Commit c661e5c8 authored by anonym's avatar anonym
Browse files

Merge remote-tracking branch...

Merge remote-tracking branch 'origin/feature/9285-no-external-applications-in-tor-browser' into devel

Fix-committed: #9285
parents b0a2d99d 016d478f
......@@ -97,3 +97,8 @@ pref("browser.search.geoSpecificDefaults", false);
// Without setting this, the Download Management page will not update
// the progress being made.
pref("browser.download.panel.shown", true);
// Given our AppArmor sandboxing, Tor Browser will not be allowed to
// open external applications, so let's not offer the option to the user,
// and instead only propose them to save downloaded files.
pref("browser.download.forbid_open_with", true);
......@@ -96,7 +96,7 @@
/etc/mailcap r,
/etc/mime.types r,
@@ -74,6 +87,31 @@
@@ -74,6 +87,30 @@
/sys/devices/pci[0-9]*/**/uevent r,
owner /{dev,run}/shm/shmfd-* rw,
......@@ -108,7 +108,6 @@
+ deny /usr/bin/pulseaudio x,
+
+ /usr/local/lib/tor-browser/firefox Pix,
+ /usr/bin/seahorse-tool Ux,
+
+ # Grant access to assistive technologies
+ # (otherwise, Firefox crashes when Orca is enabled:
......@@ -128,7 +127,7 @@
# KDE 4
owner @{HOME}/.kde/share/config/* r,
@@ -81,5 +119,10 @@
@@ -81,5 +118,10 @@
/etc/xfce4/defaults.list r,
/usr/share/xfce4/applications/ r,
......
......@@ -159,3 +159,26 @@ Then /^the (.*) runs as the expected user$/ do |browser|
"pgrep --uid #{info[:user]} --full --exact '#{info[:cmd_regex]}'"),
"The #{browser} is not running as the #{info[:user]} user")
end
When /^I download some file in the Tor Browser$/ do
@some_file = 'tails-signing.key'
some_url = "https://tails.boum.org/#{@some_file}"
step "I open the address \"#{some_url}\" in the Tor Browser"
end
Then /^I get the browser download dialog$/ do
@screen.wait('BrowserDownloadDialog.png', 60)
@screen.wait('BrowserDownloadDialogSaveAsButton.png', 10)
end
When /^I save the file to the default Tor Browser download directory$/ do
@screen.click('BrowserDownloadDialogSaveAsButton.png')
@screen.wait('BrowserDownloadFileToDialog.png', 10)
@screen.type(Sikuli::Key.ENTER)
end
Then /^the file is saved to the default Tor Browser download directory$/ do
assert_not_nil(@some_file)
expected_path = "/home/#{LIVE_USER}/Tor Browser/#{@some_file}"
try_for(10) { $vm.file_exist?(expected_path) }
end
......@@ -824,10 +824,6 @@ When /^I can print the current page as "([^"]+[.]pdf)" to the (default downloads
}
end
When /^I accept to import the key with Seahorse$/ do
@screen.wait_and_click("TorBrowserOkButton.png", 10)
end
Given /^a web server is running on the LAN$/ do
web_server_ip_addr = $vmnet.bridge_ip_addr
web_server_port = 8000
......
......@@ -28,14 +28,14 @@ Feature: Browsing the web using the Tor Browser
And I can print the current page as "output.pdf" to the default downloads directory
@check_tor_leaks @fragile
Scenario: Importing an OpenPGP key from a website
Scenario: Downloading files with the Tor Browser
Given I have started Tails from DVD and logged in and the network is connected
When I start the Tor Browser
And the Tor Browser has started and loaded the startup page
And I open the address "https://tails.boum.org/tails-signing.key" in the Tor Browser
Then I see "OpenWithImportKey.png" after at most 20 seconds
When I accept to import the key with Seahorse
Then I see "KeyImportedNotification.png" after at most 10 seconds
Then the Tor Browser has started and loaded the startup page
When I download some file in the Tor Browser
Then I get the browser download dialog
When I save the file to the default Tor Browser download directory
Then the file is saved to the default Tor Browser download directory
@check_tor_leaks @fragile
Scenario: Playing HTML5 audio
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment