Closed Bug 1579489 Opened 6 years ago Closed 6 years ago

Improve getUserMedia permission model for web extensions a bit.

Categories

(Firefox :: Site Permissions, enhancement, P2)

Product:
Firefox
Component:
Site Permissions
Type:
enhancement

Tracking

()

Status:
RESOLVED FIXED
Milestone:
Firefox 71
Tracking Flags:
Tracking Status
firefox71 --- fixed

People

(Reporter: jib, Assigned: johannh)

References

Details

Attachments

(3 files)

Bug 1579489 - Improve getUserMedia handling in extension pages. r=jib,rpl!
47 bytes, text/x-phabricator-request
Details | Review
Bug 1579489 - Add tests for getUserMedia handling in WebExtensions. r=rpl
47 bytes, text/x-phabricator-request
Details | Review
Bug 1579489 - Check the persistent permission checkbox by default for WebExtension WebRTC prompts. r=jib
47 bytes, text/x-phabricator-request
Details | Review

Two incremental ideas for improving our camera/mic permission story for web extensions came up in mozilla/firefox-voice#86 (comment):

  1. Default ☑ Remember this decision to ON for moz-extension: origins

  2. Skip the has focus requirement in getUserMedia and enumerateDevices.

This would allow extensions to seek permission for all future operations (e.g. from some onboarding page) for extensions that normally operate outside a page.

This should match most people's expectations, as extensions enjoy an understanding of running in the background, and elevated trust from having been installed. At the same time, cautious users remain able to opt out (we'd merely flip the default).

My understanding is this would help unblock the Firefox Voice product.

Ian had reached out to me about this and I was looking into a solution last week. I have already implemented #2 (fighting with some race conditions) and I think we can safely do #1, IF we continue to disallow background pages from obtaining gUM permission. This is such a sensitive permission (and there are so many malicious add-ons) that I don't feel comfortable with giving it out in the background (and I believe the WebExtensions team has voiced a similar intent in all the related bugs). If a page really has a constant monitoring feature it can't be so hard to keep a tab open.

When we resolve this we can dupe/resolve a lot of other bugs...

Assignee: nobody → jhofmann
Status: NEW → ASSIGNED
Priority: -- → P2

This is done to offset the requirement that extensions have to get persistent permission before
they can start using WebRTC in popups.

Depends on D45334

I have already implemented #2 (fighting with some race conditions) and I think we can safely do #1, IF we continue to disallow background pages from obtaining gUM permission

I'm confused, isn't #2 == allow background pages to obtain gUM?

Flags: needinfo?(jhofmann)

Not really, #2 (Skip the has focus requirement in getUserMedia and enumerateDevices.) is currently preventing WebExtension popups as well as background scripts from getting gUM access. The Voice Assistant team, for example, is not interested in getting background access. Again, I would be extremely cautious with giving out background script access. If we really want to do this we should probably open up another bug to discuss some UX improvements to notify the user that the extension may monitor (or is actively monitoring) their devices. I'd prefer not to block this bug on that discussion.

Flags: needinfo?(jhofmann)

Makes sense, thanks for clarifying.

Attachment #9091711 - Attachment description: Bug 1579489 - Improve getUserMedia handling in extension pages. r=jib,mixedpuppy → Bug 1579489 - Improve getUserMedia handling in extension pages. r=jib,rpl!
Attachment #9091712 - Attachment description: Bug 1579489 - Add tests for getUserMedia handling in WebExtensions. r=mixedpuppy → Bug 1579489 - Add tests for getUserMedia handling in WebExtensions. r=rpl
Pushed by jhofmann@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/71130160afee Improve getUserMedia handling in extension pages. r=jib,rpl https://hg.mozilla.org/integration/autoland/rev/b5e35c96c2f7 Add tests for getUserMedia handling in WebExtensions. r=rpl https://hg.mozilla.org/integration/autoland/rev/71978ebe41f1 Check the persistent permission checkbox by default for WebExtension WebRTC prompts. r=jib
Backout by malexandru@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/74de4a5bb0d7 Backed out 3 changesets for causing bc failures at browser_ext_webrtc.js CLOSED TREE

Backed out 3 changesets for causing bc failures at browser_ext_webrtc.js

Backout link: https://hg.mozilla.org/integration/autoland/rev/74de4a5bb0d7fde71ea30e33a6c700a37af58dad

Push with failures: https://treeherder.mozilla.org/#/jobs?repo=autoland&resultStatus=testfailed%2Cbusted%2Cexception%2Cusercancel%2Crunnable&tochange=74de4a5bb0d7fde71ea30e33a6c700a37af58dad&fromchange=71978ebe41f1bcee35fc8ab91424cd0a5e5f115f&selectedJob=266913166

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=266913166&repo=autoland&lineNumber=28183
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - TEST-UNEXPECTED-FAIL | browser/components/extensions/test/browser/browser_ext_webrtc.js | Promise rejected, expecting rejection to match /The request is not allowed/, got "The object can not be found here.": Calling gUM in background pages throws an error -
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - Stack trace:
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - chrome://mochikit/content/browser-test.js:test_ok:1580
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - chrome://mochikit/content/tests/SimpleTest/ExtensionTestUtils.js:testHandler:63
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - chrome://mochikit/content/tests/SimpleTest/ExtensionTestUtils.js:testResult:73
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - resource://specialpowers/SpecialPowersChild.jsm:listener:2035
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - resource://specialpowers/SpecialPowersChild.jsm:loadExtension/<:1977
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - resource://specialpowers/SpecialPowersChild.jsm:receiveMessage:242
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - TEST-PASS | browser/components/extensions/test/browser/browser_ext_webrtc.js | done -
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - TEST-PASS | browser/components/extensions/test/browser/browser_ext_webrtc.js | test result correct -
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - Leaving test bound test_background_request
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - Entering test bound test_popup_request
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - Extension loaded

Flags: needinfo?(jhofmann)
Flags: needinfo?(jhofmann)
Pushed by jhofmann@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/680a45ca89b7 Improve getUserMedia handling in extension pages. r=jib,rpl https://hg.mozilla.org/integration/autoland/rev/764628963a3c Add tests for getUserMedia handling in WebExtensions. r=rpl https://hg.mozilla.org/integration/autoland/rev/281d238e6259 Check the persistent permission checkbox by default for WebExtension WebRTC prompts. r=jib

Backed out 3 changesets (Bug 1579489) for ES lint failure on browser_ext_webrtc.js

Push with failure: https://treeherder.mozilla.org/#/jobs?repo=autoland&fromchange=281d238e625967c17968df827f8662e34ff7d9c9&tochange=4534a7405976183ecab28ce6052886fcf3599f33&selectedJob=267008421

Backout link: https://hg.mozilla.org/integration/autoland/rev/4534a7405976183ecab28ce6052886fcf3599f33

Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=267008421&repo=autoland&lineNumber=300

[task 2019-09-17T09:37:37.104Z] copying build/lib.linux-x86_64-2.7/psutil/_psutil_posix.so -> psutil
[task 2019-09-17T09:37:37.104Z]
[task 2019-09-17T09:37:37.104Z] Error processing command. Ignoring because optional. (optional:packages.txt:comm/build/virtualenv_packages.txt)
[task 2019-09-17T09:52:13.057Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/browser/components/extensions/test/browser/browser_ext_webrtc.js:9:11 | Replace ???????["media.navigator.permission.fake",?true],????? with ["media.navigator.permission.fake",?true] (prettier/prettier)
[taskcluster 2019-09-17 09:52:13.955Z] === Task Finished ===
[taskcluster 2019-09-17 09:52:14.910Z] Unsuccessful task run with exit code: 1 completed in 1249.195 seconds

Flags: needinfo?(jhofmann)
Pushed by jhofmann@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9bbb09602564 Improve getUserMedia handling in extension pages. r=jib,rpl https://hg.mozilla.org/integration/autoland/rev/2a4f7c1076a6 Add tests for getUserMedia handling in WebExtensions. r=rpl https://hg.mozilla.org/integration/autoland/rev/647552968008 Check the persistent permission checkbox by default for WebExtension WebRTC prompts. r=jib
Flags: needinfo?(jhofmann)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: