPLAYED = "browser.policies.menuBarWasDisplayed";
const BROWSER_DOCUMENT_URL        = "chrome://browser/content/browser.xul";
20
const PREF_BOOKMARKS_ALREADY_DISPLAYED = "browser.policies.bookmarkBarWasDisplayed";
21
22

XPCOMUtils.defineLazyGetter(this, "log", () => {
23
  let { ConsoleAPI } = ChromeUtils.import("resource://gre/modules/Console.jsm", {});
24
25
26
27
28
29
30
31
32
  return new ConsoleAPI({
    prefix: "Policies.jsm",
    // tip: set maxLogLevel to "debug" and use log.debug() to create detailed
    // messages during development. See LOG_LEVELS in Console.jsm for details.
    maxLogLevel: "error",
    maxLogLevelPref: PREF_LOGLEVEL,
  });
});

33
var EXPORTED_SYMBOLS = ["Policies"];
34

35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
/*
 * ============================
 * = POLICIES IMPLEMENTATIONS =
 * ============================
 *
 * The Policies object below is where the implementation for each policy
 * happens. An object for each policy should be defined, containing
 * callback functions that will be called by the engine.
 *
 * See the _callbacks object in EnterprisePolicies.js for the list of
 * possible callbacks and an explanation of each.
 *
 * Each callback will be called with two parameters:
 * - manager
 *   This is the EnterprisePoliciesManager singleton object from
 *   EnterprisePolicies.js
 *
 * - param
 *   The parameter defined for this policy in policies-schema.json.
 *   It will be different for each policy. It could be a boolean,
 *   a string, an array or a complex object. All parameters have
 *   been validated according to the schema, and no unknown
 *   properties will be present on them.
 *
 * The callbacks will be bound to their parent policy object.
 */
61
var Policies = {
62
63
64
65
66
67
68
69
  "BlockAboutAddons": {
    onBeforeUIStartup(manager, param) {
      if (param) {
        manager.disallowFeature("about:addons", true);
      }
    }
  },

70
  "BlockAboutConfig": {
71
    onBeforeUIStartup(manager, param) {
72
      if (param) {
73
74
75
76
        manager.disallowFeature("about:config", true);
      }
    }
  },
77

78
79
80
81
82
83
84
85
  "BlockAboutProfiles": {
    onBeforeUIStartup(manager, param) {
      if (param) {
        manager.disallowFeature("about:profiles", true);
      }
    }
  },

86
87
88
89
90
91
92
93
  "BlockAboutSupport": {
    onBeforeUIStartup(manager, param) {
      if (param) {
        manager.disallowFeature("about:support", true);
      }
    }
  },

94
  "BlockSetDesktopBackground": {
95
    onBeforeUIStartup(manager, param) {
96
      if (param) {
97
        manager.disallowFeature("setDesktopBackground", true);
98
99
100
101
      }
    }
  },

102
103
104
105
106
107
  "Bookmarks": {
    onAllWindowsRestored(manager, param) {
      BookmarksPolicies.processBookmarks(param);
    }
  },

108
  "Cookies": {
109
    onBeforeUIStartup(manager, param) {
110
      addAllowDenyPermissions("cookie", param.Allow, param.Block);
111
112
113
    }
  },

114
  "CreateMasterPassword": {
115
    onBeforeUIStartup(manager, param) {
116
117
      if (!param) {
        manager.disallowFeature("createMasterPassword");
118
119
120
121
      }
    }
  },

122
123
124
125
  "DisableAppUpdate": {
    onBeforeAddons(manager, param) {
      if (param) {
        manager.disallowFeature("appUpdate");
126
127
128
129
      }
    }
  },

130
131
  "DisableFirefoxScreenshots": {
    onBeforeAddons(manager, param) {
132
      if (param) {
133
134
135
136
137
        setAndLockPref("extensions.screenshots.disabled", true);
      }
    }
  },

138
139
  "DisableFirefoxStudies": {
    onBeforeAddons(manager, param) {
140
      if (param) {
141
142
143
144
145
        manager.disallowFeature("Shield");
      }
    }
  },

146
147
  "DisableFormHistory": {
    onBeforeUIStartup(manager, param) {
148
      if (param) {
149
150
151
152
153
        setAndLockPref("browser.formfill.enable", false);
      }
    }
  },

154
155
156
157
158
159
160
161
  "DisablePocket": {
    onBeforeAddons(manager, param) {
      if (param) {
        setAndLockPref("extensions.pocket.enabled", false);
      }
    }
  },

162
  "DisplayBookmarksToolbar": {
163
    onBeforeUIStartup(manager, param) {
164
165
166
167
168
169
170
171
172
173
174
175
      if (param) {
        // This policy is meant to change the default behavior, not to force it.
        // If this policy was alreay applied and the user chose to re-hide the
        // bookmarks toolbar, do not show it again.
        if (!Services.prefs.getBoolPref(PREF_BOOKMARKS_ALREADY_DISPLAYED, false)) {
          log.debug("Showing the bookmarks toolbar");
          gXulStore.setValue(BROWSER_DOCUMENT_URL, "PersonalToolbar", "collapsed", "false");
          Services.prefs.setBoolPref(PREF_BOOKMARKS_ALREADY_DISPLAYED, true);
        } else {
          log.debug("Not showing the bookmarks toolbar because it has already been shown.");
        }
      }
176
    }
177
178
  },

179
  "DisplayMenuBar": {
180
    onBeforeUIStartup(manager, param) {
181
182
183
184
185
186
187
188
189
190
191
192
      if (param) {
        // This policy is meant to change the default behavior, not to force it.
        // If this policy was alreay applied and the user chose to re-hide the
        // menu bar, do not show it again.
        if (!Services.prefs.getBoolPref(PREF_MENU_ALREADY_DISPLAYED, false)) {
          log.debug("Showing the menu bar");
          gXulStore.setValue(BROWSER_DOCUMENT_URL, "toolbar-menubar", "autohide", "false");
          Services.prefs.setBoolPref(PREF_MENU_ALREADY_DISPLAYED, true);
        } else {
          log.debug("Not showing the menu bar because it has already been shown.");
        }
      }
193
194
195
    }
  },

196
  "DontCheckDefaultBrowser": {
197
    onBeforeUIStartup(manager, param) {
198
      setAndLockPref("browser.shell.checkDefaultBrowser", false);
199
200
201
    }
  },

202
  "FlashPlugin": {
203
    onBeforeUIStartup(manager, param) {
204
      addAllowDenyPermissions("plugin:flash", param.Allow, param.Block);
205
206
207
    }
  },

208
  "InstallAddons": {
209
    onBeforeUIStartup(manager, param) {
210
      addAllowDenyPermissions("install", param.Allow, param.Block);
211
212
213
    }
  },

214
  "Popups": {
215
    onBeforeUIStartup(manager, param) {
216
217
218
219
220
221
222
      addAllowDenyPermissions("popup", param.Allow, param.Block);
    }
  },

  "RememberPasswords": {
    onBeforeUIStartup(manager, param) {
      setAndLockPref("signon.rememberSignons", param);
223
224
    }
  },
225
};
226
227
228
229
230
231
232
233
234

/*
 * ====================
 * = HELPER FUNCTIONS =
 * ====================
 *
 * The functions below are helpers to be used by several policies.
 */

235
236
237
238
239
240
241
242
243
244
245
246
247
/**
 * setAndLockPref
 *
 * Sets the _default_ value of a pref, and locks it (meaning that
 * the default value will always be returned, independent from what
 * is stored as the user value).
 * The value is only changed in memory, and not stored to disk.
 *
 * @param {string} prefName
 *        The pref to be changed
 * @param {boolean,number,string} prefValue
 *        The value to set and lock
 */
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
function setAndLockPref(prefName, prefValue) {
  if (Services.prefs.prefIsLocked(prefName)) {
    Services.prefs.unlockPref(prefName);
  }

  let defaults = Services.prefs.getDefaultBranch("");

  switch (typeof(prefValue)) {
    case "boolean":
      defaults.setBoolPref(prefName, prefValue);
      break;

    case "number":
      if (!Number.isInteger(prefValue)) {
        throw new Error(`Non-integer value for ${prefName}`);
      }

      defaults.setIntPref(prefName, prefValue);
      break;

    case "string":
      defaults.setStringPref(prefName, prefValue);
      break;
  }

  Services.prefs.lockPref(prefName);
}
275

276
277
278
279
280
281
282
283
284
285
286
287
288
/**
 * addAllowDenyPermissions
 *
 * Helper function to call the permissions manager (Services.perms.add)
 * for two arrays of URLs.
 *
 * @param {string} permissionName
 *        The name of the permission to change
 * @param {array} allowList
 *        The list of URLs to be set as ALLOW_ACTION for the chosen permission.
 * @param {array} blockList
 *        The list of URLs to be set as DENY_ACTION for the chosen permission.
 */
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
function addAllowDenyPermissions(permissionName, allowList, blockList) {
  allowList = allowList || [];
  blockList = blockList || [];

  for (let origin of allowList) {
    Services.perms.add(origin,
                       permissionName,
                       Ci.nsIPermissionManager.ALLOW_ACTION,
                       Ci.nsIPermissionManager.EXPIRE_POLICY);
  }

  for (let origin of blockList) {
    Services.perms.add(origin,
                       permissionName,
                       Ci.nsIPermissionManager.DENY_ACTION,
                       Ci.nsIPermissionManager.EXPIRE_POLICY);
  }
}