Bug 1080304 - Reject RestrictedProfiles.isAllowed calls for unknown actions. r=mfinkle
authorRichard Newman <rnewman@mozilla.com>
Thu, 09 Oct 2014 08:23:55 -0700
changeset 209689 4b9e08526336f83f305cbdc85e93da7ce8401dfa
parent 209688 75f9efa43bb4390881c54dea2188f13408e5d64e
child 209690 82df8ad2c609a2e5411330eef7954fd36f2aa3d7
push id27622
push userkwierso@gmail.com
push dateFri, 10 Oct 2014 04:19:07 +0000
treeherdermozilla-central@b91b22431613 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersmfinkle
bugs1080304
milestone35.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1080304 - Reject RestrictedProfiles.isAllowed calls for unknown actions. r=mfinkle
mobile/android/base/RestrictedProfiles.java
--- a/mobile/android/base/RestrictedProfiles.java
+++ b/mobile/android/base/RestrictedProfiles.java
@@ -1,31 +1,27 @@
 /* -*- Mode: Java; c-basic-offset: 4; tab-width: 4; indent-tabs-mode: nil; -*-
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 package org.mozilla.gecko;
 
-import java.util.Set;
-
-import org.json.JSONException;
-import org.json.JSONObject;
-
-import java.lang.StringBuilder;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.HashSet;
-
+import java.util.Set;
+import org.json.JSONException;
+import org.json.JSONObject;
+import org.mozilla.gecko.AppConstants.Versions;
 import org.mozilla.gecko.mozglue.RobocopTarget;
-import org.mozilla.gecko.AppConstants.Versions;
 import org.mozilla.gecko.mozglue.generatorannotations.WrapElementForJNI;
-
+import android.annotation.TargetApi;
 import android.content.Context;
 import android.net.Uri;
+import android.os.Build;
 import android.os.Bundle;
 import android.os.UserManager;
 import android.util.Log;
 
 @RobocopTarget
 public class RestrictedProfiles {
     private static final String LOGTAG = "GeckoRestrictedProfiles";
 
@@ -82,57 +78,77 @@ public class RestrictedProfiles {
             if (rest.id == action) {
                 return rest;
             }
         }
 
         throw new IllegalArgumentException("Unknown action " + action);
     }
 
+    @TargetApi(Build.VERSION_CODES.JELLY_BEAN_MR1)
     @RobocopTarget
     private static Bundle getRestrictions() {
         final UserManager mgr = (UserManager) GeckoAppShell.getContext().getSystemService(Context.USER_SERVICE);
         return mgr.getUserRestrictions();
     }
 
+    /**
+     * This method does the system version check for you.
+     *
+     * Returns false if the system doesn't support restrictions,
+     * or the provided value is not present in the set of user
+     * restrictions.
+     *
+     * Returns true otherwise.
+     */
+    private static boolean getRestriction(final String name) {
+        // Early versions don't support restrictions at all,
+        // so no action can be restricted.
+        if (Versions.preJBMR2) {
+            return false;
+        }
+
+        return getRestrictions().getBoolean(name, false);
+    }
+
     private static boolean canLoadUrl(final String url) {
-        // Null urls are always allowed
+        // Null URLs are always permitted.
         if (url == null) {
             return true;
         }
 
         try {
             // If we're not in guest mode, and the system restriction isn't in place, everything is allowed.
             if (!getInGuest() &&
-                !getRestrictions().getBoolean(Restriction.DISALLOW_BROWSE_FILES.name, false)) {
+                !getRestriction(Restriction.DISALLOW_BROWSE_FILES.name)) {
                 return true;
             }
-        } catch(IllegalArgumentException ex) {
+        } catch (IllegalArgumentException ex) {
             Log.i(LOGTAG, "Invalid action", ex);
         }
 
         final Uri u = Uri.parse(url);
         final String scheme = u.getScheme();
         if (BANNED_SCHEMES.contains(scheme)) {
             return false;
         }
 
         for (String banned : BANNED_URLS) {
             if (url.startsWith(banned)) {
                 return false;
             }
         }
 
-        // TODO: The UserManager should support blacklisting urls by the device owner.
+        // TODO: The UserManager should support blacklisting URLs by the device owner.
         return true;
     }
 
     @WrapElementForJNI
     public static boolean isUserRestricted() {
-        // Guest mode is supported in all Android versions
+        // Guest mode is supported in all Android versions.
         if (getInGuest()) {
             return true;
         }
 
         if (Versions.preJBMR2) {
             return false;
         }
 
@@ -140,44 +156,37 @@ public class RestrictedProfiles {
     }
 
     public static boolean isAllowed(Restriction action) {
         return isAllowed(action.id, null);
     }
 
     @WrapElementForJNI
     public static boolean isAllowed(int action, String url) {
+        // Guest users can't do anything.
+        if (getInGuest()) {
+            return false;
+        }
+
         final Restriction restriction;
         try {
             restriction = geckoActionToRestriction(action);
-        } catch(IllegalArgumentException ex) {
-            return true;
+        } catch (IllegalArgumentException ex) {
+            // Unknown actions represent a coding error, so we
+            // refuse the action and log.
+            Log.e(LOGTAG, "Unknown action " + action + "; check calling code.");
+            return false;
         }
 
         if (Restriction.DISALLOW_BROWSE_FILES == restriction) {
             return canLoadUrl(url);
         }
 
-        // ALl actions are blocked in Guest mode
-        if (getInGuest()) {
-            return false;
-        }
-
-        if (Versions.preJBMR2) {
-            return true;
-        }
-
-        try {
-            // NOTE: Restrictions hold the opposite intention, so we need to flip it
-            return !getRestrictions().getBoolean(restriction.name, false);
-        } catch(IllegalArgumentException ex) {
-            Log.i(LOGTAG, "Invalid action", ex);
-        }
-
-        return true;
+        // NOTE: Restrictions hold the opposite intention, so we need to flip it.
+        return !getRestriction(restriction.name);
     }
 
     @WrapElementForJNI
     public static String getUserRestrictions() {
         // Guest mode is supported in all Android versions
         if (getInGuest()) {
             StringBuilder builder = new StringBuilder("{ ");