Last Comment Bug 755551 - Allow whitelist configuration for what plugins can and cannot be ran within a gecko-based application
: Allow whitelist configuration for what plugins can and cannot be ran within a...
Status: VERIFIED FIXED
[Desktop WebRT], [qa!], [blocking-web...
:
Product: Core
Classification: Components
Component: Plug-ins (show other bugs)
: 15 Branch
: All All
: -- normal (vote)
: mozilla16
Assigned To: John Schoenick [:johns]
:
:
Mentors:
Depends on:
Blocks: 755554 768521
  Show dependency treegraph
 
Reported: 2012-05-15 15:43 PDT by Jason Smith [:jsmith]
Modified: 2015-02-17 11:42 PST (History)
14 users (show)
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---
+
-


Attachments
Implement plugin.allowed_types whitelist (4.90 KB, patch)
2012-07-02 14:11 PDT, John Schoenick [:johns]
jaas: review+
john: checkin+
Details | Diff | Splinter Review
Followup, check if the preference has a value, not necessarily a user value (722 bytes, patch)
2012-07-09 17:34 PDT, John Schoenick [:johns]
no flags Details | Diff | Splinter Review
Followup, check if the preference has a value, not necessarily a user value (1.60 KB, patch)
2012-07-09 18:41 PDT, John Schoenick [:johns]
jaas: review+
john: checkin+
Details | Diff | Splinter Review

Description Jason Smith [:jsmith] 2012-05-15 15:43:26 PDT
The desktop web runtime needs the ability to configure the underlying core to only allow versions of flash to run within the runtime. All other plugins are planned to not be allowed within the runtime, although we should be ready to evolve and change quickly if we discover later down the line that we need to enable other plugins.

The implementation I heard discussed in today's apps meeting considered configuring a whitelist of the plugins that are allowed to run.

This is needed for the first release of the desktop web runtime (Fx 15).
Comment 1 John Schoenick [:johns] 2012-05-29 09:06:01 PDT
I can look into this, it shouldn't be very difficult
Comment 2 Jason Smith [:jsmith] 2012-06-11 00:56:08 PDT
Nominating for k9o - this is needed for the desktop web runtime to only enable flash in the runtime.
Comment 3 Brad Lassey [:blassey] (use needinfo?) 2012-06-11 13:21:16 PDT
jst, this has been called out as the correct implementation for bug 755554, can you confirm?
Comment 4 John Schoenick [:johns] 2012-07-02 14:11:46 PDT
Created attachment 638498 [details] [diff] [review]
Implement plugin.allowed_types whitelist

This adds plugin.allowed_types, which limits what MIME types plugins can claim (comma separated)

Right now it does not completely suppress (mark invalid) plugins that claim no valid types -- they'll be in the plugin registry, but will not be associated with any types or suffixes. We could suppress these, but that would mean that modifying this pref would require deleting pluginreg.dat
Comment 5 Jason Smith [:jsmith] 2012-07-03 12:05:44 PDT
Flagging for tracking FF 16 - we need this for desktop web runtime 1st release
Comment 6 John Schoenick [:johns] 2012-07-03 16:28:02 PDT
Comment on attachment 638498 [details] [diff] [review]
Implement plugin.allowed_types whitelist

Note that the 'IsTypeInPrefList' helper duplicates some nsPluginTag::RegisterWithCategoryManager code, which goes away with a patch on bug 751237 (it just makes sense to land this first)
Comment 7 :Gavin Sharp [email: gavin@gavinsharp.com] 2012-07-07 09:48:02 PDT
Comment on attachment 638498 [details] [diff] [review]
Implement plugin.allowed_types whitelist

>diff --git a/dom/plugins/base/nsPluginHost.cpp b/dom/plugins/base/nsPluginHost.cpp

>+nsPluginHost::IsTypeWhitelisted(const char *aMimeType)
>+{
>+  if (!Preferences::HasUserValue(kPrefWhitelist)) {
>+    return true;

This will mean that a default value of the preference won't be effective - isn't that what we need for bug 755554?
Comment 8 Ryan VanderMeulen [:RyanVM] 2012-07-07 12:00:41 PDT
https://hg.mozilla.org/mozilla-central/rev/b6488e90d566
Comment 9 John Schoenick [:johns] 2012-07-09 17:34:21 PDT
Created attachment 640453 [details] [diff] [review]
Followup, check if the preference has a value, not necessarily a user value
Comment 10 John Schoenick [:johns] 2012-07-09 17:36:16 PDT
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #7)
> This will mean that a default value of the preference won't be effective -
> isn't that what we need for bug 755554?

Bah, I intended that the whitelist not be enforced if it was empty, but clearly HasUserValue is not going to work if we're giving it defaults.
Comment 11 :Gavin Sharp [email: gavin@gavinsharp.com] 2012-07-09 17:39:40 PDT
Comment on attachment 640453 [details] [diff] [review]
Followup, check if the preference has a value, not necessarily a user value

Why not just put the pref check in IsTypeInPrefList() itself, since it's already reading the pref anyways?
Comment 12 John Schoenick [:johns] 2012-07-09 18:41:42 PDT
Created attachment 640476 [details] [diff] [review]
Followup, check if the preference has a value, not necessarily a user value
Comment 13 John Schoenick [:johns] 2012-07-09 18:45:17 PDT
(In reply to :Gavin Sharp (use gavin@gavinsharp.com for email) from comment #11)
> Comment on attachment 640453 [details] [diff] [review]
> Followup, check if the preference has a value, not necessarily a user value
> 
> Why not just put the pref check in IsTypeInPrefList() itself, since it's
> already reading the pref anyways?

IsTypeInPrefList is a helper to deduplicate code between this and the category manager changes in bug 751237, where we don't want to return true if the pref is empty. I can change it to just move the GetString call out of the helper for simplicity
Comment 15 Ed Morley [:emorley] 2012-07-11 09:33:07 PDT
https://hg.mozilla.org/mozilla-central/rev/686cf6e6ed4b
Comment 16 Reuben Morais [:reuben] 2012-07-15 13:47:47 PDT
Should bugs be filed blocking this if we want to add other plugins to the whitelist? Silverlight for Netflix, for example.
Comment 17 John Schoenick [:johns] 2012-07-15 15:26:27 PDT
(In reply to Reuben Morais [:reuben] from comment #16)
> Should bugs be filed blocking this if we want to add other plugins to the
> whitelist? Silverlight for Netflix, for example.

Enabling the whitelist in webrt was done in bug 755554, so that may be a better target
Comment 18 Jason Smith [:jsmith] 2012-07-16 10:45:38 PDT
Verified through testing of bug 755554 for Win 7, OS X 10.7, and Ubuntu 12.
Comment 19 (not reading bugmail) Nick Desaulniers [:\n] 2015-02-17 11:41:20 PST
It seems like this bug missed the daily check for updates and is the cause of https://bugzilla.mozilla.org/show_bug.cgi?id=768521?

Note You need to log in before you can comment on or make changes to this bug.