diff --git a/b2g/components/ContentPermissionPrompt.js b/b2g/components/ContentPermissionPrompt.js index 622727b27e6..248d40ca754 100644 --- a/b2g/components/ContentPermissionPrompt.js +++ b/b2g/components/ContentPermissionPrompt.js @@ -25,7 +25,6 @@ Cu.import("resource://gre/modules/Services.jsm"); Cu.import("resource://gre/modules/Webapps.jsm"); Cu.import("resource://gre/modules/AppsUtils.jsm"); Cu.import("resource://gre/modules/PermissionsInstaller.jsm"); -Cu.import("resource://gre/modules/PermissionsTable.jsm"); var permissionManager = Cc["@mozilla.org/permissionmanager;1"].getService(Ci.nsIPermissionManager); var secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(Ci.nsIScriptSecurityManager); diff --git a/dom/apps/src/Makefile.in b/dom/apps/src/Makefile.in index fcbf34d2413..70c715eb6f4 100644 --- a/dom/apps/src/Makefile.in +++ b/dom/apps/src/Makefile.in @@ -28,7 +28,6 @@ EXTRA_JS_MODULES += \ AppsUtils.jsm \ OfflineCacheInstaller.jsm \ PermissionsInstaller.jsm \ - PermissionsTable.jsm \ $(NULL) include $(topsrcdir)/config/rules.mk diff --git a/dom/apps/src/PermissionsInstaller.jsm b/dom/apps/src/PermissionsInstaller.jsm index 4a27bfe73b8..78f911b5a2a 100644 --- a/dom/apps/src/PermissionsInstaller.jsm +++ b/dom/apps/src/PermissionsInstaller.jsm @@ -10,9 +10,12 @@ const Cu = Components.utils; Cu.import("resource://gre/modules/XPCOMUtils.jsm"); Cu.import("resource://gre/modules/AppsUtils.jsm"); Cu.import("resource://gre/modules/PermissionSettings.jsm"); -Cu.import("resource://gre/modules/PermissionsTable.jsm"); -this.EXPORTED_SYMBOLS = ["PermissionsInstaller"]; +this.EXPORTED_SYMBOLS = ["PermissionsInstaller", + "expandPermissions", + "PermissionsTable", + "appendAccessToPermName" + ]; const UNKNOWN_ACTION = Ci.nsIPermissionManager.UNKNOWN_ACTION; const ALLOW_ACTION = Ci.nsIPermissionManager.ALLOW_ACTION; const DENY_ACTION = Ci.nsIPermissionManager.DENY_ACTION; @@ -30,6 +33,345 @@ function debug(aMsg) { //dump("-*-*- PermissionsInstaller.jsm : " + aMsg + "\n"); } +// Permissions Matrix: https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0 +// Also, keep in sync with https://mxr.mozilla.org/mozilla-central/source/extensions/cookie/Permission.txt + +// Permissions that are implicit: +// battery-status, network-information, vibration, +// device-capabilities + +this.PermissionsTable = { geolocation: { + app: PROMPT_ACTION, + privileged: PROMPT_ACTION, + certified: ALLOW_ACTION + }, + camera: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + alarms: { + app: ALLOW_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + "tcp-socket": { + app: DENY_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + "network-events": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + contacts: { + app: DENY_ACTION, + privileged: PROMPT_ACTION, + certified: ALLOW_ACTION, + access: ["read", "write", "create"] + }, + "device-storage:apps": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION, + access: ["read"] + }, + "device-storage:pictures": { + app: DENY_ACTION, + privileged: PROMPT_ACTION, + certified: ALLOW_ACTION, + access: ["read", "write", "create"] + }, + "device-storage:videos": { + app: DENY_ACTION, + privileged: PROMPT_ACTION, + certified: ALLOW_ACTION, + access: ["read", "write", "create"] + }, + "device-storage:music": { + app: DENY_ACTION, + privileged: PROMPT_ACTION, + certified: ALLOW_ACTION, + access: ["read", "write", "create"] + }, + "device-storage:sdcard": { + app: DENY_ACTION, + privileged: PROMPT_ACTION, + certified: ALLOW_ACTION, + access: ["read", "write", "create"] + }, + sms: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + telephony: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + browser: { + app: DENY_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + bluetooth: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + mobileconnection: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + power: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + settings: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION, + access: ["read", "write"], + additional: ["indexedDB-chrome-settings"] + }, + permissions: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + fmradio: { + app: ALLOW_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + attention: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "webapps-manage": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "backgroundservice": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "desktop-notification": { + app: ALLOW_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + "networkstats-manage": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "wifi-manage": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "systemXHR": { + app: DENY_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + "voicemail": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "deprecated-hwvideo": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "idle": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "time": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "embed-apps": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "storage": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION, + substitute: [ + "indexedDB-unlimited", + "offline-app", + "pin-app" + ] + }, + "background-sensors": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + cellbroadcast: { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "audio-channel-normal": { + app: ALLOW_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + "audio-channel-content": { + app: ALLOW_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + "audio-channel-notification": { + app: DENY_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + "audio-channel-alarm": { + app: DENY_ACTION, + privileged: ALLOW_ACTION, + certified: ALLOW_ACTION + }, + "audio-channel-telephony": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "audio-channel-ringer": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "audio-channel-publicnotification": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + "open-remote-window": { + app: DENY_ACTION, + privileged: DENY_ACTION, + certified: ALLOW_ACTION + }, + }; + +/** + * Append access modes to the permission name as suffixes. + * e.g. permission name 'contacts' with ['read', 'write'] = + * ['contacts-read', contacts-write'] + * @param string aPermName + * @param array aAccess + * @returns array containing access-appended permission names. + **/ +this.appendAccessToPermName = function appendAccessToPermName(aPermName, aAccess) { + if (aAccess.length == 0) { + return [aPermName]; + } + return aAccess.map(function(aMode) { + return aPermName + "-" + aMode; + }); +}; + +/** + * Expand an access string into multiple permission names, + * e.g: permission name 'contacts' with 'readwrite' = + * ['contacts-read', 'contacts-create', 'contacts-write'] + * @param string aPermName + * @param string aAccess (optional) + * @returns array containing expanded permission names. + **/ +this.expandPermissions = function expandPermissions(aPermName, aAccess) { + if (!PermissionsTable[aPermName]) { + Cu.reportError("PermissionsInstaller.jsm: expandPermissions: Unknown Permission: " + aPermName); + dump("PermissionsInstaller.jsm: expandPermissions: Unknown Permission: " + aPermName); + return []; + } + + const tableEntry = PermissionsTable[aPermName]; + + if (tableEntry.substitute && tableEntry.additional) { + Cu.reportError("PermissionsInstaller.jsm: expandPermissions: Can't handle both 'substitute' " + + "and 'additional' entries for permission: " + aPermName); + dump("PermissionsInstaller.jsm: expandPermissions: Can't handle both 'substitute' " + + "and 'additional' entries for permission: " + aPermName); + return []; + } + + if (!aAccess && tableEntry.access || + aAccess && !tableEntry.access) { + Cu.reportError("PermissionsTable.jsm: expandPermissions: Invalid Manifest : " + + aPermName + " " + aAccess + "\n"); + dump("PermissionsInstaller.jsm: expandPermissions: Invalid Manifest: " + + aPermName + " " + aAccess + "\n"); + throw new Error("PermissionsInstaller.jsm: expandPermissions: Invalid Manifest: " + + aPermName + " " + aAccess + "\n"); + } + + let expandedPermNames = []; + + if (tableEntry.access && aAccess) { + let requestedSuffixes = []; + switch (aAccess) { + case READONLY: + requestedSuffixes.push("read"); + break; + case CREATEONLY: + requestedSuffixes.push("create"); + break; + case READCREATE: + requestedSuffixes.push("read", "create"); + break; + case READWRITE: + requestedSuffixes.push("read", "create", "write"); + break; + default: + return []; + } + + let permArr = appendAccessToPermName(aPermName, requestedSuffixes); + + // Add the same suffix to each of the additions. + if (tableEntry.additional) { + for each (let additional in tableEntry.additional) { + permArr = permArr.concat(appendAccessToPermName(additional, requestedSuffixes)); + } + } + + // Only add the suffixed version if the suffix exisits in the table. + for (let idx in permArr) { + let suffix = requestedSuffixes[idx % requestedSuffixes.length]; + if (tableEntry.access.indexOf(suffix) != -1) { + expandedPermNames.push(permArr[idx]); + } + } + } else if (tableEntry.substitute) { + expandedPermNames = expandedPermNames.concat(tableEntry.substitute); + } else { + expandedPermNames.push(aPermName); + // Include each of the additions exactly as they appear in the table. + if (tableEntry.additional) { + expandedPermNames = expandedPermNames.concat(tableEntry.additional); + } + } + + return expandedPermNames; +}; + // An array carring all the possible (expanded) permission names. let AllPossiblePermissions = []; for (let permName in PermissionsTable) { diff --git a/dom/apps/src/PermissionsTable.jsm b/dom/apps/src/PermissionsTable.jsm deleted file mode 100644 index 52b69c65e13..00000000000 --- a/dom/apps/src/PermissionsTable.jsm +++ /dev/null @@ -1,421 +0,0 @@ -/* This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this file, - * You can obtain one at http://mozilla.org/MPL/2.0/. */ - -"use strict"; - -const Ci = Components.interfaces; -const Cu = Components.utils; - -this.EXPORTED_SYMBOLS = [ - "PermissionsTable", - "PermissionsReverseTable", - "expandPermissions", - "appendAccessToPermName", - "isExplicitInPermissionsTable" -]; - -// Permission access flags -const READONLY = "readonly"; -const CREATEONLY = "createonly"; -const READCREATE = "readcreate"; -const READWRITE = "readwrite"; - -const UNKNOWN_ACTION = Ci.nsIPermissionManager.UNKNOWN_ACTION; -const ALLOW_ACTION = Ci.nsIPermissionManager.ALLOW_ACTION; -const DENY_ACTION = Ci.nsIPermissionManager.DENY_ACTION; -const PROMPT_ACTION = Ci.nsIPermissionManager.PROMPT_ACTION; - -// Permissions Matrix: https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0 -// Also, keep in sync with https://mxr.mozilla.org/mozilla-central/source/extensions/cookie/Permission.txt - -// Permissions that are implicit: -// battery-status, network-information, vibration, -// device-capabilities - -this.PermissionsTable = { geolocation: { - app: PROMPT_ACTION, - privileged: PROMPT_ACTION, - certified: ALLOW_ACTION - }, - camera: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - alarms: { - app: ALLOW_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - "tcp-socket": { - app: DENY_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - "network-events": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - contacts: { - app: DENY_ACTION, - privileged: PROMPT_ACTION, - certified: ALLOW_ACTION, - access: ["read", "write", "create"] - }, - "device-storage:apps": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION, - access: ["read"] - }, - "device-storage:pictures": { - app: DENY_ACTION, - privileged: PROMPT_ACTION, - certified: ALLOW_ACTION, - access: ["read", "write", "create"] - }, - "device-storage:videos": { - app: DENY_ACTION, - privileged: PROMPT_ACTION, - certified: ALLOW_ACTION, - access: ["read", "write", "create"] - }, - "device-storage:music": { - app: DENY_ACTION, - privileged: PROMPT_ACTION, - certified: ALLOW_ACTION, - access: ["read", "write", "create"] - }, - "device-storage:sdcard": { - app: DENY_ACTION, - privileged: PROMPT_ACTION, - certified: ALLOW_ACTION, - access: ["read", "write", "create"] - }, - sms: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - telephony: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - browser: { - app: DENY_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - bluetooth: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - mobileconnection: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - power: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - settings: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION, - access: ["read", "write"], - additional: ["indexedDB-chrome-settings"] - }, - permissions: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - fmradio: { - app: ALLOW_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - attention: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "webapps-manage": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "backgroundservice": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "desktop-notification": { - app: ALLOW_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - "networkstats-manage": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "wifi-manage": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "systemXHR": { - app: DENY_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - "voicemail": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "deprecated-hwvideo": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "idle": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "time": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "embed-apps": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "storage": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION, - substitute: [ - "indexedDB-unlimited", - "offline-app", - "pin-app" - ] - }, - "background-sensors": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - cellbroadcast: { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "audio-channel-normal": { - app: ALLOW_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - "audio-channel-content": { - app: ALLOW_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - "audio-channel-notification": { - app: DENY_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - "audio-channel-alarm": { - app: DENY_ACTION, - privileged: ALLOW_ACTION, - certified: ALLOW_ACTION - }, - "audio-channel-telephony": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "audio-channel-ringer": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "audio-channel-publicnotification": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - "open-remote-window": { - app: DENY_ACTION, - privileged: DENY_ACTION, - certified: ALLOW_ACTION - }, - }; - -/** - * Append access modes to the permission name as suffixes. - * e.g. permission name 'contacts' with ['read', 'write'] = - * ['contacts-read', contacts-write'] - * @param string aPermName - * @param array aAccess - * @returns array containing access-appended permission names. - **/ -this.appendAccessToPermName = function appendAccessToPermName(aPermName, aAccess) { - if (aAccess.length == 0) { - return [aPermName]; - } - return aAccess.map(function(aMode) { - return aPermName + "-" + aMode; - }); -}; - -/** - * Expand an access string into multiple permission names, - * e.g: permission name 'contacts' with 'readwrite' = - * ['contacts-read', 'contacts-create', 'contacts-write'] - * @param string aPermName - * @param string aAccess (optional) - * @returns array containing expanded permission names. - **/ -this.expandPermissions = function expandPermissions(aPermName, aAccess) { - if (!PermissionsTable[aPermName]) { - let errorMsg = - "PermissionsTable.jsm: expandPermissions: Unknown Permission: " + aPermName; - Cu.reportError(errorMsg); - dump(errorMsg); - return []; - } - - const tableEntry = PermissionsTable[aPermName]; - - if (tableEntry.substitute && tableEntry.additional) { - let errorMsg = - "PermissionsTable.jsm: expandPermissions: Can't handle both 'substitute' " + - "and 'additional' entries for permission: " + aPermName; - Cu.reportError(errorMsg); - dump(errorMsg); - return []; - } - - if (!aAccess && tableEntry.access || - aAccess && !tableEntry.access) { - let errorMsg = - "PermissionsTable.jsm: expandPermissions: Invalid Manifest : " + - aPermName + " " + aAccess + "\n"; - Cu.reportError(errorMsg); - dump(errorMsg); - throw new Error(errorMsg); - } - - let expandedPermNames = []; - - if (tableEntry.access && aAccess) { - let requestedSuffixes = []; - switch (aAccess) { - case READONLY: - requestedSuffixes.push("read"); - break; - case CREATEONLY: - requestedSuffixes.push("create"); - break; - case READCREATE: - requestedSuffixes.push("read", "create"); - break; - case READWRITE: - requestedSuffixes.push("read", "create", "write"); - break; - default: - return []; - } - - let permArr = appendAccessToPermName(aPermName, requestedSuffixes); - - // Add the same suffix to each of the additions. - if (tableEntry.additional) { - for each (let additional in tableEntry.additional) { - permArr = permArr.concat(appendAccessToPermName(additional, requestedSuffixes)); - } - } - - // Only add the suffixed version if the suffix exists in the table. - for (let idx in permArr) { - let suffix = requestedSuffixes[idx % requestedSuffixes.length]; - if (tableEntry.access.indexOf(suffix) != -1) { - expandedPermNames.push(permArr[idx]); - } - } - } else if (tableEntry.substitute) { - expandedPermNames = expandedPermNames.concat(tableEntry.substitute); - } else { - expandedPermNames.push(aPermName); - // Include each of the additions exactly as they appear in the table. - if (tableEntry.additional) { - expandedPermNames = expandedPermNames.concat(tableEntry.additional); - } - } - - return expandedPermNames; -}; - -this.PermissionsReverseTable = (function () { - // PermissionsTable as it is works well for direct searches, but not - // so well for reverse ones (that is, if I get something like - // device-storage:music-read or indexedDB-chrome-settings-read how - // do I know which permission it really is? Hence this table is - // born. The idea is that - // reverseTable[device-storage:music-read] should return - // device-storage:music - let reverseTable = {}; - - for (let permName in PermissionsTable) { - let permAliases; - if (PermissionsTable[permName].access) { - permAliases = expandPermissions(permName, "readwrite"); - } else { - permAliases = expandPermissions(permName); - } - for (let i = 0; i < permAliases.length; i++) { - reverseTable[permAliases[i]] = permName; - } - } - - return reverseTable; - -})(); - -this.isExplicitInPermissionsTable = function(aPermName, aIntStatus) { - - // Check to see if the 'webapp' is app/privileged/certified. - let appStatus; - switch (aIntStatus) { - case Ci.nsIPrincipal.APP_STATUS_CERTIFIED: - appStatus = "certified"; - break; - case Ci.nsIPrincipal.APP_STATUS_PRIVILEGED: - appStatus = "privileged"; - break; - default: // If it isn't certified or privileged, it's app - appStatus = "app"; - break; - } - - let realPerm = PermissionsReverseTable[aPermName]; - - if (realPerm) { - return (PermissionsTable[realPerm][appStatus] == - Ci.nsIPermissionManager.PROMPT_ACTION); - } else { - return false; - } -} diff --git a/dom/interfaces/permission/nsIDOMPermissionSettings.idl b/dom/interfaces/permission/nsIDOMPermissionSettings.idl index 5cf237d6db5..6c72a31279d 100644 --- a/dom/interfaces/permission/nsIDOMPermissionSettings.idl +++ b/dom/interfaces/permission/nsIDOMPermissionSettings.idl @@ -6,12 +6,10 @@ interface nsIDOMDOMRequest; -[scriptable, uuid(b3e3894e-b24e-4174-9c80-08115709615b)] +[scriptable, uuid(18390770-02ab-11e2-a21f-0800200c9a66)] interface nsIDOMPermissionSettings : nsISupports { DOMString get(in DOMString permission, in DOMString manifestURI, in DOMString origin, in bool browserFlag); void set(in DOMString permission, in DOMString value, in DOMString manifestURI, in DOMString origin, in bool browserFlag); - - bool isExplicit(in DOMString permission, in DOMString manifestURI, in DOMString origin, in bool browserFlag); }; diff --git a/dom/messages/SystemMessagePermissionsChecker.jsm b/dom/messages/SystemMessagePermissionsChecker.jsm index 5286932b32f..18b288a924a 100644 --- a/dom/messages/SystemMessagePermissionsChecker.jsm +++ b/dom/messages/SystemMessagePermissionsChecker.jsm @@ -11,7 +11,6 @@ Cu.import("resource://gre/modules/XPCOMUtils.jsm"); Cu.import("resource://gre/modules/Services.jsm"); Cu.import("resource://gre/modules/AppsUtils.jsm"); Cu.import("resource://gre/modules/PermissionsInstaller.jsm"); -Cu.import("resource://gre/modules/PermissionsTable.jsm"); Cu.import("resource://gre/modules/PermissionSettings.jsm"); this.EXPORTED_SYMBOLS = ["SystemMessagePermissionsChecker", diff --git a/dom/permission/PermissionPromptHelper.jsm b/dom/permission/PermissionPromptHelper.jsm index f06fd7e396f..566be08dc98 100644 --- a/dom/permission/PermissionPromptHelper.jsm +++ b/dom/permission/PermissionPromptHelper.jsm @@ -35,7 +35,6 @@ this.EXPORTED_SYMBOLS = ["PermissionPromptHelper"]; Cu.import("resource://gre/modules/XPCOMUtils.jsm"); Cu.import("resource://gre/modules/Services.jsm"); Cu.import("resource://gre/modules/PermissionsInstaller.jsm"); -Cu.import("resource://gre/modules/PermissionsTable.jsm"); XPCOMUtils.defineLazyServiceGetter(this, "ppmm", "@mozilla.org/parentprocessmessagemanager;1", diff --git a/dom/permission/PermissionSettings.js b/dom/permission/PermissionSettings.js index 9612eba61fc..3c0e8dfde55 100644 --- a/dom/permission/PermissionSettings.js +++ b/dom/permission/PermissionSettings.js @@ -14,7 +14,6 @@ const Cu = Components.utils; Cu.import("resource://gre/modules/XPCOMUtils.jsm"); Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/PermissionsTable.jsm"); var cpm = Cc["@mozilla.org/childprocessmessagemanager;1"].getService(Ci.nsISyncMessageSender); @@ -68,31 +67,9 @@ PermissionSettings.prototype = { } }, - isExplicit: function isExplicit(aPermName, aManifestURL, aOrigin, - aBrowserFlag) { - debug("isExplicit: " + aPermName + ", " + aManifestURL + ", " + aOrigin); - let uri = Services.io.newURI(aOrigin, null, null); - let appID = appsService.getAppLocalIdByManifestURL(aManifestURL); - let principal = secMan.getAppCodebasePrincipal(uri, appID, aBrowserFlag); - - return isExplicitInPermissionsTable(aPermName, principal.appStatus); - }, - - set: function set(aPermName, aPermValue, aManifestURL, aOrigin, - aBrowserFlag) { - debug("Set called with: " + aPermName + ", " + aManifestURL + ", " + - aOrigin + ", " + aPermValue + ", " + aBrowserFlag); + set: function set(aPermName, aPermValue, aManifestURL, aOrigin, aBrowserFlag) { + debug("Set called with: " + aPermName + ", " + aManifestURL + ", " + aOrigin + ", " + aPermValue + ", " + aBrowserFlag); let action; - // Check for invalid calls so that we throw an exception rather than get - // killed by parent process - if (aPermValue === "unknown" || - !this.isExplicit(aPermName, aManifestURL, aOrigin, aBrowserFlag)) { - let errorMsg = "PermissionSettings.js: '" + aPermName + "'" + - " is an implicit permission for '" + aManifestURL+"'"; - Cu.reportError(errorMsg); - throw new Components.Exception(errorMsg); - } - cpm.sendSyncMessage("PermissionSettings:AddPermission", { type: aPermName, origin: aOrigin, diff --git a/dom/permission/PermissionSettings.jsm b/dom/permission/PermissionSettings.jsm index 249f224512d..7c2dcdbe17a 100644 --- a/dom/permission/PermissionSettings.jsm +++ b/dom/permission/PermissionSettings.jsm @@ -16,7 +16,6 @@ this.EXPORTED_SYMBOLS = ["PermissionSettingsModule"]; Cu.import("resource://gre/modules/XPCOMUtils.jsm"); Cu.import("resource://gre/modules/Services.jsm"); -Cu.import("resource://gre/modules/PermissionsTable.jsm"); XPCOMUtils.defineLazyServiceGetter(this, "ppmm", "@mozilla.org/parentprocessmessagemanager;1", @@ -44,36 +43,7 @@ this.PermissionSettingsModule = { Services.obs.addObserver(this, "profile-before-change", false); }, - - _isChangeAllowed: function(aPrincipal, aPermName, aAction) { - // Bug 812289: - // Change is allowed from a child process when all of the following - // conditions stand true: - // * the action isn't "unknown" (so the change isn't a delete) - // * the permission already exists on the database - // * the permission is marked as explicit on the permissions table - // Note that we *have* to check the first two conditions ere because - // permissionManager doesn't know if it's being called as a result of - // a parent process or child process request. We could check - // if the permission is actually explicit (and thus modifiable) or not - // on permissionManager also but we currently don't. - let perm = - permissionManager.testExactPermissionFromPrincipal(aPrincipal,aPermName); - let isExplicit = isExplicitInPermissionsTable(aPermName, aPrincipal.appStatus); - - return (aAction !== "unknown") && - (perm !== Ci.nsIPermissionManager.UNKNOWN_ACTION) && - isExplicit; - }, - addPermission: function addPermission(aData, aCallbacks) { - - this._internalAddPermission(aData, true, aCallbacks); - - }, - - - _internalAddPermission: function _internalAddPermission(aData, aAllowAllChanges, aCallbacks) { let uri = Services.io.newURI(aData.origin, null, null); let appID = appsService.getAppLocalIdByManifestURL(aData.manifestURL); let principal = secMan.getAppCodebasePrincipal(uri, appID, aData.browserFlag); @@ -97,16 +67,8 @@ this.PermissionSettingsModule = { dump("Unsupported PermisionSettings Action: " + aData.value +"\n"); action = Ci.nsIPermissionManager.UNKNOWN_ACTION; } - - if (aAllowAllChanges || - this._isChangeAllowed(principal, aData.type, aData.value)) { - debug("add: " + aData.origin + " " + appID + " " + action); - permissionManager.addFromPrincipal(principal, aData.type, action); - return true; - } else { - debug("add Failure: " + aData.origin + " " + appID + " " + action); - return false; // This isn't currently used, see comment on setPermission - } + debug("add: " + aData.origin + " " + appID + " " + action); + permissionManager.addFromPrincipal(principal, aData.type, action); }, getPermission: function getPermission(aPermName, aManifestURL, aOrigin, aBrowserFlag) { @@ -146,22 +108,12 @@ this.PermissionSettingsModule = { let result; switch (aMessage.name) { case "PermissionSettings:AddPermission": - let success = false; - let errorMsg = - " from a content process with no 'permissions' privileges."; - if (mm.assertPermission("permissions")) { - success = this._internalAddPermission(msg, false); - if (!success) { - // Just kill the calling process - mm.assertPermission("permissions-modify-implicit"); - errorMsg = " had an implicit permission change. Child process killed."; - } - } - - if (!success) { - Cu.reportError("PermissionSettings message " + msg.name + errorMsg); + if (!aMessage.target.assertPermission("permissions")) { + Cu.reportError("PermissionSettings message " + msg.name + + " from a content process with no 'permissions' privileges."); return null; } + this.addPermission(msg); break; } }