Bug 1944680 - lock all ContentAnalysis prefs r=dlp-reviewers,handyman

Differential Revision: https://phabricator.services.mozilla.com/D236562

Author: gregstoll

browser/components/enterprisepolicies/Policies.sys.mjs

@@ -509,12 +509,13 @@ export var Policies = {
 
   ContentAnalysis: {
     onBeforeAddons(manager, param) {
-      if ("PipePathName" in param) {
-        setAndLockPref(
-          "browser.contentanalysis.pipe_path_name",
-          param.PipePathName
-        );
-      }
+      // For security reasons, all of the Content Analysis related prefs should be locked in
+      // this method, even if the values aren't specified in Enterprise Policies.
+      setPrefIfPresentAndLock(
+        param,
+        "PipePathName",
+        "browser.contentanalysis.pipe_path_name"
+      );
       if ("AgentTimeout" in param) {
         if (!Number.isInteger(param.AgentTimeout)) {
           lazy.log.error(
@@ -526,28 +527,29 @@ export var Policies = {
             param.AgentTimeout
           );
         }
+      } else {
+        Services.prefs.lockPref("browser.contentanalysis.agent_timeout");
       }
-      if ("AllowUrlRegexList" in param) {
-        setAndLockPref(
-          "browser.contentanalysis.allow_url_regex_list",
-          param.AllowUrlRegexList
-        );
-      }
-      if ("DenyUrlRegexList" in param) {
-        setAndLockPref(
-          "browser.contentanalysis.deny_url_regex_list",
-          param.DenyUrlRegexList
-        );
-      }
-      if ("AgentName" in param) {
-        setAndLockPref("browser.contentanalysis.agent_name", param.AgentName);
-      }
-      if ("ClientSignature" in param) {
-        setAndLockPref(
-          "browser.contentanalysis.client_signature",
-          param.ClientSignature
-        );
-      }
+      setPrefIfPresentAndLock(
+        param,
+        "AllowUrlRegexList",
+        "browser.contentanalysis.allow_url_regex_list"
+      );
+      setPrefIfPresentAndLock(
+        param,
+        "DenyUrlRegexList",
+        "browser.contentanalysis.deny_url_regex_list"
+      );
+      setPrefIfPresentAndLock(
+        param,
+        "AgentName",
+        "browser.contentanalysis.agent_name"
+      );
+      setPrefIfPresentAndLock(
+        param,
+        "ClientSignature",
+        "browser.contentanalysis.client_signature"
+      );
       if ("DefaultResult" in param) {
         if (
           !Number.isInteger(param.DefaultResult) ||
@@ -563,6 +565,8 @@ export var Policies = {
             param.DefaultResult
           );
         }
+      } else {
+        Services.prefs.lockPref("browser.contentanalysis.default_result");
       }
       let boolPrefs = [
         ["IsPerUser", "is_per_user"],
@@ -575,6 +579,8 @@ export var Policies = {
             `browser.contentanalysis.${pref[1]}`,
             !!param[pref[0]]
           );
+        } else {
+          Services.prefs.lockPref(`browser.contentanalysis.${pref[1]}`);
         }
       }
       let interceptionPointPrefs = [
@@ -585,8 +591,6 @@ export var Policies = {
       ];
       if ("InterceptionPoints" in param) {
         for (let pref of interceptionPointPrefs) {
-          // Need to set and lock this value even if the enterprise
-          // policy isn't set so users can't change it
           let value = true;
           if (pref[0] in param.InterceptionPoints) {
             if ("Enabled" in param.InterceptionPoints[pref[0]]) {
@@ -598,6 +602,12 @@ export var Policies = {
             value
           );
         }
+      } else {
+        for (let pref of interceptionPointPrefs) {
+          Services.prefs.lockPref(
+            `browser.contentanalysis.interception_point.${pref[1]}.enabled`
+          );
+        }
       }
       if ("Enabled" in param) {
         let enabled = !!param.Enabled;
@@ -606,6 +616,10 @@ export var Policies = {
           Ci.nsIContentAnalysis
         );
         ca.isSetByEnterprisePolicy = true;
+      } else {
+        // Probably not strictly necessary, but let's lock everything
+        // to be consistent.
+        Services.prefs.lockPref("browser.contentanalysis.enabled");
       }
     },
   },
@@ -2652,6 +2666,28 @@ export function setAndLockPref(prefName, prefValue) {
   PoliciesUtils.setDefaultPref(prefName, prefValue, true);
 }
 
+/**
+ *
+ * setPrefIfPresentAndLock
+ *
+ * Sets the pref to the value param[paramKey] if that exists. Either
+ * way, the pref is locked.
+ *
+ * @param {object} param
+ *        Object with pref values
+ * @param {string} paramKey
+ *        The key to look up the value in param
+ * @param {string} prefName
+ *        The pref to be changed
+ */
+function setPrefIfPresentAndLock(param, paramKey, prefName) {
+  if (paramKey in param) {
+    setAndLockPref(prefName, param[paramKey]);
+  } else {
+    Services.prefs.lockPref(prefName);
+  }
+}
+
 /**
  * setDefaultPref
  *

toolkit/components/contentanalysis/tests/browser/browser_content_analysis_policies.js

@@ -16,17 +16,27 @@ const { EnterprisePolicyTesting, PoliciesPrefTracker } =
     "resource://testing-common/EnterprisePolicyTesting.sys.mjs"
   );
 
-const kEnabledPref = "enabled";
-const kPipeNamePref = "pipe_path_name";
-const kTimeoutPref = "agent_timeout";
-const kAllowUrlPref = "allow_url_regex_list";
-const kDenyUrlPref = "deny_url_regex_list";
-const kAgentNamePref = "agent_name";
-const kClientSignaturePref = "client_signature";
-const kPerUserPref = "is_per_user";
-const kShowBlockedPref = "show_blocked_result";
-const kDefaultResultPref = "default_result";
-const kBypassForSameTabOperationsPref = "bypass_for_same_tab_operations";
+const kIndividualPrefs = new Map([
+  ["Enabled", "enabled"],
+  ["PipeName", "pipe_path_name"],
+  ["Timeout", "agent_timeout"],
+  ["AllowUrl", "allow_url_regex_list"],
+  ["DenyUrl", "deny_url_regex_list"],
+  ["AgentName", "agent_name"],
+  ["ClientSignature", "client_signature"],
+  ["PerUser", "is_per_user"],
+  ["ShowBlocked", "show_blocked_result"],
+  ["DefaultResult", "default_result"],
+  ["BypassForSameTab", "bypass_for_same_tab_operations"],
+]);
+function getIndividualPrefName(name) {
+  is(
+    kIndividualPrefs.has(name),
+    true,
+    `"${name}" passed to getIndividualPrefName() is valid`
+  );
+  return `browser.contentanalysis.${kIndividualPrefs.get(name)}`;
+}
 const kInterceptionPoints = [
   "clipboard",
   "drag_and_drop",
@@ -43,7 +53,7 @@ add_task(async function test_ca_active() {
   ok(!ca.isActive, "CA is inactive when pref and cmd line arg are missing");
 
   // Set the pref without enterprise policy.  CA should not be active.
-  Services.prefs.setBoolPref("browser.contentanalysis." + kEnabledPref, true);
+  Services.prefs.setBoolPref(getIndividualPrefName("Enabled"), true);
   ok(
     !ca.isActive,
     "CA is inactive when pref is set but cmd line arg is missing"
@@ -83,7 +93,38 @@ add_task(async function test_ca_active() {
     );
   }
 
-  Services.prefs.setBoolPref("browser.contentanalysis." + kEnabledPref, false);
+  Services.prefs.setBoolPref(getIndividualPrefName("Enabled"), false);
+  PoliciesPrefTracker.stop();
+});
+
+add_task(async function test_ca_enterprise_config() {
+  PoliciesPrefTracker.start();
+  await EnterprisePolicyTesting.setupPolicyEngineWithJson({
+    policies: {
+      ContentAnalysis: {
+        Enabled: true,
+      },
+    },
+  });
+
+  for (let individualPref of kIndividualPrefs.values()) {
+    is(
+      Services.prefs.prefIsLocked("browser.contentanalysis." + individualPref),
+      true,
+      `${individualPref} should be locked`
+    );
+  }
+
+  for (let interceptionPoint of kInterceptionPoints) {
+    is(
+      Services.prefs.prefIsLocked(
+        `browser.contentanalysis.interception_point.${interceptionPoint}.enabled`
+      ),
+      true,
+      `${interceptionPoint} enabled should be locked`
+    );
+  }
+
   PoliciesPrefTracker.stop();
 });
 
@@ -126,56 +167,52 @@ add_task(async function test_ca_enterprise_config() {
   });
 
   is(
-    Services.prefs.getStringPref("browser.contentanalysis." + kPipeNamePref),
+    Services.prefs.getStringPref(getIndividualPrefName("PipeName")),
     "abc",
     "pipe name match"
   );
   is(
-    Services.prefs.getIntPref("browser.contentanalysis." + kTimeoutPref),
+    Services.prefs.getIntPref(getIndividualPrefName("Timeout")),
     99,
     "timeout match"
   );
   is(
-    Services.prefs.getStringPref("browser.contentanalysis." + kAllowUrlPref),
+    Services.prefs.getStringPref(getIndividualPrefName("AllowUrl")),
     string1,
     "allow urls match"
   );
   is(
-    Services.prefs.getStringPref("browser.contentanalysis." + kDenyUrlPref),
+    Services.prefs.getStringPref(getIndividualPrefName("DenyUrl")),
     string2,
     "deny urls match"
   );
   is(
-    Services.prefs.getStringPref("browser.contentanalysis." + kAgentNamePref),
+    Services.prefs.getStringPref(getIndividualPrefName("AgentName")),
     string3,
     "agent names match"
   );
   is(
-    Services.prefs.getStringPref(
-      "browser.contentanalysis." + kClientSignaturePref
-    ),
+    Services.prefs.getStringPref(getIndividualPrefName("ClientSignature")),
     string4,
     "client signatures match"
   );
   is(
-    Services.prefs.getBoolPref("browser.contentanalysis." + kPerUserPref),
+    Services.prefs.getBoolPref(getIndividualPrefName("PerUser")),
     true,
     "per user match"
   );
   is(
-    Services.prefs.getBoolPref("browser.contentanalysis." + kShowBlockedPref),
+    Services.prefs.getBoolPref(getIndividualPrefName("ShowBlocked")),
     false,
     "show blocked match"
   );
   is(
-    Services.prefs.getIntPref("browser.contentanalysis." + kDefaultResultPref),
+    Services.prefs.getIntPref(getIndividualPrefName("DefaultResult")),
     1,
     "default result match"
   );
   is(
-    Services.prefs.getBoolPref(
-      "browser.contentanalysis." + kBypassForSameTabOperationsPref
-    ),
+    Services.prefs.getBoolPref(getIndividualPrefName("BypassForSameTab")),
     true,
     "bypass for same tab operations match"
   );
@@ -201,7 +238,7 @@ add_task(async function test_cleanup() {
   // the policy and do not get cleared if there is no ContentAnalysis
   // element - reset them manually here.
   ca.isSetByEnterprisePolicy = false;
-  Services.prefs.setBoolPref("browser.contentanalysis." + kEnabledPref, false);
+  Services.prefs.setBoolPref(getIndividualPrefName("Enabled"), false);
   for (let interceptionPoint of kInterceptionPoints) {
     Services.prefs.setBoolPref(
       `browser.contentanalysis.interception_point.${interceptionPoint}.enabled`,