Closed Bug 882442 Opened 12 years ago Closed 12 years ago

Contacts Manager does not handle unknown permissions correctly

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: stully, Assigned: stully)

Details

Attachments

(1 file)

If contacts permission is unknown, set permission to prompt instead of leaving as unknown.
1.07 KB, patch
Details | Diff | Splinter Review
ContactsManager.js does not handle contacts permissions that are unknown correctly. If a permission is unknown it should change the permission to prompt the user. This happens on Android where the contacts API permissions are unknown. Another possible fix is to change PermissionPromptHelper.jsm to treat unknown permissions as prompt the user on https://mxr.mozilla.org/mozilla-central/source/dom/permission/PermissionPromptHelper.jsm#74. This is a wider scope than just contacts, however, so I'm not sure it's appropriate.
If contacts permission is unknown, set permission to prompt instead of leaving as unknown. See above for another possible (albeit riskier) fix.
Attachment #761719 - Flags: feedback?(jonas)
Assignee: nobody → stully
Blocks: 857730
The ContactsManager should not deal with UNKNOWN permissions. It should only perform the action if it sees ALLOW and CANCEL otherwise. The Permission code is responsible for dealing with unknown and prompt. The way it works for contacts is: When we install an app, we require the contacts permission in the manifest file. During app-installation we populate the permission DB based on the app-level. (Allow for certified apps, prompt for privileged apps and deny for web apps)
I'm implementing the contacts API on Android where there is no concept of certified or privileged apps or even a manifest file to pull permissions from. ContactManager seems to rely on these permissions being defined. If ContactManager should not handle unknown permissions, would it be appropriate to remove the check for unknown permissions from PermissionPromptHelper? https://mxr.mozilla.org/mozilla-central/source/dom/permission/PermissionPromptHelper.jsm#74 And change it to "if unknown, prompt the user". What's the logic behind unknown permissions? I would think that if they are unknown, the user should be prompted. Is this not the case? If so, I can go ahead and make the change in PermissionPromptHelper; I just didn't want to make such an overarching change if it isn't appropriate in all cases.
unknown means there is no entry in the database. Regular web-content shouldn't have access to contacts at all because it's a high-risk API and users don't really look when they see a prompt. I think the goal is to rely on manifest files for ff on android as well (see bug 832960).
I see. Then it looks like 832960 blocks 857730.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
No longer blocks: 857730
Attachment #761719 - Flags: feedback?(jonas)
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: