Closed Bug 829726 Opened 11 years ago Closed 6 years ago

Content process killed when trying to uninstall webapp without webapps-manage privilege

Categories

(Core Graveyard :: DOM: Apps, defect)

Product:
Core Graveyard
Component:
DOM: Apps
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: bholley, Unassigned)

Details

I'm working on update tests over in bug 826058. I just pulled a new version of Gecko, and it looks like the update model has been changed around a bit. Most notably, .uninstall() no longer exists on the app, and calls go through navigator.mozApps.mgmt.uninstall() instead.

However, it looks like there's also a new "webapps-manage" permission involved. I didn't have it, and my content process appears to have been nuked:

[Parent 569] WARNING: waitpid failed pid:613 errno:10: file /files/mozilla/b2g/take2-arm/mygecko/src/ipc/chromium/src/base/process_util_posix.cc, line 260
[Parent 569] WARNING: waitpid failed pid:613 errno:10: file /files/mozilla/b2g/take2-arm/mygecko/src/ipc/chromium/src/base/process_util_posix.cc, line 260
[Parent 569] WARNING: Failed to deliver SIGKILL to 613!(3).: file /files/mozilla/b2g/take2-arm/mygecko/src/ipc/chromium/src/chrome/common/process_watcher_posix_sigchld.cc, line 118

My understanding of the b2g runtime security model is that the APIs living in the content process are supposed to avoid sending messages for permissions they don't have, which makes this seem like a bug.

I have the following permissions enabled via SpecialPowers:
    SpecialPowers.addPermission("browser", true, document);
    SpecialPowers.addPermission("embed-apps", true, document);

It's totally possible that doing this is causing us to take a codepath that misses the regular client-side checks. If so, then I'd imagine this bug is INVALID. But I wanted to get it on the radar, because terminating processes is not great UX.
Hm, it crashes even when I do:

SpecialPowers.addPermission("webapps-manage", true, document);

What gives?
Hmm...in the past, when I've seen the content process get nuked in regards to permissions, it's usually because you tried to do something when you didn't have the right permission level.

I had one bug I hit in the past where I tried to access a privileged webapi after installing a privileged app, but there was a bug where the app status was web. Upon access, the content process got killed something similar to what you are seeing above.

Is your mochitest running as a certified app?
(In reply to Jason Smith [:jsmith] from comment #2)
> Is your mochitest running as a certified app?

Probably not. Can I make it one via SpecialPowers?
Bobby if you just need to uninstall an app 

--> https://github.com/mozilla-b2g/gaia/pull/7179

This is my pull request that allows for permissions to work off of the mochitest domain. 

If you merge it and rebuild your tree you can just call 

navigator.mozApps.mgmt.uninstall with no need for permissions changes..
Blocks: app-install
I'm not sure I understand what you are saying here.

It's a known bug that navigator.mozApps.mgmt is returning a non-null object even when an app doesn't have webapps-manage permission. That is bug 814226.

However once an app *does* have webapps-manage, we shouldn't crash when .uninstall(someapp) is called. It should uninstall the app. Is that not what's happening?
I *guess* we might be hitting the issue that it will fail to call the mozApps.mgmt related APIs from the apps loaded in the browser, because the .assertPermission() [1] is aimed to check the permissions of the content process which calls .uninstall(). That is, the permissions of the browser. If the browser doesn't have the "webapps-manage" permission but the webapp (loaded from browser) does, then it cannot pass through the .assertPermission() check when calling .uninstall(). However, it the app calling .uninstall() is loaded as an certified app, then it should succeed, since the app is now an independent content process out of the browser. I could be wrong. Please correct me. thanks!

Is the issue still present if the app is loaded as an certified app?

[1] http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.jsm#750
We now return null for mozApps.mgmt when the caller doesn't have the webapps-mgmt permission. Does this help with the issue there?
Blocks: b2g-apps-v1-next
No longer blocks: app-install
No longer blocks: b2g-apps-v1-next
Product: Core → Core Graveyard
Core Graveyard / DOM: Apps is inactive. Closing all bugs in this component.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.