From d0d68ff95db09df9a25afdcb48b811c5749b44f1 Mon Sep 17 00:00:00 2001 From: Michael Layzell Date: Tue, 16 Jun 2015 15:33:26 -0400 Subject: [PATCH] Bug 1165263 - Part 5: Update PermissionsUtils.importPrefBranch to use origins instead of hosts, r=ehsan --- mobile/android/app/mobile.js | 4 +-- toolkit/modules/PermissionsUtils.jsm | 34 ++++++++++++------ .../tests/xpcshell/test_PermissionsUtils.js | 36 ++++++++++++++----- .../test/xpcshell/test_permissions.js | 6 ++-- .../test/xpcshell/test_permissions_prefs.js | 12 +++---- 5 files changed, 61 insertions(+), 31 deletions(-) diff --git a/mobile/android/app/mobile.js b/mobile/android/app/mobile.js index ac204862e1c7..498a7f002c4c 100644 --- a/mobile/android/app/mobile.js +++ b/mobile/android/app/mobile.js @@ -177,8 +177,8 @@ pref("dom.forms.number", true); /* extension manager and xpinstall */ pref("xpinstall.whitelist.directRequest", false); pref("xpinstall.whitelist.fileRequest", false); -pref("xpinstall.whitelist.add", "addons.mozilla.org"); -pref("xpinstall.whitelist.add.180", "marketplace.firefox.com"); +pref("xpinstall.whitelist.add", "https://addons.mozilla.org"); +pref("xpinstall.whitelist.add.180", "https://marketplace.firefox.com"); pref("xpinstall.signatures.required", false); diff --git a/toolkit/modules/PermissionsUtils.jsm b/toolkit/modules/PermissionsUtils.jsm index 37e7abb5b15e..ec04826959ca 100644 --- a/toolkit/modules/PermissionsUtils.jsm +++ b/toolkit/modules/PermissionsUtils.jsm @@ -7,6 +7,7 @@ this.EXPORTED_SYMBOLS = ["PermissionsUtils"]; const {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components; Cu.import("resource://gre/modules/Services.jsm"); +Cu.import("resource://gre/modules/BrowserUtils.jsm") let gImportedPrefBranches = new Set(); @@ -15,29 +16,40 @@ function importPrefBranch(aPrefBranch, aPermission, aAction) { let list = Services.prefs.getChildList(aPrefBranch, {}); for (let pref of list) { - let hosts = ""; + let origins = ""; try { - hosts = Services.prefs.getCharPref(pref); + origins = Services.prefs.getCharPref(pref); } catch (e) {} - if (!hosts) + if (!origins) continue; - hosts = hosts.split(","); + origins = origins.split(","); - for (let host of hosts) { - let uri = null; + for (let origin of origins) { + let principals = []; try { - uri = Services.io.newURI("http://" + host, null, null); + principals = [ BrowserUtils.principalFromOrigin(origin) ]; } catch (e) { + // This preference used to contain a list of hosts. For back-compat + // reasons, we convert these hosts into http:// and https:// permissions + // on default ports. try { - uri = Services.io.newURI(host, null, null); + let httpURI = Services.io.newURI("http://" + origin, null, null); + let httpsURI = Services.io.newURI("https://" + origin, null, null); + + principals = [ + Services.scriptSecurityManager.getNoAppCodebasePrincipal(httpURI), + Services.scriptSecurityManager.getNoAppCodebasePrincipal(httpsURI) + ]; } catch (e2) {} } - try { - Services.perms.add(uri, aPermission, aAction); - } catch (e) {} + for (let principal of principals) { + try { + Services.perms.addFromPrincipal(principal, aPermission, aAction); + } catch (e) {} + } } Services.prefs.setCharPref(pref, ""); diff --git a/toolkit/modules/tests/xpcshell/test_PermissionsUtils.js b/toolkit/modules/tests/xpcshell/test_PermissionsUtils.js index a3bf2fa4afa0..48769f831234 100644 --- a/toolkit/modules/tests/xpcshell/test_PermissionsUtils.js +++ b/toolkit/modules/tests/xpcshell/test_PermissionsUtils.js @@ -23,22 +23,36 @@ function test_importfromPrefs() { // Create own preferences to test Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.EMPTY", ""); Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.EMPTY2", ","); - Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST", "whitelist.example.com"); - Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST2", "whitelist2-1.example.com,whitelist2-2.example.com,about:home"); + Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST", "http://whitelist.example.com"); + Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST2", "https://whitelist2-1.example.com,http://whitelist2-2.example.com:8080,about:home"); + Services.prefs.setCharPref(PREF_ROOT + "whitelist.add.TEST3", "whitelist3-1.example.com,about:config"); // legacy style - host only Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.EMPTY", ""); - Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST", "blacklist.example.com,"); - Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST2", ",blacklist2-1.example.com,blacklist2-2.example.com,about:mozilla"); + Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST", "http://blacklist.example.com,"); + Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST2", ",https://blacklist2-1.example.com,http://blacklist2-2.example.com:8080,about:mozilla"); + Services.prefs.setCharPref(PREF_ROOT + "blacklist.add.TEST3", "blacklist3-1.example.com,about:preferences"); // legacy style - host only // Check they are unknown in the permission manager prior to importing. let whitelisted = ["http://whitelist.example.com", - "http://whitelist2-1.example.com", - "http://whitelist2-2.example.com", + "https://whitelist2-1.example.com", + "http://whitelist2-2.example.com:8080", + "http://whitelist3-1.example.com", + "https://whitelist3-1.example.com", + "about:config", "about:home"]; let blacklisted = ["http://blacklist.example.com", - "http://blacklist2-1.example.com", - "http://blacklist2-2.example.com", + "https://blacklist2-1.example.com", + "http://blacklist2-2.example.com:8080", + "http://blacklist3-1.example.com", + "https://blacklist3-1.example.com", + "about:preferences", "about:mozilla"]; - let unknown = whitelisted.concat(blacklisted); + let untouched = ["https://whitelist.example.com", + "https://blacklist.example.com", + "http://whitelist2-1.example.com", + "http://blacklist2-1.example.com", + "https://whitelist2-2.example.com:8080", + "https://blacklist2-2.example.com:8080"]; + let unknown = whitelisted.concat(blacklisted).concat(untouched); for (let url of unknown) { let uri = Services.io.newURI(url, null, null); do_check_eq(Services.perms.testPermission(uri, TEST_PERM), Services.perms.UNKNOWN_ACTION); @@ -64,4 +78,8 @@ function test_importfromPrefs() { let uri = Services.io.newURI(url, null, null); do_check_eq(Services.perms.testPermission(uri, TEST_PERM), Services.perms.DENY_ACTION); } + for (let url of untouched) { + let uri = Services.io.newURI(url, null, null); + do_check_eq(Services.perms.testPermission(uri, TEST_PERM), Services.perms.UNKNOWN_ACTION); + } } diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_permissions.js b/toolkit/mozapps/extensions/test/xpcshell/test_permissions.js index 869b7bdc1eed..eb8bc3e5c912 100644 --- a/toolkit/mozapps/extensions/test/xpcshell/test_permissions.js +++ b/toolkit/mozapps/extensions/test/xpcshell/test_permissions.js @@ -12,9 +12,9 @@ const XPI_MIMETYPE = "application/x-xpinstall"; function run_test() { createAppInfo("xpcshell@tests.mozilla.org", "XPCShell", "2", "2"); - Services.prefs.setCharPref("xpinstall.whitelist.add", "test1.com,test2.com"); - Services.prefs.setCharPref("xpinstall.whitelist.add.36", "test3.com,www.test4.com"); - Services.prefs.setCharPref("xpinstall.whitelist.add.test5", "test5.com"); + Services.prefs.setCharPref("xpinstall.whitelist.add", "https://test1.com,https://test2.com"); + Services.prefs.setCharPref("xpinstall.whitelist.add.36", "https://test3.com,https://www.test4.com"); + Services.prefs.setCharPref("xpinstall.whitelist.add.test5", "https://test5.com"); Services.perms.add(NetUtil.newURI("https://www.test9.com"), "install", AM_Ci.nsIPermissionManager.ALLOW_ACTION); diff --git a/toolkit/mozapps/extensions/test/xpcshell/test_permissions_prefs.js b/toolkit/mozapps/extensions/test/xpcshell/test_permissions_prefs.js index 75c615ace00c..d3eb5ca02f71 100644 --- a/toolkit/mozapps/extensions/test/xpcshell/test_permissions_prefs.js +++ b/toolkit/mozapps/extensions/test/xpcshell/test_permissions_prefs.js @@ -30,9 +30,9 @@ function run_test() { // Create own preferences to test Services.prefs.setCharPref("xpinstall.whitelist.add.EMPTY", ""); - Services.prefs.setCharPref("xpinstall.whitelist.add.TEST", "whitelist.example.com"); + Services.prefs.setCharPref("xpinstall.whitelist.add.TEST", "http://whitelist.example.com"); Services.prefs.setCharPref("xpinstall.blacklist.add.EMPTY", ""); - Services.prefs.setCharPref("xpinstall.blacklist.add.TEST", "blacklist.example.com"); + Services.prefs.setCharPref("xpinstall.blacklist.add.TEST", "http://blacklist.example.com"); // Get list of preferences to check var whitelistPreferences = Services.prefs.getChildList(PREF_XPI_WHITELIST_PERMISSIONS, {}); @@ -53,19 +53,19 @@ function run_test() { // First, request to flush all permissions clear_imported_preferences_cache(); - Services.prefs.setCharPref("xpinstall.whitelist.add.TEST2", "whitelist2.example.com"); + Services.prefs.setCharPref("xpinstall.whitelist.add.TEST2", "https://whitelist2.example.com"); Services.obs.notifyObservers(null, "flush-pending-permissions", "install"); do_check_permission_prefs(preferences); // Then, request to flush just install permissions clear_imported_preferences_cache(); - Services.prefs.setCharPref("xpinstall.whitelist.add.TEST3", "whitelist3.example.com"); + Services.prefs.setCharPref("xpinstall.whitelist.add.TEST3", "https://whitelist3.example.com"); Services.obs.notifyObservers(null, "flush-pending-permissions", ""); do_check_permission_prefs(preferences); // And a request to flush some other permissions sholdn't flush install permissions clear_imported_preferences_cache(); - Services.prefs.setCharPref("xpinstall.whitelist.add.TEST4", "whitelist4.example.com"); + Services.prefs.setCharPref("xpinstall.whitelist.add.TEST4", "https://whitelist4.example.com"); Services.obs.notifyObservers(null, "flush-pending-permissions", "lolcats"); - do_check_eq(Services.prefs.getCharPref("xpinstall.whitelist.add.TEST4"), "whitelist4.example.com"); + do_check_eq(Services.prefs.getCharPref("xpinstall.whitelist.add.TEST4"), "https://whitelist4.example.com"); }