Bug 1552600 - Allow policies.json to augment platform policy. r=emalysz

Differential Revision: https://phabricator.services.mozilla.com/D103077
2025-03-01 22:07:41 +00:00 · 2021-01-27 15:35:03 +00:00 · 2021-01-27 15:35:03 +00:00 · 252047cf4e
commit 252047cf4e
parent fd50ec0311
2 changed files with 180 additions and 21 deletions
--- a/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
+++ b/toolkit/components/enterprisepolicies/EnterprisePoliciesParent.jsm
@ -117,13 +117,13 @@ EnterprisePoliciesManager.prototype = {

    let provider = this._chooseProvider();

-    if (!provider) {
-      this.status = Ci.nsIEnterprisePolicies.INACTIVE;
+    if (provider.failed) {
+      this.status = Ci.nsIEnterprisePolicies.FAILED;
      return;
    }

-    if (provider.failed) {
-      this.status = Ci.nsIEnterprisePolicies.FAILED;
+    if (!provider.hasPolicies) {
+      this.status = Ci.nsIEnterprisePolicies.INACTIVE;
      return;
    }

@ -139,22 +139,20 @@ EnterprisePoliciesManager.prototype = {
  },

  _chooseProvider() {
-    let provider = null;
+    let platformProvider = null;
    if (AppConstants.platform == "win") {
-      provider = new WindowsGPOPoliciesProvider();
+      platformProvider = new WindowsGPOPoliciesProvider();
    } else if (AppConstants.platform == "macosx") {
-      provider = new macOSPoliciesProvider();
+      platformProvider = new macOSPoliciesProvider();
    }
-    if (provider && provider.hasPolicies) {
-      return provider;
+    let jsonProvider = new JSONPoliciesProvider();
+    if (platformProvider && platformProvider.hasPolicies) {
+      if (jsonProvider.hasPolicies) {
+        return new CombinedProvider(platformProvider, jsonProvider);
+      }
+      return platformProvider;
    }
-
-    provider = new JSONPoliciesProvider();
-    if (provider.hasPolicies) {
-      return provider;
-    }
-
-    return null;
+    return jsonProvider;
  },

  _activatePolicies(unparsedPolicies) {
@ -476,15 +474,11 @@ function areEnterpriseOnlyPoliciesAllowed() {
 class JSONPoliciesProvider {
  constructor() {
    this._policies = null;
-    this._failed = false;
    this._readData();
  }

  get hasPolicies() {
-    return (
-      this._failed ||
-      (this._policies !== null && !isEmptyObject(this._policies))
-    );
+    return this._policies !== null && !isEmptyObject(this._policies);
  }

  get policies() {
@ -665,3 +659,30 @@ class macOSPoliciesProvider {
    return this._failed;
  }
 }
+
+class CombinedProvider {
+  constructor(primaryProvider, secondaryProvider) {
+    // Combine policies with primaryProvider taking precedence.
+    // We only do this for top level policies.
+    this._policies = primaryProvider._policies;
+    for (let policyName of Object.keys(secondaryProvider.policies)) {
+      if (!(policyName in this._policies)) {
+        this._policies[policyName] = secondaryProvider.policies[policyName];
+      }
+    }
+  }
+
+  get hasPolicies() {
+    // Combined provider always has policies.
+    return true;
+  }
+
+  get policies() {
+    return this._policies;
+  }
+
+  get failed() {
+    // Combined provider never fails.
+    return false;
+  }
+}
--- a/toolkit/components/enterprisepolicies/tests/browser/browser_policies_gpo.js
+++ b/toolkit/components/enterprisepolicies/tests/browser/browser_policies_gpo.js
@ -66,3 +66,141 @@ add_task(async function test_gpo_policies() {
  wrk.removeChild("PolicyTesting");
  wrk.close();
 });
+
+add_task(async function test_gpo_json_policies() {
+  let { Policies } = ChromeUtils.import(
+    "resource:///modules/policies/Policies.jsm"
+  );
+
+  let gpoPolicyRan = false;
+  let jsonPolicyRan = false;
+  let coexistPolicyRan = false;
+
+  Policies.gpo_policy = {
+    onProfileAfterChange(manager, param) {
+      is(param, true, "Param matches what was in the registry");
+      gpoPolicyRan = true;
+    },
+  };
+  Policies.json_policy = {
+    onProfileAfterChange(manager, param) {
+      is(param, true, "Param matches what was in the JSON");
+      jsonPolicyRan = true;
+    },
+  };
+  Policies.coexist_policy = {
+    onProfileAfterChange(manager, param) {
+      is(param, false, "Param matches what was in the registry (over JSON)");
+      coexistPolicyRan = true;
+    },
+  };
+
+  let wrk = Cc["@mozilla.org/windows-registry-key;1"].createInstance(
+    Ci.nsIWindowsRegKey
+  );
+  let regLocation =
+    "SOFTWARE\\Mozilla\\PolicyTesting\\Mozilla\\" + Services.appinfo.name;
+  wrk.create(wrk.ROOT_KEY_CURRENT_USER, regLocation, wrk.ACCESS_WRITE);
+  wrk.writeIntValue("gpo_policy", 1);
+  wrk.writeIntValue("coexist_policy", 0);
+  wrk.close();
+
+  await setupPolicyEngineWithJson(
+    {
+      policies: {
+        json_policy: true,
+        coexist_policy: true,
+      },
+    },
+
+    // custom schema
+    {
+      properties: {
+        gpo_policy: {
+          type: "boolean",
+        },
+        json_policy: {
+          type: "boolean",
+        },
+        coexist_policy: {
+          type: "boolean",
+        },
+      },
+    }
+  );
+
+  is(
+    Services.policies.status,
+    Ci.nsIEnterprisePolicies.ACTIVE,
+    "Engine is active"
+  );
+
+  ok(gpoPolicyRan, "GPO Policy ran correctly though onProfileAfterChange");
+  ok(jsonPolicyRan, "JSON Policy ran correctly though onProfileAfterChange");
+  ok(
+    coexistPolicyRan,
+    "Coexist Policy ran correctly though onProfileAfterChange"
+  );
+
+  delete Policies.gpo_policy;
+  delete Policies.json_policy;
+  delete Policies.coexist_policy;
+
+  wrk.open(wrk.ROOT_KEY_CURRENT_USER, "SOFTWARE\\Mozilla", wrk.ACCESS_WRITE);
+  wrk.removeChild("PolicyTesting\\Mozilla\\" + Services.appinfo.name);
+  wrk.removeChild("PolicyTesting\\Mozilla");
+  wrk.removeChild("PolicyTesting");
+  wrk.close();
+});
+
+add_task(async function test_gpo_broken_json_policies() {
+  let { Policies } = ChromeUtils.import(
+    "resource:///modules/policies/Policies.jsm"
+  );
+
+  let gpoPolicyRan = false;
+
+  Policies.gpo_policy = {
+    onProfileAfterChange(manager, param) {
+      is(param, true, "Param matches what was in the registry");
+      gpoPolicyRan = true;
+    },
+  };
+
+  let wrk = Cc["@mozilla.org/windows-registry-key;1"].createInstance(
+    Ci.nsIWindowsRegKey
+  );
+  let regLocation =
+    "SOFTWARE\\Mozilla\\PolicyTesting\\Mozilla\\" + Services.appinfo.name;
+  wrk.create(wrk.ROOT_KEY_CURRENT_USER, regLocation, wrk.ACCESS_WRITE);
+  wrk.writeIntValue("gpo_policy", 1);
+  wrk.close();
+
+  await setupPolicyEngineWithJson(
+    "config_broken_json.json",
+    // custom schema
+    {
+      properties: {
+        gpo_policy: {
+          type: "boolean",
+        },
+      },
+    }
+  );
+
+  is(
+    Services.policies.status,
+    Ci.nsIEnterprisePolicies.ACTIVE,
+    "Engine is active"
+  );
+
+  ok(gpoPolicyRan, "GPO Policy ran correctly though onProfileAfterChange");
+
+  delete Policies.gpo_policy;
+
+  wrk.open(wrk.ROOT_KEY_CURRENT_USER, "SOFTWARE\\Mozilla", wrk.ACCESS_WRITE);
+  wrk.removeChild("PolicyTesting\\Mozilla\\" + Services.appinfo.name);
+  wrk.removeChild("PolicyTesting\\Mozilla");
+  wrk.removeChild("PolicyTesting");
+  wrk.close();
+});