Last Comment Bug 702183 - Fennec 9.0b1 now asking for extra "read sensitive log data" permission
: Fennec 9.0b1 now asking for extra "read sensitive log data" permission
Product: Fennec Graveyard
Classification: Graveyard
Component: General (show other bugs)
: Firefox 9
: Other Android
: -- normal (vote)
: Firefox 11
Assigned To: Brad Lassey [:blassey] (use needinfo?)
Depends on: 672352 703661
Blocks: 630007
  Show dependency treegraph
Reported: 2011-11-13 20:01 PST by John O'Duinn [:joduinn] (please use "needinfo?" flag)
Modified: 2013-12-10 10:00 PST (History)
11 users (show)
See Also:
QA Whiteboard:
Iteration: ---
Points: ---

patch (1.03 KB, patch)
2011-11-16 15:18 PST, Brad Lassey [:blassey] (use needinfo?)
doug.turner: review+
christian: approval‑mozilla‑aurora+
christian: approval‑mozilla‑beta+
Details | Diff | Splinter Review
add WAKE_LOCK back (1.27 KB, patch)
2011-11-18 11:20 PST, Mark Finkle (:mfinkle) (use needinfo?)
blassey.bugs: review+
Details | Diff | Splinter Review

Description John O'Duinn [:joduinn] (please use "needinfo?" flag) 2011-11-13 20:01:16 PST
This permission is new in 9.0beta1.

In release notes / whats new, I couldnt find any explaination of why this was added. So far, in a quick non-scientific scan of comments in marketplace, I found 3 people in last 2 days who gave Firefox 9.0b1 a 1star rating because of privacy concerns with the new permission.

If this permission is needed, can we better explain it someplace users can easily find the details? Of course, if we dont actually need it, we should remove it.
Comment 1 John O'Duinn [:joduinn] (please use "needinfo?" flag) 2011-11-13 20:04:20 PST
fyi: I also checked and found no mention in

cc-ing mfinkle, legneato in case this needs triaging before 9.0b2.
Comment 2 John O'Duinn [:joduinn] (please use "needinfo?" flag) 2011-11-13 20:07:14 PST
in bug#672352, I found: "Your personal information: Read sensitive log data" was added in Firefox 9 because it is required by the Adobe Flash plugin (bug 630007).
Comment 3 Brad Lassey [:blassey] (use needinfo?) 2011-11-13 20:19:25 PST
this was added when NPAPI support was landed:

the confusing thing for me, is the permission is not requested in the droid_plugins branch:

Doug, any idea why this (and the other 5 permission requests) were added?
Comment 4 Brad Lassey [:blassey] (use needinfo?) 2011-11-13 20:23:27 PST
Also, according to this search:

the only reason to request this is to use ACTION_DROPBOX_ENTRY_ADDED

and according to this mxr search we're not using that:[Aa]CTION_DROPBOX_ENTRY_ADDED
Comment 5 John O'Duinn [:joduinn] (please use "needinfo?" flag) 2011-11-16 11:35:54 PST
per today's planning meeting:

1) unclear if we do actually need this permission in beta - if not, can we do anything before 9.0beta2?

2) if it turns out we do need this permission, we need to add this to the 9.0beta release notes.
Comment 6 Brad Lassey [:blassey] (use needinfo?) 2011-11-16 15:09:53 PST
I removed READ_LOGS, WAKE_LOCK, ACCESS_WIFI_STATE, and CHANGE_NETWORK_STATE from the manifest locally and don't seem to be having any issues with flash
Comment 7 Matt Brubeck (:mbrubeck) 2011-11-16 15:11:52 PST
The permissions added by the Flash patches are documented in the latest revision of
Comment 8 Doug Turner (:dougt) 2011-11-16 15:14:09 PST
When implementing flash on Android, we saw lots of failures for not having the right permission.  I'd add one, then try a few more sites.  At about 3 or 4 new failures, I just gave up (knowing that I could never catch every failure) and copied what Opera had (yes, they did it first).

It would be good to get the exact list of required permissions from Adobe.  It might also be fine with removing everything we can and have people report the failures.
Comment 9 Brad Lassey [:blassey] (use needinfo?) 2011-11-16 15:18:38 PST
Created attachment 575015 [details] [diff] [review]

yea, let's go with that.
Comment 10 Brad Lassey [:blassey] (use needinfo?) 2011-11-18 07:10:44 PST
Comment 12 Mark Finkle (:mfinkle) (use needinfo?) 2011-11-18 11:20:59 PST
Created attachment 575511 [details] [diff] [review]
add WAKE_LOCK back

We have seen permission failures in birch due to the missing WAKE_LOCK permission check. This patch adds it back.
Comment 13 Mark Finkle (:mfinkle) (use needinfo?) 2011-11-18 11:22:17 PST
The logcat for WAKE_LOCK

W/System.err( 3318): java.lang.SecurityException: Neither user 10067 nor current process has android.permission.WAKE_LOCK.
W/System.err( 3318):    at android.os.Parcel.readException(
W/System.err( 3318):    at android.os.Parcel.readException(
W/System.err( 3318):    at android.os.IPowerManager$Stub$Proxy.acquireWakeLock(
W/System.err( 3318):    at android.os.PowerManager$WakeLock.acquire(
W/System.err( 3318):    at org.mozilla.gecko.GeckoAppShell.nativeRun(Native Method)
W/System.err( 3318):    at org.mozilla.gecko.GeckoAppShell.runGecko(
W/System.err( 3318):    at
Comment 14 Brad Lassey [:blassey] (use needinfo?) 2011-11-18 11:30:08 PST
Comment on attachment 575511 [details] [diff] [review]
add WAKE_LOCK back

make sure to put a comment in the push saying why we need this
Comment 15 Mark Finkle (:mfinkle) (use needinfo?) 2011-11-18 11:50:33 PST
Comment 16 Matt Brubeck (:mbrubeck) 2011-11-18 12:01:26 PST
If this patch lands in Aurora and Beta, it should *not* remove the WAKE_LOCK permission (bug 703661).
Comment 17 Ed Morley [:emorley] 2011-11-19 05:13:26 PST
Comment 18 christian 2011-11-22 10:19:29 PST
Comment on attachment 575015 [details] [diff] [review]

[triage comment]
Please land this on aurora and beta asap.
Comment 20 Cristian Nicolae (:xti) 2011-12-29 07:09:01 PST
Verified fixed on:
Mozilla/5.0 (Android;Linux armv7l;rv:10.0)Gecko/20111228
Firefox/10.0 Fennec/10.0
Devices: Samsung Galaxy S
OS: Android 2.2

Note You need to log in before you can comment on or make changes to this bug.