зеркало из https://github.com/mozilla/gecko-dev.git
Bug 1463895 - Allow some policies to be machine-only. r=mkaply
Machine-only policies can only be triggered from sources that require user privileges to make machine-wide changes. Currently, that means the policies.json file in the installation folder, or the HKEY_LOCAL_MACHINE registry root. In other words, it currently excludes the HKEY_CURRENT_USER registry root MozReview-Commit-ID: G9wxEM19yVb --HG-- extra : rebase_source : 8343d247fa308313f5ca466290f515716fa33ba0
This commit is contained in:
Родитель
2423735102
Коммит
b370cc0222
|
@ -424,23 +424,11 @@ class GPOPoliciesProvider {
|
|||
this._policies = null;
|
||||
|
||||
let wrk = Cc["@mozilla.org/windows-registry-key;1"].createInstance(Ci.nsIWindowsRegKey);
|
||||
|
||||
// Machine policies override user policies, so we read
|
||||
// user policies first and then replace them if necessary.
|
||||
wrk.open(wrk.ROOT_KEY_CURRENT_USER,
|
||||
"SOFTWARE\\Policies",
|
||||
wrk.ACCESS_READ);
|
||||
if (wrk.hasChild("Mozilla\\Firefox")) {
|
||||
this._readData(wrk);
|
||||
}
|
||||
wrk.close();
|
||||
|
||||
wrk.open(wrk.ROOT_KEY_LOCAL_MACHINE,
|
||||
"SOFTWARE\\Policies",
|
||||
wrk.ACCESS_READ);
|
||||
if (wrk.hasChild("Mozilla\\Firefox")) {
|
||||
this._readData(wrk);
|
||||
}
|
||||
wrk.close();
|
||||
this._readData(wrk, wrk.ROOT_KEY_CURRENT_USER);
|
||||
this._readData(wrk, wrk.ROOT_KEY_LOCAL_MACHINE);
|
||||
}
|
||||
|
||||
get hasPolicies() {
|
||||
|
@ -455,8 +443,13 @@ class GPOPoliciesProvider {
|
|||
return this._failed;
|
||||
}
|
||||
|
||||
_readData(wrk) {
|
||||
this._policies = WindowsGPOParser.readPolicies(wrk, this._policies);
|
||||
_readData(wrk, root) {
|
||||
wrk.open(root, "SOFTWARE\\Policies", wrk.ACCESS_READ);
|
||||
if (wrk.hasChild("Mozilla\\Firefox")) {
|
||||
let isMachineRoot = (root == wrk.ROOT_KEY_LOCAL_MACHINE);
|
||||
this._policies = WindowsGPOParser.readPolicies(wrk, this._policies, isMachineRoot);
|
||||
}
|
||||
wrk.close();
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -19,16 +19,20 @@ XPCOMUtils.defineLazyGetter(this, "log", () => {
|
|||
});
|
||||
});
|
||||
|
||||
XPCOMUtils.defineLazyModuleGetters(this, {
|
||||
schema: "resource:///modules/policies/schema.jsm",
|
||||
});
|
||||
|
||||
var EXPORTED_SYMBOLS = ["WindowsGPOParser"];
|
||||
|
||||
var WindowsGPOParser = {
|
||||
readPolicies(wrk, policies) {
|
||||
readPolicies(wrk, policies, isMachineRoot) {
|
||||
let childWrk = wrk.openChild("Mozilla\\Firefox", wrk.ACCESS_READ);
|
||||
if (!policies) {
|
||||
policies = {};
|
||||
}
|
||||
try {
|
||||
policies = registryToObject(childWrk, policies);
|
||||
policies = registryToObject(childWrk, policies, isMachineRoot);
|
||||
} catch (e) {
|
||||
log.error(e);
|
||||
} finally {
|
||||
|
@ -37,13 +41,14 @@ var WindowsGPOParser = {
|
|||
// Need an extra check here so we don't
|
||||
// JSON.stringify if we aren't in debug mode
|
||||
if (log._maxLogLevel == "debug") {
|
||||
log.debug("root = " + isMachineRoot ? "HKEY_LOCAL_MACHINE" : "HKEY_CURRENT_USER");
|
||||
log.debug(JSON.stringify(policies, null, 2));
|
||||
}
|
||||
return policies;
|
||||
}
|
||||
};
|
||||
|
||||
function registryToObject(wrk, policies) {
|
||||
function registryToObject(wrk, policies, isMachineRoot) {
|
||||
if (!policies) {
|
||||
policies = {};
|
||||
}
|
||||
|
@ -60,6 +65,14 @@ function registryToObject(wrk, policies) {
|
|||
for (let i = 0; i < wrk.valueCount; i++) {
|
||||
let name = wrk.getValueName(i);
|
||||
let value = readRegistryValue(wrk, name);
|
||||
|
||||
if (!isMachineRoot &&
|
||||
schema.properties[name] &&
|
||||
schema.properties[name].machine_only) {
|
||||
log.error(`Policy ${name} is only allowed under the HKEY_LOCAL_MACHINE root`);
|
||||
continue;
|
||||
}
|
||||
|
||||
policies[name] = value;
|
||||
}
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче