Commit 68cdd708 authored by Felipe Gomes's avatar Felipe Gomes
Browse files

Bug 1428922 - Implement helper function to support various permissions-type...

Bug 1428922 - Implement helper function to support various permissions-type policies, and use it to implement the Flash, Cookies, Install-Addons and Popups policy. r=mystor

MozReview-Commit-ID: Wy1VDEfvqs
parent 074c9ae1
......@@ -40,7 +40,31 @@ this.Policies = {
onBeforeUIStartup(manager, param) {
setAndLockPref("browser.shell.checkDefaultBrowser", false);
}
}
},
"flash_plugin": {
onBeforeUIStartup(manager, param) {
addAllowDenyPermissions("plugin:flash", param.allow, param.block);
}
},
"popups": {
onBeforeUIStartup(manager, param) {
addAllowDenyPermissions("popup", param.allow, param.block);
}
},
"install_addons": {
onBeforeUIStartup(manager, param) {
addAllowDenyPermissions("install", param.allow, param.block);
}
},
"cookies": {
onBeforeUIStartup(manager, param) {
addAllowDenyPermissions("cookie", param.allow, param.block);
}
},
};
/*
......@@ -78,3 +102,22 @@ function setAndLockPref(prefName, prefValue) {
Services.prefs.lockPref(prefName);
}
function addAllowDenyPermissions(permissionName, allowList, blockList) {
allowList = allowList || [];
blockList = blockList || [];
for (let origin of allowList) {
Services.perms.add(origin,
permissionName,
Ci.nsIPermissionManager.ALLOW_ACTION,
Ci.nsIPermissionManager.EXPIRE_POLICY);
}
for (let origin of blockList) {
Services.perms.add(origin,
permissionName,
Ci.nsIPermissionManager.DENY_ACTION,
Ci.nsIPermissionManager.EXPIRE_POLICY);
}
}
......@@ -2,7 +2,7 @@
"$schema": "http://json-schema.org/draft-04/schema#",
"type": "object",
"properties": {
"block_about_config": {
"block_about_config": {
"description": "Blocks access to the about:config page.",
"first_available": "60.0",
......@@ -16,6 +16,94 @@
"type": "boolean",
"enum": [true]
},
"flash_plugin": {
"description": "Allow or deny flash plugin usage.",
"first_available": "60.0",
"type": "object",
"properties": {
"allow": {
"type": "array",
"items": {
"type": "origin"
}
},
"block": {
"type": "array",
"items": {
"type": "origin"
}
}
}
},
"popups": {
"description": "Allow or deny popup usage.",
"first_available": "60.0",
"type": "object",
"properties": {
"allow": {
"type": "array",
"items": {
"type": "origin"
}
},
"block": {
"type": "array",
"items": {
"type": "origin"
}
}
}
},
"install_addons": {
"description": "Allow or deny popup websites to install webextensions.",
"first_available": "60.0",
"type": "object",
"properties": {
"allow": {
"type": "array",
"items": {
"type": "origin"
}
},
"block": {
"type": "array",
"items": {
"type": "origin"
}
}
}
},
"cookies": {
"description": "Allow or deny websites to set cookies.",
"first_available": "60.0",
"type": "object",
"properties": {
"allow": {
"type": "array",
"items": {
"type": "origin"
}
},
"block": {
"type": "array",
"items": {
"type": "origin"
}
}
}
}
}
}
......@@ -4,11 +4,13 @@ prefs =
support-files =
head.js
config_dont_check_default_browser.json
config_popups_cookies_addons_flash.json
config_setAndLockPref.json
config_simple_policies.json
config_broken_json.json
[browser_policies_broken_json.js]
[browser_policies_popups_cookies_addons_flash.js]
[browser_policies_setAndLockPref_API.js]
[browser_policies_simple_policies.js]
[browser_policies_validate_and_parse_API.js]
......
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
"use strict";
function URI(str) {
return Services.io.newURI(str);
}
add_task(async function test_start_with_disabled_engine() {
await startWithCleanSlate();
});
add_task(async function test_setup_preexisting_permissions() {
// Pre-existing ALLOW permissions that should be overriden
// with DENY.
Services.perms.add(URI("https://www.pre-existing-allow.com"),
"popup",
Ci.nsIPermissionManager.ALLOW_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
Services.perms.add(URI("https://www.pre-existing-allow.com"),
"install",
Ci.nsIPermissionManager.ALLOW_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
Services.perms.add(URI("https://www.pre-existing-allow.com"),
"cookie",
Ci.nsIPermissionManager.ALLOW_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
Services.perms.add(URI("https://www.pre-existing-allow.com"),
"plugin:flash",
Ci.nsIPermissionManager.ALLOW_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
// Pre-existing DENY permissions that should be overriden
// with ALLOW.
Services.perms.add(URI("https://www.pre-existing-deny.com"),
"popup",
Ci.nsIPermissionManager.DENY_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
Services.perms.add(URI("https://www.pre-existing-deny.com"),
"install",
Ci.nsIPermissionManager.DENY_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
Services.perms.add(URI("https://www.pre-existing-deny.com"),
"cookie",
Ci.nsIPermissionManager.DENY_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
Services.perms.add(URI("https://www.pre-existing-deny.com"),
"plugin:flash",
Ci.nsIPermissionManager.DENY_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
});
add_task(async function test_setup_activate_policies() {
await setupPolicyEngineWithJson("config_popups_cookies_addons_flash.json");
is(Services.policies.status, Ci.nsIEnterprisePolicies.ACTIVE, "Engine is active");
});
function checkPermission(url, expected, permissionName) {
let expectedValue = Ci.nsIPermissionManager[`${expected}_ACTION`];
let uri = Services.io.newURI(`https://www.${url}`);
is(Services.perms.testPermission(uri, permissionName),
expectedValue,
`Correct (${permissionName}=${expected}) for URL ${url}`);
if (expected != "UNKNOWN") {
let permission = Services.perms.getPermissionObjectForURI(
uri, permissionName, true);
ok(permission, "Permission object exists");
is(permission.expireType, Ci.nsIPermissionManager.EXPIRE_POLICY,
"Permission expireType is correct");
}
}
function checkAllPermissionsForType(type) {
checkPermission("allow.com", "ALLOW", type);
checkPermission("deny.com", "DENY", type);
checkPermission("unknown.com", "UNKNOWN", type);
checkPermission("pre-existing-allow.com", "DENY", type);
checkPermission("pre-existing-deny.com", "ALLOW", type);
}
add_task(async function test_popups_policy() {
checkAllPermissionsForType("popup");
});
add_task(async function test_webextensions_policy() {
checkAllPermissionsForType("install");
});
add_task(async function test_cookies_policy() {
checkAllPermissionsForType("cookie");
});
add_task(async function test_flash_policy() {
checkAllPermissionsForType("plugin:flash");
});
add_task(async function test_change_permission() {
// Checks that changing a permission will still retain the
// value set through the engine.
Services.perms.add(URI("https://www.allow.com"), "popup",
Ci.nsIPermissionManager.DENY_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
checkPermission("allow.com", "ALLOW", "popup");
// Also change one un-managed permission to make sure it doesn't
// cause any problems to the policy engine or the permission manager.
Services.perms.add(URI("https://www.unmanaged.com"), "popup",
Ci.nsIPermissionManager.DENY_ACTION,
Ci.nsIPermissionManager.EXPIRE_SESSION);
});
{
"policies": {
"popups": {
"allow": [
"https://www.allow.com",
"https://www.pre-existing-deny.com"
],
"block": [
"https://www.deny.com",
"https://www.pre-existing-allow.com"
]
},
"cookies": {
"allow": [
"https://www.allow.com",
"https://www.pre-existing-deny.com"
],
"block": [
"https://www.deny.com",
"https://www.pre-existing-allow.com"
]
},
"install_addons": {
"allow": [
"https://www.allow.com",
"https://www.pre-existing-deny.com"
],
"block": [
"https://www.deny.com",
"https://www.pre-existing-allow.com"
]
},
"flash_plugin": {
"allow": [
"https://www.allow.com",
"https://www.pre-existing-deny.com"
],
"block": [
"https://www.deny.com",
"https://www.pre-existing-allow.com"
]
}
}
}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment