Closed Bug 1280237 Opened 5 years ago Closed 3 years ago

Implement chrome.management.install

Categories

(WebExtensions :: General, enhancement, P5)

enhancement

Tracking

(Not tracked)

RESOLVED WONTFIX
Blocking Flags:
webextensions ?

People

(Reporter: andy+bugzilla, Unassigned)

References

(Blocks 1 open bug)

Details

(Keywords: sec-want, Whiteboard: [management] triaged)

Attachments

(3 files)

So that an add-on can install another add-on, which will support bug 1280233.

This API doesn't exist in Chrome and we might need to think about security here, although non WebExtension add-ons can already do this.
rhelmer made the good point that we might need the install. Testpilot is requesting access to the install flow that AMO has, if that's the case we can use that API and not worry about having this as an API.
Priority: -- → P4
Whiteboard: [management] → [management] triaged
Blocks: 1282979
I'm not sure I understand what's being said in comment #1, above. rhelmer, can you elaborate/elucidate?
Flags: needinfo?(rhelmer)
(In reply to Bob Silverberg [:bsilverberg] from comment #2)
> I'm not sure I understand what's being said in comment #1, above. rhelmer,
> can you elaborate/elucidate?

Pretty sure we were talking about exposing the AddonManager install API to testpilot.m.o via WebIDL instead of providing this as an API to add-ons. What the current TestPilot extension does (as I understand it) is just make it so the "on/off" install/uninstall toggles on testpilot.mozilla.org work, which we can do more directly.

I would like to avoid exposing an API like this to extensions if at all possible, it should be something we don't allow without some kind of special permission if we do need it.
Flags: needinfo?(rhelmer)
Based on the above, I think we can close this. Feel free to re-open if a case comes up in which we need this.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → WONTFIX
https://addons.mozilla.org/firefox/addon/github-extension-installer/ and https://addons.mozilla.org/firefox/addon/chrome-store-foxified/ needs this api. It can be an interface that allows the user to confirm the installation or temporary loading. For security measures, I don't have a good idea.

In addition, if this is evaluated and implemented, I guess bug 1295324 will no longer be an obstacle to allowing extensions run scripts on privileged AMO pages (replace privileged interface).
Severity: normal → enhancement
Status: RESOLVED → REOPENED
webextensions: --- → ?
Keywords: sec-want
Priority: P4 → --
Resolution: WONTFIX → ---
See Also: → 1369209
Sorry for disturbing, not a real block.
No longer blocks: CVE-2016-9075
I would argue neither of those are great examples, the whole sending to AMO, signing as unlisted and so on is messy to say the least.

Since we've now got permission prompts that users must agree to before an install, I'm more inclined to support this API, still not bought on the use case though.
Priority: -- → P5
Product: Toolkit → WebExtensions
Bulk move of bugs per https://bugzilla.mozilla.org/show_bug.cgi?id=1483958
Component: Untriaged → General

This feature would be really useful allowing implementation of alternative addon managers supporting features don't exist in native FF addon manager.

Is there any plans to implement this feature? What would be likelihood of merging if somebody would submit a patch for this?

I created a patch for this. It isn't complete yet, but currently it allows management.install() to install a WebExtension provided that requesting extension has managementExtensions permission.

I plan to implement preventing installation of addons with managementExtensions permission via this API method to avoid a loophole where two extensions could keep installing each other upon user uninstalling them.

I modified theme-switcher example for testing this patch manually:
https://github.com/ozars/webextensions-examples/tree/b6d0bd0cee6be54100aa93d9f434b28d60d6a426/addon-installer

I would appreciate if you could guide me landing this patch. I'm uploading it to phabricator.

Flags: needinfo?(ddurst)

I think we need to decide whether we allow this at all.

Flags: needinfo?(mconca)

(In reply to Omer Ozarslan from comment #10)

I created a patch for this. It isn't complete yet, but currently it allows management.install() to install a WebExtension provided that requesting extension has managementExtensions permission.

Omer, thank you for the patch. Unfortunately, in the two years since this bug was marked P5, extensions have become an increasingly frequent target for malicious actors. Adding the ability to install an extension via another extension increases the attack surface and raises serious security concerns for Firefox users. Per the WebExtensions policy for new API (see Section II), I am going to deny this patch as too great of a security risk at this time.

I apologize for not catching this and closing it before your patch was submitted.

Status: REOPENED → RESOLVED
Closed: 5 years ago3 years ago
Flags: needinfo?(mconca)
Flags: needinfo?(ddurst)
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.