mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1011738 - Theme support for b2g/gaia, Part 3 : dom/apps checks for role="theme" r=myk

This commit is contained in:
Fabrice Desré 2014-08-28 17:20:27 -07:00
Родитель 3acf50131b
Коммит 6a91cca5b0
3 изменённых файлов: 57 добавлений и 8 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

13
dom/apps/src/AppsUtils.jsm
Просмотреть файл

@ -370,6 +370,19 @@ this.AppsUtils = {
return true;
},
/**
* Checks if the app role is allowed.
* Only certified apps can be themes.
* @param aRole : the role assigned to this app.
* @param aStatus : the APP_STATUS_* for this app.
*/
checkAppRole: function(aRole, aStatus) {
if (aRole == "theme" && aStatus !== Ci.nsIPrincipal.APP_STATUS_CERTIFIED) {
return false;
}
return true;
},
/**
* Method to apply modifications to webapp manifests file saved internally.
* For now, only ensure app can't rename itself.

5
dom/apps/src/PermissionsTable.jsm
Просмотреть файл

@ -393,6 +393,11 @@ this.PermissionsTable = { geolocation: {
privileged: PROMPT_ACTION,
certified: ALLOW_ACTION,
substitute: ["firefox-accounts"]
},
"themeable": {
app: DENY_ACTION,
privileged: DENY_ACTION,
certified: ALLOW_ACTION
}
};

47
dom/apps/src/Webapps.jsm
Просмотреть файл

@ -267,6 +267,11 @@ this.DOMApplicationRegistry = {
app.widgetPages = [];
}
if (!AppsUtils.checkAppRole(app.role, app.appStatus)) {
delete this.webapps[id];
continue;
}
// At startup we can't be downloading, and the $TMP directory
// will be empty so we can't just apply a staged update.
app.downloading = false;
@ -2069,10 +2074,27 @@ this.DOMApplicationRegistry = {
aApp.manifest = aNewManifest || aOldManifest;
let manifest;
let manifest =
new ManifestHelper(aApp.manifest, aApp.origin, aApp.manifestURL);
aApp.role = manifest.role || "";
if (!AppsUtils.checkAppRole(aApp.role, aApp.appStatus)) {
this.broadcastMessage("Webapps:UpdateState", {
app: aApp,
manifest: aApp.manifest,
id: aApp.id
});
this.broadcastMessage("Webapps:FireEvent", {
eventType: "downloadapplied",
manifestURL: aApp.manifestURL,
requestID: aData.requestID
});
delete aApp.manifest;
return;
}
if (aNewManifest) {
this.updateAppHandlers(aOldManifest, aNewManifest, aApp);
this.notifyUpdateHandlers(AppsUtils.cloneAppObject(aApp), aNewManifest);
// Store the new manifest.
@ -2097,12 +2119,8 @@ this.DOMApplicationRegistry = {
aApp.name = aNewManifest.name;
aApp.csp = manifest.csp || "";
aApp.role = manifest.role || "";
this._saveWidgetsFullPath(manifest, aApp);
aApp.updateTime = Date.now();
} else {
manifest =
new ManifestHelper(aOldManifest, aApp.origin, aApp.manifestURL);
}
// Update the registry.
@ -2218,6 +2236,12 @@ this.DOMApplicationRegistry = {
return false;
}
app.role = app.manifest.role || "";
if (!AppsUtils.checkAppRole(app.role, app.appStatus)) {
sendError("INVALID_ROLE");
return false;
}
return true;
}).bind(this);
@ -2570,6 +2594,9 @@ this.DOMApplicationRegistry = {
app.packageHash = yield this._computeFileHash(zipFile);
app.role = aManifest.role || "";
if (!AppsUtils.checkAppRole(app.role, app.appStatus)) {
return;
}
app.redirects = this.sanitizeRedirects(aManifest.redirects);
@ -3441,11 +3468,15 @@ this.DOMApplicationRegistry = {
? Ci.nsIPrincipal.APP_STATUS_PRIVILEGED
: Ci.nsIPrincipal.APP_STATUS_INSTALLED;
if (AppsUtils.getAppManifestStatus(newManifest) > maxStatus) {
let status = AppsUtils.getAppManifestStatus(newManifest);
if (status > maxStatus) {
throw "INVALID_SECURITY_LEVEL";
}
aOldApp.appStatus = AppsUtils.getAppManifestStatus(newManifest);
// Check if the role is allowed for this app.
if (!AppsUtils.checkAppRole(newManifest.role, status)) {
throw "INVALID_ROLE";
}
this._saveEtag(aIsUpdate, aOldApp, aRequestChannel, aHash, newManifest);
this._checkOrigin(aIsSigned || aIsLocalFileInstall, aOldApp, newManifest,