Verified Commit 31a75769 authored by Kathleen Brade's avatar Kathleen Brade Committed by Pier Angelo Vendrame
Browse files

Bug 32418: Allow updates to be disabled via an enterprise policy. 

Restrict the Enterprise Policies mechanism to only consult a
policies.json file (avoiding the Windows Registry and macOS's
file system attributes).

Add a few disabledByPolicy() checks to the update service to
avoid extraneous (and potentially confusing) log messages when
updates are disabled by policy.

Sample content for distribution/policies.json:
{
  "policies": {
    "DisableAppUpdate": true
  }
}

On Linux, avoid reading policies from /etc/firefox/policies/policies.json
parent 3562add4

toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm

+11 −2
Original line number Diff line number Diff line
@@ -4,6 +4,9 @@ 


var EXPORTED_SYMBOLS = ["EnterprisePoliciesManager"];



// If MOZ_AVOID_SYSTEM_POLICIES is defined, policies will be looked for only

// in ${InstallDir}/distribution



const { XPCOMUtils } = ChromeUtils.import(

  "resource://gre/modules/XPCOMUtils.jsm"

);
@@ -13,9 +16,11 @@ const { AppConstants } = ChromeUtils.import( 
);



XPCOMUtils.defineLazyModuleGetters(this, {

#ifndef MOZ_AVOID_SYSTEM_POLICIES

  WindowsGPOParser: "resource://gre/modules/policies/WindowsGPOParser.jsm",

  macOSPoliciesParser:

    "resource://gre/modules/policies/macOSPoliciesParser.jsm",

#endif

  Policies: "resource:///modules/policies/Policies.jsm",

  JsonSchemaValidator:

    "resource://gre/modules/components-utils/JsonSchemaValidator.jsm",
@@ -140,11 +145,13 @@ EnterprisePoliciesManager.prototype = { 


  _chooseProvider() {

    let platformProvider = null;

#ifndef MOZ_AVOID_SYSTEM_POLICIES

    if (AppConstants.platform == "win") {

      platformProvider = new WindowsGPOPoliciesProvider();

    } else if (AppConstants.platform == "macosx") {

      platformProvider = new macOSPoliciesProvider();

    }

#endif

    let jsonProvider = new JSONPoliciesProvider();

    if (platformProvider && platformProvider.hasPolicies) {

      if (jsonProvider.hasPolicies) {
@@ -491,7 +498,7 @@ class JSONPoliciesProvider { 


  _getConfigurationFile() {

    let configFile = null;



#ifndef MOZ_AVOID_SYSTEM_POLICIES

    if (AppConstants.platform == "linux") {

      let systemConfigFile = Cc["@mozilla.org/file/local;1"].createInstance(

        Ci.nsIFile
@@ -504,7 +511,7 @@ class JSONPoliciesProvider { 
        return systemConfigFile;

      }

    }



#endif

    try {

      let perUserPath = Services.prefs.getBoolPref(PREF_PER_USER_DIR, false);

      if (perUserPath) {
@@ -585,6 +592,7 @@ class JSONPoliciesProvider { 
  }

}



#ifndef MOZ_AVOID_SYSTEM_POLICIES

class WindowsGPOPoliciesProvider {

  constructor() {

    this._policies = null;
@@ -686,3 +694,4 @@ class CombinedProvider { 
    return false;

  }

}

#endif

toolkit/components/enterprisepolicies/moz.build

+3 −0
Original line number Diff line number Diff line
@@ -19,6 +19,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] != "android": 
    EXTRA_JS_MODULES += [

        "EnterprisePolicies.jsm",

        "EnterprisePoliciesContent.jsm",

    ]



    EXTRA_PP_JS_MODULES += [

        "EnterprisePoliciesParent.jsm",

    ]

toolkit/moz.configure

+18 −0
Original line number Diff line number Diff line
@@ -2530,3 +2530,21 @@ def oxidized_breakpad(target): 


set_config("MOZ_OXIDIZED_BREAKPAD", True, when=oxidized_breakpad)

set_define("MOZ_OXIDIZED_BREAKPAD", True, when=oxidized_breakpad)



# Avoid system policies

# ==============================================================



option(

    "--disable-system-policies",

    help="Prevent reading policies from Windows registry, macOS's file system attributes, and /etc/firefox",

)





@depends("--disable-system-policies")

def system_policies(value):

    if not value:

        return True





set_config("MOZ_AVOID_SYSTEM_POLICIES", system_policies)

set_define("MOZ_AVOID_SYSTEM_POLICIES", system_policies)