2012-09-19 11:19:00 -07:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
"use strict";
|
|
|
|
|
2012-10-23 13:11:02 -07:00
|
|
|
function debug(s) {
|
|
|
|
//dump("-*- PermissionSettings Module: " + s + "\n");
|
|
|
|
}
|
2012-09-19 11:19:00 -07:00
|
|
|
|
2012-09-28 15:16:29 -07:00
|
|
|
const Cu = Components.utils;
|
2012-09-19 11:19:00 -07:00
|
|
|
const Cc = Components.classes;
|
|
|
|
const Ci = Components.interfaces;
|
|
|
|
|
2012-10-31 09:13:28 -07:00
|
|
|
this.EXPORTED_SYMBOLS = ["PermissionSettingsModule"];
|
2012-09-19 11:19:00 -07:00
|
|
|
|
|
|
|
Cu.import("resource://gre/modules/XPCOMUtils.jsm");
|
|
|
|
Cu.import("resource://gre/modules/Services.jsm");
|
2012-12-14 17:32:30 -08:00
|
|
|
Cu.import("resource://gre/modules/PermissionsTable.jsm");
|
2012-09-19 11:19:00 -07:00
|
|
|
|
|
|
|
XPCOMUtils.defineLazyServiceGetter(this, "ppmm",
|
|
|
|
"@mozilla.org/parentprocessmessagemanager;1",
|
|
|
|
"nsIMessageListenerManager");
|
|
|
|
|
2012-10-23 13:11:02 -07:00
|
|
|
XPCOMUtils.defineLazyServiceGetter(this,
|
|
|
|
"appsService",
|
|
|
|
"@mozilla.org/AppsService;1",
|
|
|
|
"nsIAppsService");
|
2012-09-19 11:19:00 -07:00
|
|
|
|
2012-10-31 09:13:28 -07:00
|
|
|
this.PermissionSettingsModule = {
|
2012-11-28 02:57:16 -08:00
|
|
|
init: function init() {
|
2012-09-19 11:19:00 -07:00
|
|
|
debug("Init");
|
|
|
|
ppmm.addMessageListener("PermissionSettings:AddPermission", this);
|
|
|
|
Services.obs.addObserver(this, "profile-before-change", false);
|
|
|
|
},
|
|
|
|
|
2012-12-14 17:32:30 -08:00
|
|
|
|
2014-10-30 15:02:51 -07:00
|
|
|
_isChangeAllowed: function(aPrincipal, aPermName, aAction, aAppKind) {
|
2012-12-14 17:32:30 -08:00
|
|
|
// Bug 812289:
|
|
|
|
// Change is allowed from a child process when all of the following
|
|
|
|
// conditions stand true:
|
2013-01-26 09:56:23 -08:00
|
|
|
// * the action isn't "unknown" (so the change isn't a delete) if the app
|
|
|
|
// is installed
|
2012-12-14 17:32:30 -08:00
|
|
|
// * the permission already exists on the database
|
|
|
|
// * the permission is marked as explicit on the permissions table
|
2013-01-26 09:56:23 -08:00
|
|
|
// Note that we *have* to check the first two conditions here because
|
2012-12-14 17:32:30 -08:00
|
|
|
// permissionManager doesn't know if it's being called as a result of
|
|
|
|
// a parent process or child process request. We could check
|
|
|
|
// if the permission is actually explicit (and thus modifiable) or not
|
|
|
|
// on permissionManager also but we currently don't.
|
|
|
|
let perm =
|
2014-04-29 10:27:51 -07:00
|
|
|
Services.perms.testExactPermissionFromPrincipal(aPrincipal,aPermName);
|
2014-10-30 15:02:51 -07:00
|
|
|
let isExplicit = isExplicitInPermissionsTable(aPermName, aPrincipal.appStatus, aAppKind);
|
2013-01-26 09:56:23 -08:00
|
|
|
|
|
|
|
return (aAction === "unknown" &&
|
|
|
|
aPrincipal.appStatus === Ci.nsIPrincipal.APP_STATUS_NOT_INSTALLED) ||
|
|
|
|
(aAction !== "unknown" &&
|
|
|
|
(perm !== Ci.nsIPermissionManager.UNKNOWN_ACTION) &&
|
|
|
|
isExplicit);
|
2012-12-14 17:32:30 -08:00
|
|
|
},
|
|
|
|
|
2012-11-28 02:57:16 -08:00
|
|
|
addPermission: function addPermission(aData, aCallbacks) {
|
2012-12-14 17:32:30 -08:00
|
|
|
|
|
|
|
this._internalAddPermission(aData, true, aCallbacks);
|
|
|
|
|
|
|
|
},
|
|
|
|
|
|
|
|
|
|
|
|
_internalAddPermission: function _internalAddPermission(aData, aAllowAllChanges, aCallbacks) {
|
2012-09-19 11:19:00 -07:00
|
|
|
let uri = Services.io.newURI(aData.origin, null, null);
|
2014-10-30 15:02:51 -07:00
|
|
|
let app = appsService.getAppByManifestURL(aData.manifestURL);
|
|
|
|
let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(uri, app.localId, aData.browserFlag);
|
2012-09-19 11:19:00 -07:00
|
|
|
|
|
|
|
let action;
|
|
|
|
switch (aData.value)
|
|
|
|
{
|
|
|
|
case "unknown":
|
|
|
|
action = Ci.nsIPermissionManager.UNKNOWN_ACTION;
|
|
|
|
break;
|
|
|
|
case "allow":
|
|
|
|
action = Ci.nsIPermissionManager.ALLOW_ACTION;
|
|
|
|
break;
|
|
|
|
case "deny":
|
|
|
|
action = Ci.nsIPermissionManager.DENY_ACTION;
|
|
|
|
break;
|
|
|
|
case "prompt":
|
|
|
|
action = Ci.nsIPermissionManager.PROMPT_ACTION;
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
dump("Unsupported PermisionSettings Action: " + aData.value +"\n");
|
|
|
|
action = Ci.nsIPermissionManager.UNKNOWN_ACTION;
|
|
|
|
}
|
2012-12-14 17:32:30 -08:00
|
|
|
|
|
|
|
if (aAllowAllChanges ||
|
2014-10-30 15:02:51 -07:00
|
|
|
this._isChangeAllowed(principal, aData.type, aData.value, app.kind)) {
|
|
|
|
debug("add: " + aData.origin + " " + app.localId + " " + action);
|
2014-04-29 10:27:51 -07:00
|
|
|
Services.perms.addFromPrincipal(principal, aData.type, action);
|
2012-12-14 17:32:30 -08:00
|
|
|
return true;
|
|
|
|
} else {
|
2014-10-30 15:02:51 -07:00
|
|
|
debug("add Failure: " + aData.origin + " " + app.localId + " " + action);
|
2012-12-14 17:32:30 -08:00
|
|
|
return false; // This isn't currently used, see comment on setPermission
|
|
|
|
}
|
2012-09-19 11:19:00 -07:00
|
|
|
},
|
|
|
|
|
2012-11-28 02:57:16 -08:00
|
|
|
getPermission: function getPermission(aPermName, aManifestURL, aOrigin, aBrowserFlag) {
|
|
|
|
debug("getPermission: " + aPermName + ", " + aManifestURL + ", " + aOrigin);
|
2012-10-23 13:11:02 -07:00
|
|
|
let uri = Services.io.newURI(aOrigin, null, null);
|
|
|
|
let appID = appsService.getAppLocalIdByManifestURL(aManifestURL);
|
2014-04-29 10:27:51 -07:00
|
|
|
let principal = Services.scriptSecurityManager.getAppCodebasePrincipal(uri, appID, aBrowserFlag);
|
|
|
|
let result = Services.perms.testExactPermissionFromPrincipal(principal, aPermName);
|
2012-10-23 13:11:02 -07:00
|
|
|
|
|
|
|
switch (result)
|
|
|
|
{
|
|
|
|
case Ci.nsIPermissionManager.UNKNOWN_ACTION:
|
|
|
|
return "unknown";
|
|
|
|
case Ci.nsIPermissionManager.ALLOW_ACTION:
|
|
|
|
return "allow";
|
|
|
|
case Ci.nsIPermissionManager.DENY_ACTION:
|
|
|
|
return "deny";
|
|
|
|
case Ci.nsIPermissionManager.PROMPT_ACTION:
|
|
|
|
return "prompt";
|
|
|
|
default:
|
|
|
|
dump("Unsupported PermissionSettings Action!\n");
|
|
|
|
return "unknown";
|
|
|
|
}
|
|
|
|
},
|
|
|
|
|
2013-01-26 09:56:23 -08:00
|
|
|
removePermission: function removePermission(aPermName, aManifestURL, aOrigin, aBrowserFlag) {
|
|
|
|
let data = {
|
|
|
|
type: aPermName,
|
|
|
|
origin: aOrigin,
|
|
|
|
manifestURL: aManifestURL,
|
|
|
|
value: "unknown",
|
|
|
|
browserFlag: aBrowserFlag
|
|
|
|
};
|
|
|
|
this._internalAddPermission(data, true);
|
|
|
|
},
|
|
|
|
|
2012-11-28 02:57:16 -08:00
|
|
|
observe: function observe(aSubject, aTopic, aData) {
|
2012-09-19 11:19:00 -07:00
|
|
|
ppmm.removeMessageListener("PermissionSettings:AddPermission", this);
|
|
|
|
Services.obs.removeObserver(this, "profile-before-change");
|
|
|
|
ppmm = null;
|
|
|
|
},
|
|
|
|
|
2012-11-28 02:57:16 -08:00
|
|
|
receiveMessage: function receiveMessage(aMessage) {
|
2012-09-19 11:19:00 -07:00
|
|
|
debug("PermissionSettings::receiveMessage " + aMessage.name);
|
|
|
|
let mm = aMessage.target;
|
|
|
|
let msg = aMessage.data;
|
|
|
|
|
|
|
|
let result;
|
|
|
|
switch (aMessage.name) {
|
|
|
|
case "PermissionSettings:AddPermission":
|
2012-12-14 17:32:30 -08:00
|
|
|
let success = false;
|
2013-01-26 09:56:23 -08:00
|
|
|
let errorMsg =
|
2012-12-14 17:32:30 -08:00
|
|
|
" from a content process with no 'permissions' privileges.";
|
|
|
|
if (mm.assertPermission("permissions")) {
|
|
|
|
success = this._internalAddPermission(msg, false);
|
2013-01-26 09:56:23 -08:00
|
|
|
if (!success) {
|
2012-12-14 17:32:30 -08:00
|
|
|
// Just kill the calling process
|
|
|
|
mm.assertPermission("permissions-modify-implicit");
|
|
|
|
errorMsg = " had an implicit permission change. Child process killed.";
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
if (!success) {
|
2013-01-17 13:50:59 -08:00
|
|
|
Cu.reportError("PermissionSettings message " + msg.type + errorMsg);
|
2012-12-06 21:05:53 -08:00
|
|
|
return null;
|
|
|
|
}
|
2012-09-19 11:19:00 -07:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
PermissionSettingsModule.init();
|