Remove or disable pref: browser.policies.alternatePath

RESOLVED FIXED in Firefox 62

Status

()

enhancement
P1
normal
RESOLVED FIXED
Last year
Last year

People

(Reporter: bytesized, Assigned: bytesized)

Tracking

Trunk
Firefox 62
Points:
---
Dependency tree / graph

Firefox Tracking Flags

(firefox62 fixed)

Details

Attachments

(1 attachment)

In order for the Background Update Agent to be able to determine whether updates are disabled, it needs to be able to find the policies regarding this. This means that those policies must be stored in their default locations.

Additionally, this pref could be considered a bit of a security risk.

The pref should either be removed entirely or made available only for testing.
As we add support for other policy types (Mac plist) and allow policies.json in other location for Linux, querying the policies file isn't going to be enough.

There's going to need to be a better way to ask Firefox the status of certain policies.
The Background Update Agent cannot ask Firefox anything. The whole point of the Background Update Agent is that it runs when Firefox is not running.
I'm ok with this, but we need to fix Linux first so it looks in the right place.
Priority: -- → P1
I just tested adding a policies.json on Linux without using `browser.policies.alternatePath` and it seems like it works fine. Can you clarify what needs to be fixed?
Flags: needinfo?(mozilla)
Summary: Remove pref: browser.policies.alternatePath → Remove or disable pref: browser.policies.alternatePath
Assignee: nobody → ksteuber
mkaply told me on IRC that he meant that in Linux, Firefox should be able to be managed *without* the policies.json. This feature has not been implemented yet.
Flags: needinfo?(mozilla)
Comment on attachment 8979756 [details]
Bug 1460086 - Disable pref: browser.policies.alternatePath except in testing and Nightly

https://reviewboard.mozilla.org/r/245896/#review252176
Attachment #8979756 - Flags: review?(mozilla) → review+
Comment on attachment 8979756 [details]
Bug 1460086 - Disable pref: browser.policies.alternatePath except in testing and Nightly

https://reviewboard.mozilla.org/r/245896/#review252188

I'm fine with changing this, but I think there was a bit of misunderstanding over the IRC talk. What Mike meant is not that Linux will be configured without policies.json. It's that on Linux the path might be different, outside of the install dir.. And instead of just one location, it will probably be a list of possible paths to look (in some pre-defined order). It's something that you can handle in the updater agent, but I just wanted to make it sure that it was clear.

::: browser/components/enterprisepolicies/EnterprisePolicies.js:375
(Diff revision 1)
>  
>      let alternatePath = Services.prefs.getStringPref(PREF_ALTERNATE_PATH, "");
>  
> -    if (alternatePath && (!configFile || !configFile.exists())) {
> -      // We only want to use the alternate file path if the file on the install
> -      // folder doesn't exist. Otherwise it'd be possible for a user to override
> +    // Check if we are in automation *before* we use the synchronous
> +    // nsIFile.exists() function or allow the config file to be overriden
> +    if (Cu.isInAutomation && alternatePath && (!configFile || !configFile.exists())) {

The first thing to check should be if an alternatePath was even given.. If it's empty than there's no need for the other checks.. so please put it in first.

Another thing that I'd like to keep supporting is Nightly builds, since this is very useful for our own manual testing..

There's no need to actually support it in the updater agent.. We can just document somewhere (probably not here) that this alternate path won't work to disable app updates on nightly builds)

(You can use AppConstants.NIGHTLY_BUILD for that)
Attachment #8979756 - Flags: review?(felipc)
Comment on attachment 8979756 [details]
Bug 1460086 - Disable pref: browser.policies.alternatePath except in testing and Nightly

https://reviewboard.mozilla.org/r/245896/#review252656
Attachment #8979756 - Flags: review?(felipc) → review+
Pushed by ksteuber@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/c2ac7dded317
Disable pref: browser.policies.alternatePath except in testing and Nightly r=Felipe,mkaply
https://hg.mozilla.org/mozilla-central/rev/c2ac7dded317
Status: NEW → RESOLVED
Closed: Last year
Resolution: --- → FIXED
Target Milestone: --- → Firefox 62
You need to log in before you can comment on or make changes to this bug.