From 7e63b062532752baff52887ab9ff89215af12ed5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fernando=20Jim=C3=A9nez?= Date: Fri, 27 Jun 2014 01:18:20 +0200 Subject: [PATCH] Bug 1023266 - Make the Mobile ID API privileged. Part 2: Fix permission check. r=jedp --- services/mobileid/MobileIdentityCommon.jsm | 1 + services/mobileid/MobileIdentityManager.jsm | 16 ++++++++-------- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/services/mobileid/MobileIdentityCommon.jsm b/services/mobileid/MobileIdentityCommon.jsm index df4c7ea1231..bf169eee606 100644 --- a/services/mobileid/MobileIdentityCommon.jsm +++ b/services/mobileid/MobileIdentityCommon.jsm @@ -91,6 +91,7 @@ this.ERROR_INVALID_VERIFICATION_CODE = "INVALID_VERIFICATION_CODE"; this.ERROR_MISSING_CONTENT_LENGTH_HEADER = "MISSING_CONTENT_LENGTH_HEADER"; this.ERROR_NO_RETRIES_LEFT = "NO_RETRIES_LEFT"; this.ERROR_OFFLINE = "OFFLINE"; +this.ERROR_PERMISSION_DENIED = "PERMISSION_DENIED"; this.ERROR_REQUEST_BODY_TOO_LARGE = "REQUEST_BODY_TOO_LARGE"; this.ERROR_SERVICE_TEMPORARILY_UNAVAILABLE = "SERVICE_TEMPORARILY_UNAVAILABLE"; this.ERROR_TOO_MANY_REQUESTS_MSISDN = "TOO_MANY_REQUESTS_MSISDN"; diff --git a/services/mobileid/MobileIdentityManager.jsm b/services/mobileid/MobileIdentityManager.jsm index 66637307fe7..db26c89e7e3 100644 --- a/services/mobileid/MobileIdentityManager.jsm +++ b/services/mobileid/MobileIdentityManager.jsm @@ -320,15 +320,9 @@ let MobileIdentityManager = { }, /********************************************************* - * Permissions helpers + * Permissions helper ********************************************************/ - hasPermission: function(aPrincipal) { - let permission = permissionManager.testPermissionFromPrincipal(aPrincipal, - MOBILEID_PERM); - return permission == Ci.nsIPermissionManager.ALLOW_ACTION; - }, - addPermission: function(aPrincipal) { permissionManager.addFromPrincipal(aPrincipal, MOBILEID_PERM, Ci.nsIPermissionManager.ALLOW_ACTION); @@ -757,8 +751,14 @@ let MobileIdentityManager = { // If we've just prompted the user in the previous step, the permission // is already granted and stored so we just progress the credentials. if (creds) { - if (this.hasPermission(principal)) { + let permission = permissionManager.testPermissionFromPrincipal( + principal, + MOBILEID_PERM + ); + if (permission == Ci.nsIPermissionManager.ALLOW_ACTION) { return creds; + } else if (permission == Ci.nsIPermissionManager.DENY_ACTION) { + return Promise.reject(ERROR_PERMISSION_DENIED); } return this.promptAndVerify(principal, manifestURL, creds); }