Closed Bug 1907844 Opened 11 months ago Closed 2 months ago

AddonManagerInternal._updatePromptHandler does not take into account whether the extension is force installed and extension manifest version when comparing permissions

Categories

(Toolkit :: Add-ons Manager, defect, P3)

Product:
Toolkit
Component:
Add-ons Manager
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
139 Branch
Tracking Flags:
Tracking Status
firefox-esr128 --- fixed
firefox138 + fixed
firefox139 --- fixed

People

(Reporter: brian.coleman, Assigned: mkaply)

References

(Blocks 2 open bugs)

Details

Attachments

(5 files)

upgrade-prompt.png
58.20 KB, image/png
Details
about-policies.png
22.55 KB, image/png
Details
Bug 1907844 - Force permission updates for extensions installed by policy. r?willdurand!
48 bytes, text/x-phabricator-request
Details | Review
Bug 1907844 - Force permission updates for extensions installed by policy. r?willdurand!
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-beta+
Details | Review
Bug 1907844 - Force permission updates for extensions installed by policy. r?willdurand!
48 bytes, text/x-phabricator-request
phab-bot
: approval-mozilla-esr128+
Details | Review
Attached image upgrade-prompt.png

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Steps to reproduce:

On Firefox 115 ESR:

  1. Create a manifest v2 extension
  2. On Windows, force install the extension by adding an entry for the extension to the ExtensionSettings Group Policy, specifying that the installation_mode be force_installed.
  3. Add an optional install time permission to the extension manifest, for example add <all_urls> to the permissions key in the extension manifest
  4. Upgrade the extension
  5. Despite the fact that the extension installation_mode is force_installed, the user is granted the opportunity to decline the upgrade because an optional install time permission has been added to the extension

Actual results:

The user is granted the opportunity to decline the upgrade because an optional install time permission has been added to the extension

Expected results:

The user should not be granted the opportunity to decline the upgrade because an optional install time permission has been added to the extension for the following reasons.

  1. The extension installation_method is force_installed, so the extension is not controlled by the user as the machine is managed by an organization using Group Policy. It should be the organization's choice whether to install/upgrade the extension and not the user's choice.
  2. The extension is a manifest v2 extension. By observation, when an manifest v2 extension with an optional install time permission such as <all_urls> is force installed for the first time via Group Policy, the user is not granted the opportunity to decline the extension installation.
Attached image about-policies.png

The code which performs the permissions comparison upon extension upgrade is here: https://searchfox.org/mozilla-central/source/toolkit/mozapps/extensions/AddonManager.sys.mjs#1232

The Bugbug bot thinks this bug should belong to the 'WebExtensions::Untriaged' component, and is moving the bug to that component. Please correct in case you think the bot is wrong.

Product: Firefox → WebExtensions

Mike - what should we do here? Should we automatically grant permissions of updated extensions that are installed through the force_installed enterprise policy?

If we do decide to fix this bug, then we should also automatically grant MV3 host permissions on update (which we currently do not - bug 1893232).

Blocks: 1893232, 1904047
Status: UNCONFIRMED → NEW
Component: Untriaged → Add-ons Manager
Ever confirmed: true
Flags: needinfo?(mozilla)
Product: WebExtensions → Toolkit
Version: other → unspecified

Yes, we should grant those permissions.

See similar issues:
Bug 1641093 - Addons installed via policy shouldn't be disabled when permissions change
and also
Bug 1904054 - When an mv3 extension is force_installed via policy, users should not be able to change host permissions

Flags: needinfo?(mozilla)
See Also: → 1904054, 1641093

If you're interested in working on a patch, ask me or :zombie for help if needed.

At a high level, because MV3 origin permissions are treated as optional, we should internally call ExtensionPermissions.add with the new requested permissions. We implemented the logic to do this at install time at bug 1889402, but haven't done anything with updates yet. The general case is at bug 1893232, but we can consider doing this for enterprise even without addressing the general case.

Severity: -- → S4
Priority: -- → P3
Assignee: nobody → mozilla
Status: NEW → ASSIGNED

This doesn't have a test (yet).

Can someone point me to a good place to grab a test for this?

(In reply to Mike Kaply [:mkaply] from comment #8)

This doesn't have a test (yet).

Can someone point me to a good place to grab a test for this?

This setupExtensionWithUpdates helper function defined in browser_html_updates.js may provide some ideas about how to recreate the scenario I think we may need (but likely along with tweaking the approach a bit to appropriately combine it with use of the enterprise policy test helpers), there are also other helper functions in that test file that may also be useful source of inspiration for other pieces that may be needed (e.g. findUpdatesForAddonId) to trigger an update check for the test extension.

Attachment #9474810 - Attachment description: Bug 1907844 - Force permission updates for extensions installed by policy. r?rpl! → Bug 1907844 - Force permission updates for extensions installed by policy. r?willdurand!

[Tracking Requested - why for this release]:
I know I'm cutting this close, but this is going to be a very small enterprise only change and we have an enterprise partner that really needs this.
Hoping to get it reviewed/in nightly today or tomorrow.

tracking-firefox138: --- → ?
Pushed by mozilla@kaply.com: https://hg.mozilla.org/integration/autoland/rev/e95ee971193c Force permission updates for extensions installed by policy. r=willdurand
Attachment #9479142 - Flags: approval-mozilla-beta?

beta Uplift Approval Request

  • User impact if declined: Enterprises having addon upgrade issues
  • Code covered by automated testing: yes
  • Fix verified in Nightly: no
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: N/A
  • Risk associated with taking this patch: Very low
  • Explanation of risk level: Change is only for enterpise policy
  • String changes made/needed: None
  • Is Android affected?: no

https://hg.mozilla.org/mozilla-central/rev/e95ee971193c

Status: ASSIGNED → RESOLVED
Closed: 2 months ago
status-firefox139: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 139 Branch
Attachment #9479142 - Flags: approval-mozilla-beta? → approval-mozilla-beta+
Attachment #9479388 - Flags: approval-mozilla-esr128?

esr128 Uplift Approval Request

  • User impact if declined: Extensions installed by policy get disabled
  • Code covered by automated testing: yes
  • Fix verified in Nightly: yes
  • Needs manual QE test: no
  • Steps to reproduce for manual QE testing: N/A
  • Risk associated with taking this patch: Very low
  • Explanation of risk level: enterprise only
  • String changes made/needed: none
  • Is Android affected?: no
Attachment #9479388 - Flags: approval-mozilla-esr128? → approval-mozilla-esr128+
Duplicate of this bug: 1641093
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: