[tbb-commits] [tor-browser/tor-browser-86.0b1-10.5-1] Bug 32418: Allow updates to be disabled via an enterprise policy.

gk at torproject.org gk at torproject.org
Sat Jan 30 21:45:32 UTC 2021


commit 45e6b5f5c17fa8a74e471114eecc5858b93e4acb
Author: Kathy Brade <brade at pearlcrescent.com>
Date:   Thu Apr 16 17:07:09 2020 -0400

    Bug 32418: Allow updates to be disabled via an enterprise policy.
    
    Restrict the Enterprise Policies mechanism to only consult a
    policies.json file (avoiding the Windows Registry and macOS's
    file system attributes).
    
    Add a few disabledByPolicy() checks to the update service to
    avoid extraneous (and potentially confusing) log messages when
    updates are disabled by policy.
    
    Sample content for distribution/policies.json:
    {
      "policies": {
        "DisableAppUpdate": true
      }
    }
    
    On Linux, avoid reading policies from /etc/firefox/policies/policies.json
---
 .../enterprisepolicies/EnterprisePoliciesParent.jsm        | 14 ++++++++++++--
 toolkit/components/enterprisepolicies/moz.build            |  3 +++
 2 files changed, 15 insertions(+), 2 deletions(-)

diff --git a/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm b/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
index 8b0a5170cbdd..38e2c2b36a24 100644
--- a/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
+++ b/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
@@ -4,6 +4,10 @@
 
 var EXPORTED_SYMBOLS = ["EnterprisePoliciesManager"];
 
+// To ensure that policies intended for Firefox or another browser will not
+// be used, Tor Browser only looks for policies in ${InstallDir}/distribution
+#define AVOID_SYSTEM_POLICIES MOZ_PROXY_BYPASS_PROTECTION
+
 const { XPCOMUtils } = ChromeUtils.import(
   "resource://gre/modules/XPCOMUtils.jsm"
 );
@@ -13,9 +17,11 @@ const { AppConstants } = ChromeUtils.import(
 );
 
 XPCOMUtils.defineLazyModuleGetters(this, {
+#ifndef AVOID_SYSTEM_POLICIES
   WindowsGPOParser: "resource://gre/modules/policies/WindowsGPOParser.jsm",
   macOSPoliciesParser:
     "resource://gre/modules/policies/macOSPoliciesParser.jsm",
+#endif
   Policies: "resource:///modules/policies/Policies.jsm",
   JsonSchemaValidator:
     "resource://gre/modules/components-utils/JsonSchemaValidator.jsm",
@@ -137,6 +143,7 @@ EnterprisePoliciesManager.prototype = {
 
   _chooseProvider() {
     let provider = null;
+#ifndef AVOID_SYSTEM_POLICIES
     if (AppConstants.platform == "win") {
       provider = new WindowsGPOPoliciesProvider();
     } else if (AppConstants.platform == "macosx") {
@@ -145,6 +152,7 @@ EnterprisePoliciesManager.prototype = {
     if (provider && provider.hasPolicies) {
       return provider;
     }
+#endif
 
     provider = new JSONPoliciesProvider();
     if (provider.hasPolicies) {
@@ -495,7 +503,7 @@ class JSONPoliciesProvider {
 
   _getConfigurationFile() {
     let configFile = null;
-
+#ifndef AVOID_SYSTEM_POLICIES
     if (AppConstants.platform == "linux") {
       let systemConfigFile = Cc["@mozilla.org/file/local;1"].createInstance(
         Ci.nsIFile
@@ -508,7 +516,7 @@ class JSONPoliciesProvider {
         return systemConfigFile;
       }
     }
-
+#endif
     try {
       let perUserPath = Services.prefs.getBoolPref(PREF_PER_USER_DIR, false);
       if (perUserPath) {
@@ -589,6 +597,7 @@ class JSONPoliciesProvider {
   }
 }
 
+#ifndef AVOID_SYSTEM_POLICIES
 class WindowsGPOPoliciesProvider {
   constructor() {
     this._policies = null;
@@ -654,3 +663,4 @@ class macOSPoliciesProvider {
     return this._failed;
   }
 }
+#endif
diff --git a/toolkit/components/enterprisepolicies/moz.build b/toolkit/components/enterprisepolicies/moz.build
index 09d2046e1bd7..3f685d3fbbd6 100644
--- a/toolkit/components/enterprisepolicies/moz.build
+++ b/toolkit/components/enterprisepolicies/moz.build
@@ -19,6 +19,9 @@ if CONFIG["MOZ_WIDGET_TOOLKIT"] != "android":
     EXTRA_JS_MODULES += [
         "EnterprisePolicies.jsm",
         "EnterprisePoliciesContent.jsm",
+    ]
+
+    EXTRA_PP_JS_MODULES += [
         "EnterprisePoliciesParent.jsm",
     ]
 





More information about the tbb-commits mailing list