[tbb-commits] [tor-browser/tor-browser-68.7.0esr-9.5-1] Bug 32418: Allow updates to be disabled via an enterprise policy.
sysrqb at torproject.org
sysrqb at torproject.org
Tue Apr 28 20:45:08 UTC 2020
commit e577d655d2044e3b6636b0bccfbb5bd776148582
Author: Kathy Brade <brade at pearlcrescent.com>
Date: Thu Apr 16 17:07:09 2020 -0400
Bug 32418: Allow updates to be disabled via an enterprise policy.
Restrict the Enterprise Policies mechanism to only consult a
policies.json file (avoiding the Windows Registry and macOS's
file system attributes).
Add a few disabledByPolicy() checks to the update service to
avoid extraneous (and potentially confusing) log messages when
updates are disabled by policy.
Sample content for distribution/policies.json:
{
"policies": {
"DisableAppUpdate": true
}
}
---
.../enterprisepolicies/EnterprisePolicies.js | 10 ++++++++++
toolkit/components/enterprisepolicies/moz.build | 4 +++-
toolkit/mozapps/update/UpdateService.jsm | 20 ++++++++++++++++++++
3 files changed, 33 insertions(+), 1 deletion(-)
diff --git a/toolkit/components/enterprisepolicies/EnterprisePolicies.js b/toolkit/components/enterprisepolicies/EnterprisePolicies.js
index db77b4717736..bc0171867dfa 100644
--- a/toolkit/components/enterprisepolicies/EnterprisePolicies.js
+++ b/toolkit/components/enterprisepolicies/EnterprisePolicies.js
@@ -2,6 +2,10 @@
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+// To avoid accessing the Windows Registry or macOS' file system attributes,
+// Tor Browser only supports policies.json.
+#define JSON_POLICIES_ONLY MOZ_PROXY_BYPASS_PROTECTION
+
const { XPCOMUtils } = ChromeUtils.import(
"resource://gre/modules/XPCOMUtils.jsm"
);
@@ -11,9 +15,11 @@ const { AppConstants } = ChromeUtils.import(
);
XPCOMUtils.defineLazyModuleGetters(this, {
+#ifndef JSON_POLICIES_ONLY
WindowsGPOParser: "resource://gre/modules/policies/WindowsGPOParser.jsm",
macOSPoliciesParser:
"resource://gre/modules/policies/macOSPoliciesParser.jsm",
+#endif
Policies: "resource:///modules/policies/Policies.jsm",
JsonSchemaValidator:
"resource://gre/modules/components-utils/JsonSchemaValidator.jsm",
@@ -111,6 +117,7 @@ EnterprisePoliciesManager.prototype = {
_chooseProvider() {
let provider = null;
+#ifndef JSON_POLICIES_ONLY
if (AppConstants.platform == "win") {
provider = new WindowsGPOPoliciesProvider();
} else if (AppConstants.platform == "macosx") {
@@ -119,6 +126,7 @@ EnterprisePoliciesManager.prototype = {
if (provider && provider.hasPolicies) {
return provider;
}
+#endif
provider = new JSONPoliciesProvider();
if (provider.hasPolicies) {
@@ -547,6 +555,7 @@ class JSONPoliciesProvider {
}
}
+#ifndef JSON_POLICIES_ONLY
class WindowsGPOPoliciesProvider {
constructor() {
this._policies = null;
@@ -608,6 +617,7 @@ class macOSPoliciesProvider {
return this._failed;
}
}
+#endif
var components = [EnterprisePoliciesManager];
this.NSGetFactory = XPCOMUtils.generateNSGetFactory(components);
diff --git a/toolkit/components/enterprisepolicies/moz.build b/toolkit/components/enterprisepolicies/moz.build
index 8f7d7d8cfed7..7528f569bb3e 100644
--- a/toolkit/components/enterprisepolicies/moz.build
+++ b/toolkit/components/enterprisepolicies/moz.build
@@ -19,10 +19,12 @@ TEST_DIRS += [
if CONFIG['MOZ_WIDGET_TOOLKIT'] != "android":
EXTRA_COMPONENTS += [
- 'EnterprisePolicies.js',
'EnterprisePolicies.manifest',
'EnterprisePoliciesContent.js',
]
+ EXTRA_PP_COMPONENTS += [
+ 'EnterprisePolicies.js',
+ ]
if CONFIG['MOZ_WIDGET_TOOLKIT'] == 'windows':
EXTRA_JS_MODULES.policies += [
diff --git a/toolkit/mozapps/update/UpdateService.jsm b/toolkit/mozapps/update/UpdateService.jsm
index 282e1aecc5e8..5fbcc1536540 100644
--- a/toolkit/mozapps/update/UpdateService.jsm
+++ b/toolkit/mozapps/update/UpdateService.jsm
@@ -2772,6 +2772,10 @@ UpdateService.prototype = {
_checkForBackgroundUpdates: function AUS__checkForBackgroundUpdates(
isNotify
) {
+ if (this.disabledByPolicy) {
+ return;
+ }
+
this._isNotify = isNotify;
// Histogram IDs:
@@ -3293,6 +3297,14 @@ UpdateService.prototype = {
* See nsIUpdateService.idl
*/
get canApplyUpdates() {
+ if (this.disabledByPolicy) {
+ LOG(
+ "UpdateService.canApplyUpdates - unable to apply updates, " +
+ "the option has been disabled by the administrator."
+ );
+ return false;
+ }
+
return getCanApplyUpdates() && hasUpdateMutex();
},
@@ -3300,6 +3312,14 @@ UpdateService.prototype = {
* See nsIUpdateService.idl
*/
get canStageUpdates() {
+ if (this.disabledByPolicy) {
+ LOG(
+ "UpdateService.canStageUpdates - unable to stage updates, " +
+ "the option has been disabled by the administrator."
+ );
+ return false;
+ }
+
return getCanStageUpdates();
},
More information about the tbb-commits
mailing list