[tor-commits] [tor-browser/tor-browser-91.3.0esr-11.0-1] Bug 32418: Allow updates to be disabled via an enterprise policy.

sysrqb at torproject.org sysrqb at torproject.org
Tue Nov 2 21:00:28 UTC 2021


commit b32ecec21d0b34e18244088653081ed550797a71
Author: Kathy Brade <brade at pearlcrescent.com>
Date:   Thu Apr 16 17:07:09 2020 -0400

    Bug 32418: Allow updates to be disabled via an enterprise policy.
    
    Restrict the Enterprise Policies mechanism to only consult a
    policies.json file (avoiding the Windows Registry and macOS's
    file system attributes).
    
    Add a few disabledByPolicy() checks to the update service to
    avoid extraneous (and potentially confusing) log messages when
    updates are disabled by policy.
    
    Sample content for distribution/policies.json:
    {
      "policies": {
        "DisableAppUpdate": true
      }
    }
    
    On Linux, avoid reading policies from /etc/firefox/policies/policies.json
---
 .../enterprisepolicies/EnterprisePoliciesParent.jsm        | 14 ++++++++++++--
 toolkit/components/enterprisepolicies/moz.build            |  3 +++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm b/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
index f5de14798de1..9c702ea3fde8 100644
--- a/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
+++ b/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
@@ -4,6 +4,10 @@
 
 var EXPORTED_SYMBOLS = ["EnterprisePoliciesManager"];
 
+// To ensure that policies intended for Firefox or another browser will not
+// be used, Tor Browser only looks for policies in ${InstallDir}/distribution
+#define AVOID_SYSTEM_POLICIES MOZ_PROXY_BYPASS_PROTECTION
+
 const { XPCOMUtils } = ChromeUtils.import(
   "resource://gre/modules/XPCOMUtils.jsm"
 );
@@ -13,9 +17,11 @@ const { AppConstants } = ChromeUtils.import(
 );
 
 XPCOMUtils.defineLazyModuleGetters(this, {
+#ifndef AVOID_SYSTEM_POLICIES
   WindowsGPOParser: "resource://gre/modules/policies/WindowsGPOParser.jsm",
   macOSPoliciesParser:
     "resource://gre/modules/policies/macOSPoliciesParser.jsm",
+#endif
   Policies: "resource:///modules/policies/Policies.jsm",
   JsonSchemaValidator:
     "resource://gre/modules/components-utils/JsonSchemaValidator.jsm",
@@ -140,11 +146,13 @@ EnterprisePoliciesManager.prototype = {
 
   _chooseProvider() {
     let platformProvider = null;
+#ifndef AVOID_SYSTEM_POLICIES
     if (AppConstants.platform == "win") {
       platformProvider = new WindowsGPOPoliciesProvider();
     } else if (AppConstants.platform == "macosx") {
       platformProvider = new macOSPoliciesProvider();
     }
+#endif
     let jsonProvider = new JSONPoliciesProvider();
     if (platformProvider && platformProvider.hasPolicies) {
       if (jsonProvider.hasPolicies) {
@@ -491,7 +499,7 @@ class JSONPoliciesProvider {
 
   _getConfigurationFile() {
     let configFile = null;
-
+#ifndef AVOID_SYSTEM_POLICIES
     if (AppConstants.platform == "linux") {
       let systemConfigFile = Cc["@mozilla.org/file/local;1"].createInstance(
         Ci.nsIFile
@@ -504,7 +512,7 @@ class JSONPoliciesProvider {
         return systemConfigFile;
       }
     }
-
+#endif
     try {
       let perUserPath = Services.prefs.getBoolPref(PREF_PER_USER_DIR, false);
       if (perUserPath) {
@@ -585,6 +593,7 @@ class JSONPoliciesProvider {
   }
 }
 
+#ifndef AVOID_SYSTEM_POLICIES
 class WindowsGPOPoliciesProvider {
   constructor() {
     this._policies = null;
@@ -686,3 +695,4 @@ class CombinedProvider {
     return false;
   }
 }
+#endif
diff --git a/toolkit/components/enterprisepolicies/moz.build b/toolkit/components/enterprisepolicies/moz.build
index 09d2046e1bd7..3f685d3fbbd6 100644
--- a/toolkit/components/enterprisepolicies/moz.build
+++ b/toolkit/components/enterprisepolicies/moz.build
@@ -19,6 +19,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] != "android":
     EXTRA_JS_MODULES += [
         "EnterprisePolicies.jsm",
         "EnterprisePoliciesContent.jsm",
+    ]
+
+    EXTRA_PP_JS_MODULES += [
         "EnterprisePoliciesParent.jsm",
     ]
 





More information about the tor-commits mailing list