Closed
Bug 1046941
Opened 10 years ago
Closed 10 years ago
Disable downloads and extension installs in guest mode
Categories
(Firefox for Android Graveyard :: General, defect)
Tracking
(firefox34 ?, firefox35 affected, firefox36 verified, fennec34+)
VERIFIED
FIXED
Firefox 36
People
(Reporter: wesj, Assigned: wesj)
References
Details
Attachments
(3 files)
|
1.05 KB,
patch
|
Margaret
:
review+
|
Details | Diff | Splinter Review |
|
3.56 KB,
patch
|
Margaret
:
review+
|
Details | Diff | Splinter Review |
|
3.71 KB,
patch
|
mfinkle
:
review+
|
Details | Diff | Splinter Review |
With the lockscreen widget, I don't think if we should allow you to download anything (or install extensions that could do malicious things) when you're in Guest mode.
I'm not sure if this lockscreen guest mode is different than normal guest mode or not in that sense though...
|
||
Updated•10 years ago
|
Assignee: nobody → wjohnston
tracking-fennec: ? → 34+
|
Assignee | |
Comment 2•10 years ago
|
||
This is the same thing we do for webapps.
http://mxr.mozilla.org/mozilla-central/source/mobile/android/chrome/content/WebappRT.js#28
Attachment #8471340 -
Flags: review?(margaret.leibovic)
|
|
Assignee | |
Updated•10 years ago
|
Blocks: fennec-lockscreen
|
|
Assignee | |
Comment 3•10 years ago
|
||
Attachment #8471341 -
Flags: review?(margaret.leibovic)
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8471340 [details] [diff] [review]
Patch
Review of attachment 8471340 [details] [diff] [review]:
-----------------------------------------------------------------
::: mobile/android/chrome/content/browser.js
@@ +448,5 @@
>
> if (this._startupStatus)
> this.onAppUpdated();
>
> + if (isGuest) {
I think this needs to be `this.isGuest`.
Did you test this? :)
@@ +452,5 @@
> + if (isGuest) {
> + // Disable extension installs
> + Services.prefs.setIntPref("extensions.enabledScopes", 1);
> + Services.prefs.setIntPref("extensions.autoDisableScopes", 1);
> + Services.prefs.setBoolPref("xpinstall.enabled", false);
I suppose it's fine to have prefs that persist, since they'll be written to the guest profile we're throwing away anyway.
Do we just create a new regular profile for guest mode? Is there any special logic specific to creating guest profiles? If so, maybe it would be better to put this closer to that logic, but I'm not sure if that's possible.
Attachment #8471340 -
Flags: review?(margaret.leibovic) → feedback+
|
|
||
Comment 5•10 years ago
|
||
Comment on attachment 8471341 [details] [diff] [review]
Patch 2 - Disable downloads
Review of attachment 8471341 [details] [diff] [review]:
-----------------------------------------------------------------
Looks good to me. Make sure you get UX review on this toast behavior/string.
::: mobile/android/chrome/content/browser.js
@@ +448,5 @@
>
> if (this._startupStatus)
> this.onAppUpdated();
>
> + if (this.isGuest) {
Oh, heh, you fixed it here.
Attachment #8471341 -
Flags: review?(margaret.leibovic) → review+
|
|
||
Comment 6•10 years ago
|
||
Comment on attachment 8471340 [details] [diff] [review]
Patch
Bumping to r+, since you fixed the issue in the next patch. You can just fold them together when you land.
Attachment #8471340 -
Flags: feedback+ → review+
|
||
Comment 7•10 years ago
|
||
If rely on prefs to block extension installs, you'd better make sure I can't go to about:config in Guest Mode… otherwise I'm just going to turn off your blocks and install my malicious add-on.
I noticed in Bug 1052254 that we should probably have some guest mode short-circuiting in the file analysis code in HelperAppDialog. Linking these two bugs.
|
|
||
Updated•10 years ago
|
Summary: Consider disabling downloads/extensions in guest mode → Disable downloads and extension installs in guest mode
|
|
||
Comment 8•10 years ago
|
||
(In reply to (Away Aug 14-24) Richard Newman [:rnewman] from comment #7)
> If rely on prefs to block extension installs, you'd better make sure I can't
> go to about:config in Guest Mode… otherwise I'm just going to turn off your
> blocks and install my malicious add-on.
That is a very good point. Do we have logic in place to block changing prefs in a guest profile? Can we block about:config? We also wouldn't want a malicious person to be able to turn on remote debugging, although hopefully in this lock screen mode the device would block USB debugging.
|
|
||
Comment 9•10 years ago
|
||
(In reply to :Margaret Leibovic from comment #8)
> Can we block about:config?
That's why I suggested blocking about: pages in Bug 1052254.
|
|
Assignee | |
Comment 10•10 years ago
|
||
https://hg.mozilla.org/integration/fx-team/rev/12e582732409
I'm going to file a follow up for doing this extension blocking more robustly (and with some better error reporting).
|
||
Comment 11•10 years ago
|
||
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 34
|
||
Updated•10 years ago
|
Flags: qe-verify+
|
||
Comment 12•10 years ago
|
||
Verified as fixed in builds:
Firefox for Android 34.0a2 (2014-09-29)
Firefox for Android 35.a01 (2014-09-29)
Device: Nexus 4 Android 4.4.4
|
||
Comment 13•10 years ago
|
||
I just installed LastPass using the lockscreen/guest-mode. From the homescreen, I clicked on Add-ons, then installed LastPass. The browser restarted, and I went to about:support and saw that LastPass was installed and enabled.
Flags: needinfo?(wjohnston)
|
|
||
Comment 14•10 years ago
|
||
But then when I exit guest mode, the extension is no longer listed. Are we sandboxing extension installs?
|
|
||
Comment 15•10 years ago
|
||
The guest profile is deleted when you exit guest mode, along with its add-ons.
|
|
||
Comment 16•10 years ago
|
||
(In reply to Richard Newman [:rnewman] from comment #15)
> The guest profile is deleted when you exit guest mode, along with its
> add-ons.
So the bug summary (disable ... extension installs in Guest Mode) is a bit misleading. They're not truly disabled, they just don't live past exiting guest mode. Was this intentional, or did we want to actually block installation of them in guest mode too?
|
|
||
Comment 17•10 years ago
|
||
They're *supposed* to be blocked, so this bug is not resolved. I just reproduced in current Nightly 35.
Wes, would you rather reopen this or file another bug?
|
|
Assignee | |
Comment 18•10 years ago
|
||
Reopen is fine. They should be blocked. Something is up... maybe RestrictedProfiles broke this.
Flags: needinfo?(wjohnston)
|
|
||
Comment 19•10 years ago
|
||
See also Bug 1077706, which would help avoid the temptation!
Status: VERIFIED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 20•10 years ago
|
||
On Aurora (2014-10-05), when I try to download a file in gust mode 'Downloads are disabled in guest mode' toast notification is displayed. When I tap on 'Add to Firefox' for installing an add-on, nothing happens, the add-on is not downloaded.
Nightly (2014-09-30) has the same behavior.
Regression window:
Last good: 2014-09-30
First bad: 2014-10-01
Pushlog: https://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=7c24470b6b3a&tochange=14665b1de5ee
|
|
Assignee | |
Comment 21•10 years ago
|
||
Spelling error. I also renamed the java restriction so that we were at least consistent between the two. Happy to go the other way if you want.
Attachment #8502066 -
Flags: review?(mark.finkle)
|
||
Updated•10 years ago
|
Attachment #8502066 -
Flags: review?(mark.finkle) → review+
|
|
||
Comment 22•10 years ago
|
||
Comment on attachment 8502066 [details] [diff] [review]
Patch
Review of attachment 8502066 [details] [diff] [review]:
-----------------------------------------------------------------
::: mobile/android/chrome/content/browser.js
@@ +464,5 @@
>
> if (this._startupStatus)
> this.onAppUpdated();
>
> + if (!ParentalControls.isAllowed(ParentalControls.INSTALL_EXTENSION)) {
Should http://mxr.mozilla.org/mozilla-central/source/mobile/android/base/RestrictedProfiles.java?rev=be045ef85f3f#147 fail if it is passed 0 (or whatever the undefined ENUM value is)? Line 152 looks like it silently says that it is allowed.
|
|
||
Comment 23•10 years ago
|
||
(In reply to Jared Wein [:jaws] (please needinfo? me) from comment #22)
I filed https://bugzilla.mozilla.org/show_bug.cgi?id=1080304 for this.
|
|
Assignee | |
Comment 24•10 years ago
|
||
|
||
Comment 25•10 years ago
|
||
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → FIXED
|
|
||
Updated•10 years ago
|
Target Milestone: Firefox 34 → Firefox 36
|
||
Comment 26•10 years ago
|
||
Verified as fixed in build 36.0a1 (2014-11-19);
Device: Nexus 4 (Android 4.4.4).
status-firefox36:
--- → verified
|
||
Updated•6 years ago
|
Status: RESOLVED → VERIFIED
Flags: qe-verify+
|
||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•