Search
j0ke.net Open Build Service
>
Projects
>
mozilla
>
mozilla-xulrunner190
> gecko-lockdown.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File gecko-lockdown.patch of Package mozilla-xulrunner190 (Revision 22)
Currently displaying revision
22
,
show latest
From: Robert O'Callahan Subject: Lockdown feature for Gecko References: diff --git a/mozilla/extensions/cookie/nsCookiePermission.cpp b/mozilla/extensions/cookie/nsCookiePermission.cpp index 0f8a64f..985d27a 100644 --- a/mozilla/extensions/cookie/nsCookiePermission.cpp +++ b/mozilla/extensions/cookie/nsCookiePermission.cpp @@ -85,6 +85,7 @@ static const char kCookiesPrefsMigrated[] = "network.cookie.prefsMigrated"; // obsolete pref names for migration static const char kCookiesLifetimeEnabled[] = "network.cookie.lifetime.enabled"; static const char kCookiesLifetimeBehavior[] = "network.cookie.lifetime.behavior"; +static const char kCookiesHonorExceptions[] = "network.cookie.honorExceptions"; static const char kCookiesAskPermission[] = "network.cookie.warnAboutCookies"; static const char kPermissionType[] = "cookie"; @@ -123,6 +124,7 @@ nsCookiePermission::Init() prefBranch->AddObserver(kCookiesLifetimePolicy, this, PR_FALSE); prefBranch->AddObserver(kCookiesLifetimeDays, this, PR_FALSE); prefBranch->AddObserver(kCookiesAlwaysAcceptSession, this, PR_FALSE); + prefBranch->AddObserver(kCookiesHonorExceptions, this, PR_FALSE); #ifdef MOZ_MAIL_NEWS prefBranch->AddObserver(kCookiesDisabledForMailNews, this, PR_FALSE); #endif @@ -179,6 +181,10 @@ nsCookiePermission::PrefChanged(nsIPrefBranch *aPrefBranch, if (PREF_CHANGED(kCookiesAlwaysAcceptSession) && NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesAlwaysAcceptSession, &val))) mCookiesAlwaysAcceptSession = val; + + if (PREF_CHANGED(kCookiesHonorExceptions) && + NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesHonorExceptions, &val))) + mCookiesHonorExceptions = val; #ifdef MOZ_MAIL_NEWS if (PREF_CHANGED(kCookiesDisabledForMailNews) && @@ -244,6 +250,11 @@ nsCookiePermission::CanAccess(nsIURI *aURI, #endif // MOZ_MAIL_NEWS // finally, check with permission manager... + if (!mCookiesHonorExceptions) { + *aResult = ACCESS_DEFAULT; + return NS_OK; + } + nsresult rv = mPermMgr->TestPermission(aURI, kPermissionType, (PRUint32 *) aResult); if (NS_SUCCEEDED(rv)) { switch (*aResult) { diff --git a/mozilla/extensions/cookie/nsCookiePermission.h b/mozilla/extensions/cookie/nsCookiePermission.h index 2be46ba..753b731 100644 --- a/mozilla/extensions/cookie/nsCookiePermission.h +++ b/mozilla/extensions/cookie/nsCookiePermission.h @@ -57,10 +57,11 @@ public: nsCookiePermission() : mCookiesLifetimeSec(LL_MAXINT) , mCookiesLifetimePolicy(0) // ACCEPT_NORMALLY - , mCookiesAlwaysAcceptSession(PR_FALSE) + , mCookiesAlwaysAcceptSession(PR_FALSE), #ifdef MOZ_MAIL_NEWS - , mCookiesDisabledForMailNews(PR_TRUE) + , mCookiesDisabledForMailNews(PR_TRUE), #endif + mCookiesHonorExceptions(PR_TRUE) {} virtual ~nsCookiePermission() {} @@ -76,7 +77,7 @@ private: #ifdef MOZ_MAIL_NEWS PRPackedBool mCookiesDisabledForMailNews; #endif - + PRPackedBool mCookiesHonorExceptions; }; // {EF565D0A-AB9A-4A13-9160-0644CDFD859A} diff --git a/mozilla/extensions/permissions/nsContentBlocker.cpp b/mozilla/extensions/permissions/nsContentBlocker.cpp index d9b5ad4..c7a0e28 100644 --- a/mozilla/extensions/permissions/nsContentBlocker.cpp +++ b/mozilla/extensions/permissions/nsContentBlocker.cpp @@ -76,6 +76,7 @@ NS_IMPL_ISUPPORTS3(nsContentBlocker, nsContentBlocker::nsContentBlocker() { memset(mBehaviorPref, BEHAVIOR_ACCEPT, NUMBER_OF_TYPES); + memset(mHonorExceptions, PR_TRUE, NUMBER_OF_TYPES); } nsresult @@ -92,6 +93,11 @@ nsContentBlocker::Init() rv = prefService->GetBranch("permissions.default.", getter_AddRefs(prefBranch)); NS_ENSURE_SUCCESS(rv, rv); + nsCOMPtr<nsIPrefBranch> honorExceptionsPrefBranch; + rv = prefService->GetBranch("permissions.honorExceptions.", + getter_AddRefs(honorExceptionsPrefBranch)); + NS_ENSURE_SUCCESS(rv, rv); + // Migrate old image blocker pref nsCOMPtr<nsIPrefBranch> oldPrefBranch; oldPrefBranch = do_QueryInterface(prefService); @@ -121,8 +127,15 @@ nsContentBlocker::Init() mPrefBranchInternal = do_QueryInterface(prefBranch, &rv); NS_ENSURE_SUCCESS(rv, rv); + mHonorExceptionsPrefBranchInternal = + do_QueryInterface(honorExceptionsPrefBranch, &rv); + NS_ENSURE_SUCCESS(rv, rv); + rv = mPrefBranchInternal->AddObserver("", this, PR_TRUE); - PrefChanged(prefBranch, nsnull); + NS_ENSURE_SUCCESS(rv, rv); + + rv = mHonorExceptionsPrefBranchInternal->AddObserver("", this, PR_TRUE); + PrefChanged(nsnull); return rv; } @@ -131,19 +144,22 @@ nsContentBlocker::Init() #define LIMIT(x, low, high, default) ((x) >= (low) && (x) <= (high) ? (x) : (default)) void -nsContentBlocker::PrefChanged(nsIPrefBranch *aPrefBranch, - const char *aPref) +nsContentBlocker::PrefChanged(const char *aPref) { - PRInt32 val; - -#define PREF_CHANGED(_P) (!aPref || !strcmp(aPref, _P)) - - for(PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) { - if (PREF_CHANGED(kTypeString[i]) && - NS_SUCCEEDED(aPrefBranch->GetIntPref(kTypeString[i], &val))) - mBehaviorPref[i] = LIMIT(val, 1, 3, 1); + for (PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) { + if (!aPref || !strcmp(kTypeString[i], aPref)) { + PRInt32 val; + PRBool b; + if (mPrefBranchInternal && + NS_SUCCEEDED(mPrefBranchInternal->GetIntPref(kTypeString[i], &val))) { + mBehaviorPref[i] = LIMIT(val, 1, 3, 1); + } + if (mHonorExceptionsPrefBranchInternal && + NS_SUCCEEDED(mHonorExceptionsPrefBranchInternal->GetBoolPref(kTypeString[i], &b))) { + mHonorExceptions[i] = b; + } + } } - } // nsIContentPolicy Implementation @@ -268,11 +284,13 @@ nsContentBlocker::TestPermission(nsIURI *aCurrentURI, // default prefs. // Don't forget the aContentType ranges from 1..8, while the // array is indexed 0..7 - PRUint32 permission; - nsresult rv = mPermissionManager->TestPermission(aCurrentURI, - kTypeString[aContentType - 1], - &permission); - NS_ENSURE_SUCCESS(rv, rv); + PRUint32 permission = 0; + if (mHonorExceptions[aContentType - 1]) { + nsresult rv = mPermissionManager->TestPermission(aCurrentURI, + kTypeString[aContentType - 1], + &permission); + NS_ENSURE_SUCCESS(rv, rv); + } // If there is nothing on the list, use the default. if (!permission) { @@ -298,7 +316,7 @@ nsContentBlocker::TestPermission(nsIURI *aCurrentURI, return NS_OK; PRBool trustedSource = PR_FALSE; - rv = aFirstURI->SchemeIs("chrome", &trustedSource); + nsresult rv = aFirstURI->SchemeIs("chrome", &trustedSource); NS_ENSURE_SUCCESS(rv,rv); if (!trustedSource) { rv = aFirstURI->SchemeIs("resource", &trustedSource); @@ -363,8 +381,6 @@ nsContentBlocker::Observe(nsISupports *aSubject, { NS_ASSERTION(!strcmp(NS_PREFBRANCH_PREFCHANGE_TOPIC_ID, aTopic), "unexpected topic - we only deal with pref changes!"); - - if (mPrefBranchInternal) - PrefChanged(mPrefBranchInternal, NS_LossyConvertUTF16toASCII(aData).get()); + PrefChanged(NS_LossyConvertUTF16toASCII(aData).get()); return NS_OK; } diff --git a/mozilla/extensions/permissions/nsContentBlocker.h b/mozilla/extensions/permissions/nsContentBlocker.h index d48eeb5..07779ff 100644 --- a/mozilla/extensions/permissions/nsContentBlocker.h +++ b/mozilla/extensions/permissions/nsContentBlocker.h @@ -66,7 +66,7 @@ public: private: ~nsContentBlocker() {} - void PrefChanged(nsIPrefBranch *, const char *); + void PrefChanged(const char *); nsresult TestPermission(nsIURI *aCurrentURI, nsIURI *aFirstURI, PRInt32 aContentType, @@ -75,7 +75,9 @@ private: nsCOMPtr<nsIPermissionManager> mPermissionManager; nsCOMPtr<nsIPrefBranch2> mPrefBranchInternal; + nsCOMPtr<nsIPrefBranch2> mHonorExceptionsPrefBranchInternal; PRUint8 mBehaviorPref[NUMBER_OF_TYPES]; + PRPackedBool mHonorExceptions[NUMBER_OF_TYPES]; }; #define NS_CONTENTBLOCKER_CID \ diff --git a/mozilla/modules/libpref/src/init/all.js b/mozilla/modules/libpref/src/init/all.js index cd27953..f200124 100644 --- a/mozilla/modules/libpref/src/init/all.js +++ b/mozilla/modules/libpref/src/init/all.js @@ -785,6 +785,7 @@ pref("network.ntlm.send-lm-response", false); pref("network.hosts.nntp_server", "news.mozilla.org"); pref("permissions.default.image", 1); // 1-Accept, 2-Deny, 3-dontAcceptForeign +pref("permissions.honorExceptions.image", true); #ifndef XP_MACOSX #ifdef XP_UNIX @@ -812,6 +813,7 @@ pref("network.proxy.no_proxies_on", "localhost, 127.0.0.1"); pref("network.proxy.failover_timeout", 1800); // 30 minutes pref("network.online", true); //online/offline pref("network.cookie.cookieBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse +pref("network.cookie.honorExceptions", true); pref("network.cookie.disableCookieForMailNews", true); // disable all cookies for mail pref("network.cookie.lifetimePolicy", 0); // accept normally, 1-askBeforeAccepting, 2-acceptForSession,3-acceptForNDays pref("network.cookie.alwaysAcceptSessionCookies", false); diff --git a/mozilla/widget/src/gtk2/nsWindow.cpp b/mozilla/widget/src/gtk2/nsWindow.cpp index 9e0d187..b628f20 100644 --- a/mozilla/widget/src/gtk2/nsWindow.cpp +++ b/mozilla/widget/src/gtk2/nsWindow.cpp @@ -75,6 +75,7 @@ #include "nsIServiceManager.h" #include "nsIStringBundle.h" #include "nsGfxCIID.h" +#include "nsIPrefService.h" #ifdef ACCESSIBILITY #include "nsIAccessibleRole.h" @@ -86,7 +87,6 @@ static PRBool sAccessibilityChecked = PR_FALSE; /* static */ PRBool nsWindow::sAccessibilityEnabled = PR_FALSE; -static const char sSysPrefService [] = "@mozilla.org/system-preference-service;1"; static const char sAccEnv [] = "GNOME_ACCESSIBILITY"; static const char sAccessibilityKey [] = "config.use_system_prefs.accessibility"; #endif @@ -3383,18 +3383,18 @@ nsWindow::NativeCreate(nsIWidget *aParent, sAccessibilityEnabled = atoi(envValue); LOG(("Accessibility Env %s=%s\n", sAccEnv, envValue)); } - //check gconf-2 setting + //check preference setting else { - nsCOMPtr<nsIPrefBranch> sysPrefService = - do_GetService(sSysPrefService, &rv); - if (NS_SUCCEEDED(rv) && sysPrefService) { - - // do the work to get gconf setting. - // will be done soon later. - sysPrefService->GetBoolPref(sAccessibilityKey, + nsCOMPtr<nsIPrefService> prefService = + do_GetService(NS_PREFSERVICE_CONTRACTID, &rv); + if (NS_SUCCEEDED(rv) && prefService) { + nsCOMPtr<nsIPrefBranch> prefBranch; + rv = prefService->GetBranch(nsnull, getter_AddRefs(prefBranch)); + if (NS_SUCCEEDED(rv) && prefBranch) { + prefBranch->GetBoolPref(sAccessibilityKey, &sAccessibilityEnabled); + } } - } } if (sAccessibilityEnabled) { diff --git a/mozilla/xpinstall/src/nsXPInstallManager.cpp b/mozilla/xpinstall/src/nsXPInstallManager.cpp index 35a2e82..6765c8e 100644 --- a/mozilla/xpinstall/src/nsXPInstallManager.cpp +++ b/mozilla/xpinstall/src/nsXPInstallManager.cpp @@ -290,6 +290,7 @@ nsXPInstallManager::InitManagerInternal() //----------------------------------------------------- // Get permission to install //----------------------------------------------------- + nsCOMPtr<nsIPrefBranch> pref(do_GetService(NS_PREFSERVICE_CONTRACTID)); #ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI if ( mChromeType == CHROME_SKIN ) @@ -299,17 +300,26 @@ nsXPInstallManager::InitManagerInternal() // skins get a simpler/friendlier dialog // XXX currently not embeddable - OKtoInstall = ConfirmChromeInstall( mParentWindow, packageList ); + PRBool themesDisabled = PR_FALSE; + if (pref) + pref->GetBoolPref("config.lockdown.disable_themes", &themesDisabled); + OKtoInstall = !themesDisabled && + ConfirmChromeInstall( mParentWindow, packageList ); } else { #endif - rv = dlgSvc->ConfirmInstall( mParentWindow, - packageList, - numStrings, - &OKtoInstall ); - if (NS_FAILED(rv)) - OKtoInstall = PR_FALSE; + PRBool extensionsDisabled = PR_FALSE; + if (pref) + pref->GetBoolPref("config.lockdown.disable_extensions", &extensionsDisabled); + if (!extensionsDisabled) { + rv = dlgSvc->ConfirmInstall( mParentWindow, + packageList, + numStrings, + &OKtoInstall ); + if (NS_FAILED(rv)) + OKtoInstall = PR_FALSE; + } #ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI } #endif
