1477271 - browser.search API does not require any permissions

Status: RESOLVED FIXED

(WebExtensions :: General, defect, P1)

Description

[Rob Wu [:robwu]]

The browser.search API does currently not require any permissions.

All extension APIs require a permission (unless there is another manifest key that would unlock the API). This serves the following purposes:

- Principle of least privilege - extensions don't unlock functionality unless explicitly requested.

- Auditing - Requiring an entry (permission) in manifest.json makes it easier to analyze the API usage of extensions.

- Consent - If an API is ever deemed too powerful, then a warning can be added to a permission. This warning is optional, an API can require a permission without having a warning.

Comment 1

[David Durst [:ddurst]]

Good catch! Let's fix it. :)

Comment 2

[Rob Wu [:robwu]]

(will be verified by automated tests)

Comment 3

[Rob Wu [:robwu]]

Attachment: Bug 1477271 - Require "search" permission for search API

And re-enable the test_ext_all_apis.html test to ensure that new APIs
are only available by default if the contributor really intents to.

Review commit: https://reviewboard.mozilla.org/r/260552/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/260552/

Comment 4

[Rob Wu [:robwu]]

Note: Kris asked to refactor the test to not require enumerating every API method.

Comment 5

[Andrew Swan [:aswan]]

Comment on attachment 8996472 [details]
Bug 1477271 - Require "search" permission for search API

https://reviewboard.mozilla.org/r/260552/#review267890

I don't understand why test_permissions_have_localization_strings in test_ext_permissions.js didn't fail here?
r=me once we have an explanation for that

Comment 6

[Rob Wu [:robwu]]

Comment on attachment 8996472 [details]
Bug 1477271 - Require "search" permission for search API

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/260552/diff/1-2/

Comment 7

[Rob Wu [:robwu]]

(In reply to Andrew Swan [:aswan] from comment #5)
> Comment on attachment 8996472 [details]
> Bug 1477271 - Require "search" permission for search API
> 
> https://reviewboard.mozilla.org/r/260552/#review267890
> 
> I don't understand why test_permissions_have_localization_strings in
> test_ext_permissions.js didn't fail here?

It does fail. I didn't select the xpcshell test.

I've updated the list of warning-less permisions to include "search" and verified locally that all toolkit extension xpcshell tests pass.

Comment 8

[Pulsebot]

Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/a659bb692003
Require "search" permission for search API r=aswan

Comment 9

[Noemi Erli[:noemi_erli]]

https://hg.mozilla.org/mozilla-central/rev/a659bb692003