Bug 793204 - Add remove() API to PermissionSettings. r=sicking

dom/apps/src/PermissionsInstaller.jsm

@@ -90,8 +90,10 @@ this.PermissionsInstaller = {
                 continue;
               }
               // Remove the deprecated permission
-              // TODO: use PermSettings.remove, see bug 793204
-              this._setPermission(permName, "unknown", aApp);
+              PermissionSettingsModule.removePermission(permName,
+                                                        aApp.manifestURL,
+                                                        aApp.origin,
+                                                        false);
             }
           }
         }

dom/interfaces/permission/nsIDOMPermissionSettings.idl

@@ -6,7 +6,7 @@
 
 interface nsIDOMDOMRequest;
 
-[scriptable, uuid(b3e3894e-b24e-4174-9c80-08115709615b)]
+[scriptable, uuid(18390770-02ab-11e2-a21f-0800200c9a66)]
 interface nsIDOMPermissionSettings : nsISupports
 {
   DOMString get(in DOMString permission, in DOMString manifestURI, in DOMString origin, in bool browserFlag);
@@ -14,4 +14,6 @@ interface nsIDOMPermissionSettings : nsISupports
   void set(in DOMString permission, in DOMString value, in DOMString manifestURI, in DOMString origin, in bool browserFlag);
 
   bool isExplicit(in DOMString permission, in DOMString manifestURI, in DOMString origin, in bool browserFlag);
+
+  void remove(in DOMString permission, in DOMString manifestURI, in DOMString origin, in bool browserFlag);
 };

dom/permission/PermissionSettings.js

@@ -21,7 +21,7 @@ var cpm = Cc["@mozilla.org/childprocessmessagemanager;1"].getService(Ci.nsISyncM
 // PermissionSettings
 
 const PERMISSIONSETTINGS_CONTRACTID = "@mozilla.org/permissionSettings;1";
-const PERMISSIONSETTINGS_CID        = Components.ID("{18390770-02ab-11e2-a21f-0800200c9a66}");
+const PERMISSIONSETTINGS_CID        = Components.ID("{cd2cf7a1-f4c1-487b-8c1b-1a71c7097431}");
 const nsIDOMPermissionSettings      = Ci.nsIDOMPermissionSettings;
 
 function PermissionSettings()
@@ -81,13 +81,13 @@ PermissionSettings.prototype = {
   set: function set(aPermName, aPermValue, aManifestURL, aOrigin,
                     aBrowserFlag) {
     debug("Set called with: " + aPermName + ", " + aManifestURL + ", " +
-          aOrigin + ",  " + aPermValue + ", " + aBrowserFlag); 
-    let currentPermValue = this.get(aPermName, aManifestURL, aOrigin, 
+          aOrigin + ",  " + aPermValue + ", " + aBrowserFlag);
+    let currentPermValue = this.get(aPermName, aManifestURL, aOrigin,
                                     aBrowserFlag);
     let action;
     // Check for invalid calls so that we throw an exception rather than get
     // killed by parent process
-    if (currentPermValue === "unknown" || 
+    if (currentPermValue === "unknown" ||
         aPermValue === "unknown" ||
         !this.isExplicit(aPermName, aManifestURL, aOrigin, aBrowserFlag)) {
       let errorMsg = "PermissionSettings.js: '" + aPermName + "'" +
@@ -106,6 +106,28 @@ PermissionSettings.prototype = {
     });
   },
 
+  remove: function remove(aPermName, aManifestURL, aOrigin, aBrowserFlag) {
+    let uri = Services.io.newURI(aOrigin, null, null);
+    let appID = appsService.getAppLocalIdByManifestURL(aManifestURL);
+    let principal = secMan.getAppCodebasePrincipal(uri, appID, aBrowserFlag);
+
+    if (principal.appStatus !== Ci.nsIPrincipal.APP_STATUS_NOT_INSTALLED) {
+      let errorMsg = "PermissionSettings.js: '" + aOrigin + "'" +
+                     " is installed, cannot remove permission '"+aPermName+"'.";
+      Cu.reportError(errorMsg);
+      throw new Components.Exception(errorMsg);
+    }
+
+    // PermissionSettings.jsm handles delete when value is "unknown"
+    cpm.sendSyncMessage("PermissionSettings:AddPermission", {
+      type: aPermName,
+      origin: aOrigin,
+      manifestURL: aManifestURL,
+      value: "unknown",
+      browserFlag: aBrowserFlag
+    });
+  },
+
   init: function init(aWindow) {
     debug("init");
 

dom/permission/PermissionSettings.jsm

@@ -49,7 +49,8 @@ this.PermissionSettingsModule = {
     // Bug 812289:
     // Change is allowed from a child process when all of the following
     // conditions stand true:
-    //   * the action isn't "unknown" (so the change isn't a delete)
+    //   * the action isn't "unknown" (so the change isn't a delete) if the app
+    //     is installed
     //   * the permission already exists on the database
     //   * the permission is marked as explicit on the permissions table
     // Note that we *have* to check the first two conditions ere because
@@ -60,8 +61,12 @@ this.PermissionSettingsModule = {
     let perm =
       permissionManager.testExactPermissionFromPrincipal(aPrincipal,aPermName);
     let isExplicit = isExplicitInPermissionsTable(aPermName, aPrincipal.appStatus);
-    
-    return (aAction !== "unknown") &&
+
+    let deleteAllowed = true;
+    if (aAction === "unknown")
+      deleteAllowed = (aPrincipal.appStatus === Ci.nsIPrincipal.APP_STATUS_NOT_INSTALLED);
+
+    return deleteAllowed &&
            (perm !== Ci.nsIPermissionManager.UNKNOWN_ACTION) &&
            isExplicit;
   },
@@ -132,6 +137,17 @@ this.PermissionSettingsModule = {
     }
   },
 
+  removePermission: function removePermission(aPermName, aManifestURL, aOrigin, aBrowserFlag) {
+    let data = {
+      type: aPermName,
+      origin: aOrigin,
+      manifestURL: aManifestURL,
+      value: "unknown",
+      browserFlag: aBrowserFlag
+    };
+    this._internalAddPermission(data, false);
+  },
+
   observe: function observe(aSubject, aTopic, aData) {
     ppmm.removeMessageListener("PermissionSettings:AddPermission", this);
     Services.obs.removeObserver(this, "profile-before-change");
@@ -147,11 +163,11 @@ this.PermissionSettingsModule = {
     switch (aMessage.name) {
       case "PermissionSettings:AddPermission":
         let success = false;
-        let errorMsg = 
+        let errorMsg =
               " from a content process with no 'permissions' privileges.";
         if (mm.assertPermission("permissions")) {
           success = this._internalAddPermission(msg, false);
-          if (!success) { 
+          if (!success) {
             // Just kill the calling process
             mm.assertPermission("permissions-modify-implicit");
             errorMsg = " had an implicit permission change. Child process killed.";

dom/permission/PermissionSettings.manifest

@@ -1,3 +1,3 @@
-component {18390770-02ab-11e2-a21f-0800200c9a66} PermissionSettings.js
-contract @mozilla.org/permissionSettings;1 {18390770-02ab-11e2-a21f-0800200c9a66}
+component {cd2cf7a1-f4c1-487b-8c1b-1a71c7097431} PermissionSettings.js
+contract @mozilla.org/permissionSettings;1 {cd2cf7a1-f4c1-487b-8c1b-1a71c7097431}
 category JavaScript-navigator-property mozPermissionSettings @mozilla.org/permissionSettings;1

dom/permission/tests/test_permission_basics.html

@@ -31,7 +31,7 @@ var testCertApp = {
 
 SpecialPowers.addPermission("permissions", true, document);
 var comp = SpecialPowers.wrap(Components);
-SpecialPowers.pushPrefEnv({ "set": [["dom.mozPermissionSettings.enabled", true]] }, 
+SpecialPowers.pushPrefEnv({ "set": [["dom.mozPermissionSettings.enabled", true]] },
                           function() {
                             SpecialPowers.removePermission("permissions", document);
                           });
@@ -66,7 +66,7 @@ function permissionTest() {
 
     // Erasing a permission, even an explicit one, is not allowed
     try {
-      mozPermissions.set(testPerm, "unknown", privAppManifest, originPriv, false);
+      mozPermissions.remove(testPerm, privAppManifest, originPriv, false);
       ok(false, "Erase explicit permission");
     } catch (e) {
       ok(true, "Erase explicit permission");