Password permissions are handled by the login manager, while other permissions are handled by the permission manager. Right now we special-case passwords in updatePermissions and onPermissionCommand in the AboutPermissions object, but it might be cleaner to handle it directly in the Site object.
Created attachment 534462 [details] [diff] [review]
untested, for the moment!
Comment on attachment 534462 [details] [diff] [review]
This looks good to me. I tested it manually, and it works as expected. The tests in brower_permissions.js also pass.
Jorge: why did you add dev-doc-needed? This is an about:permissions implementation detail that shouldn't really matter to anyone else...
Shouldn't the Site object be documented somewhere so that extensions can use it?
No - it's not relevant to anything outside of about:permissions code (it isn't globally usable).