Improve getUserMedia permission model for web extensions a bit.
Categories
(Firefox :: Site Permissions, enhancement, P2)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox71 | --- | fixed |
People
(Reporter: jib, Assigned: johannh)
References
Details
Attachments
(3 files)
Two incremental ideas for improving our camera/mic permission story for web extensions came up in mozilla/firefox-voice#86 (comment):
-
Default
☑ Remember this decisionto ON formoz-extension:origins -
Skip the has focus requirement in getUserMedia and enumerateDevices.
This would allow extensions to seek permission for all future operations (e.g. from some onboarding page) for extensions that normally operate outside a page.
This should match most people's expectations, as extensions enjoy an understanding of running in the background, and elevated trust from having been installed. At the same time, cautious users remain able to opt out (we'd merely flip the default).
My understanding is this would help unblock the Firefox Voice product.
|
Assignee | |
Comment 1•5 years ago
|
||
Ian had reached out to me about this and I was looking into a solution last week. I have already implemented #2 (fighting with some race conditions) and I think we can safely do #1, IF we continue to disallow background pages from obtaining gUM permission. This is such a sensitive permission (and there are so many malicious add-ons) that I don't feel comfortable with giving it out in the background (and I believe the WebExtensions team has voiced a similar intent in all the related bugs). If a page really has a constant monitoring feature it can't be so hard to keep a tab open.
When we resolve this we can dupe/resolve a lot of other bugs...
|
|
Assignee | |
Comment 6•5 years ago
|
||
|
|
Assignee | |
Comment 7•5 years ago
|
||
Depends on D45333
|
|
Assignee | |
Comment 8•5 years ago
|
||
This is done to offset the requirement that extensions have to get persistent permission before
they can start using WebRTC in popups.
Depends on D45334
|
Reporter | |
Comment 9•5 years ago
|
||
I have already implemented #2 (fighting with some race conditions) and I think we can safely do #1, IF we continue to disallow background pages from obtaining gUM permission
I'm confused, isn't #2 == allow background pages to obtain gUM?
|
|
Assignee | |
Comment 10•5 years ago
|
||
Not really, #2 (Skip the has focus requirement in getUserMedia and enumerateDevices.) is currently preventing WebExtension popups as well as background scripts from getting gUM access. The Voice Assistant team, for example, is not interested in getting background access. Again, I would be extremely cautious with giving out background script access. If we really want to do this we should probably open up another bug to discuss some UX improvements to notify the user that the extension may monitor (or is actively monitoring) their devices. I'd prefer not to block this bug on that discussion.
|
|
Reporter | |
Comment 11•5 years ago
|
||
Makes sense, thanks for clarifying.
|
||
Updated•5 years ago
|
|
|
||
Updated•5 years ago
|
|
||
Comment 12•5 years ago
|
||
Pushed by jhofmann@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/71130160afee Improve getUserMedia handling in extension pages. r=jib,rpl https://hg.mozilla.org/integration/autoland/rev/b5e35c96c2f7 Add tests for getUserMedia handling in WebExtensions. r=rpl https://hg.mozilla.org/integration/autoland/rev/71978ebe41f1 Check the persistent permission checkbox by default for WebExtension WebRTC prompts. r=jib
|
|
||
Comment 13•5 years ago
|
||
Backout by malexandru@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/74de4a5bb0d7 Backed out 3 changesets for causing bc failures at browser_ext_webrtc.js CLOSED TREE
|
||
Comment 14•5 years ago
|
||
Backed out 3 changesets for causing bc failures at browser_ext_webrtc.js
Backout link: https://hg.mozilla.org/integration/autoland/rev/74de4a5bb0d7fde71ea30e33a6c700a37af58dad
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=266913166&repo=autoland&lineNumber=28183
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - TEST-UNEXPECTED-FAIL | browser/components/extensions/test/browser/browser_ext_webrtc.js | Promise rejected, expecting rejection to match /The request is not allowed/, got "The object can not be found here.": Calling gUM in background pages throws an error -
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - Stack trace:
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - chrome://mochikit/content/browser-test.js:test_ok:1580
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - chrome://mochikit/content/tests/SimpleTest/ExtensionTestUtils.js:testHandler:63
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - chrome://mochikit/content/tests/SimpleTest/ExtensionTestUtils.js:testResult:73
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - resource://specialpowers/SpecialPowersChild.jsm:listener:2035
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - resource://specialpowers/SpecialPowersChild.jsm:loadExtension/<:1977
[task 2019-09-16T19:19:02.680Z] 19:19:02 INFO - resource://specialpowers/SpecialPowersChild.jsm:receiveMessage:242
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - TEST-PASS | browser/components/extensions/test/browser/browser_ext_webrtc.js | done -
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - TEST-PASS | browser/components/extensions/test/browser/browser_ext_webrtc.js | test result correct -
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - Leaving test bound test_background_request
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - Entering test bound test_popup_request
[task 2019-09-16T19:19:02.682Z] 19:19:02 INFO - Extension loaded
|
|
Assignee | |
Updated•5 years ago
|
|
|
||
Comment 15•5 years ago
|
||
Pushed by jhofmann@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/680a45ca89b7 Improve getUserMedia handling in extension pages. r=jib,rpl https://hg.mozilla.org/integration/autoland/rev/764628963a3c Add tests for getUserMedia handling in WebExtensions. r=rpl https://hg.mozilla.org/integration/autoland/rev/281d238e6259 Check the persistent permission checkbox by default for WebExtension WebRTC prompts. r=jib
|
||
Comment 16•5 years ago
|
||
Backed out 3 changesets (Bug 1579489) for ES lint failure on browser_ext_webrtc.js
Backout link: https://hg.mozilla.org/integration/autoland/rev/4534a7405976183ecab28ce6052886fcf3599f33
Failure log: https://treeherder.mozilla.org/logviewer.html#/jobs?job_id=267008421&repo=autoland&lineNumber=300
[task 2019-09-17T09:37:37.104Z] copying build/lib.linux-x86_64-2.7/psutil/_psutil_posix.so -> psutil
[task 2019-09-17T09:37:37.104Z]
[task 2019-09-17T09:37:37.104Z] Error processing command. Ignoring because optional. (optional:packages.txt:comm/build/virtualenv_packages.txt)
[task 2019-09-17T09:52:13.057Z] TEST-UNEXPECTED-ERROR | /builds/worker/checkouts/gecko/browser/components/extensions/test/browser/browser_ext_webrtc.js:9:11 | Replace ???????["media.navigator.permission.fake",?true],????? with ["media.navigator.permission.fake",?true] (prettier/prettier)
[taskcluster 2019-09-17 09:52:13.955Z] === Task Finished ===
[taskcluster 2019-09-17 09:52:14.910Z] Unsuccessful task run with exit code: 1 completed in 1249.195 seconds
|
|
||
Comment 17•5 years ago
|
||
Pushed by jhofmann@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/9bbb09602564 Improve getUserMedia handling in extension pages. r=jib,rpl https://hg.mozilla.org/integration/autoland/rev/2a4f7c1076a6 Add tests for getUserMedia handling in WebExtensions. r=rpl https://hg.mozilla.org/integration/autoland/rev/647552968008 Check the persistent permission checkbox by default for WebExtension WebRTC prompts. r=jib
|
|
Assignee | |
Updated•5 years ago
|
|
|
||
Comment 18•5 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/9bbb09602564
https://hg.mozilla.org/mozilla-central/rev/2a4f7c1076a6
https://hg.mozilla.org/mozilla-central/rev/647552968008
Description
•