Closed Bug 1597751 Opened 5 years ago Closed 3 years ago

Default permissions are not imported for private browsing and user contexts

Categories

(Core :: Permission Manager, defect, P3)

defect

Tracking

()

RESOLVED FIXED
90 Branch
Tracking Status
firefox-esr78 --- unaffected
firefox70 --- unaffected
firefox71 --- unaffected
firefox86 --- unaffected
firefox87 --- wontfix
firefox88 --- wontfix
firefox89 --- wontfix
firefox90 --- fixed

People

(Reporter: ddurst, Assigned: pbz)

References

(Regression)

Details

(Keywords: regression)

Attachments

(1 file, 1 obsolete file)

In Nightly 72, in a private window, attempting to install the XPI from private-network.firefox.com presents the "You are attempting to install an add-on from private-network.firefox.com" doorhanger, despite the domain being whitelisted since 70.

This is not reproducible in 70 or 71, but I don't have a regression range. CC to baku for awareness and next steps.

Marking this as confidential just because permissions-related things always make me nervous, and more so if this extends to other aspects of FPN.

A changes to the permissions that landed in 72 and that may be triggering this is Bug 1422056 (at least that is one that I'm aware of and did come to my mind right now).

I haven't run a mozregress to confirm that it really is (or looked to the patches landed from that to see if they may be able to trigger what described by David), but in the meantime it seems worth to ask an opinion about it to :pbz and :johannhn

Flags: needinfo?(pbz)
Flags: needinfo?(jhofmann)

Thanks Luca!

As you mentioned, this is a regression of Bug 1422056. It should only affect Beta and Nightly, not Release See pref config here.
The permission is added by origin here: https://searchfox.org/mozilla-central/rev/652014ca1183c56bc5f04daf01af180d4e50a91c/browser/app/permissions#24. Since the origin string does not include any origin attributes, the permission is only applied for the normal window.

An intermediate fix would be to add (probably also for the other entries):

origin	install	1	https://private-network.firefox.com^privateBrowsingId=1
origin	install	1	https://fpn.firefox.com^privateBrowsingId=1

Ideally though, permissions added via this file should be set for all origin attributes. We should look into this, especially when we are going to isolate by user context and private browsing in release at some point.

Flags: needinfo?(pbz)
Flags: needinfo?(jhofmann)
Regressed by: 1422056

(In reply to Paul Zühlcke [:pbz] from comment #2)

An intermediate fix would be to add (probably also for the other entries):

origin	install	1	https://private-network.firefox.com^privateBrowsingId=1
origin	install	1	https://fpn.firefox.com^privateBrowsingId=1

That would mean we would have the same bug for users using containers...

I think the correct solution is to modify nsPermissionManager::_DoImport() to get it to save this permission for all of the combinations of {normalWindow, privateWindow}x{user's default containers}. You can use do_ImportModule() to import ContextualIdentityService.jsm and iterate over the available public identities (see here for an example on how to do this).

Thanks Ehsan!

(In reply to :ehsan akhgari from comment #3)

I think the correct solution is to modify nsPermissionManager::_DoImport() to get it to save this permission for all of the combinations of {normalWindow, privateWindow}x{user's default containers}.

I'll work on a patch for that.

I don't think this needs to be confidential since it only affects pre-release channels and can't be abused.

Assignee: nobody → pbz
Status: NEW → ASSIGNED
Component: Add-ons Manager → Permission Manager
Product: Toolkit → Core

I agree.

Group: mozilla-employee-confidential
Flags: needinfo?(pbz)
Flags: needinfo?(pbz)
Priority: -- → P3
Severity: normal → S3

This patch adds a method to import default permissions for private browsing and containers.
Private browsing permissions are imported after default perms have been imported from file.
User context permissions are imported once the ContextualIdentityService has been initialized.

Attachment #9111304 - Attachment is obsolete: true
Blocks: 1680237

Hi Paul,
I wanted to double-check with you if the changes we landed in Firefox 85 from Bug 1681331 would be enough to fix this issue related to the FPN addon installation flow even once Bug 1680237 is going to be landed.
(the changes we did apply from Bug 1681331 should allow us to host privileged-signed extension xpi files on 3rd party websites without making that installation flow to trigger the "3rd party website addon install" doorhanger, which I think is the reason for the install site permission added for the https://fpn.firefox.com host, and the reason to import that site permission also for all userContexts and privateBrowsing, but it would be a replacement to give install site permissions to non AMO websites, but not for any of the other site permissions)

Flags: needinfo?(pbz)

(In reply to Luca Greco [:rpl] [:luca] [:lgreco] from comment #8)

Hi Paul,
I wanted to double-check with you if the changes we landed in Firefox 85 from Bug 1681331 would be enough to fix this issue related to the FPN addon installation flow even once Bug 1680237 is going to be landed.
(the changes we did apply from Bug 1681331 should allow us to host privileged-signed extension xpi files on 3rd party websites without making that installation flow to trigger the "3rd party website addon install" doorhanger, which I think is the reason for the install site permission added for the https://fpn.firefox.com host, and the reason to import that site permission also for all userContexts and privateBrowsing, but it would be a replacement to give install site permissions to non AMO websites, but not for any of the other site permissions)

Yes, I think Bug 1681331 fixes this for the addon case, since you're not checking for the "install" permission anymore? Bug 1680237 is really just a pref flip for the permission check, so it should also work in private browsing in release.
However, we still need to import the other default permissions for user contexts + private browsing.

Flags: needinfo?(pbz)

(In reply to Paul Zühlcke [:pbz] from comment #9)

Yes, I think Bug 1681331 fixes this for the addon case, since you're not checking for the "install" permission anymore? Bug 1680237 is really just a pref flip for the permission check, so it should also work in private browsing in release.
However, we still need to import the other default permissions for user contexts + private browsing.

yep, I completely agree, this issue is still valid and can eventually just be repurposed as is for the general site permissions issue (for repurposed I mean just "changing the title to don't specifically refer to the private-network.firefox.com install permission").

Summary: XPInstall site permission for private-network.firefox.com doesn't seem to be used when installing from private windows → Default permissions are not imported for private browsing and user contexts

Thanks for the review! While working on the test, I've noticed that we no longer run the import on the main thread (Bug 1363541). Does that mean we don't have to postpone access to ContextualIdentityService and and can import the user context default permissions directly?
This would make the code simpler and also allow us to unit test the default permission import for user context.
The tests in browser/base/content/test/performance/browser_startup* seem to pass with the direct import, while they failed when I last tried it about a year ago.

Flags: needinfo?(amarchesini)
No longer blocks: 1680237
See Also: → 1680237
Attachment #9190326 - Attachment description: Bug 1597751 - Import default permissions for all userContexts and privateBrowsing. r=baku → Bug 1597751 - Import default permissions for privateBrowsing. r=baku!
Attachment #9190326 - Attachment description: Bug 1597751 - Import default permissions for privateBrowsing. r=baku! → Bug 1597751 - Import default permissions for privateBrowsing. r=timhuang!
Pushed by pzuhlcke@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/fe98ac52cf7c
Import default permissions for privateBrowsing. r=timhuang
Status: ASSIGNED → RESOLVED
Closed: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 90 Branch

Since the status are different for nightly and release, what's the status for beta?
For more information, please visit auto_nag documentation.

Flags: needinfo?(amarchesini)
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: