From 5a313efe20c0efa88fb562e75e3358dfe10a6f0b Mon Sep 17 00:00:00 2001
From: Mike Kaply <mozilla@kaply.com>
Date: Fri, 21 Jan 2022 18:17:01 +0000
Subject: [PATCH] Bug 1750233 - Allow JSON policy to be a REG_SZ. r=mstriemer

Differential Revision: https://phabricator.services.mozilla.com/D136380
---
 .../enterprisepolicies/Policies.jsm           |  7 +++--
 .../schemas/policies-schema.json              | 10 +++----
 .../tests/xpcshell/test_extensionsettings.js  | 28 +++++++++++++++++++
 .../tests/xpcshell/test_preferences.js        | 11 ++++++++
 .../enterprisepolicies/WindowsGPOParser.jsm   |  5 ++--
 .../components/utils/JsonSchemaValidator.jsm  |  3 --
 6 files changed, 52 insertions(+), 12 deletions(-)

diff --git a/browser/components/enterprisepolicies/Policies.jsm b/browser/components/enterprisepolicies/Policies.jsm
index fce4936fe056..4c6e9dfa3606 100644
--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@@ -2313,8 +2313,11 @@ function addAllowDenyPermissions(permissionName, allowList, blockList) {
         Ci.nsIPermissionManager.EXPIRE_POLICY
       );
     } catch (ex) {
-      log.error(`Added by default for ${permissionName} permission in the permission
-      manager - ${origin.href}`);
+      // It's possible if the origin was invalid, we'll have a string instead of an origin.
+      log.error(
+        `Unable to add ${permissionName} permission for ${origin.href ||
+          origin}`
+      );
     }
   }
 
diff --git a/browser/components/enterprisepolicies/schemas/policies-schema.json b/browser/components/enterprisepolicies/schemas/policies-schema.json
index 432441a00170..1c3447f2c736 100644
--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@@ -84,7 +84,7 @@
     },
 
     "AutoLaunchProtocolsFromOrigins": {
-      "type": "array",
+      "type": ["array", "JSON"],
       "items": {
         "type": "object",
         "properties": {
@@ -486,7 +486,7 @@
     },
 
     "ExtensionSettings": {
-      "type": "object",
+      "type": ["object", "JSON"],
       "properties": {
         "*": {
           "type": "object",
@@ -606,7 +606,7 @@
     },
 
     "Handlers": {
-      "type": "object",
+      "type": ["object", "JSON"],
       "patternProperties": {
         "^(mimeTypes|extensions|schemes)$": {
           "type": "object",
@@ -748,7 +748,7 @@
         },
         "type": "object"
       },
-      "type": "array"
+      "type": ["array", "JSON"]
     },
 
     "ManualAppUpdateOnly": {
@@ -1013,7 +1013,7 @@
     },
 
     "Preferences": {
-      "type": "object",
+      "type": ["object", "JSON"],
       "patternProperties": {
         "^.*$": {
           "type": ["number", "boolean", "string", "object"],
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
index 42e361d06bdb..16fdfd7dfae7 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
@@ -198,6 +198,34 @@ add_task(async function test_addon_normalinstalled() {
   await addon.uninstall();
 });
 
+add_task(async function test_extensionsettings_string() {
+  await setupPolicyEngineWithJson({
+    policies: {
+      ExtensionSettings: '{"*": {"installation_mode": "blocked"}}',
+    },
+  });
+
+  let extensionSettings = Services.policies.getExtensionSettings("*");
+  equal(extensionSettings.installation_mode, "blocked");
+});
+
+add_task(async function test_extensionsettings_string() {
+  let restrictedDomains = Services.prefs.getCharPref(
+    "extensions.webextensions.restrictedDomains"
+  );
+  await setupPolicyEngineWithJson({
+    policies: {
+      ExtensionSettings:
+        '{"*": {"restricted_domains": ["example.com","example.org"]}}',
+    },
+  });
+
+  let newRestrictedDomains = Services.prefs.getCharPref(
+    "extensions.webextensions.restrictedDomains"
+  );
+  equal(newRestrictedDomains, restrictedDomains + ",example.com,example.org");
+});
+
 add_task(async function test_theme() {
   let themeFile = AddonTestUtils.createTempWebExtensionFile({
     manifest: {
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_preferences.js b/browser/components/enterprisepolicies/tests/xpcshell/test_preferences.js
index 17f7f4e43a14..22b916462337 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_preferences.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_preferences.js
@@ -214,6 +214,17 @@ add_task(async function test_security_preference() {
   checkUnsetPref("security.this.should.not.work");
 });
 
+add_task(async function test_JSON_preferences() {
+  await setupPolicyEngineWithJson({
+    policies: {
+      Preferences:
+        '{"browser.policies.test.default.boolean.json": {"Value": true,"Status": "default"}}',
+    },
+  });
+
+  checkDefaultPref("browser.policies.test.default.boolean.json", true);
+});
+
 add_task(async function test_bug_1666836() {
   await setupPolicyEngineWithJson({
     policies: {
diff --git a/toolkit/components/enterprisepolicies/WindowsGPOParser.jsm b/toolkit/components/enterprisepolicies/WindowsGPOParser.jsm
index 5a0d34941df2..48dfa9b8b39c 100644
--- a/toolkit/components/enterprisepolicies/WindowsGPOParser.jsm
+++ b/toolkit/components/enterprisepolicies/WindowsGPOParser.jsm
@@ -97,8 +97,9 @@ function registryToObject(wrk, policies) {
 function readRegistryValue(wrk, value) {
   switch (wrk.getValueType(value)) {
     case 7: // REG_MULTI_SZ
-      // We only use REG_MULTI_SZ for JSON in the registry. By parsing it here,
-      // we get the benefit of having JSONSchemaValidator properly validate.
+      // While we support JSON in REG_SZ and REG_MULTI_SZ, if it's REG_MULTI_SZ,
+      // we know it must be JSON. So we go ahead and JSON.parse it here so it goes
+      // through the schema validator.
       try {
         return JSON.parse(wrk.readStringValue(value).replace(/\0/g, "\n"));
       } catch (e) {
diff --git a/toolkit/components/utils/JsonSchemaValidator.jsm b/toolkit/components/utils/JsonSchemaValidator.jsm
index f3c38c0be299..d523b0ee61f9 100644
--- a/toolkit/components/utils/JsonSchemaValidator.jsm
+++ b/toolkit/components/utils/JsonSchemaValidator.jsm
@@ -257,7 +257,6 @@ class JsonSchemaValidator {
 
       case "array":
         if (!Array.isArray(param)) {
-          log.error("Array expected but not received");
           return {
             valid: false,
             error: new JsonSchemaValidatorError({
@@ -300,7 +299,6 @@ class JsonSchemaValidator {
 
       case "object": {
         if (typeof param != "object" || !param) {
-          log.error("Object expected but not received");
           return {
             valid: false,
             error: new JsonSchemaValidatorError({
@@ -413,7 +411,6 @@ class JsonSchemaValidator {
         try {
           let json = JSON.parse(param);
           if (typeof json != "object") {
-            log.error("JSON was not an object");
             return {
               valid: false,
               error: new JsonSchemaValidatorError({