Open Bug 1904061 Opened 1 year ago Updated 13 days ago

Allow fine grained control of permissions via ExtensionSettings policy

Categories

(WebExtensions :: General, enhancement, P5)

Product:
WebExtensions
Component:
General
Type:
enhancement

Tracking

(Not tracked)

Status:
ASSIGNED

People

(Reporter: mkaply, Assigned: mkaply)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1904061 - Add support for blocked_permissions. r?rpl
48 bytes, text/x-phabricator-request
Details | Review

This might end up in enterprise policies, but I wanted to start it here.

On Chrome and Edge, you can use enterprise policy to override extension permissions. So an extension might ask to have access to all sites, but you can prevent it from accessing specific sites or lock it to specific sites.

You can also prevent an extension from having a specific permission even if it wants it.

The specific settings are:
blocked_permissions
runtime_blocked_hosts
runtime_allowed_hosts

See:

https://support.google.com/chrome/a/answer/9867568?hl=en

I imagine this would work similar to the existing addon policy where you would ask the policy engine what permissions/hosts were allowed, not allowed.

Severity: -- → N/A
Priority: -- → P5

I'm also interested in this feature. The way ExtensionSettings are current implemented makes me feel very uneasy, security-wise.

I think another useful behavior we could have here is to automatically disable extensions that requests permissions they are not allowed to. Extensions installed through ExtensionSettings currently will not notify you when an extension update enables new permissions.

There has been a few cases of malicious extension take-overs in the past and a common thread is that they often request new permissions during an update. So for the sake of security, I'd like to review extensions when their permission changes across updates, before installing and running them.

I think another useful behavior we could have here is to automatically disable extensions that requests permissions they are not allowed to. Extensions installed through ExtensionSettings currently will not notify you when an extension update enables new permissions.

The problem is that you don't want an important extension (DLP for instance) to be disabled because it needs a new permission; it should just keep working in the enterprise environment (this is consistent with how Chrome and Edge work).

You can't rely on the user knowing whether or not they should reenable.

Yes, but I believe the behavior should be customizable according to the administrator's needs. Similar to installation_mode, maybe we can have something like permission_mode.

Yes, but I believe the behavior should be customizable according to the administrator's needs. Similar to installation_mode, maybe we can have something like permission_mode.

Would you completely rely on the user though? There would be no way for the admin to say "OK, this is OK, enable it".

There would be no way for the admin to say "OK, this is OK, enable it".

Of course, it shouldn't be the user's responsibility to activate/deactivate the extension after an update.

The way I envision it is that the administrator would review the extension after a user report (or if the admin noticed it themselves). Once the extension is deemed to comply with the organization's security policies, the administrator could then roll out updated policies containing the new permissions through an automated process. The automated process highly depends on the environment, but as an example it could be done through Microsoft Intune.

Assignee: nobody → mozilla
Status: NEW → ASSIGNED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: