Bug 1189233 - Restricted profiles: Block access to about:config. r=ally
authorSebastian Kaspari <s.kaspari@gmail.com>
Fri, 31 Jul 2015 10:16:50 +0200
changeset 287275 2fad87d96b1939673af34fae1f7431f485ec2ee2
parent 287274 12855aeba4b75686e8772086994340a8cacae2a7
child 287276 3cbc0098142be3abcc71088925df76a92d5be626
push id5067
push userraliiev@mozilla.com
push dateMon, 21 Sep 2015 14:04:52 +0000
treeherdermozilla-beta@14221ffe5b2f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersally
bugs1189233
milestone42.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1189233 - Restricted profiles: Block access to about:config. r=ally
mobile/android/base/restrictions/RestrictedProfileConfiguration.java
--- a/mobile/android/base/restrictions/RestrictedProfileConfiguration.java
+++ b/mobile/android/base/restrictions/RestrictedProfileConfiguration.java
@@ -26,16 +26,17 @@ public class RestrictedProfileConfigurat
             Restriction.DISALLOW_PRIVATE_BROWSING,
             Restriction.DISALLOW_LOCATION_SERVICE,
             Restriction.DISALLOW_DISPLAY_SETTINGS,
             Restriction.DISALLOW_CLEAR_HISTORY
     );
 
     private static final String ABOUT_ADDONS = "about:addons";
     private static final String ABOUT_PRIVATE_BROWSING = "about:privatebrowsing";
+    private static final String ABOUT_CONFIG = "about:config";
 
     private Context context;
 
     public RestrictedProfileConfiguration(Context context) {
         this.context = context.getApplicationContext();
     }
 
     @Override
@@ -56,16 +57,21 @@ public class RestrictedProfileConfigurat
         if (!isAllowed(Restriction.DISALLOW_INSTALL_EXTENSION) && url.toLowerCase().startsWith(ABOUT_ADDONS)) {
             return false;
         }
 
         if (!isAllowed(Restriction.DISALLOW_PRIVATE_BROWSING) && url.toLowerCase().startsWith(ABOUT_PRIVATE_BROWSING)) {
             return false;
         }
 
+        if (url.toLowerCase().startsWith(ABOUT_CONFIG)) {
+            // Always block access to about:config to prevent circumventing restrictions (Bug 1189233)
+            return false;
+        }
+
         return true;
     }
 
     @Override
     public boolean isRestricted() {
         return true;
     }