Closed Bug 721084 Opened 12 years ago Closed 12 years ago

Don't move profile to SD Card anymore

Categories

(Firefox for Android Graveyard :: General, defect, P3)

Product:
Firefox for Android Graveyard
Component:
General
Type:
defect

Tracking

(firefox14 verified, blocking-fennec1.0 +, fennec+)

Status:
VERIFIED FIXED
Milestone:
Firefox 14
Tracking Flags:
Tracking Status
firefox14 --- verified
blocking-fennec1.0 --- +
fennec + ---

People

(Reporter: wesj, Assigned: wesj)

References

Details

(Keywords: sec-moderate, Whiteboard: [sg:moderate][advisory-tracking+])

Attachments

(1 file, 1 obsolete file)

Patch
2.73 KB, patch
blassey
: review+
Details | Diff | Splinter Review 
For XUL Fennec we worked hard to make it so that you could move the profile to the SDCard. We did that mostly (if I remember right?) because we had some databases in there that could grow pretty large. However, with Native Fennec we've fixed most of those.

1.) urlclassifier should not be nearly as large anymore
2.) we've moved to a smaller version of places. We also have much more control over our "places" now, so we could potentially easily move just that particular database if need be. Some data here would be good though

Moving the profile is a security risk for our users, making it easier for an attacker to get to the key.db and signons.sqlite files, which, even with master password enabled, are not that hard to crack apparently. Leaving them both on the internal storage will likely do more for our users security than any security mechanism we come up with.
see bug 714168 for more issues involved with have profiles on the sdcard (specifically extensions blow up now)
tracking-fennec: --- → +
Also see bug 678341 (if you have access)
wes, do you just want to support this moving forward (like disabling the option to move a profile to the SD card), or do you want to migrate users back from the SD Card as well?
Priority: -- → P3
we should probably move them back from the sdcard if they are currently there. Having your profile there is a security risk.
Making this sg:high since we duped bug 678341 to this.
Whiteboard: [sg:high]
Assignee: nobody → blassey.bugs
Assignee: blassey.bugs → wjohnston
blocking-fennec1.0: --- → ?
blocking-fennec1.0: ? → +
Attached patch Patch (obsolete) — Splinter Review 
I think this is good. Tested with:

Install and start unpatched Fennec
Profile is not on sdcard
Move to sdcard
Profile is on sdcard
Install and start patched Fennec
Profile is not on sdcard
Move to phone and restart
Profile is not on sdcard
Attachment #615869 - Flags: review?(blassey.bugs)
Attached patch PatchSplinter Review 
No real changes. typo fix and remove pointless change.
Attachment #615869 - Attachment is obsolete: true
Attachment #615869 - Flags: review?(blassey.bugs)
Attachment #615871 - Flags: review?(blassey.bugs)
Attachment #615871 - Flags: review?(blassey.bugs) → review+
let's make sure QA tests the hell out of this when it lands
Flags: in-litmus?(fennec)
Keywords: qawanted
(In reply to Brad Lassey [:blassey] from comment #9)
> let's make sure QA tests the hell out of this when it lands

qa team: can someone verify this patch on tomorrow's nightly?  clear qawanted keyword when you're done.

comment 7 has some hints on what to look for.  Get creative, and follow up in here with your verification steps.  Troll logcats like a hawk.
I tried some scenarios on today's inbound and regular Nightly builds. 

On regular Nightly:
- I did some browsing and I moved the app to sdcard. I opened the app and the history was listed correctly. I connected the device to computer via USB and I erased the profile folder. After the device was disconnected, when Fennec was opened the history was still present, so I assume that Fennec db was not move together with other Fennec files and it remains into device internal memory.

On inbound build:
- I did the same thing as for regular Nightly and it seems that only the folder structure is created till Download subfolder, but without any files saved on sdcard.
- I moved back the app to internal memory, I cleared the profile and I synced the device. I repeated the 1st scenario and again, only the structure was created, but without any files in it. 

Imo the patch has resolved this issue. Let us know if more testing is needed for this.
Keywords: qawanted
https://hg.mozilla.org/mozilla-central/rev/1280df4478a8
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → Firefox 14
(In reply to Cristian Nicolae (:xti) from comment #12)
> I tried some scenarios on today's inbound and regular Nightly builds. 

It landed on m-c just now, so whatever testing you did on Nightly isn't valid.
Keywords: qawanted
This issue is fixed on today's Nightly build (04/20). 

I tried a couple of scenarios regarding this bug:

1. I did some browsing and I move the app to SDcard. I removed the sdcard and Fennec was not present anymore in the apps list. If nothing is moved to sdcard, is this expected?

2. I installed the latest Nightly, but I didn't get any warning that new version will replace the "older" one. I opened Fennec and the older profile seems to be active, and the previous visited sites were listed in Top Sites section. Is this expected? imo, this should be ok, but we could avoid to reinstall Fennec if the first scenario could be fixed.
Keywords: qawanted
Yes. That makes sense to me (although I wonder what Android will do if you put the sdcard back in and it has two org.mozilla.fennec packages registered). We still move the binary bits to the sdcard. Its just personal/potentially private information (history, passwords, etc.) that we leave on internal storage. We don't want to leave the binary bits on the sdcard.

I don't think we can avoid this except by using our old behavior or by refusing to move the app to the sdcard. I don't think we should do either of those things.
(In reply to Wesley Johnston (:wesj) from comment #17)
> Yes. That makes sense to me (although I wonder what Android will do if you
> put the sdcard back in and it has two org.mozilla.fennec packages
> registered).

I tried this case too, and it's working fine (there is the same "old" profile active). For this scenario, what is on sdcard is just a blank folder structure and it assume that it cannot have any impact on what already exist in the internal memory.

Another thing was noticed but it might be a device specific issue: if I have Fennec shortcut on desktop and I connect the device to PC via USB and then I disconnect it, the shortcut will not be displayed back.
One more thing regarding the Fennec transfer to sdcard. Before moving it to sdcard I had these values:
Total:       21.26 Mb
Application: 16.25 Mb
Data:         5.01 Mb

After moving it to sdcard I had these values:
Total:        6.49 Mb
Application:  1.48 Mb
Data:         5.01 Mb

Since nothing will go to sdcard, why are those values changing?
(In reply to Cristian Nicolae (:xti) from comment #19)
> One more thing regarding the Fennec transfer to sdcard. Before moving it to
> sdcard I had these values:
> Total:       21.26 Mb
> Application: 16.25 Mb
> Data:         5.01 Mb
> 
> After moving it to sdcard I had these values:
> Total:        6.49 Mb
> Application:  1.48 Mb
> Data:         5.01 Mb
> 
> Since nothing will go to sdcard, why are those values changing?

Something _is_ going to the sdcard. The entire application is being moved. Only the profile is _not_ moved. Because the application is moved, if anything happens to the sdcard, the app will not be shown as an installed app.

This is why the app disappears when the sdcard is removed. When you connect the USB to the device, the sdcard probably is unmounted, which is why the app is removed from the desktop shortcut.

This bug is only about not moving the profile data. The application itself is still moved.

Sounds like everything is working as expected.
(In reply to Mark Finkle (:mfinkle) from comment #20)

> Something _is_ going to the sdcard. The entire application is being moved.
> Only the profile is _not_ moved. 

Everything is clear for me now. Thank you

> Sounds like everything is working as expected.



Due to comment #16 and comment #20, I will mark this bug as verified fixed.

Firefox 14.0a1 (2012-04-20)
Device: Samsung Galaxy S (Captivate)
OS: Android 2.2
Status: RESOLVED → VERIFIED
status-firefox14: --- → verified
When I upgraded my nightly today, my profile got vanished and seemingly reset to an empty profile.  I think this bug might be the cause.
Ehsan, was your profile on the SDcard?
Perhaps, I don't have a way of knowing for sure unfortunately.
Ok.  I know that the profile had ended up deleting when moved (ie internal to SD or vice versa).  My guess is that your profile/fennec was on the SDcard.  bug 746860
(In reply to Naoki Hirata :nhirata from comment #25)
> Ok.  I know that the profile had ended up deleting when moved (ie internal
> to SD or vice versa).  My guess is that your profile/fennec was on the
> SDcard.  bug 746860

I'm puzzled.  That bug is marked as a dupe of this one.  Should I file a new bug?
I reopened the bug.  I had thought that this would prevent the bug 746860 from occurring, but I was mistaken.
Keywords: sec-moderate
Whiteboard: [sg:high] → [sg:moderate][advisory-tracking+]
Behavior covered in the MozTrap test case:

https://moztrap.mozilla.org/manage/cases/_detail/6308/

The test has been added in the Full Functional Tests test suite
Flags: in-litmus?(fennec) → in-moztrap+
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: