mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1080304 - Reject RestrictedProfiles.isAllowed calls for unknown actions. r=mfinkle

This commit is contained in:
Richard Newman 2014-10-09 08:23:55 -07:00
Родитель 2b5571380c
Коммит 0acd9512e4
1 изменённых файлов: 43 добавлений и 34 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

77
mobile/android/base/RestrictedProfiles.java
Просмотреть файл

@ -5,22 +5,18 @@
package org.mozilla.gecko; package org.mozilla.gecko;
import java.util.Set;
import org.json.JSONException;
import org.json.JSONObject;
import java.lang.StringBuilder;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.HashSet; import java.util.Set;
import org.json.JSONException;
import org.mozilla.gecko.mozglue.RobocopTarget; import org.json.JSONObject;
import org.mozilla.gecko.AppConstants.Versions; import org.mozilla.gecko.AppConstants.Versions;
import org.mozilla.gecko.mozglue.RobocopTarget;
import org.mozilla.gecko.mozglue.generatorannotations.WrapElementForJNI; import org.mozilla.gecko.mozglue.generatorannotations.WrapElementForJNI;
import android.annotation.TargetApi;
import android.content.Context; import android.content.Context;
import android.net.Uri; import android.net.Uri;
import android.os.Build;
import android.os.Bundle; import android.os.Bundle;
import android.os.UserManager; import android.os.UserManager;
import android.util.Log; import android.util.Log;
@ -87,14 +83,34 @@ public class RestrictedProfiles {
throw new IllegalArgumentException("Unknown action " + action); throw new IllegalArgumentException("Unknown action " + action);
} }
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1)
@RobocopTarget @RobocopTarget
private static Bundle getRestrictions() { private static Bundle getRestrictions() {
final UserManager mgr = (UserManager) GeckoAppShell.getContext().getSystemService(Context.USER_SERVICE); final UserManager mgr = (UserManager) GeckoAppShell.getContext().getSystemService(Context.USER_SERVICE);
return mgr.getUserRestrictions(); return mgr.getUserRestrictions();
} }
/**
* This method does the system version check for you.
*
* Returns false if the system doesn't support restrictions,
* or the provided value is not present in the set of user
* restrictions.
*
* Returns true otherwise.
*/
private static boolean getRestriction(final String name) {
// Early versions don't support restrictions at all,
// so no action can be restricted.
if (Versions.preJBMR2) {
return false;
}
return getRestrictions().getBoolean(name, false);
}
private static boolean canLoadUrl(final String url) { private static boolean canLoadUrl(final String url) {
// Null urls are always allowed // Null URLs are always permitted.
if (url == null) { if (url == null) {
return true; return true;
} }
@ -102,10 +118,10 @@ public class RestrictedProfiles {
try { try {
// If we're not in guest mode, and the system restriction isn't in place, everything is allowed. // If we're not in guest mode, and the system restriction isn't in place, everything is allowed.
if (!getInGuest() && if (!getInGuest() &&
!getRestrictions().getBoolean(Restriction.DISALLOW_BROWSE_FILES.name, false)) { !getRestriction(Restriction.DISALLOW_BROWSE_FILES.name)) {
return true; return true;
} }
} catch(IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
Log.i(LOGTAG, "Invalid action", ex); Log.i(LOGTAG, "Invalid action", ex);
} }
@ -121,13 +137,13 @@ public class RestrictedProfiles {
} }
} }
// TODO: The UserManager should support blacklisting urls by the device owner. // TODO: The UserManager should support blacklisting URLs by the device owner.
return true; return true;
} }
@WrapElementForJNI @WrapElementForJNI
public static boolean isUserRestricted() { public static boolean isUserRestricted() {
// Guest mode is supported in all Android versions // Guest mode is supported in all Android versions.
if (getInGuest()) { if (getInGuest()) {
return true; return true;
} }
@ -145,34 +161,27 @@ public class RestrictedProfiles {
@WrapElementForJNI @WrapElementForJNI
public static boolean isAllowed(int action, String url) { public static boolean isAllowed(int action, String url) {
// Guest users can't do anything.
if (getInGuest()) {
return false;
}
final Restriction restriction; final Restriction restriction;
try { try {
restriction = geckoActionToRestriction(action); restriction = geckoActionToRestriction(action);
} catch(IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
return true; // Unknown actions represent a coding error, so we
// refuse the action and log.
Log.e(LOGTAG, "Unknown action " + action + "; check calling code.");
return false;
} }
if (Restriction.DISALLOW_BROWSE_FILES == restriction) { if (Restriction.DISALLOW_BROWSE_FILES == restriction) {
return canLoadUrl(url); return canLoadUrl(url);
} }
// ALl actions are blocked in Guest mode // NOTE: Restrictions hold the opposite intention, so we need to flip it.
if (getInGuest()) { return !getRestriction(restriction.name);
return false;
}
if (Versions.preJBMR2) {
return true;
}
try {
// NOTE: Restrictions hold the opposite intention, so we need to flip it
return !getRestrictions().getBoolean(restriction.name, false);
} catch(IllegalArgumentException ex) {
Log.i(LOGTAG, "Invalid action", ex);
}
return true;
} }
@WrapElementForJNI @WrapElementForJNI