From 5f8de423f190bbb79a62f804151bc24824fa32d8 Mon Sep 17 00:00:00 2001 From: "Matt A. Tobin" Date: Fri, 2 Feb 2018 04:16:08 -0500 Subject: Add m-esr52 at 52.6.0 --- dom/permission/PermissionSettings.jsm | 200 ++++++++++++++++++++++++++++++++++ 1 file changed, 200 insertions(+) create mode 100644 dom/permission/PermissionSettings.jsm (limited to 'dom/permission/PermissionSettings.jsm') diff --git a/dom/permission/PermissionSettings.jsm b/dom/permission/PermissionSettings.jsm new file mode 100644 index 000000000..bfd37394d --- /dev/null +++ b/dom/permission/PermissionSettings.jsm @@ -0,0 +1,200 @@ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +"use strict"; + +function debug(s) { + //dump("-*- PermissionSettings Module: " + s + "\n"); +} + +const Cu = Components.utils; +const Cc = Components.classes; +const Ci = Components.interfaces; + +this.EXPORTED_SYMBOLS = ["PermissionSettingsModule"]; + +Cu.import("resource://gre/modules/XPCOMUtils.jsm"); +Cu.import("resource://gre/modules/Services.jsm"); +Cu.import("resource://gre/modules/PermissionsTable.jsm"); + +XPCOMUtils.defineLazyServiceGetter(this, "ppmm", + "@mozilla.org/parentprocessmessagemanager;1", + "nsIMessageListenerManager"); + +XPCOMUtils.defineLazyServiceGetter(this, + "appsService", + "@mozilla.org/AppsService;1", + "nsIAppsService"); + +this.PermissionSettingsModule = { + init: function init() { + debug("Init"); + ppmm.addMessageListener("PermissionSettings:AddPermission", this); + Services.obs.addObserver(this, "profile-before-change", false); + }, + + + _isChangeAllowed: function(aPrincipal, aPermName, aAction) { + // Bug 812289: + // Change is allowed from a child process when all of the following + // conditions stand true: + // * the action isn't "unknown" (so the change isn't a delete) if the app + // is installed + // * the permission already exists on the database + // * the permission is marked as explicit on the permissions table + // Note that we *have* to check the first two conditions here because + // permissionManager doesn't know if it's being called as a result of + // a parent process or child process request. We could check + // if the permission is actually explicit (and thus modifiable) or not + // on permissionManager also but we currently don't. + let perm = + Services.perms.testExactPermissionFromPrincipal(aPrincipal,aPermName); + let isExplicit = isExplicitInPermissionsTable(aPermName, aPrincipal.appStatus); + + return (aAction === "unknown" && + aPrincipal.appStatus === Ci.nsIPrincipal.APP_STATUS_NOT_INSTALLED) || + (aAction !== "unknown" && + (perm !== Ci.nsIPermissionManager.UNKNOWN_ACTION) && + isExplicit); + }, + + addPermission: function addPermission(aData, aCallbacks) { + + this._internalAddPermission(aData, true, aCallbacks); + + }, + + + _internalAddPermission: function _internalAddPermission(aData, aAllowAllChanges, aCallbacks) { + // TODO: Bug 1196644 - Add signPKg parameter into PermissionSettings.jsm. + let app; + let principal; + // Test if app is cached (signed streamable package) or installed via DOMApplicationRegistry + if (aData.isCachedPackage) { + // If the app is from packaged web app, the origin includes origin attributes already. + principal = + Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(aData.origin); + app = {localId: principal.appId}; + } else { + app = appsService.getAppByManifestURL(aData.manifestURL); + let uri = Services.io.newURI(aData.origin, null, null); + principal = + Services.scriptSecurityManager.createCodebasePrincipal(uri, + {appId: app.localId, + inIsolatedMozBrowser: aData.browserFlag}); + } + + let action; + switch (aData.value) + { + case "unknown": + action = Ci.nsIPermissionManager.UNKNOWN_ACTION; + break; + case "allow": + action = Ci.nsIPermissionManager.ALLOW_ACTION; + break; + case "deny": + action = Ci.nsIPermissionManager.DENY_ACTION; + break; + case "prompt": + action = Ci.nsIPermissionManager.PROMPT_ACTION; + break; + default: + dump("Unsupported PermisionSettings Action: " + aData.value +"\n"); + action = Ci.nsIPermissionManager.UNKNOWN_ACTION; + } + + if (aAllowAllChanges || + this._isChangeAllowed(principal, aData.type, aData.value)) { + debug("add: " + aData.origin + " " + app.localId + " " + action); + Services.perms.addFromPrincipal(principal, aData.type, action); + return true; + } else { + debug("add Failure: " + aData.origin + " " + app.localId + " " + action); + return false; // This isn't currently used, see comment on setPermission + } + }, + + getPermission: function getPermission(aPermName, aManifestURL, aOrigin, aBrowserFlag, aIsCachedPackage) { + // TODO: Bug 1196644 - Add signPKg parameter into PermissionSettings.jsm + debug("getPermission: " + aPermName + ", " + aManifestURL + ", " + aOrigin); + let principal; + // Test if app is cached (signed streamable package) or installed via DOMApplicationRegistry + if (aIsCachedPackage) { + // If the app is from packaged web app, the origin includes origin attributes already. + principal = + Services.scriptSecurityManager.createCodebasePrincipalFromOrigin(aOrigin); + } else { + let uri = Services.io.newURI(aOrigin, null, null); + let appID = appsService.getAppLocalIdByManifestURL(aManifestURL); + principal = + Services.scriptSecurityManager.createCodebasePrincipal(uri, + {appId: appID, + inIsolatedMozBrowser: aBrowserFlag}); + } + let result = Services.perms.testExactPermissionFromPrincipal(principal, aPermName); + switch (result) + { + case Ci.nsIPermissionManager.UNKNOWN_ACTION: + return "unknown"; + case Ci.nsIPermissionManager.ALLOW_ACTION: + return "allow"; + case Ci.nsIPermissionManager.DENY_ACTION: + return "deny"; + case Ci.nsIPermissionManager.PROMPT_ACTION: + return "prompt"; + default: + dump("Unsupported PermissionSettings Action!\n"); + return "unknown"; + } + }, + + removePermission: function removePermission(aPermName, aManifestURL, aOrigin, aBrowserFlag, aIsCachedPackage) { + let data = { + type: aPermName, + origin: aOrigin, + manifestURL: aManifestURL, + value: "unknown", + browserFlag: aBrowserFlag, + isCachedPackage: aIsCachedPackage + }; + this._internalAddPermission(data, true); + }, + + observe: function observe(aSubject, aTopic, aData) { + ppmm.removeMessageListener("PermissionSettings:AddPermission", this); + Services.obs.removeObserver(this, "profile-before-change"); + ppmm = null; + }, + + receiveMessage: function receiveMessage(aMessage) { + debug("PermissionSettings::receiveMessage " + aMessage.name); + let mm = aMessage.target; + let msg = aMessage.data; + + let result; + switch (aMessage.name) { + case "PermissionSettings:AddPermission": + let success = false; + let errorMsg = + " from a content process with no 'permissions' privileges."; + if (mm.assertPermission("permissions")) { + success = this._internalAddPermission(msg, false); + if (!success) { + // Just kill the calling process + mm.assertPermission("permissions-modify-implicit"); + errorMsg = " had an implicit permission change. Child process killed."; + } + } + + if (!success) { + Cu.reportError("PermissionSettings message " + msg.type + errorMsg); + return null; + } + break; + } + } +} + +PermissionSettingsModule.init(); -- cgit v1.2.3