Closed Bug 1220045 Opened 9 years ago Closed 8 years ago

Remove permissions from manifest, Nsec package still can use sensitive API

Categories

(Firefox OS Graveyard :: Infrastructure, defect, P2)

ARM
Gonk (Firefox OS)
defect

Tracking

(Not tracked)

RESOLVED WONTFIX

People

(Reporter: mlien, Assigned: arroway)

References

Details

[Reproduce Steps] 1. Enable two preferences "network.http.enable-packaged-apps" and "network.http.signed-packages.enabled" 2. Set "network.http.signed-packages.trusted-root" to "http://people.mozilla.org/~mlien/" 3. Navigate to "http://people.mozilla.org/~mlien/recorder_no_permission.pak!//index.html" [Expected Result] Cannot use sensitive API [Actual Result] Still can use sensitive API [Build Information] Build ID 20151030012907 Gaia Revision 91cac94948094cfdcd00cba5c6483e27e80cb3b0 Gaia Date 2015-10-28 20:32:15 Gecko Revision https://hg.mozilla.org/mozilla-central/rev/b41b92c09fcf94d077a54297aea1dc675b161a9d Gecko Version 45.0a1 Device Name aries Firmware(Release) 4.4.2 Firmware(Incremental) eng.worker.20151030.004657 Firmware Date Fri Oct 30 00:47:05 UTC 2015 Bootloader s1 [Reproduce Rate] 100%
QA Whiteboard: [COM=NSec]
We should test this bug from the scratch after bug 1178526 is resolved.
Depends on: 1178526
Priority: -- → P1
See Also: → 1219594
verify again with the latest build, even bug 1178526 is fixed but package still be able to use sensitive APIs even no permission in manifest Build Information: Build ID 20151118043538 Gaia Revision 28d63cf3bdc4417f7ad8cab2230f096bf9f6d3b5 Gaia Date 2015-11-17 07:35:12 Gecko Revision https://hg.mozilla.org/mozilla-central/rev/eb3016abd37db2e6a6d923265047e84b12c0af61 Gecko Version 45.0a1 Device Name aries Firmware(Release) 4.4.2 Firmware(Incremental) eng.worker.20151118.035413 Firmware Date Wed Nov 18 03:54:21 UTC 2015 Bootloader s1
This bug is critical. Henry, could you help investigate this bug? Or anyone you can recommend?
Flags: needinfo?(hchang)
Actually I pointed this bug out like two months ago but just no one to fix it. The cause is we don't remove permissions while registering new ones.
Flags: needinfo?(hchang)
(In reply to Henry Chang [:henry] from comment #4) > Actually I pointed this bug out like two months ago but just no one to fix > it. The cause is we don't remove permissions while registering new ones. Discussed with Henry offline. This bug is not really so critical since the reproduction scenario is not a common use case. (We don't remove privileged permissions from an app/package quite often). Let us lower the priority of this bug. Meanwhile, Steph, could you provide a direction on how to resolve this issue? (Henry told me that you are familiar with this part of codes).
Flags: needinfo?(stephouillon)
Priority: P1 → P2
(In reply to Henry Chang [:henry] from comment #6) > audio-capture is allowed for all kinds of apps. > > https://dxr.mozilla.org/mozilla-central/source/dom/apps/PermissionsTable. > jsm#363 If that means manifest's permission declaration doesn't affect any permission check?
I don't know what it's suppose to be for web-app-allowed permission :( but I am sure for privileged permission the manifest matters
I guess the answer is yes for web-app-allowed permission. For example, google maps doesn't have any manifest but it can still have geolocation permission.
Assignee: nobody → stephouillon
Flags: needinfo?(stephouillon)
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.