mirror of
https://github.com/roytam1/palemoon27.git
synced 2026-05-29 10:32:23 +00:00
roytam1
f579c98b65
- Bug 1195755: Don't assert recursion depth sanity on Mac, because there is none. r=me (e25096acc1) - Bug 1217940 - remove BindingUtils.h from CycleCollectedJSRuntime.cpp; r=mccr8 (012fad0b80) - Bug 1118285 - The browser.newtab.url preference is abused and should be removed. (ca573649c6) - Bug 1209591 - allow loadURI consumers to expose whether an error page was immediately loaded as result of an error, r=smaug,mak (c033d86f07) - Bug 1167132 - Part 14: [NetworkManager] Move network information into a separate interface (NetStats). r=ethan (87acc048cc) - Bug 1167132 - Part 15: [NetworkManager] Move network information into a separate interface (NetworkInterfaceList). r=echen (a2a96e481e) - Bug 1205240 - Add JSON Validation code in order to prevent invalid file. r=seanlin (8c7261ba8c) - Bug 1215429 - Add import statement in order to access file object in chrome code of TVSimulatorService. r=seanlin (5ba9e78581) - Bug 1217093 - Remove for-each from dom/. r=smaug (5af3efbd62) - var-let (576b2489ec) - Bug 1183440 - Replaces Promise.defer() with the Promise constructor in push tests. r=kitcambridge (16dfaa59b3) - Bug 1191453 - Drop subscriptions for a site when the user revokes push permissions. r=mt,MattN (5edd10e5ad) - Bug 1159641, Part 1 - Skip the permission check in `pushManager.getSubscription()`. r=mt (d399c496d7) - Bug 1159641, Part 2 - Use tasks in the Push permissions test. r=mt (132484c355) - Bug 1206302 - Use DOMException for Push errors. r=mt (5a675714fa) - Bug 1193365 - Disable push debug. r=kitcambridge (1dc20e69b0) - Bug 1219063, Part 1 - Use transactions for updating Push subscription permissions. r=mt (8c28453942) - Bug 1219063, Part 2 - Remove obsolete "push" permission. r=mt (84a36931cd) - Bug 1217065 - Unconditionally ack incoming updates. r=dragana,benbangert (e0bfa4454f) - Bug 1212593 - Fix PushService behavior when we are switching between push servers. r=kcambridge (0afa39e743) - Bug 1206163 - Retry failed register requests on reconnect. r=dragana (6ed1258b15) - Bug 1218591 - Reset the WebSocket retry counter when the server replies. r=dragana (64e800db60) - Bug 1210943 - Drop subscriptions unconditionally if the UAID changes. r=benbangert (52f538a7de) - Bug 1214366 - Part 1: Don't preprocess PushServiceWebSocket.jsm. r=kitcambridge (a78b9fc838) - Bug 1214366 - Part 3: Use getLastVisited equivalent in PushService.jsm. r=kitcambridge,rnewman (bc7004ad32) - Bug 1210896, Part 1 - Use Console.jsm to log Push errors. r=mt (04335cc37f) - Bug 1216683 - For the WebSocket version unregister should return true even if we are offline. r=kitcambridge (0f6e397a03) - Bug 1210896, Part 2 - Use JS errors to reject internal Push promises. r=mt (3546b2f7c8) - Bug 1223481 - Use the "potentially trustworthy origin" helper to validate Push server URLs. r=dragana (0c21f551f3) - Bug 1223202 - Only send subscription change events if the Push permission is granted. r=mt (afeaf0dceb) - Bug 1201128 - Don't send channel IDs in the Push handshake. r=nsm (dbbadb5c16) - var-let (a35cb6aeca) - Bug 1210211 - Part 1: Delay updating push quota. r=kitcambridge (53f5735ff0) - Bug 1210211 - Part 2: Notify Push service of visible notifications. r=baku (9182bcb7d1) - Bug 1170115 - Use clear-origin-data to remove Push records. r=allstars.chh (47f1070bab) - Bug 1211418 - Part 1: Ensure Data Consistency after Collision of SMS Segment. r=echen. (f2d5221984) - Bug 1211418 - Part 2: Add Test Coverage for the Collision of SMS Segment. r=echen. (06f7ba7308) - Bug 1159132 - Part 1: Use dun apn only when config ro.tethering.dun_required is set. r=echen (bbb4fd2798) - Bug 1159132 - Part 2: Set ro.tethering.dun_required when running dun test case. r=echen (11fe9344be) - Bug 1187262 - Let the flag 'Services.io.offline' reference the state of tethering. r=jjong (ee22fd9358) - Bug 1148671 - ipv6 and dual stack support on Lollipop. r=hchang (a9f7dc570e) - Bug 1173671 - just warn if we fail to remove old default routes. r=echen (b4ab24da9f) - Bug 1175817 - [NetworkManager] remove old default routes explicitly. r=echen,smaug (3f9a0b98ab) - Bug 1174998 - Part 1: add setMtu() support in NetworkService. r=echen,smaug (9621036470) - Bug 1174998 - Part 2: Set MTU for connected network interfaces. r=echen (397c898942) - Bug 1197667 - [NetworkManager] Part 1: add missing implementation for 'allNetworkInfo'. r=echen (a49fd3498b) - Bug 1197667 - [NetworkManager] Part 2: add test case for 'allNetworkInfo'. r=echen (942a52b0d4) - Bug 1057091 - Add USB tethring command supporting IPv6 outgoing interface. r=hchang (9210eb5a1d) - Bug 1177236 - Usage alert doesn't work when tethering is enabled. r=ethan (4bdd8ae226) - Bug 1168938 - Memory safety bug in NetworkUtils::postTetherInterfaceList. r=fabrice (97485ac95c) - Bug 1138757 - Part 1: Fix the logic of checking invalid port in CDMA WAP Push. r=echen (68dac00e52) - Bug 1138757 - Part 2: Add Test Coverage for CDMA Wap Push. r=echen (9d54278aa9) - Bug 1209891 - Do Not Reply Read-Report if a MMS Message Was Marked from Unread to Read Multiple Times. r=echen (421550db06) - var-let (2ed380bb64) - bug 1175005: performance regression. backout_f081c464c1e2 (28e1ee74b9) - Bug 1207665 - Block Intel GMA 3150 for d3d11/d2d on all drivers. (bug 1207665 part 1, r=jrmuizel). r=jrmuizel (bb8eac6fa8) - Bug 1188105: Parse bad driver versions. r=botond (8c856cac36) - Bug 1075089 - Move popup menu frame offset to LookAndFeel and fix default offset for OS X. r=Enn (e1f7d0c418) - Bug 1134385. Delete main thread assertion in CompositorVsyncDispatcher. r=kats (0945e91185) - some profiler stuff (d3d68abdad) - Bug 1156283 - Avoid shutdown observer race when shutting down gfx on Mac. r=roc (f66195546b)
679 lines
28 KiB
JavaScript
679 lines
28 KiB
JavaScript
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this file,
|
|
* You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
"use strict";
|
|
|
|
const Ci = Components.interfaces;
|
|
const Cu = Components.utils;
|
|
|
|
this.EXPORTED_SYMBOLS = [
|
|
"PermissionsTable",
|
|
"PermissionsReverseTable",
|
|
"expandPermissions",
|
|
"appendAccessToPermName",
|
|
"isExplicitInPermissionsTable",
|
|
"AllPossiblePermissions"
|
|
];
|
|
|
|
// Permission access flags
|
|
const READONLY = "readonly";
|
|
const CREATEONLY = "createonly";
|
|
const READCREATE = "readcreate";
|
|
const READWRITE = "readwrite";
|
|
|
|
const UNKNOWN_ACTION = Ci.nsIPermissionManager.UNKNOWN_ACTION;
|
|
const ALLOW_ACTION = Ci.nsIPermissionManager.ALLOW_ACTION;
|
|
const DENY_ACTION = Ci.nsIPermissionManager.DENY_ACTION;
|
|
const PROMPT_ACTION = Ci.nsIPermissionManager.PROMPT_ACTION;
|
|
|
|
// Permissions Matrix: https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0
|
|
|
|
// Permissions that are implicit:
|
|
// battery-status, network-information, vibration,
|
|
// device-capabilities
|
|
|
|
this.PermissionsTable = { geolocation: {
|
|
app: PROMPT_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: PROMPT_ACTION
|
|
},
|
|
"geolocation-noprompt": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
substitute: ["geolocation"]
|
|
},
|
|
camera: {
|
|
app: DENY_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
alarms: {
|
|
app: ALLOW_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"tcp-socket": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"udp-socket": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"network-events": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
contacts: {
|
|
app: DENY_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read", "write", "create"]
|
|
},
|
|
"device-storage:apps": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read"]
|
|
},
|
|
"device-storage:crashes": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read"]
|
|
},
|
|
"device-storage:pictures": {
|
|
app: DENY_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read", "write", "create"]
|
|
},
|
|
"device-storage:videos": {
|
|
app: DENY_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read", "write", "create"]
|
|
},
|
|
"device-storage:music": {
|
|
app: DENY_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read", "write", "create"]
|
|
},
|
|
"device-storage:sdcard": {
|
|
app: DENY_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read", "write", "create"]
|
|
},
|
|
sms: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
telephony: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
browser: {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"browser:universalxss": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"browser:embedded-system-app": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
bluetooth: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
mobileconnection: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
mobilenetwork: {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
power: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
push: {
|
|
app: ALLOW_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
settings: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read", "write"],
|
|
additional: ["indexedDB-chrome-settings", "settings-api"]
|
|
},
|
|
// This exists purely for tests, no app
|
|
// should ever use it. It can only be
|
|
// handed out by SpecialPowers.
|
|
"settings-clear": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: DENY_ACTION,
|
|
additional: ["indexedDB-chrome-settings", "settings-api"]
|
|
},
|
|
permissions: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
phonenumberservice: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
fmradio: {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
attention: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"global-clickthrough-overlay": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"moz-attention": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
substitute: ["attention"]
|
|
},
|
|
"webapps-manage": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"homescreen-webapps-manage": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"backgroundservice": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"desktop-notification": {
|
|
app: ALLOW_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"networkstats-manage": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"resourcestats-manage": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"wifi-manage": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"systemXHR": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"voicemail": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"idle": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"time": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"embed-apps": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"embed-widgets": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"background-sensors": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
cellbroadcast: {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"audio-channel-normal": {
|
|
app: ALLOW_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"audio-channel-content": {
|
|
app: ALLOW_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"audio-channel-notification": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"audio-channel-alarm": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"audio-channel-system": {
|
|
app: DENY_ACTION,
|
|
trusted: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"audio-channel-telephony": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"moz-audio-channel-telephony": {
|
|
app: DENY_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
substitute: ["audio-channel-telephony"]
|
|
},
|
|
"audio-channel-ringer": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"moz-audio-channel-ringer": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
substitute: ["audio-channel-ringer"]
|
|
},
|
|
"audio-channel-publicnotification": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"open-remote-window": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"input": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"input-manage": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"wappush": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"audio-capture": {
|
|
app: PROMPT_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"audio-capture:3gpp": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"nfc": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"nfc-share": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"nfc-manager": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"nfc-hci-events": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"speaker-control": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"downloads": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"video-capture": {
|
|
app: PROMPT_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"feature-detection": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"mobileid": {
|
|
app: DENY_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: PROMPT_ACTION
|
|
},
|
|
// This permission doesn't actually grant access to
|
|
// anything. It exists only to check the correctness
|
|
// of web prompt composed permissions in tests.
|
|
"test-permission": {
|
|
app: PROMPT_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read", "write", "create"]
|
|
},
|
|
"firefox-accounts": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"moz-firefox-accounts": {
|
|
app: DENY_ACTION,
|
|
privileged: PROMPT_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
substitute: ["firefox-accounts"]
|
|
},
|
|
"themeable": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"settings:wallpaper.image": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION,
|
|
access: ["read", "write"],
|
|
additional: ["settings-api"]
|
|
},
|
|
"engineering-mode": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"tv": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"before-after-keyboard-event": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"presentation-device-manage": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"requestsync-manager": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"secureelement-manage": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"inputport": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"external-app": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"system-update": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"presentation": {
|
|
app: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"open-hidden-window": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"moz-extremely-unstable-and-will-change-webcomponents": {
|
|
app: DENY_ACTION,
|
|
trusted: DENY_ACTION,
|
|
privileged: ALLOW_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"system-app-only-audio-channels-in-app": {
|
|
app: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
},
|
|
"killswitch": {
|
|
app: DENY_ACTION,
|
|
trusted: DENY_ACTION,
|
|
privileged: DENY_ACTION,
|
|
certified: ALLOW_ACTION
|
|
}
|
|
};
|
|
|
|
/**
|
|
* Append access modes to the permission name as suffixes.
|
|
* e.g. permission name 'contacts' with ['read', 'write'] =
|
|
* ['contacts-read', contacts-write']
|
|
* @param string aPermName
|
|
* @param array aAccess
|
|
* @returns array containing access-appended permission names.
|
|
**/
|
|
this.appendAccessToPermName = function appendAccessToPermName(aPermName, aAccess) {
|
|
if (aAccess.length == 0) {
|
|
return [aPermName];
|
|
}
|
|
return aAccess.map(function(aMode) {
|
|
return aPermName + "-" + aMode;
|
|
});
|
|
};
|
|
|
|
/**
|
|
* Expand an access string into multiple permission names,
|
|
* e.g: permission name 'contacts' with 'readwrite' =
|
|
* ['contacts-read', 'contacts-create', 'contacts-write']
|
|
* @param string aPermName
|
|
* @param string aAccess (optional)
|
|
* @returns array containing expanded permission names.
|
|
**/
|
|
this.expandPermissions = function expandPermissions(aPermName, aAccess) {
|
|
if (!PermissionsTable[aPermName]) {
|
|
let errorMsg =
|
|
"PermissionsTable.jsm: expandPermissions: Unknown Permission: " + aPermName;
|
|
Cu.reportError(errorMsg);
|
|
dump(errorMsg);
|
|
return [];
|
|
}
|
|
|
|
const tableEntry = PermissionsTable[aPermName];
|
|
|
|
if (tableEntry.substitute && tableEntry.additional) {
|
|
let errorMsg =
|
|
"PermissionsTable.jsm: expandPermissions: Can't handle both 'substitute' " +
|
|
"and 'additional' entries for permission: " + aPermName;
|
|
Cu.reportError(errorMsg);
|
|
dump(errorMsg);
|
|
return [];
|
|
}
|
|
|
|
if (!aAccess && tableEntry.access ||
|
|
aAccess && !tableEntry.access) {
|
|
let errorMsg =
|
|
"PermissionsTable.jsm: expandPermissions: Invalid access for permission " +
|
|
aPermName + ": " + aAccess + "\n";
|
|
Cu.reportError(errorMsg);
|
|
dump(errorMsg);
|
|
return [];
|
|
}
|
|
|
|
let expandedPermNames = [];
|
|
|
|
if (tableEntry.access && aAccess) {
|
|
let requestedSuffixes = [];
|
|
switch (aAccess) {
|
|
case READONLY:
|
|
requestedSuffixes.push("read");
|
|
break;
|
|
case CREATEONLY:
|
|
requestedSuffixes.push("create");
|
|
break;
|
|
case READCREATE:
|
|
requestedSuffixes.push("read", "create");
|
|
break;
|
|
case READWRITE:
|
|
requestedSuffixes.push("read", "create", "write");
|
|
break;
|
|
default:
|
|
return [];
|
|
}
|
|
|
|
let permArr = appendAccessToPermName(aPermName, requestedSuffixes);
|
|
|
|
// Add the same suffix to each of the additions.
|
|
if (tableEntry.additional) {
|
|
for (let additional of tableEntry.additional) {
|
|
permArr = permArr.concat(appendAccessToPermName(additional, requestedSuffixes));
|
|
}
|
|
}
|
|
|
|
// Only add the suffixed version if the suffix exists in the table.
|
|
for (let idx in permArr) {
|
|
let suffix = requestedSuffixes[idx % requestedSuffixes.length];
|
|
if (tableEntry.access.indexOf(suffix) != -1) {
|
|
expandedPermNames.push(permArr[idx]);
|
|
}
|
|
}
|
|
} else if (tableEntry.substitute) {
|
|
expandedPermNames = expandedPermNames.concat(tableEntry.substitute);
|
|
} else {
|
|
expandedPermNames.push(aPermName);
|
|
// Include each of the additions exactly as they appear in the table.
|
|
if (tableEntry.additional) {
|
|
expandedPermNames = expandedPermNames.concat(tableEntry.additional);
|
|
}
|
|
}
|
|
|
|
return expandedPermNames;
|
|
};
|
|
|
|
this.PermissionsReverseTable = {};
|
|
this.AllPossiblePermissions = [];
|
|
|
|
(function () {
|
|
// PermissionsTable as it is works well for direct searches, but not
|
|
// so well for reverse ones (that is, if I get something like
|
|
// device-storage:music-read or indexedDB-chrome-settings-read how
|
|
// do I know which permission it really is? Hence this table is
|
|
// born. The idea is that
|
|
// reverseTable[device-storage:music-read] should return
|
|
// device-storage:music
|
|
//
|
|
// We also need a list of all the possible permissions for things like the
|
|
// settingsmanager, so construct that while we're at it.
|
|
for (let permName in PermissionsTable) {
|
|
let permAliases = [];
|
|
if (PermissionsTable[permName].access) {
|
|
permAliases = expandPermissions(permName, "readwrite");
|
|
} else if (!PermissionsTable[permName].substitute) {
|
|
permAliases = expandPermissions(permName);
|
|
}
|
|
for (let i = 0; i < permAliases.length; i++) {
|
|
PermissionsReverseTable[permAliases[i]] = permName;
|
|
AllPossiblePermissions.push(permAliases[i]);
|
|
}
|
|
}
|
|
AllPossiblePermissions =
|
|
AllPossiblePermissions.concat(["indexedDB", "offline-app", "pin-app"]);
|
|
})();
|
|
|
|
this.isExplicitInPermissionsTable = function(aPermName, aIntStatus, aAppKind) {
|
|
|
|
// Check to see if the 'webapp' is app/privileged/certified.
|
|
let appStatus;
|
|
switch (aIntStatus) {
|
|
case Ci.nsIPrincipal.APP_STATUS_CERTIFIED:
|
|
appStatus = "certified";
|
|
break;
|
|
case Ci.nsIPrincipal.APP_STATUS_PRIVILEGED:
|
|
appStatus = "privileged";
|
|
break;
|
|
default: // If it isn't certified or privileged, it's app
|
|
appStatus = "app";
|
|
break;
|
|
}
|
|
|
|
let realPerm = PermissionsReverseTable[aPermName];
|
|
|
|
if (realPerm) {
|
|
return (PermissionsTable[realPerm][appStatus] ==
|
|
Ci.nsIPermissionManager.PROMPT_ACTION);
|
|
} else {
|
|
return false;
|
|
}
|
|
}
|