2012-09-28 15:16:29 -07:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
|
|
"use strict";
|
|
|
|
|
|
|
|
|
|
const Ci = Components.interfaces;
|
2012-10-02 22:38:06 -07:00
|
|
|
const Cu = Components.utils;
|
2012-09-28 15:16:29 -07:00
|
|
|
|
2012-10-02 22:38:06 -07:00
|
|
|
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
|
|
|
|
|
Cu.import("resource://gre/modules/AppsUtils.jsm");
|
2012-10-23 13:11:02 -07:00
|
|
|
Cu.import("resource://gre/modules/PermissionSettings.jsm");
|
2012-10-02 22:38:06 -07:00
|
|
|
|
2012-10-31 09:13:28 -07:00
|
|
|
this.EXPORTED_SYMBOLS = ["PermissionsInstaller",
|
|
|
|
|
"expandPermissions",
|
|
|
|
|
"PermissionsTable",
|
|
|
|
|
];
|
2012-09-28 15:16:29 -07:00
|
|
|
const UNKNOWN_ACTION = Ci.nsIPermissionManager.UNKNOWN_ACTION;
|
|
|
|
|
const ALLOW_ACTION = Ci.nsIPermissionManager.ALLOW_ACTION;
|
|
|
|
|
const DENY_ACTION = Ci.nsIPermissionManager.DENY_ACTION;
|
|
|
|
|
const PROMPT_ACTION = Ci.nsIPermissionManager.PROMPT_ACTION;
|
|
|
|
|
|
2012-10-02 22:38:06 -07:00
|
|
|
// Permission access flags
|
|
|
|
|
const READONLY = "readonly";
|
|
|
|
|
const CREATEONLY = "createonly";
|
|
|
|
|
const READCREATE = "readcreate";
|
|
|
|
|
const READWRITE = "readwrite";
|
|
|
|
|
|
|
|
|
|
const PERM_TO_STRING = ["unknown", "allow", "deny", "prompt"];
|
|
|
|
|
|
|
|
|
|
function debug(aMsg) {
|
|
|
|
|
//dump("-*-*- PermissionsInstaller.jsm : " + aMsg + "\n");
|
|
|
|
|
}
|
|
|
|
|
|
2012-09-28 15:16:29 -07:00
|
|
|
/**
|
|
|
|
|
* Converts ['read', 'write'] to ['contacts-read', 'contacts-write'], etc...
|
|
|
|
|
* @param string aPermName
|
|
|
|
|
* @param Array aSuffixes
|
|
|
|
|
* @returns Array
|
|
|
|
|
**/
|
|
|
|
|
function mapSuffixes(aPermName, aSuffixes)
|
|
|
|
|
{
|
|
|
|
|
return aSuffixes.map(function(suf) { return aPermName + "-" + suf; });
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Permissions Matrix: https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0
|
2012-10-26 12:50:10 -07:00
|
|
|
// Also, keep in sync with https://mxr.mozilla.org/mozilla-central/source/extensions/cookie/Permission.txt
|
2012-09-28 15:16:29 -07:00
|
|
|
|
|
|
|
|
// Permissions that are implicit:
|
2012-10-10 09:16:49 -07:00
|
|
|
// battery-status, network-information, vibration,
|
|
|
|
|
// device-capabilities
|
2012-09-28 15:16:29 -07:00
|
|
|
|
2012-10-31 09:13:28 -07:00
|
|
|
this.PermissionsTable = { "resource-lock": {
|
2012-09-28 15:16:29 -07:00
|
|
|
app: ALLOW_ACTION,
|
|
|
|
|
privileged: ALLOW_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
geolocation: {
|
|
|
|
|
app: PROMPT_ACTION,
|
|
|
|
|
privileged: PROMPT_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
camera: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: PROMPT_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
2012-10-10 09:16:49 -07:00
|
|
|
alarms: {
|
2012-09-28 15:16:29 -07:00
|
|
|
app: ALLOW_ACTION,
|
|
|
|
|
privileged: ALLOW_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
2012-10-10 09:16:49 -07:00
|
|
|
"tcp-socket": {
|
2012-09-28 15:16:29 -07:00
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: ALLOW_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
2012-09-30 06:48:40 -07:00
|
|
|
"network-events": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
2012-09-28 15:16:29 -07:00
|
|
|
contacts: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: PROMPT_ACTION,
|
2012-10-26 12:34:48 -07:00
|
|
|
certified: ALLOW_ACTION,
|
|
|
|
|
access: ["read", "write", "create"]
|
2012-09-28 15:16:29 -07:00
|
|
|
},
|
|
|
|
|
"device-storage:apps": {
|
|
|
|
|
app: DENY_ACTION,
|
2012-10-26 12:50:10 -07:00
|
|
|
privileged: PROMPT_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION,
|
|
|
|
|
access: ["read", "write", "create"]
|
2012-09-28 15:16:29 -07:00
|
|
|
},
|
|
|
|
|
"device-storage:pictures": {
|
|
|
|
|
app: DENY_ACTION,
|
2012-10-26 12:50:10 -07:00
|
|
|
privileged: PROMPT_ACTION,
|
2012-10-26 12:34:48 -07:00
|
|
|
certified: ALLOW_ACTION,
|
|
|
|
|
access: ["read", "write", "create"]
|
2012-09-28 15:16:29 -07:00
|
|
|
},
|
|
|
|
|
"device-storage:videos": {
|
|
|
|
|
app: DENY_ACTION,
|
2012-10-26 12:50:10 -07:00
|
|
|
privileged: PROMPT_ACTION,
|
2012-10-26 12:34:48 -07:00
|
|
|
certified: ALLOW_ACTION,
|
|
|
|
|
access: ["read", "write", "create"]
|
2012-09-28 15:16:29 -07:00
|
|
|
},
|
|
|
|
|
"device-storage:music": {
|
|
|
|
|
app: DENY_ACTION,
|
2012-10-26 12:50:10 -07:00
|
|
|
privileged: PROMPT_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION,
|
|
|
|
|
access: ["read", "write", "create"]
|
|
|
|
|
},
|
|
|
|
|
"device-storage:sdcard": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: PROMPT_ACTION,
|
2012-10-26 12:34:48 -07:00
|
|
|
certified: ALLOW_ACTION,
|
|
|
|
|
access: ["read", "write", "create"]
|
2012-09-28 15:16:29 -07:00
|
|
|
},
|
|
|
|
|
sms: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
telephony: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
browser: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: ALLOW_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
bluetooth: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
wifi: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: PROMPT_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
keyboard: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
mobileconnection: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
power: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
push: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
settings: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
2012-10-26 12:34:48 -07:00
|
|
|
certified: ALLOW_ACTION,
|
2012-10-25 10:12:14 -07:00
|
|
|
access: ["read", "write"],
|
|
|
|
|
additional: ["indexedDB-chrome-settings"]
|
2012-09-28 15:16:29 -07:00
|
|
|
},
|
|
|
|
|
permissions: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
fmradio: {
|
|
|
|
|
app: ALLOW_ACTION, // Matrix indicates '?'
|
|
|
|
|
privileged: ALLOW_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
attention: {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
2012-10-10 09:16:49 -07:00
|
|
|
"webapps-manage": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"backgroundservice": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"desktop-notification": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"networkstats-manage": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"mozBluetooth": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"wifi-manage": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"systemXHR": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"voicemail": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"deprecated-hwvideo": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"idle": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"time": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"embed-apps": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
|
|
|
|
"storage": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
2012-10-25 10:12:14 -07:00
|
|
|
certified: ALLOW_ACTION,
|
|
|
|
|
substitute: [
|
|
|
|
|
"indexedDB-unlimited",
|
|
|
|
|
"offline-app",
|
|
|
|
|
"pin-app"
|
|
|
|
|
]
|
2012-10-10 09:16:49 -07:00
|
|
|
},
|
2012-10-23 19:30:10 -07:00
|
|
|
"background-sensors": {
|
|
|
|
|
app: DENY_ACTION,
|
|
|
|
|
privileged: DENY_ACTION,
|
|
|
|
|
certified: ALLOW_ACTION
|
|
|
|
|
},
|
2012-09-28 15:16:29 -07:00
|
|
|
};
|
|
|
|
|
|
2012-10-02 22:38:06 -07:00
|
|
|
/**
|
|
|
|
|
* Expand an access string into multiple permission names,
|
|
|
|
|
* e.g: perm 'contacts' with 'readwrite' =
|
|
|
|
|
* ['contacts-read', 'contacts-create', contacts-write']
|
|
|
|
|
* @param string aPermName
|
|
|
|
|
* @param string aAccess
|
|
|
|
|
* @returns Array
|
|
|
|
|
**/
|
2012-10-31 09:13:28 -07:00
|
|
|
this.expandPermissions = function expandPermissions(aPermName, aAccess) {
|
2012-10-02 22:38:06 -07:00
|
|
|
if (!PermissionsTable[aPermName]) {
|
|
|
|
|
Cu.reportError("PermissionsTable.jsm: expandPermissions: Unknown Permission: " + aPermName);
|
2012-10-26 20:45:25 -07:00
|
|
|
return [];
|
2012-10-02 22:38:06 -07:00
|
|
|
}
|
2012-10-26 12:34:48 -07:00
|
|
|
|
2012-10-25 10:12:14 -07:00
|
|
|
const tableEntry = PermissionsTable[aPermName];
|
|
|
|
|
|
|
|
|
|
if (tableEntry.substitute && tableEntry.additional) {
|
|
|
|
|
Cu.reportError("PermissionsTable.jsm: expandPermissions: Can't handle both 'substitute' " +
|
|
|
|
|
"and 'additional' entries for permission: " + aPermName);
|
|
|
|
|
return [];
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-26 20:45:25 -07:00
|
|
|
/*
|
2012-10-26 12:34:48 -07:00
|
|
|
Temporarily disabled in order to add access fields to gaia: See Bug 805646
|
2012-10-25 10:12:14 -07:00
|
|
|
if (!aAccess && tableEntry.access ||
|
|
|
|
|
aAccess && !tableEntry.access) {
|
2012-10-10 09:16:49 -07:00
|
|
|
Cu.reportError("PermissionsTable.jsm: expandPermissions: Invalid Manifest : " +
|
|
|
|
|
aPermName + " " + aAccess + "\n");
|
2012-10-02 22:38:06 -07:00
|
|
|
throw new Error("PermissionsTable.jsm: expandPermissions: Invalid Manifest");
|
|
|
|
|
}
|
2012-10-26 12:34:48 -07:00
|
|
|
*/
|
|
|
|
|
|
2012-10-25 10:12:14 -07:00
|
|
|
let expandedPerms = [];
|
2012-10-02 22:38:06 -07:00
|
|
|
|
2012-10-25 10:12:14 -07:00
|
|
|
if (tableEntry.access && aAccess) {
|
2012-10-02 22:38:06 -07:00
|
|
|
let requestedSuffixes = [];
|
2012-10-25 10:12:14 -07:00
|
|
|
switch (aAccess) {
|
2012-10-02 22:38:06 -07:00
|
|
|
case READONLY:
|
|
|
|
|
requestedSuffixes.push("read");
|
|
|
|
|
break;
|
|
|
|
|
case CREATEONLY:
|
|
|
|
|
requestedSuffixes.push("create");
|
|
|
|
|
break;
|
|
|
|
|
case READCREATE:
|
|
|
|
|
requestedSuffixes.push("read", "create");
|
|
|
|
|
break;
|
|
|
|
|
case READWRITE:
|
|
|
|
|
requestedSuffixes.push("read", "create", "write");
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
return [];
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-25 10:12:14 -07:00
|
|
|
// XXXbent This is a temporary hack! Remove this whole block once the
|
|
|
|
|
// Settings API and the DeviceStorage API have stopped checking just
|
|
|
|
|
// the bare permission (e.g. "settings" vs. "settings-read").
|
|
|
|
|
if (true) {
|
|
|
|
|
expandedPerms.push(aPermName);
|
|
|
|
|
if (tableEntry.additional) {
|
|
|
|
|
for each (let additional in tableEntry.additional) {
|
|
|
|
|
expandedPerms.push(additional);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-02 22:38:06 -07:00
|
|
|
let permArr = mapSuffixes(aPermName, requestedSuffixes);
|
|
|
|
|
|
2012-10-25 10:12:14 -07:00
|
|
|
// Add the same suffix to each of the additions.
|
|
|
|
|
if (tableEntry.additional) {
|
|
|
|
|
for each (let additional in tableEntry.additional) {
|
|
|
|
|
permArr = permArr.concat(mapSuffixes(additional, requestedSuffixes));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Only add the suffixed version if the suffix exisits in the table.
|
2012-10-02 22:38:06 -07:00
|
|
|
for (let idx in permArr) {
|
2012-10-25 10:12:14 -07:00
|
|
|
let suffix = requestedSuffixes[idx % requestedSuffixes.length];
|
|
|
|
|
if (tableEntry.access.indexOf(suffix) != -1) {
|
2012-10-02 22:38:06 -07:00
|
|
|
expandedPerms.push(permArr[idx]);
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-10-25 10:12:14 -07:00
|
|
|
} else if (tableEntry.substitute) {
|
|
|
|
|
expandedPerms = expandedPerms.concat(tableEntry.substitute);
|
|
|
|
|
} else {
|
|
|
|
|
expandedPerms.push(aPermName);
|
|
|
|
|
// Include each of the additions exactly as they appear in the table.
|
|
|
|
|
if (tableEntry.additional) {
|
|
|
|
|
expandedPerms = expandedPerms.concat(tableEntry.additional);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-02 22:38:06 -07:00
|
|
|
return expandedPerms;
|
2012-10-31 09:13:28 -07:00
|
|
|
};
|
2012-10-02 22:38:06 -07:00
|
|
|
|
2012-10-25 10:12:14 -07:00
|
|
|
// Sometimes all permissions (fully expanded) need to be iterated through
|
|
|
|
|
let AllPossiblePermissions = [];
|
|
|
|
|
for (let permName in PermissionsTable) {
|
|
|
|
|
if (PermissionsTable[permName].access) {
|
2012-11-06 15:52:13 -08:00
|
|
|
AllPossiblePermissions =
|
|
|
|
|
AllPossiblePermissions.concat(expandPermissions(permName, READWRITE));
|
2012-10-25 10:12:14 -07:00
|
|
|
} else {
|
|
|
|
|
AllPossiblePermissions =
|
|
|
|
|
AllPossiblePermissions.concat(expandPermissions(permName));
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-10-31 09:13:28 -07:00
|
|
|
this.PermissionsInstaller = {
|
2012-10-02 22:38:06 -07:00
|
|
|
/**
|
|
|
|
|
* Install permissisions or remove deprecated permissions upon re-install
|
2012-10-10 09:16:49 -07:00
|
|
|
* @param object aApp
|
|
|
|
|
* The just-installed app configuration.
|
|
|
|
|
The properties used are manifestURL, origin and manifest.
|
2012-10-02 22:38:06 -07:00
|
|
|
* @param boolean aIsReinstall
|
|
|
|
|
* Indicates the app was just re-installed
|
2012-10-10 09:16:49 -07:00
|
|
|
* @param function aOnError
|
|
|
|
|
* A function called if an error occurs
|
2012-10-02 22:38:06 -07:00
|
|
|
* @returns void
|
|
|
|
|
**/
|
|
|
|
|
installPermissions: function installPermissions(aApp, aIsReinstall, aOnError) {
|
|
|
|
|
try {
|
|
|
|
|
let newManifest = new ManifestHelper(aApp.manifest, aApp.origin);
|
|
|
|
|
if (!newManifest.permissions && !aIsReinstall) {
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (aIsReinstall) {
|
|
|
|
|
// Compare the original permissions against the new permissions
|
|
|
|
|
// Remove any deprecated Permissions
|
|
|
|
|
|
|
|
|
|
if (newManifest.permissions) {
|
|
|
|
|
// Expand perms
|
|
|
|
|
let newPerms = [];
|
|
|
|
|
for (let perm in newManifest.permissions) {
|
|
|
|
|
let _perms = expandPermissions(perm,
|
|
|
|
|
newManifest.permissions[perm].access);
|
|
|
|
|
newPerms = newPerms.concat(_perms);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (let idx in AllPossiblePermissions) {
|
|
|
|
|
let index = newPerms.indexOf(AllPossiblePermissions[idx]);
|
|
|
|
|
if (index == -1) {
|
|
|
|
|
// See if the permission was installed previously
|
2012-10-23 13:11:02 -07:00
|
|
|
let _perm = PermissionSettingsModule.getPermission(AllPossiblePermissions[idx],
|
2012-10-02 22:38:06 -07:00
|
|
|
aApp.manifestURL,
|
|
|
|
|
aApp.origin,
|
|
|
|
|
false);
|
|
|
|
|
if (_perm == "unknown" || _perm == "deny") {
|
|
|
|
|
// All 'deny' permissions should be preserved
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
// Remove the deprecated permission
|
|
|
|
|
// TODO: use PermSettings.remove, see bug 793204
|
2012-10-10 09:16:49 -07:00
|
|
|
this._setPermission(AllPossiblePermissions[idx], "unknown", aApp);
|
2012-10-02 22:38:06 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let installPermType;
|
|
|
|
|
// Check to see if the 'webapp' is app/priv/certified
|
2012-10-10 09:16:49 -07:00
|
|
|
switch (AppsUtils.getAppManifestStatus(aApp.manifest)) {
|
2012-10-02 22:38:06 -07:00
|
|
|
case Ci.nsIPrincipal.APP_STATUS_CERTIFIED:
|
|
|
|
|
installPermType = "certified";
|
|
|
|
|
break;
|
|
|
|
|
case Ci.nsIPrincipal.APP_STATUS_PRIVILEGED:
|
|
|
|
|
installPermType = "privileged";
|
|
|
|
|
break;
|
|
|
|
|
case Ci.nsIPrincipal.APP_STATUS_INSTALLED:
|
|
|
|
|
installPermType = "app";
|
|
|
|
|
break;
|
|
|
|
|
default:
|
|
|
|
|
// Cannot determine app type, abort install by throwing an error
|
2012-10-10 09:16:49 -07:00
|
|
|
throw new Error("PermissionsInstaller.jsm: Cannot determine app type, install cancelled");
|
2012-10-02 22:38:06 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for (let permName in newManifest.permissions) {
|
|
|
|
|
if (!PermissionsTable[permName]) {
|
2012-10-26 20:45:25 -07:00
|
|
|
Cu.reportError("PermissionsInstaller.jsm: '" + permName + "'" +
|
|
|
|
|
" is not a valid Webapps permission type.");
|
|
|
|
|
continue;
|
2012-10-02 22:38:06 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
let perms = expandPermissions(permName,
|
|
|
|
|
newManifest.permissions[permName].access);
|
|
|
|
|
for (let idx in perms) {
|
|
|
|
|
let perm = PermissionsTable[permName][installPermType];
|
|
|
|
|
let permValue = PERM_TO_STRING[perm];
|
2012-10-10 09:16:49 -07:00
|
|
|
this._setPermission(perms[idx], permValue, aApp);
|
2012-10-02 22:38:06 -07:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
catch (ex) {
|
|
|
|
|
debug("Caught webapps install permissions error");
|
|
|
|
|
Cu.reportError(ex);
|
|
|
|
|
if (aOnError) {
|
|
|
|
|
aOnError();
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-10-10 09:16:49 -07:00
|
|
|
},
|
|
|
|
|
|
|
|
|
|
/**
|
2012-10-25 10:12:14 -07:00
|
|
|
* Set a permission value
|
2012-10-10 09:16:49 -07:00
|
|
|
* @param string aPerm
|
|
|
|
|
* The permission name.
|
|
|
|
|
* @param string aValue
|
|
|
|
|
* The permission value.
|
|
|
|
|
* @param object aApp
|
|
|
|
|
* The just-installed app configuration.
|
|
|
|
|
The properties used are manifestURL, origin and manifest.
|
|
|
|
|
* @returns void
|
|
|
|
|
**/
|
|
|
|
|
_setPermission: function setPermission(aPerm, aValue, aApp) {
|
2012-10-23 13:11:02 -07:00
|
|
|
PermissionSettingsModule.addPermission({
|
|
|
|
|
type: aPerm,
|
|
|
|
|
origin: aApp.origin,
|
|
|
|
|
manifestURL: aApp.manifestURL,
|
|
|
|
|
value: aValue,
|
|
|
|
|
browserFlag: false
|
|
|
|
|
});
|
2012-10-10 09:16:49 -07:00
|
|
|
}
|
2012-10-25 10:12:14 -07:00
|
|
|
};
|
