Closed Bug 1484263 Opened 6 years ago Closed 5 years ago

Clean up mozillaAddons permission parsing logic in _parseManifest

Categories

(WebExtensions :: General, enhancement, P3)

Product:
WebExtensions
Component:
General
Type:
enhancement

Tracking

(firefox66 fixed)

Status:
RESOLVED FIXED
Milestone:
mozilla66
Tracking Flags:
Tracking Status
firefox66 --- fixed

People

(Reporter: robwu, Assigned: robwu)

References

Details

Attachments

(1 file)

Bug 1484263 - Clean up manifest permission parser and add tests
46 bytes, text/x-phabricator-request
aswan
: review+
Details | Review 
The current mozillaAddons permission parsing logic is as follows:
https://searchfox.org/mozilla-central/rev/246f2b4fab2/toolkit/components/extensions/Extension.jsm#1491-1497

    if (manifest && manifest.permissions.has("mozillaAddons") &&
        !this.isPrivileged) {
      Cu.reportError(`Stripping mozillaAddons permission from ${this.id}`);
      manifest.permissions.delete("mozillaAddons");
      let i = manifest.manifest.permissions.indexOf("mozillaAddons");
      if (i >= 0) {
        manifest.manifest.permissions.splice(i, 1);

The code suggests that it removes the "mozillaAddons" permission from add-ons which are not supposed to have that permission. However, it does not account for the possibility of having multiple "mozillaAddons" entries in the list.

Fortunately, this flaw has no negative consequences because the raw manifest.manifest.permissions is not used anywhere, except potentially in onUpdate:
https://searchfox.org/mozilla-central/rev/246f2b4fab/toolkit/components/extensions/ExtensionParent.jsm#98
https://searchfox.org/mozilla-central/rev/246f2b4fab/browser/components/extensions/parent/ext-tabs.js#342

We should clean up the logic, either by removing the unneeded partial "sanitization" (or by removing all duplicate entries). I believe that removing the unneded partial sanitization is preferred because internal API consumers should always use extension.permissions.has / extension.hasPermission instead of extension.manifest.permissions.includes
Priority: -- → P3
Assignee: nobody → rob
Status: NEW → ASSIGNED
Flags: qe-verify-
The "permissions" array of the raw manifest is not (and should not) be
used for permission checking, so it is not necessary to strip the
"mozillaAddons" permission from it, and hence that part of the code has
been removed.

New tests has been added to verify the permission warnings for some
combinations of permissions. This also includes tests that verify
that only privileged extensions can use "mozillaAddons" to unlock
unrestricted schemes.
Comment on attachment 9008053 [details]
Bug 1484263 - Clean up manifest permission parser and add tests

Andrew Swan [:aswan] has approved the revision.
Attachment #9008053 - Flags: review+
Pushed by rob@robwu.nl:
https://hg.mozilla.org/integration/autoland/rev/14fee8b5f596
Clean up manifest permission parser and add tests r=aswan

https://hg.mozilla.org/mozilla-central/rev/14fee8b5f596

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox66: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla66
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: