зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1080304 - Reject RestrictedProfiles.isAllowed calls for unknown actions. r=mfinkle
This commit is contained in:
Richard Newman
Родитель
2b5571380c
Коммит
0acd9512e4
|
|
@ -5,22 +5,18 @@
|
|||
|
||||
package org.mozilla.gecko;
|
||||
|
||||
import java.util.Set;
|
||||
|
||||
import org.json.JSONException;
|
||||
import org.json.JSONObject;
|
||||
|
||||
import java.lang.StringBuilder;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.HashSet;
|
||||
|
||||
import org.mozilla.gecko.mozglue.RobocopTarget;
|
||||
import java.util.Set;
|
||||
import org.json.JSONException;
|
||||
import org.json.JSONObject;
|
||||
import org.mozilla.gecko.AppConstants.Versions;
|
||||
import org.mozilla.gecko.mozglue.RobocopTarget;
|
||||
import org.mozilla.gecko.mozglue.generatorannotations.WrapElementForJNI;
|
||||
|
||||
import android.annotation.TargetApi;
|
||||
import android.content.Context;
|
||||
import android.net.Uri;
|
||||
import android.os.Build;
|
||||
import android.os.Bundle;
|
||||
import android.os.UserManager;
|
||||
import android.util.Log;
|
||||
|
|
@ -87,14 +83,34 @@ public class RestrictedProfiles {
|
|||
throw new IllegalArgumentException("Unknown action " + action);
|
||||
}
|
||||
|
||||
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1)
|
||||
@RobocopTarget
|
||||
private static Bundle getRestrictions() {
|
||||
final UserManager mgr = (UserManager) GeckoAppShell.getContext().getSystemService(Context.USER_SERVICE);
|
||||
return mgr.getUserRestrictions();
|
||||
}
|
||||
|
||||
/**
|
||||
* This method does the system version check for you.
|
||||
*
|
||||
* Returns false if the system doesn't support restrictions,
|
||||
* or the provided value is not present in the set of user
|
||||
* restrictions.
|
||||
*
|
||||
* Returns true otherwise.
|
||||
*/
|
||||
private static boolean getRestriction(final String name) {
|
||||
// Early versions don't support restrictions at all,
|
||||
// so no action can be restricted.
|
||||
if (Versions.preJBMR2) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return getRestrictions().getBoolean(name, false);
|
||||
}
|
||||
|
||||
private static boolean canLoadUrl(final String url) {
|
||||
// Null urls are always allowed
|
||||
// Null URLs are always permitted.
|
||||
if (url == null) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -102,10 +118,10 @@ public class RestrictedProfiles {
|
|||
try {
|
||||
// If we're not in guest mode, and the system restriction isn't in place, everything is allowed.
|
||||
if (!getInGuest() &&
|
||||
!getRestrictions().getBoolean(Restriction.DISALLOW_BROWSE_FILES.name, false)) {
|
||||
!getRestriction(Restriction.DISALLOW_BROWSE_FILES.name)) {
|
||||
return true;
|
||||
}
|
||||
} catch(IllegalArgumentException ex) {
|
||||
} catch (IllegalArgumentException ex) {
|
||||
Log.i(LOGTAG, "Invalid action", ex);
|
||||
}
|
||||
|
||||
|
|
@ -121,13 +137,13 @@ public class RestrictedProfiles {
|
|||
}
|
||||
}
|
||||
|
||||
// TODO: The UserManager should support blacklisting urls by the device owner.
|
||||
// TODO: The UserManager should support blacklisting URLs by the device owner.
|
||||
return true;
|
||||
}
|
||||
|
||||
@WrapElementForJNI
|
||||
public static boolean isUserRestricted() {
|
||||
// Guest mode is supported in all Android versions
|
||||
// Guest mode is supported in all Android versions.
|
||||
if (getInGuest()) {
|
||||
return true;
|
||||
}
|
||||
|
|
@ -145,34 +161,27 @@ public class RestrictedProfiles {
|
|||
|
||||
@WrapElementForJNI
|
||||
public static boolean isAllowed(int action, String url) {
|
||||
// Guest users can't do anything.
|
||||
if (getInGuest()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
final Restriction restriction;
|
||||
try {
|
||||
restriction = geckoActionToRestriction(action);
|
||||
} catch(IllegalArgumentException ex) {
|
||||
return true;
|
||||
} catch (IllegalArgumentException ex) {
|
||||
// Unknown actions represent a coding error, so we
|
||||
// refuse the action and log.
|
||||
Log.e(LOGTAG, "Unknown action " + action + "; check calling code.");
|
||||
return false;
|
||||
}
|
||||
|
||||
if (Restriction.DISALLOW_BROWSE_FILES == restriction) {
|
||||
return canLoadUrl(url);
|
||||
}
|
||||
|
||||
// ALl actions are blocked in Guest mode
|
||||
if (getInGuest()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (Versions.preJBMR2) {
|
||||
return true;
|
||||
}
|
||||
|
||||
try {
|
||||
// NOTE: Restrictions hold the opposite intention, so we need to flip it
|
||||
return !getRestrictions().getBoolean(restriction.name, false);
|
||||
} catch(IllegalArgumentException ex) {
|
||||
Log.i(LOGTAG, "Invalid action", ex);
|
||||
}
|
||||
|
||||
return true;
|
||||
// NOTE: Restrictions hold the opposite intention, so we need to flip it.
|
||||
return !getRestriction(restriction.name);
|
||||
}
|
||||
|
||||
@WrapElementForJNI
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче