Closed Bug 1586617 Opened 1 year ago Closed 1 year ago

Address Book and Badge Icons do not work under macOS Mojave due to app permission changes

Categories

(Thunderbird :: Build Config, defect)

x86_64
macOS
defect
Not set
normal

Tracking

(thunderbird_esr6870+ fixed, thunderbird70 fixed, thunderbird71 fixed)

RESOLVED FIXED
Thunderbird 71.0
Tracking Status
thunderbird_esr68 70+ fixed
thunderbird70 --- fixed
thunderbird71 --- fixed

People

(Reporter: u648614, Assigned: rjl)

References

()

Details

Attachments

(2 files, 1 obsolete file)

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:69.0) Gecko/20100101 Firefox/69.0

Steps to reproduce:

  1. Click "Window" and then "Address Book". Click "File" and make sure that "Use Mac OS X Address Book" (now called Contacts) is enabled.

  2. Click "Thunderbird" and then "Preferences". Under the "General" section, click "App Icon Options" and enable "Count of unread messages". Make sure that under the "Notifications" section of "System Preferences", Thunderbird is given permission to use a "Badge app icon".

Actual results:

  1. The Address Book does not import entries from Contacts.

  2. The dock icon does not show the number of new unread messages.

Expected results:

  1. macOS would have asked me if I wanted Thunderbird to access the entries in Contacts, and after approving the request, the Address Book should have imported the entries from Contacts.

  2. macOS would have immediately proceeded to show the number of new messages with the dock icon.

I think the bug may have been caused by changes to how macOS manages app permission, for Mojave and Catalina.

Source: https://www.howtogeek.com/361707/how-macos-mojaves-privacy-protection-works/

Thunderbird version: 68.1.1
macOS version: 10.14.6
Addons: none

Whiteboard: [dupme?]
OS: Unspecified → macOS
Hardware: Unspecified → x86_64

Report updated to specify OS. The bug appears to continue into Catalina (10.15), and I should also note that under Catalina, Thunderbird does not appear under the "Notifications" section of "System Preferences".

It appears that Thunderbird must now tell macOS exactly what they want to access, including the ability to mirror contacts and show notifications.

Looks like this is part of the Mac "notarisation". Rob, do you know any details?

Flags: needinfo?(rob)

Notarizing is just Apple signing the build, asking for permissions seems like it would be in the product someplace.

I can't reproduce this on my test machine though. This is a 68.1.1 install on a fresh profile. The addressbook is showing macOS contacts, and the unread messages badge is there.

I did get a popup the first time I ran Thunderbird; unfortunately I didn't get a screenshot. It was for "integrating with the system" and specifically mentions Spotlight search and setting Thunderbird to be the default mail client, but nothing about contacts or notifications that I recall. I answered "yes". Could that be the missing "ask for permissions" and it just needs a content update? I didn't do anything else to get this to work.

Flags: needinfo?(rob)

I wonder if the following entries from the Console can help you?

error	18:29:26.056904+0100	tccd	Prompting policy for hardened runtime; service: kTCCServiceAddressBook requires entitlement com.apple.security.personal-information.addressbook but it is missing for REQ:{ID: org.mozilla.thunderbird, PID[3092], auid: 501, euid: 501, binary path: '/Applications/Thunderbird.app/Contents/MacOS/thunderbird'}
error	18:29:26.065041+0100	tccd	pid 3092 attempted to call TCCAccessRequest without the com.apple.private.tcc.override-prompt-policy entitlement

I'm no expert in programming, but I will try my best to find the causes.

Thanks! Yup, that sure looks like an entitlements problem. Interesting that the addressbook integration works on my system though.

At the moment we request the same entitlements that Firefox does. That's in comm/taskcluster/ci/config.yml
If possible, I'd like to figure out what entitlements Thunderbird will request and get them in the file now to avoid future problems.

I need to do a brain refresh on the hardened runtime stuff is implemented and make sure that the code that needs to use the entitlements files is able to find them in Thunderbird's repository.

Status: UNCONFIRMED → NEW
Component: OS Integration → Build Config
Ever confirmed: true

Quick notes from a conversation in #ci:

iscript adds the entitlements option to the sign command https://github.com/mozilla-releng/scriptworker-scripts/blob/master/iscript/src/iscript/mac.py#L258-L259
you should be able to point to a different path in taskcluster/ci/config.yml in c-c

did you try "tccutil reset All"? that might allow you to reproduce the bug

Assignee: nobody → rob

Hello,

I have run “tccutil reset All” and “sudo tccutil reset All”: the Thunderbird dock badge now works, but only for the main Inbox of my IMAP account, and I do not know how to get it to count the subfolders (e.g. Example.com > Inbox > Example Section), even after setting mail.server.default.check_all_folders_for_new to true. I thought that Thunderbird would count the subfolders by default, like macOS Mail.

I also note that despite using the tccutil commands, the Address Book still doesn't work with the Console returning a “kTCCServiceAddressBook requires entitlement” log entry.

I have no idea what is going on.

The addressbook problem is most certainly a bug. I'm actively working on it now to get it fixed ASAP.

Attached patch macos1014_tests_commesr68.patch (obsolete) — Splinter Review
It builds, and it should work on the signing side. I think we have to wait
for a Daily build to properly test it though.
Attachment #9100378 - Flags: review?(geoff)

I also need to note here because it's a change. These entitlements files drop the following:

com.apple.security.device.audio-input
com.apple.security.device.camera
com.apple.security.personal-information.location

That's microphone, camera, and location APIs essentially. AFAIU, the location stuff is disabled elsewhere already, and the only code I found that referred to microphones and cameras is the Matrix SDK. Wayne, Magus, is that okay? If there's reason to keep these permissions we should, but I don't think anything would use them.

Flags: needinfo?(vseerror)
Flags: needinfo?(mkmelin+mozilla)
Comment on attachment 9100378 [details] [diff] [review]
macos1014_tests_commesr68.patch

Review of attachment 9100378 [details] [diff] [review]:
-----------------------------------------------------------------

Okay, this is fine. Just one question which doesn't really need to be answered for this to move on.

::: build/macosx/hardenedruntime/production.entitlements.xml
@@ +21,5 @@
> +    <!-- Code paged in from disk should match the signature at page in-time -->
> +    <key>com.apple.security.cs.disable-executable-page-protection</key><false/>
> +
> +    <!-- Allow loading third party libraries. Possibly needed by some legacy extensions.  -->
> +    <key>com.apple.security.cs.disable-library-validation</key><true/>

This is for loading 3rd-party binaries, right? Extensions don't support that any more. Is there any other reason this might be needed?
Attachment #9100378 - Flags: review?(geoff) → review+

(In reply to Geoff Lankow (:darktrojan) from comment #11)

Comment on attachment 9100378 [details] [diff] [review]
Okay, this is fine. Just one question which doesn't really need to be
answered for this to move on.

  • <!-- Allow loading third party libraries. Possibly needed by some legacy extensions. -->
  • <key>com.apple.security.cs.disable-library-validation</key><true/>

This is for loading 3rd-party binaries, right? Extensions don't support that
any more. Is there any other reason this might be needed?

I knew you were going to ask about that. I don't think it's needed. Firefox has it for Flash and CDM, which aren't needed. I was thinking about JS-Ctypes and OTR. It shouldn't be needed for OTR though because the dylib file for that should/will be signed.

Not sure if (In reply to Rob Lemley [:rjl] from comment #10)

I also need to note here because it's a change. These entitlements files drop the following:

com.apple.security.device.audio-input
com.apple.security.device.camera
com.apple.security.personal-information.location

That's microphone, camera, and location APIs essentially.

I think we should make sure to have the same entitlements as Firefox. Any of those could have some usage if not now then in the future.

Flags: needinfo?(mkmelin+mozilla)
Restored the inclusion of permission for location, camera, and microphone
in this revision.
Attachment #9100378 - Attachment is obsolete: true
Keywords: checkin-needed
Flags: needinfo?(vseerror)
Comment on attachment 9100684 [details] [diff] [review]
macos_entitlements.patch

I guess we need to backport this stuff.
Attachment #9100684 - Flags: approval-comm-esr68+
Attachment #9100684 - Flags: approval-comm-beta+
Target Milestone: --- → Thunderbird 71.0
Status: NEW → ASSIGNED

https://hg.mozilla.org/comm-central/rev/8f5ce14d70f4ad8d2b22624f2d5e178790e2ca68
create macOS entitlements.xml specific to Thunderbird requirements. r=darktrojan

Status: ASSIGNED → RESOLVED
Closed: 1 year ago
Keywords: checkin-needed
Resolution: --- → FIXED
Whiteboard: [dupme?]

I can confirm that with the latest Thunderbird Daily build, the addressbook is working on my test system at least. (macOS Catalina release). More testing would be ideal.

Rob, as per your email request:
I am running th latest TB daily - details in screenshot attached. Using Mojave latest - macOS 10.14.6 (18G103)

Checked security and TB is in there checked for contact access.

Add a contact in the OS app and it syncs with TB.

Add a contact in TB, no sync with the OS list. In fact the OS list is empty, so no sync at all. Not sure where I need to go to trigger that.!

As for the other changes, unread showing up on bar Icon. Just the sync between TB and Contacts not happening - is the other way round

I was incorrect about how it works. It only syncs from OS to Thunderbird, not the other way. So this looks like success for what this bug is fixing.

It only syncs from OS to Thunderbird, not the other way.

It only reads the Mac contacts, yes.

You need to log in before you can comment on or make changes to this bug.