Bug 1457142 - Added Policy: Camera Access r?felipe
MozReview-Commit-ID: MxokBI4pY3
--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@@ -109,16 +109,23 @@ var Policies = {
},
"Bookmarks": {
onAllWindowsRestored(manager, param) {
BookmarksPolicies.processBookmarks(param);
}
},
+ "CameraAccess": {
+ onBeforeUIStartup(manager, param) {
+ addAllowDenyPermissions("camera", param.Allow, param.Block);
+ setPermissionsPolicy("permissions.default.camera", param);
+ }
+ },
+
"Certificates": {
onBeforeAddons(manager, param) {
if ("ImportEnterpriseRoots" in param) {
setAndLockPref("security.enterprise_roots.enabled", true);
}
}
},
@@ -765,16 +772,42 @@ function setDefaultPref(prefName, prefVa
case "string":
defaults.setStringPref(prefName, prefValue);
break;
}
}
/**
+ * setPermissionsPolicy
+ *
+ * Helper function to set preferences appropriately for the policy
+ *
+ * @param {string} policyName
+ * The name of the policy to set
+ * @param {object} policyParam
+ * The object containing param for the policy
+ */
+function setPermissionsPolicy(policyName, policyParam) {
+ if ("BlockNewRequests" in policyParam) {
+ if (policyParam.BlockNewRequests) {
+ if (policyParam.Locked) {
+ setAndLockPref(policyName, 2);
+ } else {
+ setDefaultPref(policyName, 2);
+ }
+ } else if (policyParam.Locked) {
+ setAndLockPref(policyName, 0);
+ } else {
+ setDefaultPref(policyName, 0);
+ }
+ }
+}
+
+/**
* addAllowDenyPermissions
*
* Helper function to call the permissions manager (Services.perms.add)
* for two arrays of URLs.
*
* @param {string} permissionName
* The name of the permission to change
* @param {array} allowList
--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@@ -86,16 +86,46 @@
"Folder": {
"type": "string"
}
},
"required": ["Title", "URL"]
}
},
+ "CameraAccess": {
+ "description": "Allow or deny camera access.",
+ "first_available": "60.0",
+
+ "type": "object",
+ "properties": {
+ "Allow": {
+ "type": "array",
+ "items": {
+ "type": "origin"
+ }
+ },
+
+ "Block": {
+ "type": "array",
+ "items": {
+ "type": "origin"
+ }
+ },
+
+ "BlockNewRequests": {
+ "type": "boolean"
+ },
+
+ "Locked": {
+ "type": "boolean"
+ }
+ }
+ },
+
"Certificates": {
"description": "Whether or not to use built in certs. This policy is Windows only at this time.",
"first_available": "60.0",
"type": "object",
"properties": {
"ImportEnterpriseRoots": {
"type": "boolean"
--- a/browser/components/enterprisepolicies/tests/browser/browser.ini
+++ b/browser/components/enterprisepolicies/tests/browser/browser.ini
@@ -20,16 +20,17 @@ support-files =
[browser_policies_sorted_alphabetically.js]
[browser_policy_app_update.js]
[browser_policy_block_about_addons.js]
[browser_policy_block_about_config.js]
[browser_policy_block_about_profiles.js]
[browser_policy_block_about_support.js]
[browser_policy_block_set_desktop_background.js]
[browser_policy_bookmarks.js]
+[browser_policy_camera_access.js]
[browser_policy_clear_blocked_cookies.js]
[browser_policy_cookie_settings.js]
[browser_policy_default_browser_check.js]
[browser_policy_disable_feedback_commands.js]
[browser_policy_disable_flash_plugin.js]
[browser_policy_disable_fxaccounts.js]
[browser_policy_disable_masterpassword.js]
[browser_policy_disable_pdfjs.js]
new file mode 100644
--- /dev/null
+++ b/browser/components/enterprisepolicies/tests/browser/browser_policy_camera_access.js
@@ -0,0 +1,96 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+function URI(str) {
+ return Services.io.newURI(str);
+}
+
+add_task(async function test_setup_preexisting_permissions() {
+ // Pre-existing ALLOW permissions that should be overriden
+ // with DENY.
+
+ // No ALLOW -> DENY override for popup and install permissions,
+ // because their policies only supports the Allow parameter.
+
+ Services.perms.add(URI("https://www.pre-existing-allow.com"),
+ "camera",
+ Ci.nsIPermissionManager.ALLOW_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION);
+
+ // Pre-existing DENY permissions that should be overriden
+ // with ALLOW.
+
+ Services.perms.add(URI("https://www.pre-existing-deny.com"),
+ "camera",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION);
+});
+
+add_task(async function test_setup_activate_policies() {
+ await setupPolicyEngineWithJson({
+ "policies": {
+ "CameraAccess": {
+ "Allow": [
+ "https://www.allow.com",
+ "https://www.pre-existing-deny.com"
+ ],
+
+ "Block": [
+ "https://www.deny.com",
+ "https://www.pre-existing-allow.com"
+ ]
+ }
+ }
+ });
+ is(Services.policies.status, Ci.nsIEnterprisePolicies.ACTIVE, "Engine is active");
+});
+
+function checkPermission(url, expected, permissionName) {
+ let expectedValue = Ci.nsIPermissionManager[`${expected}_ACTION`];
+ let uri = Services.io.newURI(`https://www.${url}`);
+
+ is(Services.perms.testPermission(uri, permissionName),
+ expectedValue,
+ `Correct (${permissionName}=${expected}) for URL ${url}`);
+
+ if (expected != "UNKNOWN") {
+ let permission = Services.perms.getPermissionObjectForURI(
+ uri, permissionName, true);
+ ok(permission, "Permission object exists");
+ is(permission.expireType, Ci.nsIPermissionManager.EXPIRE_POLICY,
+ "Permission expireType is correct");
+ }
+}
+
+function checkAllPermissionsForType(type, typeSupportsDeny = true) {
+ checkPermission("allow.com", "ALLOW", type);
+ checkPermission("unknown.com", "UNKNOWN", type);
+ checkPermission("pre-existing-deny.com", "ALLOW", type);
+
+ if (typeSupportsDeny) {
+ checkPermission("deny.com", "DENY", type);
+ checkPermission("pre-existing-allow.com", "DENY", type);
+ }
+}
+
+add_task(async function test_camera_access_policy() {
+ checkAllPermissionsForType("camera");
+});
+
+add_task(async function test_change_permission() {
+ // Checks that changing a permission will still retain the
+ // value set through the engine.
+ Services.perms.add(URI("https://www.allow.com"), "camera",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION);
+
+ checkPermission("allow.com", "ALLOW", "camera");
+
+ // Also change one un-managed permission to make sure it doesn't
+ // cause any problems to the policy engine or the permission manager.
+ Services.perms.add(URI("https://www.unmanaged.com"), "camera",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION);
+});