Closed Bug 1734987 Opened 3 years ago Closed 3 years ago

Introduce reliable isPrivileged flag in ExtensionData

Categories

(WebExtensions :: General, task, P2)

task
Points:
3

Tracking

(firefox99 fixed)

RESOLVED FIXED
99 Branch
Tracking Status
firefox99 --- fixed

People

(Reporter: robwu, Assigned: robwu)

References

(Blocks 3 open bugs)

Details

(Whiteboard: [addons-jira])

Attachments

(6 files)

In bug 1733466, a certain manifest feature (l10n_resources) is limited to privileged extensions. The ExtensionData class is not aware of the concept of privileged extensions, only the Extension subclass is.

In bug 1675858, the lack of "isPrivileged" led to the introduction of hacks to avoid depending on the privileged flag for permission parsing, and resulted in skipping some warning messages when related to privileged API permissions. This however does not account for privileged host permissions, and one can still see errors like Reading manifest: Invalid extension permission: about:reader* from the built-in Screenshots extension on the first run of Firefox.

To reliably support privileged APIs, we need to set the privileged flag before the manifest is parsed by ExtensionData's parseManifest. Determing the privileged state depends on the extension's signedState, which in turn depends on having at least a partially parsed manifest. This cyclic dependency can be broken by separating parseManifest in two stages:

  • A minimal stage that parses the extension type and ID from the manifest.
  • The rest of parseManifest.

In between, the add-on signature can be determined, which can then be used to set the privileged flag before parsing the rest of the manifest. That means that the computation of the signedState member needs to move to between ExtensionData construction and loadManifest (which calls parseManifest).

By doing so, we can also simplify Extension.jsm by removing the hacks from bug 1675858.

Blocks: 1733466
Severity: -- → N/A
Priority: -- → P2

l10n_resources has bugs that results in errors when enabled for
ExtensionData. In this patch stack we are going to introduce the
isPrivileged property to ExtensionData.

To prevent these errors from being triggered when isPrivileged is added,
replace the "isPrivileged" in this check with a check against
ExtensionData.

l10n_resources support in ExtensionData will be added in bug 1733466.

This refactor replaces the aAddon parameter of verifySignedState
with the minimal parameters needed to perform its functionality.

This enables us to compute signedState without requiring a fully
initialized AddonInternal instance.

See https://bugzilla.mozilla.org/show_bug.cgi?id=1734987#c0 for the
description of the why and how of this patch.

Since isPrivileged is now supported on ExtensionData, this patch also
removes the work-arounds from bug 1675858.

addon.isPrivileged and extension.isPrivileged are currently almost
identical, except in the case of temporary extensions when experiments
are enabled.

This difference is inexplicable for those unfamiliar with the history,
so this patch makes them identical.

addon.isPrivileged was introduced in bug 1543204 to support hidden
add-ons, which was intended to be used by privileged add-ons only.
Hence, this patch updates the "hidden" getter to continue ignoring the
hidden flag for temporary add-ons.

With this change, the addon.isPrivileged check can be removed from
loadManifestFromWebManifest, in favor of checking extension.isPrivileged
at the location where addon.hidden is initialized for the first (and now
only) time.

During updates, isPrivileged was not set correctly, which resulted in
incorrect error messages (warnings about unsupported permissions) when a
privileged/builtin extension was updated (a variant of bug 1675858).

In the previous patch (part 3), isPrivileged was added to the
ExtensionData constructor, and also passed to BootstrapScope calls,
so we can use that here to.

The unit test here serves two purposes:

  1. Primarily: test coverage for the correctness of isPrivileged in the
    update scenario.
  2. Test coverage for the existence and order of ExtensionAPI's onUpdate
    calls. There is no unit test for this mechanism right now, only
    indirect tests.
Points: --- → 3
Blocks: 1739114
Blocks: 1757168

Although the default value for isPrivileged is false in the
ExtensionData constructor, let's add the explicit value (false) so that
it's obvious that the default value is intended.

Blocks: 1757199
Attachment #9265523 - Attachment description: Bug 1734987 - Part 3.2 - Add explicit isPrivileged flag to ExtensionData → Bug 1734987 - Part 3.2 - Pass explicit isPrivileged flag to ExtensionData calls
Pushed by rob@robwu.nl: https://hg.mozilla.org/integration/autoland/rev/0152446140c4 Part 1: Replace isPrivileged with ExtensionData check for l10n_resources r=rpl https://hg.mozilla.org/integration/autoland/rev/01047f2fcc85 Part 2: Refactor verifySignedState to not require AddonInternal r=rpl https://hg.mozilla.org/integration/autoland/rev/5ed31aa8b156 Part 3: Add isPrivileged to ExtensionData + test r=rpl https://hg.mozilla.org/integration/autoland/rev/3c50643923f0 Part 3.1: Correct isPrivileged during updates r=rpl https://hg.mozilla.org/integration/autoland/rev/d02e0c5d2f3e Part 3.2 - Pass explicit isPrivileged flag to ExtensionData calls r=rpl,geckoview-reviewers,calu https://hg.mozilla.org/integration/autoland/rev/ab302ff25a5f Part 4: Make addon.isPrivileged consistent with extension.isPrivileged r=rpl
Regressions: 1757399
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: