Open Bug 1992285 Opened 3 months ago Updated 3 months ago

Post-install doorhanger for sideloaded addons is not shown if PERM_CAN_CHANGE_PRIVATEBROWSING_ACCESS is missing

Categories

(Toolkit :: Add-ons Manager, defect, P3)

Product:
Toolkit
Component:
Add-ons Manager
Type:
defect

Tracking

()

People

(Reporter: robwu, Unassigned, Mentored)

References

Details

(Keywords: good-first-bug)

TL;DR: We should delete these lines: https://searchfox.org/firefox-main/rev/8b1c49542ae15990283f8d8ceebb32c5cb8bb7d5/toolkit/mozapps/extensions/content/aboutaddonsCommon.js#197-202,207

When a sideloaded addon is enabled, a post-install doorhanger should be shown (this was added in bug 1551541). The current implementation only shows the post-install doorhanger if PERM_CAN_CHANGE_PRIVATEBROWSING_ACCESS is true: https://searchfox.org/firefox-main/rev/8b1c49542ae15990283f8d8ceebb32c5cb8bb7d5/toolkit/mozapps/extensions/content/aboutaddonsCommon.js#197-206

That logic had its origins in when the private browsing toggle is on the post-install doorhanger. Since bug 1842832, the checkbox is in the pre-install dialog instead. And with bug 1948261, the post-install doorhanger features UI to allow the user to pin the extension, which has nothing to do with private browsing mode. Yet, due to the PERM_CAN_CHANGE_PRIVATEBROWSING_ACCESS requirement, it is possible for the post-install doorhanger to be hidden when it should not be.

PERM_CAN_CHANGE_PRIVATEBROWSING_ACCESS is usually set, except in the following cases (source: permissions() in XPIDatabase.sys.mjs):

  • Add-on is not an extension (e.g. a theme, dictionary, langpack) (non-extension add-ons do not have extension permissions)
  • Extension's manifest contains incognito: "not_allowed" (private access not allowed)
  • An enterprise policy is set that sets private_browsing (private access is force-allowed, added in bug 1640931)
  • (Extension is privileged, a system add-on or a builtin) (private access is implied)

All of these conditions are not necessary:

  • The private browsing-related conditions are no longer relevant and should not prevent the post-install dialog from being shown.
  • Built-in add-ons are hidden and therefore filtered, and therefore they cannot trigger this code path.
  • The exact behavior for non-extension extensions is not particularly important, but all other triggers of the "webextension-install-notify" observer notification do not exclude it either, and the handler of "webextension-install-notify" does something with themes. So I don't see a strong reason for excluding non-extensions in this place.
Mentor: lgreco
Severity: -- → S4
Keywords: good-first-bug
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.