Bug 1189414 - Restricted Profiles: Clean up missing and unneeded restrictions. r=ally
authorSebastian Kaspari <s.kaspari@gmail.com>
Thu, 06 Aug 2015 10:51:45 +0200
changeset 288244 7e98222202e4f9079cba2ccda07c624516d13a77
parent 288243 0557c248da59c0e4d3a0505d0936dc001d24d78e
child 288245 0cd73195817b22bf8d371fc9a5c81ffeb269459d
push id5067
push userraliiev@mozilla.com
push dateMon, 21 Sep 2015 14:04:52 +0000
treeherdermozilla-beta@14221ffe5b2f [default view] [failures only]
perfherder[talos] [build metrics] [platform microbench] (compared to previous push)
reviewersally
bugs1189414
milestone42.0a1
first release with
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
last release without
nightly linux32
nightly linux64
nightly mac
nightly win32
nightly win64
Bug 1189414 - Restricted Profiles: Clean up missing and unneeded restrictions. r=ally * Synchronize nsIParentalControlsService.idl and Restriction.java * Do not hide 'tools' menu but menu items of disabled features * Hiding 'Report site issue' should not be configurable * Restricted profiles: DISALLOW_INSTALL_APPS is a system restriction and should not be configurable * RestrictedProfileConfiguration: Use AboutPages
mobile/android/base/AboutPages.java
mobile/android/base/BrowserApp.java
mobile/android/base/locales/en-US/android_strings.dtd
mobile/android/base/restrictions/RestrictedProfileConfiguration.java
mobile/android/base/restrictions/Restriction.java
mobile/android/base/strings.xml.in
mobile/android/chrome/content/WebcompatReporter.js
toolkit/components/parentalcontrols/nsIParentalControlsService.idl
--- a/mobile/android/base/AboutPages.java
+++ b/mobile/android/base/AboutPages.java
@@ -45,21 +45,35 @@ public class AboutPages {
         // whether or not this URL is "about:home".
         return HOME.equals(url.split("\\?")[0]);
     }
 
     public static final String getPanelIdFromAboutHomeUrl(String aboutHomeUrl) {
         return StringUtils.getQueryParameter(aboutHomeUrl, PANEL_PARAM);
     }
 
-    public static final boolean isAboutReader(final String url) {
-        if (url == null) {
-            return false;
-        }
-        return url.startsWith(READER);
+    public static boolean isAboutReader(final String url) {
+        return isAboutPage(READER, url);
+    }
+
+    public static boolean isAboutConfig(final String url) {
+        return isAboutPage(CONFIG, url);
+    }
+
+    public static boolean isAboutAddons(final String url) {
+        return isAboutPage(ADDONS, url);
+    }
+
+    public static boolean isAboutPrivateBrowsing(final String url) {
+        return isAboutPage(PRIVATEBROWSING, url);
+    }
+
+    public static boolean isAboutPage(String page, String url) {
+        return url != null && url.toLowerCase().startsWith(page);
+
     }
 
     private static final String[] DEFAULT_ICON_PAGES = new String[] {
         ADDONS,
         CONFIG,
         DOWNLOADS,
         FIREFOX,
         HEALTHREPORT,
--- a/mobile/android/base/BrowserApp.java
+++ b/mobile/android/base/BrowserApp.java
@@ -3290,17 +3290,16 @@ public class BrowserApp extends GeckoApp
             }
         }
 
         // Disable share menuitem for about:, chrome:, file:, and resource: URIs
         final boolean shareVisible = RestrictedProfiles.isAllowed(this, Restriction.DISALLOW_SHARE);
         share.setVisible(shareVisible);
         final boolean shareEnabled = StringUtils.isShareableUrl(url) && shareVisible;
         share.setEnabled(shareEnabled);
-        MenuUtils.safeSetEnabled(aMenu, R.id.addons, RestrictedProfiles.isAllowed(this, Restriction.DISALLOW_INSTALL_EXTENSION));
         MenuUtils.safeSetEnabled(aMenu, R.id.downloads, RestrictedProfiles.isAllowed(this, Restriction.DISALLOW_DOWNLOADS));
 
         // NOTE: Use MenuUtils.safeSetEnabled because some actions might
         // be on the BrowserToolbar context menu.
         if (Versions.feature11Plus) {
             MenuUtils.safeSetEnabled(aMenu, R.id.page, !isAboutHome(tab));
         }
         MenuUtils.safeSetEnabled(aMenu, R.id.subscribe, tab.hasFeeds());
@@ -3355,20 +3354,16 @@ public class BrowserApp extends GeckoApp
 
                             shareIntent.putExtra("share_screenshot_uri", Uri.parse(outFile.getPath()));
                         }
                     }
                 }
             }
         }
 
-        // Hide tools menu if restriction is active
-        final boolean toolsVisible = RestrictedProfiles.isAllowed(this, Restriction.DISALLOW_TOOLS_MENU);
-        MenuUtils.safeSetVisible(aMenu, R.id.tools, toolsVisible);
-
         final boolean privateTabVisible = RestrictedProfiles.isAllowed(this, Restriction.DISALLOW_PRIVATE_BROWSING);
         MenuUtils.safeSetVisible(aMenu, R.id.new_private_tab, privateTabVisible);
 
         // Disable save as PDF for about:home and xul pages.
         saveAsPDF.setEnabled(!(isAboutHome(tab) ||
                                tab.getContentType().equals("application/vnd.mozilla.xul+xml") ||
                                tab.getContentType().startsWith("video/")));
 
@@ -3378,16 +3373,24 @@ public class BrowserApp extends GeckoApp
         charEncoding.setVisible(GeckoPreferences.getCharEncodingState());
 
         if (mProfile.inGuestMode()) {
             exitGuestMode.setVisible(true);
         } else {
             enterGuestMode.setVisible(true);
         }
 
+        if (!RestrictedProfiles.isAllowed(this, Restriction.DISALLOW_GUEST_BROWSING)) {
+            MenuUtils.safeSetVisible(aMenu, R.id.new_guest_session, false);
+        }
+
+        if (!RestrictedProfiles.isAllowed(this, Restriction.DISALLOW_INSTALL_EXTENSION)) {
+            MenuUtils.safeSetVisible(aMenu, R.id.addons, false);
+        }
+
         return true;
     }
 
     private int resolveBookmarkIconID(final boolean isBookmark) {
         if (isBookmark) {
             return R.drawable.ic_menu_bookmark_remove;
         } else {
             return R.drawable.ic_menu_bookmark_add;
--- a/mobile/android/base/locales/en-US/android_strings.dtd
+++ b/mobile/android/base/locales/en-US/android_strings.dtd
@@ -687,30 +687,29 @@ just addresses the organization to follo
      code. -->
 <!ENTITY devtools_auth_scan_header "Scanning for the QR code displayed on your other device">
 
 <!-- Restrictions -->
 <!-- Localization note: These are restrictions the device owner (e.g. parent) can enable for
      a restricted profile (e.g. child). Used inside the Android settings UI. -->
 <!ENTITY restriction_disallow_tools_menu_title "Disallow Tools menu">
 <!ENTITY restriction_disallow_tools_menu_description "Hide Tools menu from UI.">
-<!ENTITY restriction_disallow_report_site_issue_title "Disallow \'Report site issue\'">
-<!ENTITY restriction_disallow_report_site_issue_description "Hide \'Report site issue\' menu item.">
 <!ENTITY restriction_disallow_import_settings_title "Disallow importing settings">
 <!ENTITY restriction_disallow_import_settings_description "Do not allow to import settings from other system browsers.">
 <!ENTITY restriction_disallow_addons_title "Disallow add-ons">
 <!ENTITY restriction_disallow_addons_description "Disallow installation of add-ons.">
-<!ENTITY restriction_disallow_apps_title "Disallow apps">
-<!ENTITY restriction_disallow_apps_description "Disallow installing apps from Firefox Marketplace.">
 <!ENTITY restriction_disallow_devtools_title "Disallow developer tools">
 <!ENTITY restriction_disallow_devtools_description "Disallow usage of developer tools.">
 <!ENTITY restriction_disallow_customize_home_title "Disallow customizing home">
 <!ENTITY restriction_disallow_customize_home_description "Disallow customizing home panels.">
 <!ENTITY restriction_disallow_private_browsing_title "Disallow private browsing">
 <!ENTITY restriction_disallow_private_browsing_description "Disallow private browsing mode.">
 <!ENTITY restriction_disallow_location_services_title "Disallow location services">
 <!ENTITY restriction_disallow_location_services_description "Disallow sharing of location data to improve geolocation service.">
 <!ENTITY restriction_disallow_display_settings_title "Disallow display settings">
 <!ENTITY restriction_disallow_display_settings_description "Disallow changing of advanced display settings.">
 <!ENTITY restriction_disallow_clear_history_title "Disallow clearing history">
 <!ENTITY restriction_disallow_clear_history_description "Disallow clearing of browser history.">
 <!ENTITY restriction_disallow_master_password_title "Disallow master password">
 <!ENTITY restriction_disallow_master_password_description "Disallow setting a master password for logins.">
+<!ENTITY restriction_disallow_guest_browsing_title "Disallow guest browsing">
+<!ENTITY restriction_disallow_guest_browsing_description "Disallow guest browsing mode.">
+
--- a/mobile/android/base/restrictions/RestrictedProfileConfiguration.java
+++ b/mobile/android/base/restrictions/RestrictedProfileConfiguration.java
@@ -1,44 +1,40 @@
 /* -*- Mode: Java; c-basic-offset: 4; tab-width: 4; indent-tabs-mode: nil; -*-
  * This Source Code Form is subject to the terms of the Mozilla Public
  * License, v. 2.0. If a copy of the MPL was not distributed with this
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 package org.mozilla.gecko.restrictions;
 
+import org.mozilla.gecko.AboutPages;
+
 import android.annotation.TargetApi;
 import android.content.Context;
 import android.os.Build;
 import android.os.Bundle;
 import android.os.UserManager;
 
 import java.util.Arrays;
 import java.util.List;
 
 public class RestrictedProfileConfiguration implements RestrictionConfiguration {
     static List<Restriction> DEFAULT_RESTRICTIONS = Arrays.asList(
             Restriction.DISALLOW_INSTALL_EXTENSION,
-            Restriction.DISALLOW_INSTALL_APPS,
-            Restriction.DISALLOW_TOOLS_MENU,
-            Restriction.DISALLOW_REPORT_SITE_ISSUE,
             Restriction.DISALLOW_IMPORT_SETTINGS,
             Restriction.DISALLOW_DEVELOPER_TOOLS,
             Restriction.DISALLOW_CUSTOMIZE_HOME,
             Restriction.DISALLOW_PRIVATE_BROWSING,
             Restriction.DISALLOW_LOCATION_SERVICE,
             Restriction.DISALLOW_DISPLAY_SETTINGS,
             Restriction.DISALLOW_CLEAR_HISTORY,
-            Restriction.DISALLOW_MASTER_PASSWORD
+            Restriction.DISALLOW_MASTER_PASSWORD,
+            Restriction.DISALLOW_GUEST_BROWSING
     );
 
-    private static final String ABOUT_ADDONS = "about:addons";
-    private static final String ABOUT_PRIVATE_BROWSING = "about:privatebrowsing";
-    private static final String ABOUT_CONFIG = "about:config";
-
     private Context context;
 
     public RestrictedProfileConfiguration(Context context) {
         this.context = context.getApplicationContext();
     }
 
     @Override
     public boolean isAllowed(Restriction restriction) {
@@ -50,25 +46,25 @@ public class RestrictedProfileConfigurat
             isAllowed = !getUserRestrictions(context).getBoolean(restriction.name, false);
         }
 
         return isAllowed;
     }
 
     @Override
     public boolean canLoadUrl(String url) {
-        if (!isAllowed(Restriction.DISALLOW_INSTALL_EXTENSION) && url.toLowerCase().startsWith(ABOUT_ADDONS)) {
+        if (!isAllowed(Restriction.DISALLOW_INSTALL_EXTENSION) && AboutPages.isAboutAddons(url)) {
             return false;
         }
 
-        if (!isAllowed(Restriction.DISALLOW_PRIVATE_BROWSING) && url.toLowerCase().startsWith(ABOUT_PRIVATE_BROWSING)) {
+        if (!isAllowed(Restriction.DISALLOW_PRIVATE_BROWSING) && AboutPages.isAboutPrivateBrowsing(url)) {
             return false;
         }
 
-        if (url.toLowerCase().startsWith(ABOUT_CONFIG)) {
+        if (AboutPages.isAboutConfig(url)) {
             // Always block access to about:config to prevent circumventing restrictions (Bug 1189233)
             return false;
         }
 
         return true;
     }
 
     @Override
--- a/mobile/android/base/restrictions/Restriction.java
+++ b/mobile/android/base/restrictions/Restriction.java
@@ -20,19 +20,17 @@ public enum Restriction {
 
     DISALLOW_INSTALL_EXTENSION(
             2, "no_install_extensions",
             R.string.restriction_disallow_addons_title,
             R.string.restriction_disallow_addons_description),
 
     // UserManager.DISALLOW_INSTALL_APPS
     DISALLOW_INSTALL_APPS(
-            3, "no_install_apps",
-            R.string.restriction_disallow_apps_title,
-            R.string.restriction_disallow_apps_description),
+            3, "no_install_apps", 0, 0),
 
     DISALLOW_BROWSE_FILES(
             4, "no_browse_files", 0, 0),
 
     DISALLOW_SHARE(
             5, "no_share", 0, 0),
 
     DISALLOW_BOOKMARK(
@@ -51,68 +49,65 @@ public enum Restriction {
     DISALLOW_REMOTE_DEBUGGING(
             10, "no_remote_debugging", 0, 0),
 
     DISALLOW_IMPORT_SETTINGS(
             11, "no_import_settings",
             R.string.restriction_disallow_import_settings_title,
             R.string.restriction_disallow_import_settings_description),
 
-    DISALLOW_TOOLS_MENU(
-            12, "no_tools_menu",
-            R.string.restriction_disallow_tools_menu_title,
-            R.string.restriction_disallow_tools_menu_description),
-
-    DISALLOW_REPORT_SITE_ISSUE(
-            13, "no_report_site_issue",
-            R.string.restriction_disallow_report_site_issue_title,
-            R.string.restriction_disallow_report_site_issue_description),
-
     DISALLOW_DEVELOPER_TOOLS(
-            14, "no_developer_tools",
+            12, "no_developer_tools",
             R.string.restriction_disallow_devtools_title,
             R.string.restriction_disallow_devtools_description
     ),
 
     DISALLOW_CUSTOMIZE_HOME(
-            15, "no_customize_home",
+            13, "no_customize_home",
             R.string.restriction_disallow_customize_home_title,
             R.string.restriction_disallow_customize_home_description
     ),
 
     DISALLOW_PRIVATE_BROWSING(
-            16, "no_private_browsing",
+            14, "no_private_browsing",
             R.string.restriction_disallow_private_browsing_title,
             R.string.restriction_disallow_private_browsing_description
     ),
 
     DISALLOW_LOCATION_SERVICE(
-            17, "no_location_service",
+            15, "no_location_service",
             R.string.restriction_disallow_location_services_title,
             R.string.restriction_disallow_location_services_description
     ),
 
     DISALLOW_DISPLAY_SETTINGS(
-            18, "no_display_settings",
+            16, "no_display_settings",
             R.string.restriction_disallow_display_settings_title,
             R.string.restriction_disallow_display_settings_description
     ),
 
     DISALLOW_CLEAR_HISTORY(
-            19, "no_clear_history",
+            17, "no_clear_history",
             R.string.restriction_disallow_clear_history_title,
             R.string.restriction_disallow_clear_history_description
     ),
 
     DISALLOW_MASTER_PASSWORD(
-            20, "no_master_password",
+            18, "no_master_password",
             R.string.restriction_disallow_master_password_title,
             R.string.restriction_disallow_master_password_description
+    ),
+
+    DISALLOW_GUEST_BROWSING(
+            19, "no_guest_browsing",
+            R.string.restriction_disallow_guest_browsing_title,
+            R.string.restriction_disallow_guest_browsing_description
     );
 
+
     public final int id;
     public final String name;
     public final int titleResource;
     public final int descriptionResource;
 
     Restriction(final int id, final String name, int titleResource, int descriptionResource) {
         this.id = id;
         this.name = name;
--- a/mobile/android/base/strings.xml.in
+++ b/mobile/android/base/strings.xml.in
@@ -541,38 +541,36 @@
   <string name="actionbar_done">&actionbar_done;</string>
 
   <!-- Voice search from the Awesome Bar -->
   <string name="voicesearch_prompt">&voicesearch_prompt;</string>
 
   <!-- Restrictions -->
   <string name="restriction_disallow_tools_menu_title">&restriction_disallow_tools_menu_title;</string>
   <string name="restriction_disallow_tools_menu_description">&restriction_disallow_tools_menu_description;</string>
-  <string name="restriction_disallow_report_site_issue_title">&restriction_disallow_report_site_issue_title;</string>
-  <string name="restriction_disallow_report_site_issue_description">&restriction_disallow_report_site_issue_description;</string>
   <string name="restriction_disallow_import_settings_title">&restriction_disallow_import_settings_title;</string>
   <string name="restriction_disallow_import_settings_description">&restriction_disallow_import_settings_description;</string>
   <string name="restriction_disallow_addons_title">&restriction_disallow_addons_title;</string>
   <string name="restriction_disallow_addons_description">&restriction_disallow_addons_description;</string>
-  <string name="restriction_disallow_apps_title">&restriction_disallow_apps_title;</string>
-  <string name="restriction_disallow_apps_description">&restriction_disallow_apps_description;</string>
   <string name="restriction_disallow_devtools_title">&restriction_disallow_devtools_title;</string>
   <string name="restriction_disallow_devtools_description">&restriction_disallow_devtools_description;</string>
   <string name="restriction_disallow_customize_home_title">&restriction_disallow_customize_home_title;</string>
   <string name="restriction_disallow_customize_home_description">&restriction_disallow_customize_home_description;</string>
   <string name="restriction_disallow_private_browsing_title">&restriction_disallow_private_browsing_title;</string>
   <string name="restriction_disallow_private_browsing_description">&restriction_disallow_private_browsing_description;</string>
   <string name="restriction_disallow_location_services_title">&restriction_disallow_location_services_title;</string>
   <string name="restriction_disallow_location_services_description">&restriction_disallow_location_services_description;</string>
   <string name="restriction_disallow_display_settings_title">&restriction_disallow_display_settings_title;</string>
   <string name="restriction_disallow_display_settings_description">&restriction_disallow_display_settings_description;</string>
   <string name="restriction_disallow_clear_history_title">&restriction_disallow_clear_history_title;</string>
   <string name="restriction_disallow_clear_history_description">&restriction_disallow_clear_history_description;</string>
   <string name="restriction_disallow_master_password_title">&restriction_disallow_master_password_title;</string>
   <string name="restriction_disallow_master_password_description">&restriction_disallow_master_password_description;</string>
+  <string name="restriction_disallow_guest_browsing_title">&restriction_disallow_guest_browsing_title;</string>
+  <string name="restriction_disallow_guest_browsing_description">&restriction_disallow_guest_browsing_description;</string>
 
   <!-- Miscellaneous -->
   <string name="ellipsis">&ellipsis;</string>
 
   <string name="colon">&colon;</string>
 
   <string name="percent">&percent;</string>
 
--- a/mobile/android/chrome/content/WebcompatReporter.js
+++ b/mobile/android/chrome/content/WebcompatReporter.js
@@ -16,17 +16,17 @@ var WebcompatReporter = {
   init: function() {
     Services.obs.addObserver(this, "DesktopMode:Change", false);
     Services.obs.addObserver(this, "chrome-document-global-created", false);
     Services.obs.addObserver(this, "content-document-global-created", false);
 
     let visible = true;
     if ("@mozilla.org/parental-controls-service;1" in Cc) {
       let pc = Cc["@mozilla.org/parental-controls-service;1"].createInstance(Ci.nsIParentalControlsService);
-      visible = pc.isAllowed(Ci.nsIParentalControlsService.REPORT_SITE_ISSUE);
+      visible = !pc.parentalControlsEnabled;
     }
 
     this.addMenuItem(visible);
   },
 
   observe: function(subject, topic, data) {
     if (topic == "content-document-global-created" || topic == "chrome-document-global-created") {
       let win = subject;
--- a/toolkit/components/parentalcontrols/nsIParentalControlsService.idl
+++ b/toolkit/components/parentalcontrols/nsIParentalControlsService.idl
@@ -6,40 +6,41 @@
 
 #include "nsISupports.idl"
 
 interface nsIURI;
 interface nsIFile;
 interface nsIInterfaceRequestor;
 interface nsIArray;
 
-[scriptable, uuid(30ff7af7-ae52-4bd6-88c0-4a8ce4f37bdc)]
+[scriptable, uuid(ed14d186-e902-4d41-86cb-8949fd7b53d7)]
 interface nsIParentalControlsService : nsISupports
 {
   /**
    * Action types that can be blocked for users.
    */
   const short DOWNLOAD = 1; // Downloading files
   const short INSTALL_EXTENSION = 2; // Installing extensions
   const short INSTALL_APP = 3; // Installing webapps
   const short VISIT_FILE_URLS = 4; // Opening file:/// urls
   const short SHARE = 5; // Sharing
   const short BOOKMARK = 6; // Creating bookmarks
   const short ADD_CONTACT = 7; // Add contacts to the system database
   const short SET_IMAGE = 8; // Setting images as wall paper
   const short MODIFY_ACCOUNTS = 9; // Modifying system accounts
   const short REMOTE_DEBUGGING = 10; // Remote debugging
   const short IMPORT_SETTINGS = 11; // Importing settings from other apps
-  const short TOOLS_MENU = 12; // Hide tools menu entry
-  const short REPORT_SITE_ISSUE = 13; // Hide "Report Site Issue" menu entry
-  const short PRIVATE_BROWSING = 16; // Disallow usage of private browsing
-  const short LOCATION_SERVICE = 17; // Sharing of location data to location service
-  const short DISPLAY_SETTINGS = 18; // Website display settings
-  const short CLEAR_HISTORY = 19; // Clear browsing history
-  const short MASTER_PASSWORD = 20; // Setting master password for logins
+  const short DEVELOPER_TOOLS = 12; // Web developer tools
+  const short CUSTOMIZE_HOME = 13; // Customizing home panels
+  const short PRIVATE_BROWSING = 14; // Disallow usage of private browsing
+  const short LOCATION_SERVICE = 15; // Sharing of location data to location service
+  const short DISPLAY_SETTINGS = 16; // Website display settings
+  const short CLEAR_HISTORY = 17; // Clear browsing history
+  const short MASTER_PASSWORD = 18; // Setting master password for logins
+  const short GUEST_BROWSING = 19; // Disallow usage of guest browsing
 
   /**
    * @returns true if the current user account has parental controls
    * restrictions enabled.
    */
   readonly attribute boolean parentalControlsEnabled;
 
   /**