diff options
Diffstat (limited to 'browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js')
-rw-r--r-- | browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js | 355 |
1 files changed, 355 insertions, 0 deletions
diff --git a/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js new file mode 100644 index 0000000000..f4440e53f5 --- /dev/null +++ b/browser/components/enterprisepolicies/tests/xpcshell/test_permissions.js @@ -0,0 +1,355 @@ +/* Any copyright is dedicated to the Public Domain. + * http://creativecommons.org/publicdomain/zero/1.0/ */ + +"use strict"; + +function URI(str) { + return Services.io.newURI(str); +} + +add_task(async function test_setup_preexisting_permissions() { + // Pre-existing ALLOW permissions that should be overridden + // with DENY. + + // No ALLOW -> DENY override for popup and install permissions, + // because their policies only supports the Allow parameter. + + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "camera", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "microphone", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "geo", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "desktop-notification", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "autoplay-media", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-allow.com", + "xr", + Ci.nsIPermissionManager.ALLOW_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + // Pre-existing DENY permissions that should be overridden + // with ALLOW. + + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "camera", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "microphone", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "geo", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "desktop-notification", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "autoplay-media", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.pre-existing-deny.com", + "xr", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); +}); + +add_task(async function test_setup_activate_policies() { + await setupPolicyEngineWithJson({ + policies: { + Permissions: { + Camera: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + Microphone: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + Location: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + Notifications: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + Autoplay: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + VirtualReality: { + Allow: ["https://www.allow.com", "https://www.pre-existing-deny.com"], + Block: ["https://www.deny.com", "https://www.pre-existing-allow.com"], + }, + }, + }, + }); + equal( + Services.policies.status, + Ci.nsIEnterprisePolicies.ACTIVE, + "Engine is active" + ); +}); + +function checkPermission(url, expected, permissionName) { + let expectedValue = Ci.nsIPermissionManager[`${expected}_ACTION`]; + let uri = Services.io.newURI(`https://www.${url}`); + + equal( + PermissionTestUtils.testPermission(uri, permissionName), + expectedValue, + `Correct (${permissionName}=${expected}) for URL ${url}` + ); + + if (expected != "UNKNOWN") { + let permission = PermissionTestUtils.getPermissionObject( + uri, + permissionName, + true + ); + ok(permission, "Permission object exists"); + equal( + permission.expireType, + Ci.nsIPermissionManager.EXPIRE_POLICY, + "Permission expireType is correct" + ); + } +} + +function checkAllPermissionsForType(type, typeSupportsDeny = true) { + checkPermission("allow.com", "ALLOW", type); + checkPermission("unknown.com", "UNKNOWN", type); + checkPermission("pre-existing-deny.com", "ALLOW", type); + + if (typeSupportsDeny) { + checkPermission("deny.com", "DENY", type); + checkPermission("pre-existing-allow.com", "DENY", type); + } +} + +add_task(async function test_camera_policy() { + checkAllPermissionsForType("camera"); +}); + +add_task(async function test_microphone_policy() { + checkAllPermissionsForType("microphone"); +}); + +add_task(async function test_location_policy() { + checkAllPermissionsForType("geo"); +}); + +add_task(async function test_notifications_policy() { + checkAllPermissionsForType("desktop-notification"); +}); + +add_task(async function test_autoplay_policy() { + checkAllPermissionsForType("autoplay-media"); +}); + +add_task(async function test_xr_policy() { + checkAllPermissionsForType("xr"); +}); + +add_task(async function test_change_permission() { + // Checks that changing a permission will still retain the + // value set through the engine. + PermissionTestUtils.add( + "https://www.allow.com", + "camera", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "microphone", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "geo", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "desktop-notification", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "autoplay-media", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.allow.com", + "xr", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + + checkPermission("allow.com", "ALLOW", "camera"); + checkPermission("allow.com", "ALLOW", "microphone"); + checkPermission("allow.com", "ALLOW", "geo"); + checkPermission("allow.com", "ALLOW", "desktop-notification"); + checkPermission("allow.com", "ALLOW", "autoplay-media"); + checkPermission("allow.com", "ALLOW", "xr"); + + // Also change one un-managed permission to make sure it doesn't + // cause any problems to the policy engine or the permission manager. + PermissionTestUtils.add( + "https://www.unmanaged.com", + "camera", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "microphone", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "geo", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "desktop-notification", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "autoplay-media", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); + PermissionTestUtils.add( + "https://www.unmanaged.com", + "xr", + Ci.nsIPermissionManager.DENY_ACTION, + Ci.nsIPermissionManager.EXPIRE_SESSION + ); +}); + +add_task(async function test_setup_trackingprotection() { + await setupPolicyEngineWithJson({ + policies: { + EnableTrackingProtection: { + Exceptions: ["https://www.allow.com"], + }, + }, + }); + equal( + Services.policies.status, + Ci.nsIEnterprisePolicies.ACTIVE, + "Engine is active" + ); +}); + +add_task(async function test_trackingprotection() { + checkPermission("allow.com", "ALLOW", "trackingprotection"); +}); + +// This seems a little out of place, but it's really a cookie +// permission, not cookies per say. +add_task(async function test_cookie_allow_session() { + await setupPolicyEngineWithJson({ + policies: { + Cookies: { + AllowSession: ["https://allowsession.example.com"], + }, + }, + }); + equal( + PermissionTestUtils.testPermission( + URI("https://allowsession.example.com"), + "cookie" + ), + Ci.nsICookiePermission.ACCESS_SESSION + ); +}); + +// This again seems out of places, but AutoLaunchProtocolsFromOrigins +// is all permissions. +add_task(async function test_autolaunchprotocolsfromorigins() { + await setupPolicyEngineWithJson({ + policies: { + AutoLaunchProtocolsFromOrigins: [ + { + allowed_origins: ["https://allowsession.example.com"], + protocol: "test-protocol", + }, + ], + }, + }); + equal( + PermissionTestUtils.testPermission( + URI("https://allowsession.example.com"), + "open-protocol-handler^test-protocol" + ), + Ci.nsIPermissionManager.ALLOW_ACTION + ); +}); + +// This again seems out of places, but PasswordManagerExceptions +// is all permissions. +add_task(async function test_passwordmanagerexceptions() { + await setupPolicyEngineWithJson({ + policies: { + PasswordManagerExceptions: ["https://pwexception.example.com"], + }, + }); + equal( + PermissionTestUtils.testPermission( + URI("https://pwexception.example.com"), + "login-saving" + ), + Ci.nsIPermissionManager.DENY_ACTION + ); +}); |