Bug 1750233 - Allow JSON policy to be a REG_SZ. r=mstriemer

Differential Revision: https://phabricator.services.mozilla.com/D136380
2022-01-21 18:17:01 +00:00 · 2022-01-21 18:17:01 +00:00 · 5a313efe20
--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@ -2313,8 +2313,11 @@ function addAllowDenyPermissions(permissionName, allowList, blockList) {
        Ci.nsIPermissionManager.EXPIRE_POLICY
      );
    } catch (ex) {
-      log.error(`Added by default for ${permissionName} permission in the permission
-      manager - ${origin.href}`);
+      // It's possible if the origin was invalid, we'll have a string instead of an origin.
+      log.error(
+        `Unable to add ${permissionName} permission for ${origin.href ||
+          origin}`
+      );
    }
  }

--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@ -84,7 +84,7 @@
    },

    "AutoLaunchProtocolsFromOrigins": {
-      "type": "array",
+      "type": ["array", "JSON"],
      "items": {
        "type": "object",
        "properties": {
@ -486,7 +486,7 @@
    },

    "ExtensionSettings": {
-      "type": "object",
+      "type": ["object", "JSON"],
      "properties": {
        "*": {
          "type": "object",
@ -606,7 +606,7 @@
    },

    "Handlers": {
-      "type": "object",
+      "type": ["object", "JSON"],
      "patternProperties": {
        "^(mimeTypes|extensions|schemes)$": {
          "type": "object",
@ -748,7 +748,7 @@
        },
        "type": "object"
      },
-      "type": "array"
+      "type": ["array", "JSON"]
    },

    "ManualAppUpdateOnly": {
@ -1013,7 +1013,7 @@
    },

    "Preferences": {
-      "type": "object",
+      "type": ["object", "JSON"],
      "patternProperties": {
        "^.*$": {
          "type": ["number", "boolean", "string", "object"],
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
@ -198,6 +198,34 @@ add_task(async function test_addon_normalinstalled() {
  await addon.uninstall();
 });

+add_task(async function test_extensionsettings_string() {
+  await setupPolicyEngineWithJson({
+    policies: {
+      ExtensionSettings: '{"*": {"installation_mode": "blocked"}}',
+    },
+  });
+
+  let extensionSettings = Services.policies.getExtensionSettings("*");
+  equal(extensionSettings.installation_mode, "blocked");
+});
+
+add_task(async function test_extensionsettings_string() {
+  let restrictedDomains = Services.prefs.getCharPref(
+    "extensions.webextensions.restrictedDomains"
+  );
+  await setupPolicyEngineWithJson({
+    policies: {
+      ExtensionSettings:
+        '{"*": {"restricted_domains": ["example.com","example.org"]}}',
+    },
+  });
+
+  let newRestrictedDomains = Services.prefs.getCharPref(
+    "extensions.webextensions.restrictedDomains"
+  );
+  equal(newRestrictedDomains, restrictedDomains + ",example.com,example.org");
+});
+
 add_task(async function test_theme() {
  let themeFile = AddonTestUtils.createTempWebExtensionFile({
    manifest: {
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_preferences.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_preferences.js
@ -214,6 +214,17 @@ add_task(async function test_security_preference() {
  checkUnsetPref("security.this.should.not.work");
 });

+add_task(async function test_JSON_preferences() {
+  await setupPolicyEngineWithJson({
+    policies: {
+      Preferences:
+        '{"browser.policies.test.default.boolean.json": {"Value": true,"Status": "default"}}',
+    },
+  });
+
+  checkDefaultPref("browser.policies.test.default.boolean.json", true);
+});
+
 add_task(async function test_bug_1666836() {
  await setupPolicyEngineWithJson({
    policies: {
--- a/toolkit/components/enterprisepolicies/WindowsGPOParser.jsm
+++ b/toolkit/components/enterprisepolicies/WindowsGPOParser.jsm
@ -97,8 +97,9 @@ function registryToObject(wrk, policies) {
 function readRegistryValue(wrk, value) {
  switch (wrk.getValueType(value)) {
    case 7: // REG_MULTI_SZ
-      // We only use REG_MULTI_SZ for JSON in the registry. By parsing it here,
-      // we get the benefit of having JSONSchemaValidator properly validate.
+      // While we support JSON in REG_SZ and REG_MULTI_SZ, if it's REG_MULTI_SZ,
+      // we know it must be JSON. So we go ahead and JSON.parse it here so it goes
+      // through the schema validator.
      try {
        return JSON.parse(wrk.readStringValue(value).replace(/\0/g, "\n"));
      } catch (e) {
--- a/toolkit/components/utils/JsonSchemaValidator.jsm
+++ b/toolkit/components/utils/JsonSchemaValidator.jsm
@ -257,7 +257,6 @@ class JsonSchemaValidator {

      case "array":
        if (!Array.isArray(param)) {
-          log.error("Array expected but not received");
          return {
            valid: false,
            error: new JsonSchemaValidatorError({
@ -300,7 +299,6 @@ class JsonSchemaValidator {

      case "object": {
        if (typeof param != "object" || !param) {
-          log.error("Object expected but not received");
          return {
            valid: false,
            error: new JsonSchemaValidatorError({
@ -413,7 +411,6 @@ class JsonSchemaValidator {
        try {
          let json = JSON.parse(param);
          if (typeof json != "object") {
-            log.error("JSON was not an object");
            return {
              valid: false,
              error: new JsonSchemaValidatorError({