AddonManagerInternal._updatePromptHandler does not take into account whether the extension is force installed and extension manifest version when comparing permissions
Categories
(Toolkit :: Add-ons Manager, defect, P3)
Tracking
()
People
(Reporter: brian.coleman, Unassigned)
References
(Blocks 2 open bugs)
Details
Attachments
(2 files)
upgrade-prompt.png
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36
Steps to reproduce:
On Firefox 115 ESR:
- Create a manifest v2 extension
- On Windows, force install the extension by adding an entry for the extension to the ExtensionSettings Group Policy, specifying that the installation_mode be force_installed.
- Add an optional install time permission to the extension manifest, for example add <all_urls> to the permissions key in the extension manifest
- Upgrade the extension
- Despite the fact that the extension installation_mode is force_installed, the user is granted the opportunity to decline the upgrade because an optional install time permission has been added to the extension
Actual results:
The user is granted the opportunity to decline the upgrade because an optional install time permission has been added to the extension
Expected results:
The user should not be granted the opportunity to decline the upgrade because an optional install time permission has been added to the extension for the following reasons.
- The extension installation_method is force_installed, so the extension is not controlled by the user as the machine is managed by an organization using Group Policy. It should be the organization's choice whether to install/upgrade the extension and not the user's choice.
- The extension is a manifest v2 extension. By observation, when an manifest v2 extension with an optional install time permission such as <all_urls> is force installed for the first time via Group Policy, the user is not granted the opportunity to decline the extension installation.
|
Reporter | |
Comment 1•4 months ago
|
||
|
|
Reporter | |
Comment 2•4 months ago
|
||
The code which performs the permissions comparison upon extension upgrade is here: https://searchfox.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.sys.mjs#1232
|
||
Comment 3•4 months ago
|
||
The Bugbug bot thinks this bug should belong to the 'WebExtensions::Untriaged' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.
|
||
Comment 4•4 months ago
|
||
Mike - what should we do here? Should we automatically grant permissions of updated extensions that are installed through the force_installed enterprise policy?
If we do decide to fix this bug, then we should also automatically grant MV3 host permissions on update (which we currently do not - bug 1893232).
|
||
Comment 5•4 months ago
|
||
Yes, we should grant those permissions.
See similar issues:
Bug 1641093 - Addons installed via policy shouldn't be disabled when permissions change
and also
Bug 1904054 - When an mv3 extension is force_installed via policy, users should not be able to change host permissions
|
|
||
Updated•4 months ago
|
|
|
||
Comment 6•4 months ago
|
||
If you're interested in working on a patch, ask me or :zombie for help if needed.
At a high level, because MV3 origin permissions are treated as optional, we should internally call ExtensionPermissions.add with the new requested permissions. We implemented the logic to do this at install time at bug 1889402, but haven't done anything with updates yet. The general case is at bug 1893232, but we can consider doing this for enterprise even without addressing the general case.
Description
•