summaryrefslogtreecommitdiffstats
path: root/dom/permission/PermissionSettings.jsm
diff options
context:
space:
mode:
authorMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
committerMatt A. Tobin <mattatobin@localhost.localdomain>2018-02-02 04:16:08 -0500
commit5f8de423f190bbb79a62f804151bc24824fa32d8 (patch)
tree10027f336435511475e392454359edea8e25895d /dom/permission/PermissionSettings.jsm
parent49ee0794b5d912db1f95dce6eb52d781dc210db5 (diff)
downloadUXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.gz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.lz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.tar.xz
UXP-5f8de423f190bbb79a62f804151bc24824fa32d8.zip
Add m-esr52 at 52.6.0
Diffstat (limited to 'dom/permission/PermissionSettings.jsm')
-rw-r--r--dom/permission/PermissionSettings.jsm200
1 files changed, 200 insertions, 0 deletions
diff --git a/dom/permission/PermissionSettings.jsm b/dom/permission/PermissionSettings.jsm
new file mode 100644
index 000000000..bfd37394d
--- /dev/null
+++ b/dom/permission/PermissionSettings.jsm
@@ -0,0 +1,200 @@
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this file,
+ * You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+"use strict";
+
+function debug(s) {
+ //dump("-*- PermissionSettings Module: " + s + "\n");
+}
+
+const Cu = Components.utils;
+const Cc = Components.classes;
+const Ci = Components.interfaces;
+
+this.EXPORTED_SYMBOLS = ["PermissionSettingsModule"];
+
+Cu.import("resource://gre/modules/XPCOMUtils.jsm");
+Cu.import("resource://gre/modules/Services.jsm");
+Cu.import("resource://gre/modules/PermissionsTable.jsm");
+
+XPCOMUtils.defineLazyServiceGetter(this, "ppmm",
+ "@mozilla.org/parentprocessmessagemanager;1",
+ "nsIMessageListenerManager");
+
+XPCOMUtils.defineLazyServiceGetter(this,
+ "appsService",
+ "@mozilla.org/AppsService;1",
+ "nsIAppsService");
+
+this.PermissionSettingsModule = {
+ init: function init() {
+ debug("Init");
+ ppmm.addMessageListener("PermissionSettings:AddPermission", this);
+ Services.obs.addObserver(this, "profile-before-change", false);
+ },
+
+
+ _isChangeAllowed: function(aPrincipal, aPermName, aAction) {
+ // Bug 812289:
+ // Change is allowed from a child process when all of the following
+ // conditions stand true:
+ // * the action isn't "unknown" (so the change isn't a delete) if the app
+ // is installed
+ // * the permission already exists on the database
+ // * the permission is marked as explicit on the permissions table
+ // Note that we *have* to check the first two conditions here because
+ // permissionManager doesn't know if it's being called as a result of
+ // a parent process or child process request. We could check
+ // if the permission is actually explicit (and thus modifiable) or not
+ // on permissionManager also but we currently don't.
+ let perm =
+ Services.perms.testExactPermissionFromPrincipal(aPrincipal,aPermName);
+ let isExplicit = isExplicitInPermissionsTable(aPermName, aPrincipal.appStatus);
+
+ return (aAction === "unknown" &&
+ aPrincipal.appStatus === Ci.nsIPrincipal.APP_STATUS_NOT_INSTALLED) ||
+ (aAction !== "unknown" &&
+ (perm !== Ci.nsIPermissionManager.UNKNOWN_ACTION) &&
+ isExplicit);
+ },
+
+ addPermission: function addPermission(aData, aCallbacks) {
+
+ this._internalAddPermission(aData, true, aCallbacks);
+
+ },
+
+
+ _internalAddPermission: function _internalAddPermission(aData, aAllowAllChanges, aCallbacks) {
+ // TODO: Bug 1196644 - Add signPKg parameter into PermissionSettings.jsm.
+ let app;
+ let principal;
+ // Test if app is cached (signed streamable package) or installed via DOMApplicationRegistry
+ if (aData.isCachedPackage) {
+ // If the app is from packaged web app, the origin includes origin attributes already.
+ principal =
+ Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(aData.origin);
+ app = {localId: principal.appId};
+ } else {
+ app = appsService.getAppByManifestURL(aData.manifestURL);
+ let uri = Services.io.newURI(aData.origin, null, null);
+ principal =
+ Services.scriptSecurityManager.createCodebasePrincipal(uri,
+ {appId: app.localId,
+ inIsolatedMozBrowser: aData.browserFlag});
+ }
+
+ let action;
+ switch (aData.value)
+ {
+ case "unknown":
+ action = Ci.nsIPermissionManager.UNKNOWN_ACTION;
+ break;
+ case "allow":
+ action = Ci.nsIPermissionManager.ALLOW_ACTION;
+ break;
+ case "deny":
+ action = Ci.nsIPermissionManager.DENY_ACTION;
+ break;
+ case "prompt":
+ action = Ci.nsIPermissionManager.PROMPT_ACTION;
+ break;
+ default:
+ dump("Unsupported PermisionSettings Action: " + aData.value +"\n");
+ action = Ci.nsIPermissionManager.UNKNOWN_ACTION;
+ }
+
+ if (aAllowAllChanges ||
+ this._isChangeAllowed(principal, aData.type, aData.value)) {
+ debug("add: " + aData.origin + " " + app.localId + " " + action);
+ Services.perms.addFromPrincipal(principal, aData.type, action);
+ return true;
+ } else {
+ debug("add Failure: " + aData.origin + " " + app.localId + " " + action);
+ return false; // This isn't currently used, see comment on setPermission
+ }
+ },
+
+ getPermission: function getPermission(aPermName, aManifestURL, aOrigin, aBrowserFlag, aIsCachedPackage) {
+ // TODO: Bug 1196644 - Add signPKg parameter into PermissionSettings.jsm
+ debug("getPermission: " + aPermName + ", " + aManifestURL + ", " + aOrigin);
+ let principal;
+ // Test if app is cached (signed streamable package) or installed via DOMApplicationRegistry
+ if (aIsCachedPackage) {
+ // If the app is from packaged web app, the origin includes origin attributes already.
+ principal =
+ Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(aOrigin);
+ } else {
+ let uri = Services.io.newURI(aOrigin, null, null);
+ let appID = appsService.getAppLocalIdByManifestURL(aManifestURL);
+ principal =
+ Services.scriptSecurityManager.createCodebasePrincipal(uri,
+ {appId: appID,
+ inIsolatedMozBrowser: aBrowserFlag});
+ }
+ let result = Services.perms.testExactPermissionFromPrincipal(principal, aPermName);
+ switch (result)
+ {
+ case Ci.nsIPermissionManager.UNKNOWN_ACTION:
+ return "unknown";
+ case Ci.nsIPermissionManager.ALLOW_ACTION:
+ return "allow";
+ case Ci.nsIPermissionManager.DENY_ACTION:
+ return "deny";
+ case Ci.nsIPermissionManager.PROMPT_ACTION:
+ return "prompt";
+ default:
+ dump("Unsupported PermissionSettings Action!\n");
+ return "unknown";
+ }
+ },
+
+ removePermission: function removePermission(aPermName, aManifestURL, aOrigin, aBrowserFlag, aIsCachedPackage) {
+ let data = {
+ type: aPermName,
+ origin: aOrigin,
+ manifestURL: aManifestURL,
+ value: "unknown",
+ browserFlag: aBrowserFlag,
+ isCachedPackage: aIsCachedPackage
+ };
+ this._internalAddPermission(data, true);
+ },
+
+ observe: function observe(aSubject, aTopic, aData) {
+ ppmm.removeMessageListener("PermissionSettings:AddPermission", this);
+ Services.obs.removeObserver(this, "profile-before-change");
+ ppmm = null;
+ },
+
+ receiveMessage: function receiveMessage(aMessage) {
+ debug("PermissionSettings::receiveMessage " + aMessage.name);
+ let mm = aMessage.target;
+ let msg = aMessage.data;
+
+ let result;
+ switch (aMessage.name) {
+ case "PermissionSettings:AddPermission":
+ let success = false;
+ let errorMsg =
+ " from a content process with no 'permissions' privileges.";
+ if (mm.assertPermission("permissions")) {
+ success = this._internalAddPermission(msg, false);
+ if (!success) {
+ // Just kill the calling process
+ mm.assertPermission("permissions-modify-implicit");
+ errorMsg = " had an implicit permission change. Child process killed.";
+ }
+ }
+
+ if (!success) {
+ Cu.reportError("PermissionSettings message " + msg.type + errorMsg);
+ return null;
+ }
+ break;
+ }
+ }
+}
+
+PermissionSettingsModule.init();