Closed Bug 1720643 Opened 3 years ago Closed 3 years ago

"media.navigator.permission.disabled" pref should not bypass developer permissions policies (only user prompts)

Categories

(Core :: WebRTC: Audio/Video, task)

Product:
Core
Component:
WebRTC: Audio/Video
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
92 Branch
Tracking Flags:
Tracking Status
firefox92 --- fixed

People

(Reporter: karlt, Assigned: karlt)

References

(Regressed 1 open bug)

Details

Attachments

(4 files)

Bug 1720643 be consistent about using origin to separate subtest descriptions r?johannh
48 bytes, text/x-phabricator-request
Details | Review
Bug 1720643 clarify which subtest is using same origin iframe r?jib
48 bytes, text/x-phabricator-request
Details | Review
Bug 1720643 perform getUserMedia Permissions Policy checks even when "media.navigator.permission.disabled" is set r?jib
48 bytes, text/x-phabricator-request
Details | Review
Bug 1720643 update comment now that BLOCK is no longer handled in MediaManager r?jib
48 bytes, text/x-phabricator-request
Details | Review

MediaManager::GetUserMedia() uses PermissionDelegateHandler::GetPermission() to see whether the action should be denied without a prompt. This has a check on developer permissions policies via IsFeatureAllowed(), but also checks user permissions.

When the toplevel context is out of process, WindowContext fields are used for user permissions. Due to multiple async hops across processes, these are not necessarily up-to-date as hinted in code comments.

The permission checks in GetUserMedia() were added when webrtcUI.jsm merely added and removed permissions, without its own checks to short-circuit the prompt.

prompt() in WebRTCParent.jsm now has its own early check for BLOCKed user permissions, making redundant most of the checks from GetUserMedia().
Similarly GeckoView tells clients they should expect requests even when they have previously been denied.

Changing the GetUserMedia() code to use IsFeatureAllowed() directly would remove the duplication, clarify the purpose of the code, and also mean the developer policy check can be performed regardless of "media.navigator.permission.disabled" while still allowing prompts to be bypassed, facilitating testing.

A comment in options.eventCallback() in WebRTCParent.jsm can be updated for the BLOCK handling in prompt().

Assignee: nobody → karlt

"media.getusermedia.microphone.deny" and "media.getusermedia.camera.deny" now
override "media.navigator.permission.disabled".

User permission checks are removed because they are repeated in the app.

Depends on D120064

Pushed by ktomlinson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/67c1702f50c3 be consistent about using origin to separate subtest descriptions r=johannh DONTBUILD https://hg.mozilla.org/integration/autoland/rev/ce3d9656ed7e clarify which subtest is using same origin iframe r=jib DONTBUILD
Pushed by ktomlinson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/3c77f9f68fe8 perform getUserMedia Permissions Policy checks even when "media.navigator.permission.disabled" is set r=jib

https://hg.mozilla.org/mozilla-central/rev/67c1702f50c3
https://hg.mozilla.org/mozilla-central/rev/ce3d9656ed7e
https://hg.mozilla.org/mozilla-central/rev/3c77f9f68fe8

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox92: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 92 Branch
Pushed by ktomlinson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/de27d0b3862f update comment now that BLOCK is no longer handled in MediaManager r=jib DONTBUILD
Regressions: 1730163
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: