diff -r c62859a2fd22 -r ca988be0905b old/gecko-lockdown.patch --- a/old/gecko-lockdown.patch Wed Dec 16 07:34:53 2009 +0100 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,319 +0,0 @@ -From: Robert O'Callahan -Subject: Lockdown feature for Gecko -References: - - -Index: extensions/cookie/nsCookiePermission.cpp -=================================================================== ---- extensions/cookie/nsCookiePermission.cpp.orig -+++ extensions/cookie/nsCookiePermission.cpp -@@ -86,6 +86,7 @@ static const char kCookiesPrefsMigrated[ - // obsolete pref names for migration - static const char kCookiesLifetimeEnabled[] = "network.cookie.lifetime.enabled"; - static const char kCookiesLifetimeBehavior[] = "network.cookie.lifetime.behavior"; -+static const char kCookiesHonorExceptions[] = "network.cookie.honorExceptions"; - static const char kCookiesAskPermission[] = "network.cookie.warnAboutCookies"; - - static const char kPermissionType[] = "cookie"; -@@ -125,6 +126,7 @@ nsCookiePermission::Init() - prefBranch->AddObserver(kCookiesLifetimePolicy, this, PR_FALSE); - prefBranch->AddObserver(kCookiesLifetimeDays, this, PR_FALSE); - prefBranch->AddObserver(kCookiesAlwaysAcceptSession, this, PR_FALSE); -+ prefBranch->AddObserver(kCookiesHonorExceptions, this, PR_FALSE); - #ifdef MOZ_MAIL_NEWS - prefBranch->AddObserver(kCookiesDisabledForMailNews, this, PR_FALSE); - #endif -@@ -182,6 +184,10 @@ nsCookiePermission::PrefChanged(nsIPrefB - NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesAlwaysAcceptSession, &val))) - mCookiesAlwaysAcceptSession = val; - -+ if (PREF_CHANGED(kCookiesHonorExceptions) && -+ NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesHonorExceptions, &val))) -+ mCookiesHonorExceptions = val; -+ - #ifdef MOZ_MAIL_NEWS - if (PREF_CHANGED(kCookiesDisabledForMailNews) && - NS_SUCCEEDED(aPrefBranch->GetBoolPref(kCookiesDisabledForMailNews, &val))) -@@ -232,6 +238,11 @@ nsCookiePermission::CanAccess(nsIURI - #endif // MOZ_MAIL_NEWS - - // finally, check with permission manager... -+ if (!mCookiesHonorExceptions) { -+ *aResult = ACCESS_DEFAULT; -+ return NS_OK; -+ } -+ - nsresult rv = mPermMgr->TestPermission(aURI, kPermissionType, (PRUint32 *) aResult); - if (NS_SUCCEEDED(rv)) { - switch (*aResult) { -Index: extensions/cookie/nsCookiePermission.h -=================================================================== ---- extensions/cookie/nsCookiePermission.h.orig -+++ extensions/cookie/nsCookiePermission.h -@@ -61,6 +61,7 @@ public: - #ifdef MOZ_MAIL_NEWS - , mCookiesDisabledForMailNews(PR_TRUE) - #endif -+ , mCookiesHonorExceptions(PR_TRUE) - {} - virtual ~nsCookiePermission() {} - -@@ -76,7 +77,7 @@ private: - #ifdef MOZ_MAIL_NEWS - PRPackedBool mCookiesDisabledForMailNews; - #endif -- -+ PRPackedBool mCookiesHonorExceptions; - }; - - // {EF565D0A-AB9A-4A13-9160-0644CDFD859A} -Index: extensions/permissions/nsContentBlocker.cpp -=================================================================== ---- extensions/permissions/nsContentBlocker.cpp.orig -+++ extensions/permissions/nsContentBlocker.cpp -@@ -76,6 +76,7 @@ NS_IMPL_ISUPPORTS3(nsContentBlocker, - nsContentBlocker::nsContentBlocker() - { - memset(mBehaviorPref, BEHAVIOR_ACCEPT, NUMBER_OF_TYPES); -+ memset(mHonorExceptions, PR_TRUE, NUMBER_OF_TYPES); - } - - nsresult -@@ -92,6 +93,11 @@ nsContentBlocker::Init() - rv = prefService->GetBranch("permissions.default.", getter_AddRefs(prefBranch)); - NS_ENSURE_SUCCESS(rv, rv); - -+ nsCOMPtr honorExceptionsPrefBranch; -+ rv = prefService->GetBranch("permissions.honorExceptions.", -+ getter_AddRefs(honorExceptionsPrefBranch)); -+ NS_ENSURE_SUCCESS(rv, rv); -+ - // Migrate old image blocker pref - nsCOMPtr oldPrefBranch; - oldPrefBranch = do_QueryInterface(prefService); -@@ -121,8 +127,15 @@ nsContentBlocker::Init() - mPrefBranchInternal = do_QueryInterface(prefBranch, &rv); - NS_ENSURE_SUCCESS(rv, rv); - -+ mHonorExceptionsPrefBranchInternal = -+ do_QueryInterface(honorExceptionsPrefBranch, &rv); -+ NS_ENSURE_SUCCESS(rv, rv); -+ - rv = mPrefBranchInternal->AddObserver("", this, PR_TRUE); -- PrefChanged(prefBranch, nsnull); -+ NS_ENSURE_SUCCESS(rv, rv); -+ -+ rv = mHonorExceptionsPrefBranchInternal->AddObserver("", this, PR_TRUE); -+ PrefChanged(nsnull); - - return rv; - } -@@ -131,19 +144,22 @@ nsContentBlocker::Init() - #define LIMIT(x, low, high, default) ((x) >= (low) && (x) <= (high) ? (x) : (default)) - - void --nsContentBlocker::PrefChanged(nsIPrefBranch *aPrefBranch, -- const char *aPref) -+nsContentBlocker::PrefChanged(const char *aPref) - { -- PRInt32 val; -- --#define PREF_CHANGED(_P) (!aPref || !strcmp(aPref, _P)) -- -- for(PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) { -- if (PREF_CHANGED(kTypeString[i]) && -- NS_SUCCEEDED(aPrefBranch->GetIntPref(kTypeString[i], &val))) -- mBehaviorPref[i] = LIMIT(val, 1, 3, 1); -+ for (PRUint32 i = 0; i < NUMBER_OF_TYPES; ++i) { -+ if (!aPref || !strcmp(kTypeString[i], aPref)) { -+ PRInt32 val; -+ PRBool b; -+ if (mPrefBranchInternal && -+ NS_SUCCEEDED(mPrefBranchInternal->GetIntPref(kTypeString[i], &val))) { -+ mBehaviorPref[i] = LIMIT(val, 1, 3, 1); -+ } -+ if (mHonorExceptionsPrefBranchInternal && -+ NS_SUCCEEDED(mHonorExceptionsPrefBranchInternal->GetBoolPref(kTypeString[i], &b))) { -+ mHonorExceptions[i] = b; -+ } -+ } - } -- - } - - // nsIContentPolicy Implementation -@@ -268,11 +284,13 @@ nsContentBlocker::TestPermission(nsIURI - // default prefs. - // Don't forget the aContentType ranges from 1..8, while the - // array is indexed 0..7 -- PRUint32 permission; -- nsresult rv = mPermissionManager->TestPermission(aCurrentURI, -- kTypeString[aContentType - 1], -- &permission); -- NS_ENSURE_SUCCESS(rv, rv); -+ PRUint32 permission = 0; -+ if (mHonorExceptions[aContentType - 1]) { -+ nsresult rv = mPermissionManager->TestPermission(aCurrentURI, -+ kTypeString[aContentType - 1], -+ &permission); -+ NS_ENSURE_SUCCESS(rv, rv); -+ } - - // If there is nothing on the list, use the default. - if (!permission) { -@@ -298,7 +316,7 @@ nsContentBlocker::TestPermission(nsIURI - return NS_OK; - - PRBool trustedSource = PR_FALSE; -- rv = aFirstURI->SchemeIs("chrome", &trustedSource); -+ nsresult rv = aFirstURI->SchemeIs("chrome", &trustedSource); - NS_ENSURE_SUCCESS(rv,rv); - if (!trustedSource) { - rv = aFirstURI->SchemeIs("resource", &trustedSource); -@@ -363,8 +381,6 @@ nsContentBlocker::Observe(nsISupports - { - NS_ASSERTION(!strcmp(NS_PREFBRANCH_PREFCHANGE_TOPIC_ID, aTopic), - "unexpected topic - we only deal with pref changes!"); -- -- if (mPrefBranchInternal) -- PrefChanged(mPrefBranchInternal, NS_LossyConvertUTF16toASCII(aData).get()); -+ PrefChanged(NS_LossyConvertUTF16toASCII(aData).get()); - return NS_OK; - } -Index: extensions/permissions/nsContentBlocker.h -=================================================================== ---- extensions/permissions/nsContentBlocker.h.orig -+++ extensions/permissions/nsContentBlocker.h -@@ -66,7 +66,7 @@ public: - private: - ~nsContentBlocker() {} - -- void PrefChanged(nsIPrefBranch *, const char *); -+ void PrefChanged(const char *); - nsresult TestPermission(nsIURI *aCurrentURI, - nsIURI *aFirstURI, - PRInt32 aContentType, -@@ -75,7 +75,9 @@ private: - - nsCOMPtr mPermissionManager; - nsCOMPtr mPrefBranchInternal; -+ nsCOMPtr mHonorExceptionsPrefBranchInternal; - PRUint8 mBehaviorPref[NUMBER_OF_TYPES]; -+ PRPackedBool mHonorExceptions[NUMBER_OF_TYPES]; - }; - - #define NS_CONTENTBLOCKER_CID \ -Index: modules/libpref/src/init/all.js -=================================================================== ---- modules/libpref/src/init/all.js.orig -+++ modules/libpref/src/init/all.js -@@ -798,6 +798,7 @@ pref("network.automatic-ntlm-auth.truste - pref("network.ntlm.send-lm-response", false); - - pref("permissions.default.image", 1); // 1-Accept, 2-Deny, 3-dontAcceptForeign -+pref("permissions.honorExceptions.image", true); - - #ifndef XP_MACOSX - #ifdef XP_UNIX -@@ -825,6 +826,7 @@ pref("network.proxy.no_proxies_on", - pref("network.proxy.failover_timeout", 1800); // 30 minutes - pref("network.online", true); //online/offline - pref("network.cookie.cookieBehavior", 0); // 0-Accept, 1-dontAcceptForeign, 2-dontUse -+pref("network.cookie.honorExceptions", true); - pref("network.cookie.disableCookieForMailNews", true); // disable all cookies for mail - pref("network.cookie.lifetimePolicy", 0); // accept normally, 1-askBeforeAccepting, 2-acceptForSession,3-acceptForNDays - pref("network.cookie.alwaysAcceptSessionCookies", false); -Index: widget/src/gtk2/nsWindow.cpp -=================================================================== ---- widget/src/gtk2/nsWindow.cpp.orig -+++ widget/src/gtk2/nsWindow.cpp -@@ -81,6 +81,7 @@ - #include "nsIServiceManager.h" - #include "nsIStringBundle.h" - #include "nsGfxCIID.h" -+#include "nsIPrefService.h" - - #ifdef ACCESSIBILITY - #include "nsIAccessibilityService.h" -@@ -91,7 +92,6 @@ - static PRBool sAccessibilityChecked = PR_FALSE; - /* static */ - PRBool nsWindow::sAccessibilityEnabled = PR_FALSE; --static const char sSysPrefService [] = "@mozilla.org/system-preference-service;1"; - static const char sAccEnv [] = "GNOME_ACCESSIBILITY"; - static const char sAccessibilityKey [] = "config.use_system_prefs.accessibility"; - #endif -@@ -3992,18 +3992,18 @@ nsWindow::NativeCreate(nsIWidget - sAccessibilityEnabled = atoi(envValue) != 0; - LOG(("Accessibility Env %s=%s\n", sAccEnv, envValue)); - } -- //check gconf-2 setting -+ //check preference setting - else { -- nsCOMPtr sysPrefService = -- do_GetService(sSysPrefService, &rv); -- if (NS_SUCCEEDED(rv) && sysPrefService) { -- -- // do the work to get gconf setting. -- // will be done soon later. -- sysPrefService->GetBoolPref(sAccessibilityKey, -+ nsCOMPtr prefService = -+ do_GetService(NS_PREFSERVICE_CONTRACTID, &rv); -+ if (NS_SUCCEEDED(rv) && prefService) { -+ nsCOMPtr prefBranch; -+ rv = prefService->GetBranch(nsnull, getter_AddRefs(prefBranch)); -+ if (NS_SUCCEEDED(rv) && prefBranch) { -+ prefBranch->GetBoolPref(sAccessibilityKey, - &sAccessibilityEnabled); -+ } - } -- - } - } - if (sAccessibilityEnabled) { -Index: xpinstall/src/nsXPInstallManager.cpp -=================================================================== ---- xpinstall/src/nsXPInstallManager.cpp.orig -+++ xpinstall/src/nsXPInstallManager.cpp -@@ -290,6 +290,7 @@ nsXPInstallManager::InitManagerInternal( - //----------------------------------------------------- - // Get permission to install - //----------------------------------------------------- -+ nsCOMPtr pref(do_GetService(NS_PREFSERVICE_CONTRACTID)); - - #ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI - if ( mChromeType == CHROME_SKIN ) -@@ -299,17 +300,26 @@ nsXPInstallManager::InitManagerInternal( - - // skins get a simpler/friendlier dialog - // XXX currently not embeddable -- OKtoInstall = ConfirmChromeInstall( mParentWindow, packageList ); -+ PRBool themesDisabled = PR_FALSE; -+ if (pref) -+ pref->GetBoolPref("config.lockdown.disable_themes", &themesDisabled); -+ OKtoInstall = !themesDisabled && -+ ConfirmChromeInstall( mParentWindow, packageList ); - } - else - { - #endif -- rv = dlgSvc->ConfirmInstall( mParentWindow, -- packageList, -- numStrings, -- &OKtoInstall ); -- if (NS_FAILED(rv)) -- OKtoInstall = PR_FALSE; -+ PRBool extensionsDisabled = PR_FALSE; -+ if (pref) -+ pref->GetBoolPref("config.lockdown.disable_extensions", &extensionsDisabled); -+ if (!extensionsDisabled) { -+ rv = dlgSvc->ConfirmInstall( mParentWindow, -+ packageList, -+ numStrings, -+ &OKtoInstall ); -+ if (NS_FAILED(rv)) -+ OKtoInstall = PR_FALSE; -+ } - #ifdef ENABLE_SKIN_SIMPLE_INSTALLATION_UI - } - #endif