mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Bug 1180653 - Restricted Profiles: Make restrictions configurable by device admin. r=ally 

--HG--
extra : commitid : 3006T16MH2q
extra : rebase_source : 505df8913d531008a4ffb7b9d357f176575db630
extra : amend_source : 56addaead8e868b9b9c852fc4f1bff418fc9fe80
This commit is contained in:
Sebastian Kaspari 2015-07-09 19:38:19 +02:00
Родитель 8967b03a65
Коммит f32de0b471
6 изменённых файлов: 152 добавлений и 26 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

6
mobile/android/base/AndroidManifest.xml.in
Просмотреть файл

@ -309,6 +309,12 @@
</intent-filter>
</receiver>
<receiver android:name="org.mozilla.gecko.RestrictionProvider">
<intent-filter>
<action android:name="android.intent.action.GET_RESTRICTION_ENTRIES" />
</intent-filter>
</receiver>
<!-- Activity used for launching non-privileged WebApps via a URL -->
<activity android:name="org.mozilla.gecko.Webapp"
android:label="@string/webapp_generic_name"

82
mobile/android/base/RestrictedProfiles.java
Просмотреть файл

@ -65,30 +65,55 @@ public class RestrictedProfiles {
* These constants should be in sync with the ones from toolkit/components/parentalcontrols/nsIParentalControlServices.idl
*/
public enum Restriction {
DISALLOW_DOWNLOADS(1, "no_download_files"),
DISALLOW_INSTALL_EXTENSION(2, "no_install_extensions"),
DISALLOW_INSTALL_APPS(3, "no_install_apps"), // UserManager.DISALLOW_INSTALL_APPS
DISALLOW_BROWSE_FILES(4, "no_browse_files"),
DISALLOW_SHARE(5, "no_share"),
DISALLOW_BOOKMARK(6, "no_bookmark"),
DISALLOW_ADD_CONTACTS(7, "no_add_contacts"),
DISALLOW_SET_IMAGE(8, "no_set_image"),
DISALLOW_MODIFY_ACCOUNTS(9, "no_modify_accounts"), // UserManager.DISALLOW_MODIFY_ACCOUNTS
DISALLOW_REMOTE_DEBUGGING(10, "no_remote_debugging"),
DISALLOW_IMPORT_SETTINGS(11, "no_import_settings"),
DISALLOW_TOOLS_MENU(12, "no_tools_menu"),
DISALLOW_REPORT_SITE_ISSUE(13, "no_report_site_issue");
// These restrictions have no strings assigned because they are only used in guest mode and not shown in the
// restricted profiles settings UI
DISALLOW_DOWNLOADS(1, "no_download_files", 0, 0),
DISALLOW_INSTALL_EXTENSION(2, "no_install_extensions", 0, 0),
DISALLOW_INSTALL_APPS(3, "no_install_apps", 0, 0), // UserManager.DISALLOW_INSTALL_APPS
DISALLOW_BROWSE_FILES(4, "no_browse_files", 0, 0),
DISALLOW_SHARE(5, "no_share", 0, 0),
DISALLOW_BOOKMARK(6, "no_bookmark", 0, 0),
DISALLOW_ADD_CONTACTS(7, "no_add_contacts", 0, 0),
DISALLOW_SET_IMAGE(8, "no_set_image", 0, 0),
DISALLOW_MODIFY_ACCOUNTS(9, "no_modify_accounts", 0, 0), // UserManager.DISALLOW_MODIFY_ACCOUNTS
DISALLOW_REMOTE_DEBUGGING(10, "no_remote_debugging", 0, 0),
// These restrictions are used for restricted profiles and therefore need to have strings assigned for the profile
// settings UI.
DISALLOW_IMPORT_SETTINGS(11, "no_report_site_issue", R.string.restriction_disallow_import_settings_title, R.string.restriction_disallow_import_settings_description),
DISALLOW_TOOLS_MENU(12, "no_tools_menu", R.string.restriction_disallow_tools_menu_title, R.string.restriction_disallow_tools_menu_description),
DISALLOW_REPORT_SITE_ISSUE(13, "no_report_site_issue", R.string.restriction_disallow_report_site_issue_title, R.string.restriction_disallow_report_site_issue_description);
public final int id;
public final String name;
public final int titleResource;
public final int descriptionResource;
Restriction(final int id, final String name) {
Restriction(final int id, final String name, int titleResource, int descriptionResource) {
this.id = id;
this.name = name;
this.titleResource = titleResource;
this.descriptionResource = descriptionResource;
}
public String getTitle(Context context) {
if (titleResource == 0) {
return toString();
}
return context.getResources().getString(titleResource);
}
public String getDescription(Context context) {
if (descriptionResource == 0) {
return name;
}
return context.getResources().getString(descriptionResource);
}
}
private static List<Restriction> restrictionsOfGuestProfile = Arrays.asList(
static List<Restriction> GUEST_RESTRICTIONS = Arrays.asList(
Restriction.DISALLOW_DOWNLOADS,
Restriction.DISALLOW_INSTALL_EXTENSION,
Restriction.DISALLOW_INSTALL_APPS,
@ -103,7 +128,7 @@ public class RestrictedProfiles {
);
// Restricted profiles will automatically have these restrictions by default
private static List<Restriction> defaultRestrictionsOfRestrictedProfiles = Arrays.asList(
static List<Restriction> RESTRICTED_PROFILE_RESTRICTIONS = Arrays.asList(
Restriction.DISALLOW_TOOLS_MENU,
Restriction.DISALLOW_REPORT_SITE_ISSUE,
Restriction.DISALLOW_IMPORT_SETTINGS
@ -125,6 +150,12 @@ public class RestrictedProfiles {
return mgr.getUserRestrictions();
}
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR2)
private static Bundle getAppRestrictions(final Context context) {
final UserManager mgr = (UserManager) context.getSystemService(Context.USER_SERVICE);
return mgr.getApplicationRestrictions(context.getPackageName());
}
/**
* This method does the system version check for you.
*
@ -134,14 +165,18 @@ public class RestrictedProfiles {
*
* Returns true otherwise.
*/
private static boolean getRestriction(final Context context, final String name) {
private static boolean getRestriction(final Context context, final Restriction restriction) {
// Early versions don't support restrictions at all,
// so no action can be restricted.
if (Versions.preJBMR2) {
return false;
}
return getRestrictions(context).getBoolean(name, false);
if (!isUserRestricted(context)) {
return false;
}
return getAppRestrictions(context).getBoolean(restriction.name, RESTRICTED_PROFILE_RESTRICTIONS.contains(restriction));
}
private static boolean canLoadUrl(final Context context, final String url) {
@ -153,7 +188,7 @@ public class RestrictedProfiles {
try {
// If we're not in guest mode, and the system restriction isn't in place, everything is allowed.
if (!getInGuest() &&
!getRestriction(context, Restriction.DISALLOW_BROWSE_FILES.name)) {
!getRestriction(context, Restriction.DISALLOW_BROWSE_FILES)) {
return true;
}
} catch (IllegalArgumentException ex) {
@ -231,16 +266,11 @@ public class RestrictedProfiles {
return canLoadUrl(context, url);
}
return !restrictionsOfGuestProfile.contains(restriction);
}
// Hardcoded restrictions. Make restrictions configurable and read from UserManager (Bug 1180653)
if (isUserRestricted(context) && defaultRestrictionsOfRestrictedProfiles.contains(restriction)) {
return false;
return !GUEST_RESTRICTIONS.contains(restriction);
}
// NOTE: Restrictions hold the opposite intention, so we need to flip it.
return !getRestriction(context, restriction.name);
return !getRestriction(context, restriction);
}
@WrapElementForJNI

69
mobile/android/base/RestrictionProvider.java Normal file
Просмотреть файл

@ -0,0 +1,69 @@
/* -*- Mode: Java; c-basic-offset: 4; tab-width: 4; indent-tabs-mode: nil; -*-
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
package org.mozilla.gecko;
import android.annotation.TargetApi;
import android.app.Activity;
import android.content.BroadcastReceiver;
import android.content.Context;
import android.content.Intent;
import android.content.RestrictionEntry;
import android.os.Build;
import android.os.Bundle;
import android.util.Log;
import java.util.ArrayList;
/**
* Broadcast receiver providing supported restrictions to the system.
*/
@TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR2)
public class RestrictionProvider extends BroadcastReceiver {
@Override
public void onReceive(final Context context, final Intent intent) {
if (AppConstants.Versions.preJBMR2) {
// This broadcast does not make any sense prior to Jelly Bean MR2.
return;
}
final PendingResult result = goAsync();
new Thread() {
@Override
public void run() {
final Bundle oldRestrictions = intent.getBundleExtra(Intent.EXTRA_RESTRICTIONS_BUNDLE);
final Bundle extras = new Bundle();
ArrayList<RestrictionEntry> entries = initRestrictions(context, oldRestrictions);
extras.putParcelableArrayList(Intent.EXTRA_RESTRICTIONS_LIST, entries);
result.setResult(Activity.RESULT_OK, null, extras);
result.finish();
}
}.start();
}
private ArrayList<RestrictionEntry> initRestrictions(Context context, Bundle oldRestrictions) {
ArrayList<RestrictionEntry> entries = new ArrayList<RestrictionEntry>();
for (RestrictedProfiles.Restriction restriction : RestrictedProfiles.RESTRICTED_PROFILE_RESTRICTIONS) {
RestrictionEntry entry = createRestrictionEntryWithDefaultValue(context, restriction,
oldRestrictions.getBoolean(restriction.name, true));
entries.add(entry);
}
return entries;
}
private RestrictionEntry createRestrictionEntryWithDefaultValue(Context context, RestrictedProfiles.Restriction restriction, boolean defaultValue) {
RestrictionEntry entry = new RestrictionEntry(restriction.name, defaultValue);
entry.setTitle(restriction.getTitle(context));
entry.setDescription(restriction.getDescription(context));
return entry;
}
}

12
mobile/android/base/locales/en-US/android_strings.dtd
Просмотреть файл

@ -678,3 +678,15 @@ just addresses the organization to follow, e.g. "This site is run by " -->
desktop Firefox via WebIDE), so you just need to aim this device at the QR
code. -->
<!ENTITY devtools_auth_scan_header "Scanning for the QR code displayed on your other device">
<!-- Restrictions -->
<!-- Localization note: These are restrictions the device owner (e.g. parent) can enable for
a restricted profile (e.g. child). Used inside the Android settings UI. -->
<!ENTITY restriction_disallow_tools_menu_title "Disallow Tools menu">
<!ENTITY restriction_disallow_tools_menu_description "Hide Tools menu from UI.">
<!ENTITY restriction_disallow_report_site_issue_title "Disallow \'Report site issue\'">
<!ENTITY restriction_disallow_report_site_issue_description "Hide \'Report site issue\' menu item.">
<!ENTITY restriction_disallow_import_settings_title "Disallow importing settings">
<!ENTITY restriction_disallow_import_settings_description "Do not allow to import settings from other system browsers.">

1
mobile/android/base/moz.build
Просмотреть файл

@ -433,6 +433,7 @@ gbjar.sources += [
'RemoteTabsExpandableListAdapter.java',
'Restarter.java',
'RestrictedProfiles.java',
'RestrictionProvider.java',
'ServiceNotificationClient.java',
'SessionParser.java',
'SharedPreferencesHelper.java',

8
mobile/android/base/strings.xml.in
Просмотреть файл

@ -541,6 +541,14 @@
<!-- Voice search from the Awesome Bar -->
<string name="voicesearch_prompt">&voicesearch_prompt;</string>
<!-- Restrictions -->
<string name="restriction_disallow_tools_menu_title">&restriction_disallow_tools_menu_title;</string>
<string name="restriction_disallow_tools_menu_description">&restriction_disallow_tools_menu_description;</string>
<string name="restriction_disallow_report_site_issue_title">&restriction_disallow_report_site_issue_title;</string>
<string name="restriction_disallow_report_site_issue_description">&restriction_disallow_report_site_issue_description;</string>
<string name="restriction_disallow_import_settings_title">&restriction_disallow_import_settings_title;</string>
<string name="restriction_disallow_import_settings_description">&restriction_disallow_import_settings_description;</string>
<!-- Miscellaneous -->
<string name="ellipsis">&ellipsis;</string>