Closed Bug 1220045 Opened 9 years ago Closed 7 years ago

Remove permissions from manifest, Nsec package still can use sensitive API

Categories

(Firefox OS Graveyard :: Infrastructure, defect, P2)

Product:
Firefox OS Graveyard
Component:
Infrastructure
Platform:
ARM
Gonk (Firefox OS)
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: mlien, Assigned: arroway)

References

Details

[Reproduce Steps]
1. Enable two preferences "network.http.enable-packaged-apps" and "network.http.signed-packages.enabled"
2. Set "network.http.signed-packages.trusted-root" to "http://people.mozilla.org/~mlien/"
3. Navigate to "http://people.mozilla.org/~mlien/recorder_no_permission.pak!//index.html"

[Expected Result]
Cannot use sensitive API

[Actual Result]
Still can use sensitive API

[Build Information]
Build ID               20151030012907
Gaia Revision          91cac94948094cfdcd00cba5c6483e27e80cb3b0
Gaia Date              2015-10-28 20:32:15
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/b41b92c09fcf94d077a54297aea1dc675b161a9d
Gecko Version          45.0a1
Device Name            aries
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20151030.004657
Firmware Date          Fri Oct 30 00:47:05 UTC 2015
Bootloader             s1

[Reproduce Rate]
100%
QA Whiteboard: [COM=NSec]
We should test this bug from the scratch after bug 1178526 is resolved.
Depends on: 1178526
Priority: -- → P1
See Also: → 1219594
verify again with the latest build, even bug 1178526 is fixed but package still be able to use sensitive APIs even no permission in manifest

Build Information:
Build ID               20151118043538
Gaia Revision          28d63cf3bdc4417f7ad8cab2230f096bf9f6d3b5
Gaia Date              2015-11-17 07:35:12
Gecko Revision         https://hg.mozilla.org/mozilla-central/rev/eb3016abd37db2e6a6d923265047e84b12c0af61
Gecko Version          45.0a1
Device Name            aries
Firmware(Release)      4.4.2
Firmware(Incremental)  eng.worker.20151118.035413
Firmware Date          Wed Nov 18 03:54:21 UTC 2015
Bootloader             s1
This bug is critical. Henry, could you help investigate this bug? Or anyone you can recommend?
Flags: needinfo?(hchang)
Actually I pointed this bug out like two months ago but just no one to fix it. The cause is we don't remove permissions while registering new ones.
Flags: needinfo?(hchang)
(In reply to Henry Chang [:henry] from comment #4)
> Actually I pointed this bug out like two months ago but just no one to fix
> it. The cause is we don't remove permissions while registering new ones.

Discussed with Henry offline.
This bug is not really so critical since the reproduction scenario is not a common use case.
(We don't remove privileged permissions from an app/package quite often).

Let us lower the priority of this bug.


Meanwhile, Steph, could you provide a direction on how to resolve this issue?
(Henry told me that you are familiar with this part of codes).
Flags: needinfo?(stephouillon)
Priority: P1 → P2
(In reply to Henry Chang [:henry] from comment #6)
> audio-capture is allowed for all kinds of apps.
> 
> https://dxr.mozilla.org/mozilla-central/source/dom/apps/PermissionsTable.
> jsm#363

If that means manifest's permission declaration doesn't affect any permission check?
I don't know what it's suppose to be for web-app-allowed permission :( but I am sure for privileged permission the manifest matters
I guess the answer is yes for web-app-allowed permission. For example, google maps doesn't have any manifest but it can still have geolocation permission.
Assignee: nobody → stephouillon
Flags: needinfo?(stephouillon)
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.