Bug 1421707 - Implement a system for disabling about: pages via Policy r=bz,Felipe

Additionally adds the enterprise policy for disabling about:config.

MozReview-Commit-ID: 7bT8eV3tRnN

--HG--
extra : rebase_source : a54cc94ea9dbecdfd37a17c96e5048a5d20c6411

browser/base/content/aboutNetError.xhtml

@@ -308,9 +308,10 @@
         var event = new CustomEvent("AboutNetErrorLoad", {bubbles: true});
         document.dispatchEvent(event);
 
-        if (err == "inadequateSecurityError") {
-          // Remove the "Try again" button for HTTP/2 inadequate security as it
-          // is useless.
+        if (err == "inadequateSecurityError" || err == "blockedByPolicyTemp") {
+          // Remove the "Try again" button from pages that don't need it.
+          // For HTTP/2 inadequate security or pages blocked by policy, trying
+          // again won't help.
           document.getElementById("errorTryAgain").style.display = "none";
 
           var container = document.getElementById("errorLongDesc");
@@ -557,6 +558,7 @@
         <h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1>
         <h1 id="et_sslv3Used">&sslv3Used.title;</h1>
         <h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1>
+        <h1 id="et_blockedByPolicyTemp">&blockedByPolicyTemp.title;</h1>
       </div>
       <div id="errorDescriptionsContainer">
         <div id="ed_generic">&generic.longDesc;</div>
@@ -586,6 +588,7 @@
         <div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div>
         <div id="ed_sslv3Used">&sslv3Used.longDesc2;</div>
         <div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div>
+        <div id="ed_blockedByPolicyTemp">&blockedByPolicyTemp.longDesc;</div>
       </div>
     </div>
 

browser/components/enterprisepolicies/Policies.jsm

@@ -29,7 +29,7 @@ XPCOMUtils.defineLazyGetter(this, "log", () => {
 this.EXPORTED_SYMBOLS = ["Policies"];
 
 this.Policies = {
-  "block_about_config": {
+  "BlockAboutConfig": {
     onBeforeUIStartup(manager, param) {
       if (param) {
         manager.disallowFeature("about:config", true);

browser/components/enterprisepolicies/schemas/policies-schema.json

@@ -2,7 +2,7 @@
   "$schema": "http://json-schema.org/draft-04/schema#",
   "type": "object",
   "properties": {
-    "block_about_config": {
+    "BlockAboutConfig": {
       "description": "Blocks access to the about:config page.",
       "first_available": "60.0",
 

browser/components/enterprisepolicies/tests/browser/browser.ini

@@ -12,6 +12,7 @@ support-files =
 [browser_policies_simple_policies.js]
 [browser_policies_validate_and_parse_API.js]
 [browser_policy_app_update.js]
+[browser_policy_block_about_config.js]
 [browser_policy_block_set_desktop_background.js]
 [browser_policy_default_browser_check.js]
 [browser_policy_disable_fxscreenshots.js]

browser/components/enterprisepolicies/tests/browser/browser_policy_block_about_config.js

@@ -0,0 +1,27 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+"use strict";
+
+add_task(async function test_about_config() {
+  await setupPolicyEngineWithJson({
+                                    "policies": {
+                                      "BlockAboutConfig": true
+                                    }
+                                  });
+
+  let tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, "about:config", false);
+
+  await ContentTask.spawn(tab.linkedBrowser, null, async function() {
+    ok(content.document.documentURI.startsWith("about:neterror"),
+       "about:config should display the net error page");
+
+    // There is currently a testing-specific race condition that causes this test
+    // to fail, but it is not a problem if we test after the first page load.
+    // Until the race condition is fixed, just make sure to test this *after*
+    // testing the page load.
+    is(Services.policies.isAllowed("about:config"), false,
+       "Policy Engine should report about:config as not allowed");
+  });
+
+  await BrowserTestUtils.removeTab(tab);
+});

browser/locales/en-US/chrome/overrides/appstrings.properties

@@ -40,3 +40,4 @@ remoteXUL=This page uses an unsupported technology that is no longer available b
 ## LOCALIZATION NOTE (sslv3Used) - Do not translate "%S".
 sslv3Used=Firefox cannot guarantee the safety of your data on %S because it uses SSLv3, a broken security protocol.
 inadequateSecurityError=The website tried to negotiate an inadequate level of security.
+blockedByPolicyTemp=This page has been blocked by the enterprise policy manager.

browser/locales/en-US/chrome/overrides/netError.dtd

@@ -200,5 +200,8 @@ certificate.">
      "NS_ERROR_NET_INADEQUATE_SECURITY". -->
 <!ENTITY inadequateSecurityError.longDesc "<p><span class='hostname'></span> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.</p><p>Error code: NS_ERROR_NET_INADEQUATE_SECURITY</p>">
 
+<!ENTITY blockedByPolicyTemp.title "Page Blocked">
+<!ENTITY blockedByPolicyTemp.longDesc "<p>Access has been disabled by your administrator.</p>">
+
 <!ENTITY prefReset.longDesc "It looks like your network security settings might be causing this. Do you want the default settings to be restored?">
 <!ENTITY prefReset.label "Restore default settings">

docshell/base/nsDocShell.cpp

@@ -4822,6 +4822,10 @@ nsDocShell::DisplayLoadError(nsresult aError, nsIURI* aURI,
         error = "inadequateSecurityError";
         addHostPort = true;
         break;
+      case NS_ERROR_BLOCKED_BY_POLICY:
+        // Page blocked by policy
+        error = "blockedByPolicyTemp";
+        break;
       default:
         break;
     }
@@ -7546,7 +7550,8 @@ nsDocShell::EndPageLoad(nsIWebProgress* aProgress,
     if ((aStatus == NS_ERROR_UNKNOWN_HOST ||
          aStatus == NS_ERROR_CONNECTION_REFUSED ||
          aStatus == NS_ERROR_UNKNOWN_PROXY_HOST ||
-         aStatus == NS_ERROR_PROXY_CONNECTION_REFUSED) &&
+         aStatus == NS_ERROR_PROXY_CONNECTION_REFUSED ||
+         aStatus == NS_ERROR_BLOCKED_BY_POLICY) &&
         (isTopFrame || UseErrorPages())) {
       DisplayLoadError(aStatus, url, nullptr, aChannel);
     } else if (aStatus == NS_ERROR_NET_TIMEOUT ||

docshell/resources/content/netError.xhtml

@@ -178,9 +178,10 @@
           secOverride.remove();
         }
 
-        if (err == "inadequateSecurityError") {
-          // Remove the "Try again" button for HTTP/2 inadequate security as it
-          // is useless.
+        if (err == "inadequateSecurityError" || err == "blockedByPolicyTemp") {
+          // Remove the "Try again" button from pages that don't need it.
+          // For HTTP/2 inadequate security or pages blocked by policy, trying
+          // again won't help.
           document.getElementById("errorTryAgain").style.display = "none";
 
           var container = document.getElementById("errorLongDesc");
@@ -309,6 +310,7 @@
         <h1 id="et_remoteXUL">&remoteXUL.title;</h1>
         <h1 id="et_corruptedContentErrorv2">&corruptedContentErrorv2.title;</h1>
         <h1 id="et_inadequateSecurityError">&inadequateSecurityError.title;</h1>
+        <h1 id="et_blockedByPolicyTemp">&blockedByPolicyTemp.title;</h1>
       </div>
       <div id="errorDescriptionsContainer">
         <div id="ed_generic">&generic.longDesc;</div>
@@ -336,6 +338,7 @@
         <div id="ed_remoteXUL">&remoteXUL.longDesc;</div>
         <div id="ed_corruptedContentErrorv2">&corruptedContentErrorv2.longDesc;</div>
         <div id="ed_inadequateSecurityError">&inadequateSecurityError.longDesc;</div>
+        <div id="ed_blockedByPolicyTemp">&blockedByPolicyTemp.longDesc;</div>
       </div>
     </div>
 

dom/browser-element/BrowserElementChildPreload.js

@@ -1512,6 +1512,9 @@ BrowserElementChild.prototype = {
           case Cr.NS_ERROR_CORRUPTED_CONTENT :
             sendAsyncMsg('error', { type: 'corruptedContentErrorv2' });
             return;
+          case Cr.NS_ERROR_BLOCKED_BY_POLICY :
+            sendAsyncMsg('error', { type: 'blockedByPolicyTemp' });
+            return;
 
           default:
             // getErrorClass() will throw if the error code passed in is not a NSS

dom/locales/en-US/chrome/appstrings.properties

@@ -38,3 +38,4 @@ remoteXUL=This page uses an unsupported technology that is no longer available b
 sslv3Used=The safety of your data on %S could not be guaranteed because it uses SSLv3, a broken security protocol.
 weakCryptoUsed=The owner of %S has configured their website improperly. To protect your information from being stolen, the connection to this website has not been established.
 inadequateSecurityError=The website tried to negotiate an inadequate level of security.
+blockedByPolicyTemp=This page has been blocked by the enterprise policy manager.

dom/locales/en-US/chrome/netError.dtd

@@ -97,3 +97,6 @@
 <!-- LOCALIZATION NOTE (inadequateSecurityError.longDesc) - Do not translate
      "NS_ERROR_NET_INADEQUATE_SECURITY". -->
 <!ENTITY inadequateSecurityError.longDesc "<p><span class='hostname'></span> uses security technology that is outdated and vulnerable to attack. An attacker could easily reveal information which you thought to be safe. The website administrator will need to fix the server first before you can visit the site.</p><p>Error code: NS_ERROR_NET_INADEQUATE_SECURITY</p>">
+
+<!ENTITY blockedByPolicyTemp.title "Page Blocked">
+<!ENTITY blockedByPolicyTemp.longDesc "<p>Access has been disabled by your administrator.</p>">

netwerk/protocol/about/nsAboutProtocolHandler.cpp

@@ -20,6 +20,7 @@
 #include "nsIWritablePropertyBag2.h"
 #include "nsIChannel.h"
 #include "nsIScriptError.h"
+#include "nsIEnterprisePolicies.h"
 
 namespace mozilla {
 namespace net {
@@ -175,14 +176,29 @@ nsAboutProtocolHandler::NewChannel2(nsIURI* uri,
     nsCOMPtr<nsIAboutModule> aboutMod;
     nsresult rv = NS_GetAboutModule(uri, getter_AddRefs(aboutMod));
 
+    bool aboutPageAllowed = true;
     nsAutoCString path;
     nsresult rv2 = NS_GetAboutModuleName(uri, path);
-    if (NS_SUCCEEDED(rv2) && path.EqualsLiteral("srcdoc")) {
-        // about:srcdoc is meant to be unresolvable, yet is included in the
-        // about lookup tables so that it can pass security checks when used in
-        // a srcdoc iframe.  To ensure that it stays unresolvable, we pretend
-        // that it doesn't exist.
-      rv = NS_ERROR_FACTORY_NOT_REGISTERED;
+    if (NS_SUCCEEDED(rv2)) {
+        if (path.EqualsLiteral("srcdoc")) {
+            // about:srcdoc is meant to be unresolvable, yet is included in the
+            // about lookup tables so that it can pass security checks when used in
+            // a srcdoc iframe.  To ensure that it stays unresolvable, we pretend
+            // that it doesn't exist.
+            rv = NS_ERROR_FACTORY_NOT_REGISTERED;
+        } else {
+            nsCOMPtr<nsIEnterprisePolicies> policyManager =
+                do_GetService("@mozilla.org/browser/enterprisepolicies;1", &rv2);
+            if (NS_SUCCEEDED(rv2)) {
+                nsAutoCString normalizedURL;
+                normalizedURL.AssignLiteral("about:");
+                normalizedURL.Append(path);
+                rv2 = policyManager->IsAllowed(normalizedURL, &aboutPageAllowed);
+                if (NS_FAILED(rv2)) {
+                    aboutPageAllowed = false;
+                }
+            }
+        }
     }
 
     if (NS_SUCCEEDED(rv)) {
@@ -234,6 +250,9 @@ nsAboutProtocolHandler::NewChannel2(nsIURI* uri,
                                                aboutURI->GetBaseURI());
                 }
             }
+            if (!aboutPageAllowed) {
+                (*result)->Cancel(NS_ERROR_BLOCKED_BY_POLICY);
+            }
         }
         return rv;
     }

xpcom/base/ErrorList.py

@@ -1158,6 +1158,10 @@ with modules["GENERAL"]:
     # see nsTextEquivUtils
     errors["NS_OK_NO_NAME_CLAUSE_HANDLED"] = SUCCESS(34)
 
+    # Error code used to indicate that functionality has been blocked by the
+    # Policy Manager
+    errors["NS_ERROR_BLOCKED_BY_POLICY"] = FAILURE(3)
+
 
 # ============================================================================
 # Write out the resulting module declarations to C++ and rust files