summaryrefslogtreecommitdiffstats
path: root/browser/components/enterprisepolicies
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 05:35:29 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-06-12 05:35:29 +0000
commit59203c63bb777a3bacec32fb8830fba33540e809 (patch)
tree58298e711c0ff0575818c30485b44a2f21bf28a0 /browser/components/enterprisepolicies
parentAdding upstream version 126.0.1. (diff)
downloadfirefox-59203c63bb777a3bacec32fb8830fba33540e809.tar.xz
firefox-59203c63bb777a3bacec32fb8830fba33540e809.zip
Adding upstream version 127.0.upstream/127.0
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'browser/components/enterprisepolicies')
-rw-r--r--browser/components/enterprisepolicies/Policies.sys.mjs68
-rw-r--r--browser/components/enterprisepolicies/content/aboutPolicies.html1
-rw-r--r--browser/components/enterprisepolicies/content/aboutPolicies.js1
-rw-r--r--browser/components/enterprisepolicies/helpers/BookmarksPolicies.sys.mjs48
-rw-r--r--browser/components/enterprisepolicies/schemas/policies-schema.json26
-rw-r--r--browser/components/enterprisepolicies/tests/browser/browser_policy_extensions.js2
-rw-r--r--browser/components/enterprisepolicies/tests/browser/browser_policy_extensionsettings2.js2
-rw-r--r--browser/components/enterprisepolicies/tests/browser/browser_policy_masterpassword.js19
-rw-r--r--browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js44
-rw-r--r--browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js21
-rw-r--r--browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js51
11 files changed, 236 insertions, 47 deletions
diff --git a/browser/components/enterprisepolicies/Policies.sys.mjs b/browser/components/enterprisepolicies/Policies.sys.mjs
index fd15c244cc..ebc1bc0a58 100644
--- a/browser/components/enterprisepolicies/Policies.sys.mjs
+++ b/browser/components/enterprisepolicies/Policies.sys.mjs
@@ -549,10 +549,26 @@ export var Policies = {
param.ClientSignature
);
}
+ if ("DefaultResult" in param) {
+ if (
+ !Number.isInteger(param.DefaultResult) ||
+ param.DefaultResult < 0 ||
+ param.DefaultResult > 2
+ ) {
+ lazy.log.error(
+ `Non-integer or out of range value for DefaultResult: ${param.DefaultResult}`
+ );
+ } else {
+ setAndLockPref(
+ "browser.contentanalysis.default_result",
+ param.DefaultResult
+ );
+ }
+ }
let boolPrefs = [
["IsPerUser", "is_per_user"],
["ShowBlockedResult", "show_blocked_result"],
- ["DefaultAllow", "default_allow"],
+ ["BypassForSameTabOperations", "bypass_for_same_tab_operations"],
];
for (let pref of boolPrefs) {
if (pref[0] in param) {
@@ -773,6 +789,15 @@ export var Policies = {
},
},
+ DisableEncryptedClientHello: {
+ onBeforeAddons(manager, param) {
+ if (param) {
+ setAndLockPref("network.dns.echconfig.enabled", false);
+ setAndLockPref("network.dns.http3_echconfig.enabled", false);
+ }
+ },
+ },
+
DisableFeedbackCommands: {
onBeforeUIStartup(manager, param) {
if (param) {
@@ -1515,6 +1540,31 @@ export var Policies = {
},
},
+ HttpAllowlist: {
+ onBeforeAddons(manager, param) {
+ addAllowDenyPermissions("https-only-load-insecure", param);
+ },
+ },
+
+ HttpsOnlyMode: {
+ onBeforeAddons(manager, param) {
+ switch (param) {
+ case "disallowed":
+ setAndLockPref("dom.security.https_only_mode", false);
+ break;
+ case "enabled":
+ PoliciesUtils.setDefaultPref("dom.security.https_only_mode", true);
+ break;
+ case "force_enabled":
+ setAndLockPref("dom.security.https_only_mode", true);
+ break;
+ case "allowed":
+ // The default case.
+ break;
+ }
+ },
+ },
+
InstallAddonsPermission: {
onBeforeUIStartup(manager, param) {
if ("Allow" in param) {
@@ -1787,6 +1837,12 @@ export var Policies = {
},
},
+ PostQuantumKeyAgreementEnabled: {
+ onBeforeAddons(manager, param) {
+ setAndLockPref("security.tls.enable_kyber", param);
+ },
+ },
+
Preferences: {
onBeforeAddons(manager, param) {
let allowedPrefixes = [
@@ -1811,6 +1867,7 @@ export var Policies = {
"places.",
"pref.",
"print.",
+ "privacy.globalprivacycontrol.enabled",
"privacy.userContext.enabled",
"privacy.userContext.ui.enabled",
"signon.",
@@ -1831,6 +1888,8 @@ export var Policies = {
"security.insecure_connection_text.enabled",
"security.insecure_connection_text.pbmode.enabled",
"security.mixed_content.block_active_content",
+ "security.mixed_content.block_display_content",
+ "security.mixed_content.upgrade_display_content",
"security.osclientcerts.assume_rsa_pss_support",
"security.osclientcerts.autoload",
"security.OCSP.enabled",
@@ -2457,13 +2516,6 @@ export var Policies = {
UserMessaging: {
onBeforeAddons(manager, param) {
- if ("WhatsNew" in param) {
- PoliciesUtils.setDefaultPref(
- "browser.messaging-system.whatsNewPanel.enabled",
- param.WhatsNew,
- param.Locked
- );
- }
if ("ExtensionRecommendations" in param) {
PoliciesUtils.setDefaultPref(
"browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons",
diff --git a/browser/components/enterprisepolicies/content/aboutPolicies.html b/browser/components/enterprisepolicies/content/aboutPolicies.html
index bf0a962aa8..0b7a4e78ff 100644
--- a/browser/components/enterprisepolicies/content/aboutPolicies.html
+++ b/browser/components/enterprisepolicies/content/aboutPolicies.html
@@ -24,7 +24,6 @@
rel="localization"
href="browser/policies/policies-descriptions.ftl"
/>
- <link rel="localization" href="toolkit/branding/accounts.ftl" />
<link rel="localization" href="toolkit/branding/brandings.ftl" />
<script src="chrome://browser/content/policies/aboutPolicies.js"></script>
</head>
diff --git a/browser/components/enterprisepolicies/content/aboutPolicies.js b/browser/components/enterprisepolicies/content/aboutPolicies.js
index 9cde085f3d..2de9be0982 100644
--- a/browser/components/enterprisepolicies/content/aboutPolicies.js
+++ b/browser/components/enterprisepolicies/content/aboutPolicies.js
@@ -294,6 +294,7 @@ function generateDocumentation() {
SanitizeOnShutdown: "SanitizeOnShutdown2",
WindowsSSO: "Windows10SSO",
SecurityDevices: "SecurityDevices2",
+ DisableFirefoxAccounts: "DisableFirefoxAccounts1",
};
for (let policyName in schema.properties) {
diff --git a/browser/components/enterprisepolicies/helpers/BookmarksPolicies.sys.mjs b/browser/components/enterprisepolicies/helpers/BookmarksPolicies.sys.mjs
index 5fc70c31cf..2e52a248c8 100644
--- a/browser/components/enterprisepolicies/helpers/BookmarksPolicies.sys.mjs
+++ b/browser/components/enterprisepolicies/helpers/BookmarksPolicies.sys.mjs
@@ -204,44 +204,30 @@ async function insertBookmark(bookmark) {
}
function setFaviconForBookmark(bookmark) {
- let faviconURI;
- let nullPrincipal = Services.scriptSecurityManager.createNullPrincipal({});
-
switch (bookmark.Favicon.protocol) {
- case "data:":
- // data urls must first call replaceFaviconDataFromDataURL, using a
- // fake URL. Later, it's needed to call setAndFetchFaviconForPage
- // with the same URL.
- faviconURI = Services.io.newURI("fake-favicon-uri:" + bookmark.URL.href);
-
- lazy.PlacesUtils.favicons.replaceFaviconDataFromDataURL(
- faviconURI,
- bookmark.Favicon.href,
- 0 /* max expiration length */,
- nullPrincipal
+ case "data:": {
+ lazy.PlacesUtils.favicons.setFaviconForPage(
+ bookmark.URL.URI,
+ Services.io.newURI("fake-favicon-uri:" + bookmark.URL.href),
+ bookmark.Favicon.URI
);
- break;
-
+ return;
+ }
case "http:":
- case "https:":
- faviconURI = Services.io.newURI(bookmark.Favicon.href);
- break;
-
- default:
- lazy.log.error(
- `Bad URL given for favicon on bookmark "${bookmark.Title}"`
+ case "https:": {
+ lazy.PlacesUtils.favicons.setAndFetchFaviconForPage(
+ bookmark.URL.URI,
+ bookmark.Favicon.URI,
+ false /* forceReload */,
+ lazy.PlacesUtils.favicons.FAVICON_LOAD_NON_PRIVATE,
+ null,
+ Services.scriptSecurityManager.createNullPrincipal({})
);
return;
+ }
}
- lazy.PlacesUtils.favicons.setAndFetchFaviconForPage(
- Services.io.newURI(bookmark.URL.href),
- faviconURI,
- false /* forceReload */,
- lazy.PlacesUtils.favicons.FAVICON_LOAD_NON_PRIVATE,
- null,
- nullPrincipal
- );
+ lazy.log.error(`Bad URL given for favicon on bookmark "${bookmark.Title}"`);
}
// Cache of folder names to guids to be used by the getParentGuid
diff --git a/browser/components/enterprisepolicies/schemas/policies-schema.json b/browser/components/enterprisepolicies/schemas/policies-schema.json
index 3c578f2c4b..7058efb698 100644
--- a/browser/components/enterprisepolicies/schemas/policies-schema.json
+++ b/browser/components/enterprisepolicies/schemas/policies-schema.json
@@ -265,7 +265,10 @@
"ShowBlockedResult": {
"type": "boolean"
},
- "DefaultAllow": {
+ "DefaultResult": {
+ "type": "number"
+ },
+ "BypassForSameTabOperations": {
"type": "boolean"
}
}
@@ -426,6 +429,10 @@
"type": "boolean"
},
+ "DisableEncryptedClientHello": {
+ "type": "boolean"
+ },
+
"DisableFeedbackCommands": {
"type": "boolean"
},
@@ -832,6 +839,19 @@
}
},
+ "HttpAllowlist": {
+ "type": "array",
+ "strict": false,
+ "items": {
+ "type": "origin"
+ }
+ },
+
+ "HttpsOnlyMode": {
+ "type": "string",
+ "enum": ["allowed", "disallowed", "enabled", "force_enabled"]
+ },
+
"InstallAddonsPermission": {
"type": "object",
"properties": {
@@ -1180,6 +1200,10 @@
}
},
+ "PostQuantumKeyAgreementEnabled": {
+ "type": "boolean"
+ },
+
"Preferences": {
"type": ["object", "JSON"],
"patternProperties": {
diff --git a/browser/components/enterprisepolicies/tests/browser/browser_policy_extensions.js b/browser/components/enterprisepolicies/tests/browser/browser_policy_extensions.js
index 7d1313548b..6b8feb4d82 100644
--- a/browser/components/enterprisepolicies/tests/browser/browser_policy_extensions.js
+++ b/browser/components/enterprisepolicies/tests/browser/browser_policy_extensions.js
@@ -40,7 +40,7 @@ add_task(async function test_addon_install() {
add_task(async function test_addon_locked() {
let tab = await BrowserTestUtils.openNewForegroundTab(gBrowser);
- const win = await BrowserOpenAddonsMgr("addons://list/extension");
+ const win = await BrowserAddonUI.openAddonsMgr("addons://list/extension");
await isExtensionLocked(win, ADDON_ID);
diff --git a/browser/components/enterprisepolicies/tests/browser/browser_policy_extensionsettings2.js b/browser/components/enterprisepolicies/tests/browser/browser_policy_extensionsettings2.js
index 612448ee4e..dd610ec7e5 100644
--- a/browser/components/enterprisepolicies/tests/browser/browser_policy_extensionsettings2.js
+++ b/browser/components/enterprisepolicies/tests/browser/browser_policy_extensionsettings2.js
@@ -45,7 +45,7 @@ add_task(async function test_addon_install() {
add_task(async function test_addon_locked_update_disabled() {
let tab = await BrowserTestUtils.openNewForegroundTab(gBrowser);
- const win = await BrowserOpenAddonsMgr(
+ const win = await BrowserAddonUI.openAddonsMgr(
"addons://detail/" + encodeURIComponent(ADDON_ID)
);
diff --git a/browser/components/enterprisepolicies/tests/browser/browser_policy_masterpassword.js b/browser/components/enterprisepolicies/tests/browser/browser_policy_masterpassword.js
index 872eb5a652..87fb072971 100644
--- a/browser/components/enterprisepolicies/tests/browser/browser_policy_masterpassword.js
+++ b/browser/components/enterprisepolicies/tests/browser/browser_policy_masterpassword.js
@@ -7,6 +7,25 @@ let { LoginTestUtils } = ChromeUtils.importESModule(
"resource://testing-common/LoginTestUtils.sys.mjs"
);
+let { sinon } = ChromeUtils.importESModule(
+ "resource://testing-common/Sinon.sys.mjs"
+);
+
+let { FormAutofillUtils } = ChromeUtils.importESModule(
+ "resource://gre/modules/shared/FormAutofillUtils.sys.mjs"
+);
+
+add_setup(async function () {
+ // Stub these out so we don't end up invoking the MP dialog
+ // in order to decrypt prefs to find out if these are enabled or disabled.
+ sinon.stub(FormAutofillUtils, "getOSAuthEnabled").returns(false);
+ sinon.stub(LoginHelper, "getOSAuthEnabled").returns(false);
+
+ registerCleanupFunction(async function () {
+ sinon.restore();
+ });
+});
+
// Test that once a password is set, you can't unset it
add_task(async function test_policy_masterpassword_set() {
await setupPolicyEngineWithJson({
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
index 22a6269cce..76157c7e97 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_extensionsettings.js
@@ -8,10 +8,14 @@ const { AddonTestUtils } = ChromeUtils.importESModule(
const { AddonManager } = ChromeUtils.importESModule(
"resource://gre/modules/AddonManager.sys.mjs"
);
+const { ExtensionTestUtils } = ChromeUtils.importESModule(
+ "resource://testing-common/ExtensionXPCShellUtils.sys.mjs"
+);
AddonTestUtils.init(this);
AddonTestUtils.overrideCertDB();
AddonTestUtils.appInfo = getAppInfo();
+ExtensionTestUtils.init(this);
const server = AddonTestUtils.createHttpServer({ hosts: ["example.com"] });
const BASE_URL = `http://example.com/data`;
@@ -21,6 +25,34 @@ let themeID = "policytheme@mozilla.com";
let fileURL;
+async function assertManagementAPIInstallType(addonId, expectedInstallType) {
+ const addon = await AddonManager.getAddonByID(addonId);
+ const expectInstalledByPolicy = expectedInstallType === "admin";
+ equal(
+ addon.isInstalledByEnterprisePolicy,
+ expectInstalledByPolicy,
+ `Addon should ${
+ expectInstalledByPolicy ? "be" : "NOT be"
+ } marked as installed by enterprise policy`
+ );
+ const policy = WebExtensionPolicy.getByID(addonId);
+ const pageURL = policy.extension.baseURI.resolve(
+ "_generated_background_page.html"
+ );
+ const page = await ExtensionTestUtils.loadContentPage(pageURL);
+ const { id, installType } = await page.spawn([], async () => {
+ const res = await this.content.wrappedJSObject.browser.management.getSelf();
+ return { id: res.id, installType: res.installType };
+ });
+ await page.close();
+ Assert.equal(id, addonId, "Got results for the expected addon id");
+ Assert.equal(
+ installType,
+ expectedInstallType,
+ "Got the expected installType on policy installed extension"
+ );
+}
+
add_setup(async function setup() {
await AddonTestUtils.promiseStartupManager();
@@ -115,7 +147,14 @@ add_task(async function test_addon_allowed() {
);
await install.install();
notEqual(install.addon, null, "Addon should not be null");
+ await assertManagementAPIInstallType(install.addon.id, "normal");
equal(install.addon.appDisabled, false, "Addon should not be disabled");
+ equal(
+ install.addon.isInstalledByEnterprisePolicy,
+ false,
+ "Addon should NOT be marked as installed by enterprise policy"
+ );
+
await install.addon.uninstall();
});
@@ -169,6 +208,8 @@ add_task(async function test_addon_forceinstalled() {
0,
"Addon should not be able to be disabled."
);
+ await assertManagementAPIInstallType(addon.id, "admin");
+
await addon.uninstall();
});
@@ -199,6 +240,8 @@ add_task(async function test_addon_normalinstalled() {
0,
"Addon should be able to be disabled."
);
+ await assertManagementAPIInstallType(addon.id, "admin");
+
await addon.uninstall();
});
@@ -290,6 +333,7 @@ add_task(async function test_addon_normalinstalled_file() {
0,
"Addon should be able to be disabled."
);
+ await assertManagementAPIInstallType(addon.id, "admin");
await addon.uninstall();
});
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
index f4440e53f5..c9231132c8 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
@@ -315,7 +315,7 @@ add_task(async function test_cookie_allow_session() {
);
});
-// This again seems out of places, but AutoLaunchProtocolsFromOrigins
+// This again seems out of place, but AutoLaunchProtocolsFromOrigins
// is all permissions.
add_task(async function test_autolaunchprotocolsfromorigins() {
await setupPolicyEngineWithJson({
@@ -337,7 +337,7 @@ add_task(async function test_autolaunchprotocolsfromorigins() {
);
});
-// This again seems out of places, but PasswordManagerExceptions
+// This again seems out of place, but PasswordManagerExceptions
// is all permissions.
add_task(async function test_passwordmanagerexceptions() {
await setupPolicyEngineWithJson({
@@ -353,3 +353,20 @@ add_task(async function test_passwordmanagerexceptions() {
Ci.nsIPermissionManager.DENY_ACTION
);
});
+
+// This again seems out of place, but HttpAllowlist
+// is all permissions.
+add_task(async function test_httpsonly_exceptions() {
+ await setupPolicyEngineWithJson({
+ policies: {
+ HttpAllowlist: ["https://http.example.com"],
+ },
+ });
+ equal(
+ PermissionTestUtils.testPermission(
+ URI("https://http.example.com"),
+ "https-only-load-insecure"
+ ),
+ Ci.nsIPermissionManager.ALLOW_ACTION
+ );
+});
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js b/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js
index c0952d0627..cfcb655777 100644
--- a/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_simple_pref_policies.js
@@ -657,13 +657,11 @@ const POLICIES_TESTS = [
{
policies: {
UserMessaging: {
- WhatsNew: false,
SkipOnboarding: true,
Locked: true,
},
},
lockedPrefs: {
- "browser.messaging-system.whatsNewPanel.enabled": false,
"browser.aboutwelcome.enabled": false,
},
},
@@ -1099,6 +1097,55 @@ const POLICIES_TESTS = [
"network.proxy.type": 5,
},
},
+
+ // POLICY: DisableEncryptedClientHello
+ {
+ policies: {
+ DisableEncryptedClientHello: true,
+ },
+ lockedPrefs: {
+ "network.dns.echconfig.enabled": false,
+ "network.dns.http3_echconfig.enabled": false,
+ },
+ },
+
+ // POLICY: PostQuantumKeyAgreementEnabled
+ {
+ policies: {
+ PostQuantumKeyAgreementEnabled: false,
+ },
+ lockedPrefs: {
+ "security.tls.enable_kyber": false,
+ },
+ },
+
+ // POLICY: HttpsOnlyMode
+ {
+ policies: {
+ HttpsOnlyMode: "enabled",
+ },
+ unlockedPrefs: {
+ "dom.security.https_only_mode": true,
+ },
+ },
+
+ {
+ policies: {
+ HttpsOnlyMode: "disallowed",
+ },
+ lockedPrefs: {
+ "dom.security.https_only_mode": false,
+ },
+ },
+
+ {
+ policies: {
+ HttpsOnlyMode: "force_enabled",
+ },
+ lockedPrefs: {
+ "dom.security.https_only_mode": true,
+ },
+ },
];
add_task(async function test_policy_simple_prefs() {