Closed
Bug 746074
Opened 13 years ago
Closed 9 years ago
Allow enforcing network-usage policies on "web apps"
Categories
(Core :: Networking, defect)
Core
Networking
Tracking
()
RESOLVED
WONTFIX
People
(Reporter: cjones, Assigned: johnshih.bugs)
References
(Depends on 1 open bug)
Details
(Whiteboard: [tech-p2][FT:RIL])
Attachments
(2 files, 13 obsolete files)
5.45 KB,
patch
|
Details | Diff | Splinter Review | |
28.21 KB,
patch
|
Details | Diff | Splinter Review |
(Again, going with "web apps" because they have a strong identity. Other solutions are possible for the general case.)
The idea here is to allow a user to say, "my Facebook app can only use Wifi", or "Twitter can only use up to 10MB of 3g data." Like bug 746073, the multi-process setup probably makes this simpler because there's a choke point at which ~sockets are opened, and at a point where we can find a domain/origin for the web app. The basic idea of the impl would be to check the currently-selected interface and see if the app's policy allows opening a channel on that interface, along with live monitoring to see when quotas are exceeded. (And then, close the channel? Pop an alert? Not so clear. But a UX problem :) .)
I think initially, we can keep things pretty simple and allow two kinds of policy bits
- app allowed/disallowed to use network interface "foo"
- app has quota of X bytes on interface "foo"
We'll need bug 746073 implemented to enforce the second kind of policy above. We can do the first in parallel though, and split the second into a separate bug.
Comment 1•13 years ago
|
||
I think the best way is to offer a global "firewall-like" API.
For each application and interface, I think we should offer a way to assign it as mandatory, forbidden or preferred, so, if both (wifi & 3g) networks are available, depending on the rules, we can route through the user desired one.
So, to summarize:
The API should deal:
* Recover List of installed applications
* Recover List of available interfaces (connection types)
* Get/Set new application policies
* Get/Set default policies for new & not configured apps.
WDYT?
Is necessary to define a completely new API? Where do you think this API can fit?
I think we can join to the IDL defined in the bug 746069 (https://bugzilla.mozilla.org/attachment.cgi?id=630128)
Updated•13 years ago
|
Whiteboard: [blocked-on-product]
Updated•13 years ago
|
Whiteboard: [blocked-on-product] → [blocked-on-input]
Comment 3•12 years ago
|
||
We propose a possible API for this bug:
Our proposal is to define an API to manage policies for all the installed applications and also default rules for new ones and unconfigured ones:
The use of the API could be something like:
// Get the policies for an app
var policyData = navigator.mozAppPolicies.get(uri)
// Create new policy
var policyData = new mozPolicy();
policyData.init({app: appURI, allowNetworkAccess: true, policies: { c3g: { enabled: false, max: 1000 }, wifi: {enabled: true, prefered: true, max: 1000} } });
// Store for the policy for an app
navigator.mozAppPolicies.save(policyData)
// Retreive / Store default policies
var defaultPol = navigator.mozAppPolicies.defaultPolicy;
defaultPol = {allowNetworkAccess: true, policies: { c3g: { enabled: false, max: 1000 }, wifi: {enabled: true, prefered: true, max: 1000} } }
navigator.mozAppPolicies.defaultPolicy = defaultPol;
--------------------------------
Suggested interfaces
interface nsIDOMNetworkPoliciesConnectionTypes : nsISupports
{
attribute boolean enabled; // Is allowed the use of this Connection type
attribute boolean prefered; // If more than one connection type allowed, this is the prefered one
attribute long? max; // Max amount of MB allowed to transmit through this connection type
};
interface nsIDOMNetworkPoliciesApplicationPolicies : nsISupports
{
attribute DOMString connectionType; // Connection type name associated to this policy
attribute boolean allowNetworkAccess; // The application is allowed to access to the network
attribute nsIDOMNetworkPoliciesConnectionTypes policiesPerConnectionType; // policies per connection type
DOMRequest init(in nsIDOMNetworkPoliciesApplicationPolicies policy); // Init policy
};
interface nsIDOMNetworkPolicies : nsISupports
{
readonly attribute nsIArray installedApplications; // Array of DOMString (IDs of the installed applications)
readonly attribute nsIArray connectionTypes; // Array of DOMString (IDs of the available connection types)
attribute nsIDOMNetworkPoliciesApplicationPolicies defaultPolicies; // Default policies for new installed applications & for unconfigured ones
DOMRequest get(in DOMString uri, out nsIDOMNetworkPoliciesApplicationPolicies policies); // Retreive policies of one application
DOMRequest save(in nsIDOMNetworkPoliciesApplicationPolicies policies); // Store new policies to an application
DOMRequest applicationPolicy(in DOMString application, in nsIDOMNetworkPoliciesApplicationPolicies policies); // Store new policies to an application
};
Comment 4•12 years ago
|
||
I think that we may also define an event to notify app when it exceed the limit and is banned by policy.
Comment 5•12 years ago
|
||
(In reply to Patrick Wang from comment #4)
> I think that we may also define an event to notify app when it exceed the
> limit and is banned by policy.
sounds nice :)
Component: Networking → Nanojit
Comment 7•12 years ago
|
||
I think this bug can be resolved by:
1. Implement nsDOMNetworkPolicies that stores the network policies and implements the interface to set/query network policy.
2. Before an application attempts to make a network connection (perhaps when it tries to initialize an nsHttpTransaction), we use the network usage data collected by meter of Bug 746073, connection type (3G or Wifi, can be obtained from NetworkManager) and nsDOMNetworkPolicies to check whether it exceed its maximum allowed bytes. If the application exceed its maximum allowed bytes, we block application's require (let nsHttpTransaction::Init() fail) and issue an event to the app to let it know it is blocked due to traffic limit.
Comment 8•12 years ago
|
||
(In reply to Patrick Wang [:patrickwang] from comment #7)
> I think this bug can be resolved by:
> 1. Implement nsDOMNetworkPolicies that stores the network policies and
> implements the interface to set/query network policy.
> 2. Before an application attempts to make a network connection (perhaps when
> it tries to initialize an nsHttpTransaction), we use the network usage data
> collected by meter of Bug 746073, connection type (3G or Wifi, can be
> obtained from NetworkManager) and nsDOMNetworkPolicies to check whether it
> exceed its maximum allowed bytes. If the application exceed its maximum
> allowed bytes, we block application's require (let nsHttpTransaction::Init()
> fail) and issue an event to the app to let it know it is blocked due to
> traffic limit.
Yeap, I agree
Updated•12 years ago
|
Assignee: nobody → frsela
Comment 9•12 years ago
|
||
(In reply to Patrick Wang [:patrickwang] from comment #7)
> I think this bug can be resolved by:
> 1. Implement nsDOMNetworkPolicies that stores the network policies and
> implements the interface to set/query network policy
Hi, I've a dummy component (false data ;) which implements the interface:
frsela@yoghurtu:~/Datos/ProyectosTID/OpenWebDevice/mozilla-central.git$ telnet localhost 9999
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
JS> a = navigator.mozNetworkPolicies
[xpconnect wrapped nsIDOMMozNetworkPoliciesManager @ 0x9d293340 (native @ 0x9bd93b60)]
JS> b = a.get("facebook")
[object Object]
JS> JSON.stringify(b)
{"_app":"facebook","_allowNetworkAccess":true,"_policies":[{"_connectionType":"wifi","_allowed":true,"_prefered":true,"_max":1000},{"_connectionType":"mobile","_allowed":true,"_prefered":false,"_max":400}]}
JS> b.policies[1].allowed
true
I'll do it async. and we'll include the database to store this information. We'll upload it ASAP
> 2. Before an application attempts to make a network connection (perhaps when
> it tries to initialize an nsHttpTransaction), we use the network usage data
> collected by meter of Bug 746073, connection type (3G or Wifi, can be
> obtained from NetworkManager) and nsDOMNetworkPolicies to check whether it
> exceed its maximum allowed bytes. If the application exceed its maximum
> allowed bytes, we block application's require (let nsHttpTransaction::Init()
> fail) and issue an event to the app to let it know it is blocked due to
> traffic limit.
I don't have Necko expertise, so probably other guys could implement this part to get it implemented in short time. Any volunteer? ;)
Comment 10•12 years ago
|
||
(In reply to Patrick Wang [:patrickwang] from comment #7)
> 2. Before an application attempts to make a network connection (perhaps when
> it tries to initialize an nsHttpTransaction),
Patrick: One consideration: This shall work with any kind of connection ... so probably nsHttpTransaction is not the best place, is it?
Comment 11•12 years ago
|
||
(In reply to Fernando R. Sela from comment #10)
> (In reply to Patrick Wang [:patrickwang] from comment #7)
> > 2. Before an application attempts to make a network connection (perhaps when
> > it tries to initialize an nsHttpTransaction),
>
> Patrick: One consideration: This shall work with any kind of connection ...
> so probably nsHttpTransaction is not the best place, is it?
nsHttpTransaction seems only used by Http(s) and spdy. For all kind of connections, there may be a better place to execute the policy..
Comment 12•12 years ago
|
||
(In reply to Fernando R. Sela from comment #9)
> > fail) and issue an event to the app to let it know it is blocked due to
> > traffic limit.
>
> I don't have Necko expertise, so probably other guys could implement this
> part to get it implemented in short time. Any volunteer? ;)
I am interested by it. If you don't mind, I can work on the network part. I'll file another bug to track this work.
Comment 13•12 years ago
|
||
(In reply to Patrick Wang [:patrickwang] from comment #12)
> (In reply to Fernando R. Sela from comment #9)
> I am interested by it. If you don't mind, I can work on the network part.
Cool ;)
I suppose you'll use the service we're developing (the one which recovers the info of each app from indexedDB)
Now this is implemented into "NetworkPoliciesService" class (I'll share the patch with you)
I want to ask you: This service works in an async way, I don't know if you'll need a sync call to recover the app policies from necko side. If you need a sync method, please, tell me.
> I'll file another bug to track this work.
Create it and put this one as a blocker/dependency ;)
Thank you !
Comment 14•12 years ago
|
||
New release:
* Removed defaultPolicy since it can be retrieved with app as empty string
* Removed installedApplications as other API returns this information (mozApps)
Attachment #646498 -
Attachment is obsolete: true
Attachment #646498 -
Flags: review?(jonas)
Attachment #648647 -
Flags: review?(jonas)
Comment 16•12 years ago
|
||
Comment 17•12 years ago
|
||
(In reply to Patrick Wang [:kk1fff] from comment #12)
> I am interested by it. If you don't mind, I can work on the network part.
> I'll file another bug to track this work.
Hi Patrick,
I uploaded the IDLs and the WIP patch (without database integration, so always returns the same policies for any app ;) in order to give you the interfaces to deal with them in your patch.
As told before, you should use NetworkPoliciesService to recover the real information.
Comment 18•12 years ago
|
||
Comment on attachment 648653 [details] [diff] [review]
WIP v1 - JavaScript implementation of mozNetworkPolicies
Review of attachment 648653 [details] [diff] [review]:
-----------------------------------------------------------------
Patch error
::: b2g/installer/package-manifest.in
@@ +377,5 @@
> @BINPATH@/components/amWebInstallListener.js
> @BINPATH@/components/nsBlocklistService.js
>
> +@BINPATH@/components/NetworkPolicies.js
> +@BINPATH@/components/NetworkPolicies.manifest
s/NetworkPolicies/NetworkPoliciesManager
Comment 19•12 years ago
|
||
Comment on attachment 648652 [details] [diff] [review]
IDLs
Review of attachment 648652 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/network/interfaces/nsIDOMNetworkPoliciesManager.idl
@@ +39,5 @@
> +
> + /**
> + * Recover a policy
> + */
> + jsval get(in DOMString application);
s/jsval/nsIDOMDOMRequest
Comment 21•12 years ago
|
||
(In reply to Fernando R. Sela from comment #13)
> (In reply to Patrick Wang [:patrickwang] from comment #12)
> > (In reply to Fernando R. Sela from comment #9)
> > I am interested by it. If you don't mind, I can work on the network part.
>
> Cool ;)
>
> I suppose you'll use the service we're developing (the one which recovers
> the info of each app from indexedDB)
>
> Now this is implemented into "NetworkPoliciesService" class (I'll share the
> patch with you)
>
> I want to ask you: This service works in an async way, I don't know if
> you'll need a sync call to recover the app policies from necko side. If you
> need a sync method, please, tell me.
>
> > I'll file another bug to track this work.
>
> Create it and put this one as a blocker/dependency ;)
>
> Thank you !
Hi Fernando,
I think synchronous methods would be needed by implementation in necko side. Could you also provide them?
Thank you.
Whiteboard: [blocked-on-input] → [blocked-on-input Chris Lee]
Updated•12 years ago
|
blocking-basecamp: ? → -
Updated•12 years ago
|
Whiteboard: [blocked-on-input Chris Lee]
Comment 22•12 years ago
|
||
There's been some discussion about whether we need a synchronous API for necko here. I've got some questions:
1) where is the CSP check (and the call to get the network policy) happening? From talking to cjones it sounds like CSP check needs to be on parent, so the network policy would be gotten there too. So I don't know that we need all the code to make it happen on the child? (perhaps there are other uses we need it for on the child?)
2) it sounds like the Network Policy for an app is the same for all channels (so we don't need to get a new policy check for each channel). We only need to get a new policy when the app's network policy as a whole changes ("facebook app must now only uses wifi network", etc.) right?
In that case, I can see two models for getting the policy info to the CSP in such a way that it will have the most up-to-date values:
1) like for cookies, the policy manager can offer a synchronous API which usually does not block. For nsICookieService, this is because it keeps all policy info in RAM, and only ever blocks if it's called early in startup (when it's reading info from a database). Blocking once at startup is probably OK.
2) We can have the CSP get all apps policies (asynchronously or sync, doesn't matter much) at startup, and then have the policy manager issue a notification when an app's policy changes (or a new app is installed). This would use nsIObserverService to send out the notification, and then the CSP that Patrick is writing could query the policy manager to get the new policy. In this case, we could probably have an async API (unless we really need to enforce the policy 100% immediately, which I doubt we do: i.e. if there's .5 seconds before the app sees the policy change, that's probably OK--we're not going to be able to do things like stop ongoing downloads anyway--if you tell an app to only update when on wifi, and it's already 50% through a download, it won't stop).
#2 basically means CSP needs to keep around the whole network policy database in memory, so I'd guess #1 is better? Note that I'm only talking about offering a sync API on the parent, not the child.
I hope this is clear--I've poked around the patches here but it's unfamiliar code to me, so I might be missing important design issues.
Comment 24•12 years ago
|
||
Added "defaultPolicyName" attribute to nsIDOMMozNetworkPoliciesManager.
The idea is: Default policies will be stored and recovered using the "name" given by this attribute. Also If you query an nonexistent app, the component will return the default policies.
For recover ALL the stored policies into an array, use an empty string in the get method:
navigator.mozNetworkPolicies.get("") -> Will return an array of stored policies
navigator.mozNetworkPolicies.get(navigator.mozNetworkPolicies.defaultPolicyName) -> Will return the default policy
Attachment #648652 -
Attachment is obsolete: true
Attachment #648652 -
Flags: review?(jonas)
Attachment #651736 -
Flags: review?(jonas)
Comment 25•12 years ago
|
||
Added a method to recover all stored policies (getAllPolicies). Used when the policy name is an empty string:
navigator.mozNetworkPolicies.get("")
Added a way to get default policy when the queried app is not stored into the policy DB
navigator.mozNetworkPolicies.get("facebook")
will return st like:
{
"app":"facebook",
"allowNetworkAccess":true,
"policies": [
{
"connectionType":"wifi",
"allowed":true,
"prefered":true,
"max":1000
},{
"connectionType":"mobile",
"allowed":true,
"prefered":false,
"max":400
}
]
}
Finally if the app is not yet stored, will return the "__default" app name as a result (ie, the default policy):
navigator.mozNetworkPolicies.get("no_stored_app")
{
"app":"_default",
"allowNetworkAccess":true,
"policies": [
{
"connectionType":"wifi",
"allowed":true,
"prefered":true,
"max":1000
},{
"connectionType":"mobile",
"allowed":true,
"prefered":false,
"max":400
}
]
}
Note: The defaultPolicyName can be retrieved using the "defaultPolicyName" attribute:
navigator.mozNetworkPolicies.defaultPolicyName
will return: _default
----
TODO: Cache the "All policies" method to offer a sync method to recover it by Necko side. @see: https://bugzilla.mozilla.org/show_bug.cgi?id=746074#c21
Attachment #651096 -
Attachment is obsolete: true
Attachment #651739 -
Flags: feedback?(philipp)
Comment 26•12 years ago
|
||
Added a new method (getSync) to recover policies synchronously
Attachment #651736 -
Attachment is obsolete: true
Attachment #651736 -
Flags: review?(jonas)
Attachment #652414 -
Flags: review?(jonas)
Comment 27•12 years ago
|
||
Improved cache (in a new class)
Added method to recover cached policies synchronously
Attachment #651739 -
Attachment is obsolete: true
Attachment #651739 -
Flags: feedback?(philipp)
Attachment #652416 -
Flags: feedback?(philipp)
Comment 28•12 years ago
|
||
(In reply to Patrick Wang [:kk1fff] from comment #21)
> I think synchronous methods would be needed by implementation in necko side.
> Could you also provide them?
Hi Patrick, the WIPv5 includes a new getSync method to recover policies synchronous. (only cached ones), so use get("") to cache ALL stored policies before the new one.
Regards.
Comment 29•12 years ago
|
||
Comment on attachment 652414 [details] [diff] [review]
IDLs - V3
Review of attachment 652414 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/network/interfaces/nsIDOMNetworkPoliciesManager.idl
@@ +7,5 @@
> +#include "nsISupports.idl"
> +
> +interface nsIDOMDOMRequest;
> +
> +dictionary NetworkPoliciesPolicyConnection
Why not just `NetworkPoliciesConnection`?
@@ +15,5 @@
> + boolean prefered;
> + long max;
> +};
> +
> +dictionary NetworkPoliciesPolicy
Why not just `NetworkPolicy`?
@@ +29,5 @@
> + readonly attribute jsval connectionTypes; // DOMString[]
> + readonly attribute DOMString defaultPolicyName; // Name for the default settings (to be used instead the application name)
> +
> + /**
> + * Assing new policy
Did you mean "Assign"? If so, assign to what? Maybe "enable", "create" or "set" are better verbs here.
@@ +33,5 @@
> + * Assing new policy
> + *
> + * typeof policies = NetworkPoliciesPolicy
> + *
> + * If policy.app is not provided, assing default policy
Please use JavaDoc-style comments here, e.g.:
* @param policy [optional]
* A NetworkPolicy object that describes the policy to put
* in effect. If `policy.app` is not provided, the default
* network policy is affected.
@@ +38,5 @@
> + */
> + nsIDOMDOMRequest set(in jsval policy);
> +
> + /**
> + * Recover a policy
"Recover" is not the verb you want here. I suggest "retrieve"
@@ +45,5 @@
> +
> + /**
> + * Recover a policy synchronously
> + */
> + jsval getSync(in DOMString application);
Why does the asynchronous `get` method even exist if this exists? Or, to ask differently, why do we need a synchronous method?
Comment 30•12 years ago
|
||
(In reply to Philipp von Weitershausen [:philikon] from comment #29)
> Comment on attachment 652414 [details] [diff] [review]
> IDLs - V3
>
> Review of attachment 652414 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> ::: dom/network/interfaces/nsIDOMNetworkPoliciesManager.idl
> @@ +7,5 @@
> > +#include "nsISupports.idl"
> > +
> > +interface nsIDOMDOMRequest;
> > +
> > +dictionary NetworkPoliciesPolicyConnection
>
> Why not just `NetworkPoliciesConnection`?
>
Agree, I'll change it for next release.
> @@ +15,5 @@
> > + boolean prefered;
> > + long max;
> > +};
> > +
> > +dictionary NetworkPoliciesPolicy
>
> Why not just `NetworkPolicy`?
>
Same. I'll change it for next release.
> @@ +29,5 @@
> > + readonly attribute jsval connectionTypes; // DOMString[]
> > + readonly attribute DOMString defaultPolicyName; // Name for the default settings (to be used instead the application name)
> > +
> > + /**
> > + * Assing new policy
>
> Did you mean "Assign"? If so, assign to what? Maybe "enable", "create" or
> "set" are better verbs here.
>
That's true, is assign, sorry for the mistake :p
The main idea is to create/modify the policy. As you can see, the method name is "SET" so as you suggested, "set" is a better verb.
> @@ +33,5 @@
> > + * Assing new policy
> > + *
> > + * typeof policies = NetworkPoliciesPolicy
> > + *
> > + * If policy.app is not provided, assing default policy
>
> Please use JavaDoc-style comments here, e.g.:
>
> * @param policy [optional]
> * A NetworkPolicy object that describes the policy to put
> * in effect. If `policy.app` is not provided, the default
> * network policy is affected.
>
Ok.
> @@ +38,5 @@
> > + */
> > + nsIDOMDOMRequest set(in jsval policy);
> > +
> > + /**
> > + * Recover a policy
>
> "Recover" is not the verb you want here. I suggest "retrieve"
>
or "GET"? (in order to be aligned with the recover one ("SET")
> @@ +45,5 @@
> > +
> > + /**
> > + * Recover a policy synchronously
> > + */
> > + jsval getSync(in DOMString application);
>
> Why does the asynchronous `get` method even exist if this exists? Or, to ask
> differently, why do we need a synchronous method?
Well, this is because the async method is used by the main API but Necko guys require a sync method to recover it while creating a new connection (see comment #21)
Since the indexedDb is used async. I think the async method for recover policies is better in order to avoid block webapps calls.
Updated•12 years ago
|
Attachment #648647 -
Attachment is obsolete: true
Attachment #648647 -
Flags: review?(jonas)
Comment 31•12 years ago
|
||
We've been discussing to include the billing cycle into this interface to be able to determinate the consume of an application (see bug #746073 & #746069)
What do you think?
Updated•12 years ago
|
Comment 32•12 years ago
|
||
Changed Philikon's suggestion.
Also added a new const to define a global interface policy (to be used by bug #746069)
Attachment #652414 -
Attachment is obsolete: true
Attachment #652414 -
Flags: review?(jonas)
Attachment #652720 -
Flags: review?(jonas)
Comment 33•12 years ago
|
||
Changed to be compatible with the new IDL (v4)
Attachment #652416 -
Attachment is obsolete: true
Attachment #652416 -
Flags: feedback?(philipp)
Attachment #652721 -
Flags: feedback?(philipp)
Comment 34•12 years ago
|
||
Comment on attachment 652416 [details] [diff] [review]
WIP v5 - JavaScript implementation of mozNetworkPolicies
Review of attachment 652416 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/network/src/NetworkPoliciesDB.jsm
@@ +77,5 @@
> + this.newTxn("readwrite", function(txn, store) {
> + debug("Going to store " + JSON.stringify(policy));
> +
> + if (!txn.result)
> + txn.result = {};
Braces. Please address this here and everywhere else.
::: dom/network/src/NetworkPoliciesManager.js
@@ +3,5 @@
> + * You can obtain one at http://mozilla.org/MPL/2.0/. */
> +
> +"use strict"
> +
> +/* static functions */
This comment makes no sense in JS. Please remove.
@@ +6,5 @@
> +
> +/* static functions */
> +let DEBUG = true;
> +if (DEBUG) {
> + debug = function (s) { dump("-*- NetworkPoliciesManager: " + s + "\n"); }
Missing semicolon at the end of the line. Also, please explicitly declare `debug` as a global variable.
I know you copies these lines of code from other places. That doesn't mean you need to copy their mistakes. :)
(Please address this in other files, too.)
@@ +13,5 @@
> +}
> +
> +const Cc = Components.classes;
> +const Ci = Components.interfaces;
> +const Cu = Components.utils;
Shorter:
const {classes: Cc, interfaces: Ci, utils: Cu, results: Cr} = Components;
@@ +22,5 @@
> +Cu.import("resource://gre/modules/NetworkPoliciesService.jsm");
> +
> +XPCOMUtils.defineLazyGetter(Services, "DOMRequest", function() {
> + return Cc["@mozilla.org/dom/dom-request-service;1"].getService(Ci.nsIDOMRequestService);
> +});
Get rid of this, please. Services.DOMRequest already exists. And even if it didn't, it shouldn't be monkey-patched like that.
@@ +30,5 @@
> + .getService(Ci.nsIFrameMessageManager)
> + .QueryInterface(Ci.nsISyncMessageSender);
> +});
> +
> +const nsIClassInfo = Ci.nsIClassInfo;
whitespace much? :)
@@ +32,5 @@
> +});
> +
> +const nsIClassInfo = Ci.nsIClassInfo;
> +
> +// NetworkPoliciesPolicyConnection & NetworkPoliciesPolicy are not directly instantiated. They are used as interfaces.
I don't understand this sentence. Please clarify. And also please wrap at 79 characters.
@@ +50,5 @@
> +
> +NetworkPoliciesPolicyConnection.prototype = {
> + get connectionType() {
> + return this._connectionType;
> + },
These getters and setters are not necessary. Please remove them.
@@ +160,5 @@
> + __proto__: DOMRequestIpcHelper.prototype,
> +
> + get connectionTypes() {
> + debug("get connectionTypes");
> + if(this.hasPrivileges) {
Nit: space between `if` and parenthesis. Please address this here and everywhere else.
@@ +170,5 @@
> +
> + get defaultPolicyName() {
> + debug("get defaultPolicyName: " + JSON.stringify(NetworkPoliciesService.defaultPolicyName));
> + if(this.hasPrivileges) {
> + return cpmm.sendSyncMessage("NetworkPolicies:GetDefaultPolicyName")[0];
Better: bail out early style for every method here:
if (!this.hasPrivileges) {
throw Components.results.NS_ERROR_NOT_IMPLEMENTED;
}
and even better: make this a helper method that you just invoke at the top of every public method.
@@ +226,5 @@
> + debug("firing success: " + JSON.stringify(_policy));
> + Services.DOMRequest.fireSuccess(req, _policy);
> + } else {
> + let _policies = [];
> + for(let _policy in msg.policies) {
Why the leading underscores? Remove, please. (Here and everywhere else, please.)
@@ +264,5 @@
> + this.initHelper(aWindow, ["NetworkPolicies:Get:Return:OK", "NetworkPolicies:Get:Return:KO",
> + "NetworkPolicies:Set:Return:OK", "NetworkPolicies:Set:Return:KO"]);
> +
> + let principal = aWindow.document.nodePrincipal;
> + let secMan = Cc["@mozilla.org/scriptsecuritymanager;1"].getService(Ci.nsIScriptSecurityManager);
Please use `Services.scriptSecurityManager`.
::: dom/network/src/NetworkPoliciesService.jsm
@@ +83,5 @@
> + free: function free() {
> + debug("NetworkPoliciesCache: free");
> + debug(JSON.stringify(this.policiesCache));
> +
> + let time = new Date().getTime();
let time = Date.now();
@@ +85,5 @@
> + debug(JSON.stringify(this.policiesCache));
> +
> + let time = new Date().getTime();
> + debug("NetworkPoliciesCache: Free time threshold: " + time);
> + let alfa = 0;
What is "alfa" supposed to mean?
@@ +129,5 @@
> + this.messages.forEach(function(msgName) {
> + ppmm.addMessageListener(msgName, this);
> + }, this);
> +
> + var idbManager = Components.classes["@mozilla.org/dom/indexeddb/manager;1"].getService(Ci.nsIIndexedDatabaseManager);
Wrap overlong line, please.
@@ +142,5 @@
> + Services.perms.add(Services.io.newURI(aHost, null, null), "networkpolicies-manage",
> + Ci.nsIPermissionManager.ALLOW_ACTION);
> + });
> + } catch(e) { debug(e); }
> +*/
Um, no commented code in patches, please.
@@ +224,5 @@
> + if(typeof(_policy) != "object") {
> + aErrorMsg = "Policy shall be a NetworkPoliciesPolicy object";
> + }
> + if(aErrorMsg != "") {
> + ppmm.sendAsyncMessage("NetworkPolicies:Set:Return:KO", { id: msg.id, errorMsg: aErrorMsg });
Don't broadcast the response to all content processes, please. Use message.target instead. (See e.g. bug 777202 for an example.)
@@ +236,5 @@
> +
> + // Update cache
> + NetworkPoliciesCache.write(_policy.app, _policy);
> + }.bind(this),
> + function(aErrorMsg) { ppmm.sendAsyncMessage("NetworkPolicies:Set:Return:KO", { id: msg.id, errorMsg: aErrorMsg }); }
The (..., successCb, errorCB) signature pattern in your DB methods makes for some really ugly code here in the consumers. I would suggest going to a single callback with the signature (error, result) (also known as the node.js convention.) Then your DB calls can look like this:
this._db.addPolicy(_policy, function (error, result) {
if (error) {
// notify error, etc.
return;
}
// handle success case, etc.
});
That's much cleaner and easier to read than passing two function expressions as parameters.
@@ +249,5 @@
> +
> + // TODO: Validate input data
> + if(typeof(_appName) != "string") {
> + aErrorMsg = "Application name shall be a string";
> + }_appName
?!?
Attachment #652416 -
Attachment is obsolete: false
Comment 35•12 years ago
|
||
Comment on attachment 652416 [details] [diff] [review]
WIP v5 - JavaScript implementation of mozNetworkPolicies
Sorry, I had started reviewing this (v5) while v6 was uploaded.
Attachment #652416 -
Attachment is obsolete: true
Comment 36•12 years ago
|
||
Comment on attachment 652721 [details] [diff] [review]
WIP v6 - JavaScript implementation of mozNetworkPolicies
Please see my review comments for v5.
Attachment #652721 -
Flags: feedback?(philipp)
Comment 37•12 years ago
|
||
Thank you Philipp. Now I'm working on this changes, anyway I would like to ask a couple of points:
(In reply to Philipp von Weitershausen [:philikon] from comment #34)
> Comment on attachment 652416 [details] [diff] [review]
> WIP v5 - JavaScript implementation of mozNetworkPolicies
>
> Review of attachment 652416 [details] [diff] [review]:
> -----------------------------------------------------------------
> @@ +85,5 @@
> > + debug(JSON.stringify(this.policiesCache));
> > +
> > + let time = new Date().getTime();
> > + debug("NetworkPoliciesCache: Free time threshold: " + time);
> > + let alfa = 0;
>
> What is "alfa" supposed to mean?
>
Is a cache invalidator factor, I renamed it ;)
>
> @@ +236,5 @@
> > +
> > + // Update cache
> > + NetworkPoliciesCache.write(_policy.app, _policy);
> > + }.bind(this),
> > + function(aErrorMsg) { ppmm.sendAsyncMessage("NetworkPolicies:Set:Return:KO", { id: msg.id, errorMsg: aErrorMsg }); }
>
> The (..., successCb, errorCB) signature pattern in your DB methods makes for
> some really ugly code here in the consumers. I would suggest going to a
> single callback with the signature (error, result) (also known as the
> node.js convention.) Then your DB calls can look like this:
>
> this._db.addPolicy(_policy, function (error, result) {
> if (error) {
> // notify error, etc.
> return;
> }
> // handle success case, etc.
> });
>
> That's much cleaner and easier to read than passing two function expressions
> as parameters.
>
We don't like this "2 callbacks" way but the indexedDb requires different callback functions ... :(
Comment 38•12 years ago
|
||
Applied v6 feedback suggestions.
Attachment #652721 -
Attachment is obsolete: true
Attachment #653675 -
Flags: feedback?(philipp)
Updated•12 years ago
|
Attachment #653675 -
Flags: feedback?(philipp) → review?(philipp)
Updated•12 years ago
|
Assignee: frsela → nobody
Component: Nanojit → Networking
Updated•12 years ago
|
Assignee: nobody → frsela
Comment 39•12 years ago
|
||
(In reply to Fernando R. Sela from comment #37)
> We don't like this "2 callbacks" way but the indexedDb requires different
> callback functions ... :(
Huh? IndexedDBHelper.prototype.newTxn() might, but that's no reason for your database's interface to do the same. E.g.:
newTransaction: newTransaction(txn_type, callback, txnCb) {
function successCb(result) {
txnCb(null, result);
}
function errorCb(error) {
txnCb(error, null);
}
return this.newTxn(txn_type, callback, successCb, errorCb);
},
We could even add this variant (perhaps under a better name) to IndexedDBHelper.
Comment 40•12 years ago
|
||
Rebased & only 1 callback for DB operations.
Attachment #653675 -
Attachment is obsolete: true
Attachment #653675 -
Flags: review?(philipp)
Attachment #656522 -
Flags: review?(philipp)
Comment 41•12 years ago
|
||
I will have to de-prioritize the review for this since it's not a basecamp blocker anymore.
Comment 42•12 years ago
|
||
Comment on attachment 656522 [details] [diff] [review]
JavaScript implementation of mozNetworkPolicies - V8
Review of attachment 656522 [details] [diff] [review]:
-----------------------------------------------------------------
This patch seems to be missing a bunch of files.
Attachment #656522 -
Flags: review?(philipp)
Comment 43•12 years ago
|
||
Sorry, now it's complete.
Attachment #656522 -
Attachment is obsolete: true
Attachment #657224 -
Flags: review?(philipp)
Comment 44•12 years ago
|
||
Comment on attachment 657224 [details] [diff] [review]
JavaScript implementation of mozNetworkPolicies - V8.1
Removing this from my review queue since it's not a basecamp blocker. Let's come back to this after v1.
Attachment #657224 -
Flags: review?(philipp)
Comment on attachment 652720 [details] [diff] [review]
IDLs - V4
Review of attachment 652720 [details] [diff] [review]:
-----------------------------------------------------------------
Same as philikon.
Attachment #652720 -
Flags: review?(jonas)
Reporter | ||
Comment 46•12 years ago
|
||
Important content use case (content doesn't throttle itself), gives us advantage over competition.
Whiteboard: [tech-p2]
Reporter | ||
Updated•12 years ago
|
Blocks: b2g-v-next
Assignee | ||
Comment 47•11 years ago
|
||
Hi Fernando,
will you still work on this bug after the network per-app metering in done?
because there have already some progress in network per-app metering (bug 784575, bug 746073, ..etc)
and network per-app policies is likely the following bug.
another thing, since there is a work for usage alarm for new version of NetworkStats API (bug 858005)
do you think there is any duplicated/analogue function between this bug and that?
That is, it this API still suitable to be created independently?
Need your feedback! Thanks :)
Flags: needinfo?(frsela)
Comment 48•11 years ago
|
||
(In reply to John Shih from comment #47)
> Hi Fernando,
> will you still work on this bug after the network per-app metering in done?
> because there have already some progress in network per-app metering (bug
> 784575, bug 746073, ..etc)
> and network per-app policies is likely the following bug.
>
> another thing, since there is a work for usage alarm for new version of
> NetworkStats API (bug 858005)
> do you think there is any duplicated/analogue function between this bug and
> that?
> That is, it this API still suitable to be created independently?
>
> Need your feedback! Thanks :)
Hi John,
Yes, Albert informed me about these advanced in related bugs so will be great to resume the works on this bug.
Currently I'm working in some urgent issues but I would like to work on this too. If this is really urgent I can assign another guy of my team to work on this.
Which is the expected delivery date? :p
Flags: needinfo?(frsela)
Assignee | ||
Comment 49•11 years ago
|
||
(In reply to Fernando R. Sela (no CC, needinfo please) [:frsela] from comment #48)
> (In reply to John Shih from comment #47)
> > Hi Fernando,
> > will you still work on this bug after the network per-app metering in done?
> > because there have already some progress in network per-app metering (bug
> > 784575, bug 746073, ..etc)
> > and network per-app policies is likely the following bug.
> >
> > another thing, since there is a work for usage alarm for new version of
> > NetworkStats API (bug 858005)
> > do you think there is any duplicated/analogue function between this bug and
> > that?
> > That is, it this API still suitable to be created independently?
> >
> > Need your feedback! Thanks :)
>
> Hi John,
>
> Yes, Albert informed me about these advanced in related bugs so will be
> great to resume the works on this bug.
>
> Currently I'm working in some urgent issues but I would like to work on this
> too. If this is really urgent I can assign another guy of my team to work on
> this.
>
> Which is the expected delivery date? :p
it's definitely great to know that you can still get back on this work!
and I think it won't be that urgent so you don't have to worry about that ;)
so basically I'll working on the network part which is previously owned by Patrick
and there are going to have some discussion on implementation detail about it.
I'll make sure you can know about the progress and also may need your feedback on
API part.
it's my precious to work with you! I'm looking forward it :)
Comment 50•11 years ago
|
||
(In reply to John Shih from comment #49)
> (In reply to Fernando R. Sela (no CC, needinfo please) [:frsela] from
> comment #48)
> > (In reply to John Shih from comment #47)
> > > Hi Fernando,
> > > will you still work on this bug after the network per-app metering in done?
> > > because there have already some progress in network per-app metering (bug
> > > 784575, bug 746073, ..etc)
> > > and network per-app policies is likely the following bug.
> > >
> > > another thing, since there is a work for usage alarm for new version of
> > > NetworkStats API (bug 858005)
> > > do you think there is any duplicated/analogue function between this bug and
> > > that?
> > > That is, it this API still suitable to be created independently?
> > >
> > > Need your feedback! Thanks :)
> >
> > Hi John,
> >
> > Yes, Albert informed me about these advanced in related bugs so will be
> > great to resume the works on this bug.
> >
> > Currently I'm working in some urgent issues but I would like to work on this
> > too. If this is really urgent I can assign another guy of my team to work on
> > this.
> >
> > Which is the expected delivery date? :p
>
> it's definitely great to know that you can still get back on this work!
> and I think it won't be that urgent so you don't have to worry about that ;)
>
> so basically I'll working on the network part which is previously owned by
> Patrick
> and there are going to have some discussion on implementation detail about
> it.
>
> I'll make sure you can know about the progress and also may need your
> feedback on
> API part.
>
> it's my precious to work with you! I'm looking forward it :)
Great !
So as soon as I finish one urgent work, I'll re-study this bug to remember all the details ;)
We'll be in touch.
Assignee | ||
Comment 51•11 years ago
|
||
Hi Fernando,
It has been a while since our last contact! Recently, I just finished my previous work and was trying to find some new works to do. Then, this bug, which greatly matches my knowledge and my team, comes to my mind. If you don't mind, I'd like to take this bug and start to work on new API proposal (based on the existing one). Not sure if you can agree with that.
Thanks!
Comment 52•11 years ago
|
||
(In reply to John Shih from comment #51)
> Hi Fernando,
>
> It has been a while since our last contact! Recently, I just finished my
> previous work and was trying to find some new works to do. Then, this bug,
> which greatly matches my knowledge and my team, comes to my mind. If you
> don't mind, I'd like to take this bug and start to work on new API proposal
> (based on the existing one). Not sure if you can agree with that.
>
> Thanks!
Hi John,
Thank you for your interest in this ;)
Highest priorities in this project moved me to other topics so this bug hadn't been changed in a time :(
I'm not against new proposals. The current patch proposed a simple network policy management but I'm happy to see new ones ;)
In my team started to rebase it but we can leave it to you; we'll help in our possibilities
Regards.
Flags: needinfo?(frsela)
Assignee | ||
Comment 53•11 years ago
|
||
(In reply to Fernando R. Sela (no CC, needinfo please) [:frsela] from comment #52)
> (In reply to John Shih from comment #51)
> > Hi Fernando,
> >
> > It has been a while since our last contact! Recently, I just finished my
> > previous work and was trying to find some new works to do. Then, this bug,
> > which greatly matches my knowledge and my team, comes to my mind. If you
> > don't mind, I'd like to take this bug and start to work on new API proposal
> > (based on the existing one). Not sure if you can agree with that.
> >
> > Thanks!
>
> Hi John,
>
> Thank you for your interest in this ;)
>
> Highest priorities in this project moved me to other topics so this bug
> hadn't been changed in a time :(
>
> I'm not against new proposals. The current patch proposed a simple network
> policy management but I'm happy to see new ones ;)
>
> In my team started to rebase it but we can leave it to you; we'll help in
> our possibilities
>
> Regards.
Thanks for your response! I'll start to work on the proposal on a basis of the existing one. It definitely needs your feedback then ;)
Assignee: frsela → jshih
Updated•11 years ago
|
blocking-b2g: --- → backlog
Updated•10 years ago
|
blocking-b2g: backlog → ---
tracking-b2g:
--- → backlog
Updated•9 years ago
|
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•