Validator should not allow developers to submit certified permissions

RESOLVED FIXED in 2013-02-14

Status

Marketplace
Validation
RESOLVED FIXED
4 years ago
4 years ago

People

(Reporter: adora, Assigned: basta)

Tracking

2013-02-14
x86
Mac OS X
Points:
---

Details

(Reporter)

Description

4 years ago
Developers should be prevented from submitting apps that request certified permissions.

Example:  https://marketplace.firefox.com/reviewers/apps/review/jaxogram

"permissions": {
"systemXHR": { "description": "Access Jaxo's app server and OAuth" },
"browser":{ "description": "OAuth browser window" },
"contacts": { "description": "Import Orkut friends as contacts", "access": "readcreate" },
"device-storage:pictures": { "description": "Share photos", "access": "readcreate" },
"geolocation": { "description": "Geotag photos" },
"storage": { "description": "Use local storage for access tokens" },
"camera": { "description": "Share photos" }
}

This app's type isn't certified, but the developer needs to use web activities for camera access instead of requesting access directly.
(Assignee)

Comment 1

4 years ago
The problem here is that there are multiple lists of permissions and it seems that the permissions change when nobody's looking. What is the canonical, stable list of certified permissions?

Or better yet, we could whitelist the (much shorter) list of permissions that developers *can* use in their apps.
Paul could probably point you in the right direction here. I can't access his perms matrix doc for some reason right now, so I don't have the list memorized.
The permissions matrix is documented here:
https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0

Every effort is being taken to keep this accurate and in sync with the implementation of the matrix which is here:
https://mxr.mozilla.org/mozilla-central/source/dom/apps/src/PermissionsTable.jsm

Note that at the time of this post, a last minute permission has been added to gecko by bug 838308, so the "keyboard" permission isn't in the code yet, but it will be shortly.

Also note that security doesn't depend on the marketplace doing this check (but I can see why you would want to do it for usability reasons). 

An app can request any certified permission when it is installed, it just wont get it. (or more specifically, it will get the permission setting as spelled out in PermissionTable.jsm, so if this is a certified-only permission, it will get an entry set to Ci.nsIPermissionManager.DENY_ACTION)

If you do want to check a whitelist, then that should be easy to calculate from filtering the spreadsheet. Just be aware that this whitelist will need to be regularly updated as these APIs evolve.
(In reply to Matt Basta [:basta] from comment #1)
> The problem here is that there are multiple lists of permissions and it
> seems that the permissions change when nobody's looking. What is the
> canonical, stable list of certified permissions?
> 
> Or better yet, we could whitelist the (much shorter) list of permissions
> that developers *can* use in their apps.

the whitelist is the ideal solution - I've seen some manifests where it the developer has misread the spec/MDN/whatever.  We'd need a separate whitelist for privileged and unprivileged apps.
(Assignee)

Updated

4 years ago
Target Milestone: --- → 2013-02-14
(Assignee)

Updated

4 years ago
Assignee: nobody → mattbasta
(Assignee)

Comment 5

4 years ago
https://github.com/mozilla/app-validator/commit/5f1f59f2e73c608f8b5eb4383bdc415463f39a12
Assignee: mattbasta → nobody
Status: NEW → RESOLVED
Last Resolved: 4 years ago
Resolution: --- → FIXED
(Assignee)

Updated

4 years ago
Assignee: nobody → mattbasta
Even quickly looking at the patch there, this doesn't look right. You forgot about contacts.

https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
(Assignee)

Comment 7

4 years ago
https://github.com/mozilla/app-validator/commit/6213473f5f77499acf11b8aee187431a03d0d991
Status: REOPENED → RESOLVED
Last Resolved: 4 years ago4 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.