summaryrefslogtreecommitdiffstats
path: root/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 17:32:43 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-07 17:32:43 +0000
commit6bf0a5cb5034a7e684dcc3500e841785237ce2dd (patch)
treea68f146d7fa01f0134297619fbe7e33db084e0aa /browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
parentInitial commit. (diff)
downloadthunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.tar.xz
thunderbird-6bf0a5cb5034a7e684dcc3500e841785237ce2dd.zip
Adding upstream version 1:115.7.0.upstream/1%115.7.0upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js')
-rw-r--r--browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js355
1 files changed, 355 insertions, 0 deletions
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
new file mode 100644
index 0000000000..f4440e53f5
--- /dev/null
+++ b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js
@@ -0,0 +1,355 @@
+/* Any copyright is dedicated to the Public Domain.
+ * http://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+function URI(str) {
+ return Services.io.newURI(str);
+}
+
+add_task(async function test_setup_preexisting_permissions() {
+ // Pre-existing ALLOW permissions that should be overridden
+ // with DENY.
+
+ // No ALLOW -> DENY override for popup and install permissions,
+ // because their policies only supports the Allow parameter.
+
+ PermissionTestUtils.add(
+ "https://www.pre-existing-allow.com",
+ "camera",
+ Ci.nsIPermissionManager.ALLOW_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-allow.com",
+ "microphone",
+ Ci.nsIPermissionManager.ALLOW_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-allow.com",
+ "geo",
+ Ci.nsIPermissionManager.ALLOW_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-allow.com",
+ "desktop-notification",
+ Ci.nsIPermissionManager.ALLOW_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-allow.com",
+ "autoplay-media",
+ Ci.nsIPermissionManager.ALLOW_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-allow.com",
+ "xr",
+ Ci.nsIPermissionManager.ALLOW_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+
+ // Pre-existing DENY permissions that should be overridden
+ // with ALLOW.
+
+ PermissionTestUtils.add(
+ "https://www.pre-existing-deny.com",
+ "camera",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-deny.com",
+ "microphone",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-deny.com",
+ "geo",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-deny.com",
+ "desktop-notification",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-deny.com",
+ "autoplay-media",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.pre-existing-deny.com",
+ "xr",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+});
+
+add_task(async function test_setup_activate_policies() {
+ await setupPolicyEngineWithJson({
+ policies: {
+ Permissions: {
+ Camera: {
+ Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"],
+ Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"],
+ },
+ Microphone: {
+ Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"],
+ Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"],
+ },
+ Location: {
+ Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"],
+ Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"],
+ },
+ Notifications: {
+ Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"],
+ Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"],
+ },
+ Autoplay: {
+ Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"],
+ Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"],
+ },
+ VirtualReality: {
+ Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"],
+ Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"],
+ },
+ },
+ },
+ });
+ equal(
+ Services.policies.status,
+ Ci.nsIEnterprisePolicies.ACTIVE,
+ "Engine is active"
+ );
+});
+
+function checkPermission(url, expected, permissionName) {
+ let expectedValue = Ci.nsIPermissionManager[`${expected}_ACTION`];
+ let uri = Services.io.newURI(`https://www.${url}`);
+
+ equal(
+ PermissionTestUtils.testPermission(uri, permissionName),
+ expectedValue,
+ `Correct (${permissionName}=${expected}) for URL ${url}`
+ );
+
+ if (expected != "UNKNOWN") {
+ let permission = PermissionTestUtils.getPermissionObject(
+ uri,
+ permissionName,
+ true
+ );
+ ok(permission, "Permission object exists");
+ equal(
+ permission.expireType,
+ Ci.nsIPermissionManager.EXPIRE_POLICY,
+ "Permission expireType is correct"
+ );
+ }
+}
+
+function checkAllPermissionsForType(type, typeSupportsDeny = true) {
+ checkPermission("allow.com", "ALLOW", type);
+ checkPermission("unknown.com", "UNKNOWN", type);
+ checkPermission("pre-existing-deny.com", "ALLOW", type);
+
+ if (typeSupportsDeny) {
+ checkPermission("deny.com", "DENY", type);
+ checkPermission("pre-existing-allow.com", "DENY", type);
+ }
+}
+
+add_task(async function test_camera_policy() {
+ checkAllPermissionsForType("camera");
+});
+
+add_task(async function test_microphone_policy() {
+ checkAllPermissionsForType("microphone");
+});
+
+add_task(async function test_location_policy() {
+ checkAllPermissionsForType("geo");
+});
+
+add_task(async function test_notifications_policy() {
+ checkAllPermissionsForType("desktop-notification");
+});
+
+add_task(async function test_autoplay_policy() {
+ checkAllPermissionsForType("autoplay-media");
+});
+
+add_task(async function test_xr_policy() {
+ checkAllPermissionsForType("xr");
+});
+
+add_task(async function test_change_permission() {
+ // Checks that changing a permission will still retain the
+ // value set through the engine.
+ PermissionTestUtils.add(
+ "https://www.allow.com",
+ "camera",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.allow.com",
+ "microphone",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.allow.com",
+ "geo",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.allow.com",
+ "desktop-notification",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.allow.com",
+ "autoplay-media",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.allow.com",
+ "xr",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+
+ checkPermission("allow.com", "ALLOW", "camera");
+ checkPermission("allow.com", "ALLOW", "microphone");
+ checkPermission("allow.com", "ALLOW", "geo");
+ checkPermission("allow.com", "ALLOW", "desktop-notification");
+ checkPermission("allow.com", "ALLOW", "autoplay-media");
+ checkPermission("allow.com", "ALLOW", "xr");
+
+ // Also change one un-managed permission to make sure it doesn't
+ // cause any problems to the policy engine or the permission manager.
+ PermissionTestUtils.add(
+ "https://www.unmanaged.com",
+ "camera",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.unmanaged.com",
+ "microphone",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.unmanaged.com",
+ "geo",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.unmanaged.com",
+ "desktop-notification",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.unmanaged.com",
+ "autoplay-media",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+ PermissionTestUtils.add(
+ "https://www.unmanaged.com",
+ "xr",
+ Ci.nsIPermissionManager.DENY_ACTION,
+ Ci.nsIPermissionManager.EXPIRE_SESSION
+ );
+});
+
+add_task(async function test_setup_trackingprotection() {
+ await setupPolicyEngineWithJson({
+ policies: {
+ EnableTrackingProtection: {
+ Exceptions: ["https://www.allow.com"],
+ },
+ },
+ });
+ equal(
+ Services.policies.status,
+ Ci.nsIEnterprisePolicies.ACTIVE,
+ "Engine is active"
+ );
+});
+
+add_task(async function test_trackingprotection() {
+ checkPermission("allow.com", "ALLOW", "trackingprotection");
+});
+
+// This seems a little out of place, but it's really a cookie
+// permission, not cookies per say.
+add_task(async function test_cookie_allow_session() {
+ await setupPolicyEngineWithJson({
+ policies: {
+ Cookies: {
+ AllowSession: ["https://allowsession.example.com"],
+ },
+ },
+ });
+ equal(
+ PermissionTestUtils.testPermission(
+ URI("https://allowsession.example.com"),
+ "cookie"
+ ),
+ Ci.nsICookiePermission.ACCESS_SESSION
+ );
+});
+
+// This again seems out of places, but AutoLaunchProtocolsFromOrigins
+// is all permissions.
+add_task(async function test_autolaunchprotocolsfromorigins() {
+ await setupPolicyEngineWithJson({
+ policies: {
+ AutoLaunchProtocolsFromOrigins: [
+ {
+ allowed_origins: ["https://allowsession.example.com"],
+ protocol: "test-protocol",
+ },
+ ],
+ },
+ });
+ equal(
+ PermissionTestUtils.testPermission(
+ URI("https://allowsession.example.com"),
+ "open-protocol-handler^test-protocol"
+ ),
+ Ci.nsIPermissionManager.ALLOW_ACTION
+ );
+});
+
+// This again seems out of places, but PasswordManagerExceptions
+// is all permissions.
+add_task(async function test_passwordmanagerexceptions() {
+ await setupPolicyEngineWithJson({
+ policies: {
+ PasswordManagerExceptions: ["https://pwexception.example.com"],
+ },
+ });
+ equal(
+ PermissionTestUtils.testPermission(
+ URI("https://pwexception.example.com"),
+ "login-saving"
+ ),
+ Ci.nsIPermissionManager.DENY_ACTION
+ );
+});