This permission is new in 9.0beta1.
In release notes / whats new, I couldnt find any explaination of why this was added. So far, in a quick non-scientific scan of comments in marketplace, I found 3 people in last 2 days who gave Firefox 9.0b1 a 1star rating because of privacy concerns with the new permission.
If this permission is needed, can we better explain it someplace users can easily find the details? Of course, if we dont actually need it, we should remove it.
fyi: I also checked and found no mention in https://support.mozilla.com/en-US/kb/how-firefox-android-use-permissions-it-requests.
cc-ing mfinkle, legneato in case this needs triaging before 9.0b2.
in bug#672352, I found: "Your personal information: Read sensitive log data" was added in Firefox 9 because it is required by the Adobe Flash plugin (bug 630007).
this was added when NPAPI support was landed:
the confusing thing for me, is the permission is not requested in the droid_plugins branch:
Doug, any idea why this (and the other 5 permission requests) were added?
Also, according to this search:
the only reason to request this is to use ACTION_DROPBOX_ENTRY_ADDED
and according to this mxr search we're not using that:
per today's planning meeting:
1) unclear if we do actually need this permission in beta - if not, can we do anything before 9.0beta2?
2) if it turns out we do need this permission, we need to add this to the 9.0beta release notes.
I removed READ_LOGS, WAKE_LOCK, ACCESS_WIFI_STATE, and CHANGE_NETWORK_STATE from the manifest locally and don't seem to be having any issues with flash
The permissions added by the Flash patches are documented in the latest revision of https://support.mozilla.com/en-US/kb/how-firefox-android-use-permissions-it-requests#os=android&browser=m9
When implementing flash on Android, we saw lots of failures for not having the right permission. I'd add one, then try a few more sites. At about 3 or 4 new failures, I just gave up (knowing that I could never catch every failure) and copied what Opera had (yes, they did it first).
It would be good to get the exact list of required permissions from Adobe. It might also be fine with removing everything we can and have people report the failures.
Created attachment 575015 [details] [diff] [review]
yea, let's go with that.
https://hg.mozilla.org/integration/mozilla-inbound/rev/2ccba9e140f2 and https://hg.mozilla.org/projects/birch/rev/4aa196ded1b0
Created attachment 575511 [details] [diff] [review]
add WAKE_LOCK back
We have seen permission failures in birch due to the missing WAKE_LOCK permission check. This patch adds it back.
The logcat for WAKE_LOCK
W/System.err( 3318): java.lang.SecurityException: Neither user 10067 nor current process has android.permission.WAKE_LOCK.
W/System.err( 3318): at android.os.Parcel.readException(Parcel.java:1322)
W/System.err( 3318): at android.os.Parcel.readException(Parcel.java:1276)
W/System.err( 3318): at android.os.IPowerManager$Stub$Proxy.acquireWakeLock(IPowerManager.java:277)
W/System.err( 3318): at android.os.PowerManager$WakeLock.acquire(PowerManager.java:253)
W/System.err( 3318): at org.mozilla.gecko.GeckoAppShell.nativeRun(Native Method)
W/System.err( 3318): at org.mozilla.gecko.GeckoAppShell.runGecko(GeckoAppShell.java:447)
W/System.err( 3318): at org.mozilla.gecko.GeckoThread.run(GeckoThread.java:115)
Comment on attachment 575511 [details] [diff] [review]
add WAKE_LOCK back
make sure to put a comment in the push saying why we need this
If this patch lands in Aurora and Beta, it should *not* remove the WAKE_LOCK permission (bug 703661).
Comment on attachment 575015 [details] [diff] [review]
Please land this on aurora and beta asap.
pushed https://hg.mozilla.org/releases/mozilla-beta/rev/c2e999705076 and https://hg.mozilla.org/releases/mozilla-aurora/rev/0b241bbfe57d
Verified fixed on:
Mozilla/5.0 (Android;Linux armv7l;rv:10.0)Gecko/20111228
Devices: Samsung Galaxy S
OS: Android 2.2