Bug 1023266 - Make the Mobile ID API privileged. Part 1: Add mobileid permission. r=smaug, r=ehsan, a=lmandel
authorFernando Jiménez <ferjmoreno@gmail.com>
Fri, 27 Jun 2014 01:18:19 +0200
changeset 228576 2c0abc52701804ddc88a5757f6c251a60eabbdf7
parent 228575 4b5aae0fe6a1a228cee816ed232620ae3b8f6166
child 228577 d1302463099e15b1b795effdd3a3995c0f6643ae
push id6
push userryanvm@gmail.com
push dateMon, 12 Jan 2015 22:04:06 +0000
treeherdermozilla-b2g37_v2_2@895c8fc7b734 [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewerssmaug, ehsan, lmandel
bugs1023266
milestone32.0a2
Bug 1023266 - Make the Mobile ID API privileged. Part 1: Add mobileid permission. r=smaug, r=ehsan, a=lmandel
dom/apps/src/PermissionsTable.jsm
dom/base/Navigator.cpp
dom/base/Navigator.h
dom/webidl/Navigator.webidl
--- a/dom/apps/src/PermissionsTable.jsm
+++ b/dom/apps/src/PermissionsTable.jsm
@@ -326,16 +326,21 @@ this.PermissionsTable =  { geolocation: 
                              privileged: PROMPT_ACTION,
                              certified: ALLOW_ACTION
                            },
                            "feature-detection": {
                              app: DENY_ACTION,
                              privileged: ALLOW_ACTION,
                              certified: ALLOW_ACTION
                            },
+                           "mobileid": {
+                             app: DENY_ACTION,
+                             privileged: PROMPT_ACTION,
+                             certified: PROMPT_ACTION
+                           }
                          };
 
 /**
  * Append access modes to the permission name as suffixes.
  *   e.g. permission name 'contacts' with ['read', 'write'] =
  *   ['contacts-read', contacts-write']
  * @param string aPermName
  * @param array aAccess
--- a/dom/base/Navigator.cpp
+++ b/dom/base/Navigator.cpp
@@ -2358,16 +2358,41 @@ Navigator::HasNetworkStatsSupport(JSCont
 /* static */
 bool
 Navigator::HasFeatureDetectionSupport(JSContext* /* unused */, JSObject* aGlobal)
 {
   nsCOMPtr<nsPIDOMWindow> win = GetWindowFromGlobal(aGlobal);
   return CheckPermission(win, "feature-detection");
 }
 
+#ifdef MOZ_B2G
+/* static */
+bool
+Navigator::HasMobileIdSupport(JSContext* aCx, JSObject* aGlobal)
+{
+  nsCOMPtr<nsPIDOMWindow> win = GetWindowFromGlobal(aGlobal);
+  if (!win) {
+    return false;
+  }
+
+  nsIDocument* doc = win->GetExtantDoc();
+  if (!doc) {
+    return false;
+  }
+
+  nsIPrincipal* principal = doc->NodePrincipal();
+
+  nsCOMPtr<nsIPermissionManager> permMgr = services::GetPermissionManager();
+  NS_ENSURE_TRUE(permMgr, false);
+
+  uint32_t permission = nsIPermissionManager::UNKNOWN_ACTION;
+  permMgr->TestPermissionFromPrincipal(principal, "mobileid", &permission);
+  return permission != nsIPermissionManager::UNKNOWN_ACTION;
+}
+#endif
 
 /* static */
 already_AddRefed<nsPIDOMWindow>
 Navigator::GetWindowFromGlobal(JSObject* aGlobal)
 {
   nsCOMPtr<nsPIDOMWindow> win =
     do_QueryInterface(nsJSUtils::GetStaticScriptGlobal(aGlobal));
   MOZ_ASSERT(!win || win->IsInnerWindow());
--- a/dom/base/Navigator.h
+++ b/dom/base/Navigator.h
@@ -290,16 +290,20 @@ public:
   static bool HasDataStoreSupport(nsIPrincipal* aPrincipal);
 
   static bool HasDataStoreSupport(JSContext* cx, JSObject* aGlobal);
 
   static bool HasNetworkStatsSupport(JSContext* aCx, JSObject* aGlobal);
 
   static bool HasFeatureDetectionSupport(JSContext* aCx, JSObject* aGlobal);
 
+#ifdef MOZ_B2G
+  static bool HasMobileIdSupport(JSContext* aCx, JSObject* aGlobal);
+#endif
+
   nsPIDOMWindow* GetParentObject() const
   {
     return GetWindow();
   }
 
   virtual JSObject* WrapObject(JSContext* cx) MOZ_OVERRIDE;
 
 private:
--- a/dom/webidl/Navigator.webidl
+++ b/dom/webidl/Navigator.webidl
@@ -149,17 +149,20 @@ callback interface MozIdleObserver {
   readonly attribute unsigned long time;
   void onidle();
   void onactive();
 };
 
 #ifdef MOZ_B2G
 [NoInterfaceObject]
 interface NavigatorMobileId {
-    [Throws, NewObject]
+    // Ideally we would use [CheckPermissions] here, but the "mobileid"
+    // permission is set to PROMPT_ACTION and [CheckPermissions] only checks
+    // for ALLOW_ACTION.
+    [Throws, NewObject, Func="Navigator::HasMobileIdSupport"]
     Promise getMobileIdAssertion();
 };
 Navigator implements NavigatorMobileId;
 #endif // MOZ_B2G
 
 // nsIDOMNavigator
 partial interface Navigator {
   [Throws]