[keyboard] don't allow user to enable keyboard apps that don't have required trust level

RESOLVED FIXED

Status

RESOLVED FIXED
5 years ago
5 years ago

People

(Reporter: djf, Assigned: rudyl)

Tracking

unspecified
x86
Mac OS X

Firefox Tracking Flags

(blocking-b2g:koi+, b2g-v1.2 fixed)

Details

(Whiteboard: [3rd-party-keyboard])

Attachments

(1 attachment)

(Reporter)

Description

5 years ago
If I write a 3rd party keyboard and make it certified or privileged, it works.

But if it is just an unprivileged app, I can still see it in the settings app, and I can enable it. When I try to use it, the keyboard appears, but the app doesn't have permission to use the keyboard API, so I can't type anything.

Also: I can't switch to another keyboard because the keyboard switching API also requires a higher level of permissions.  This means that I'm now trapped with a non-functional keyboard that I can't get rid of.  (Until I realize I can go back to the settings app to disable it.)

I think we might want to block on this because the user can get themselves trapped.
(Reporter)

Comment 1

5 years ago
Rudy and Corey: do you think this is something easy to fix in shared/js/keyboard_helper.js:getApps()?
blocking-b2g: --- → koi?
Flags: needinfo?(rlu)
Flags: needinfo?(gnarf37)

Comment 2

5 years ago
If whatever is needed is stored in the manifest, this is totally possible to fix inside getApps, yes.
Flags: needinfo?(gnarf37)
(Reporter)

Comment 3

5 years ago
Corey: I think that you just have to check for "type":"certified" or "type":"privileged". Unless an app has one of those in its manifest, it will not be able to function as a keyboard and should not be listed.
Rudy, please fix this?
Assignee: nobody → rlu
blocking-b2g: koi? → koi+
I'll work on this.
Thanks for the heads-up.
Status: NEW → ASSIGNED
Flags: needinfo?(rlu)
Whiteboard: [3rd-party-keyboard]
Created attachment 832114 [details] [review]
Patch V1 - pull request 13693

This patch is to filter out the apps that does not have input permission or is not certified, nor privileged apps in shared/js/keyboard_helper.js.

Hi Corey,

Could you help review this part of code?
Thanks.
Attachment #832114 - Flags: review?(gnarf37)
Comment on attachment 832114 [details] [review]
Patch V1 - pull request 13693

Patch updated to also modify system/js/app_install_manager.js.

Need Gary to review this part.
Thanks.
Attachment #832114 - Flags: review?(gchen)
Comment on attachment 832114 [details] [review]
Patch V1 - pull request 13693

r=me with system/js/app_install_manager.js. part.

Thanks.
Attachment #832114 - Flags: review?(gchen) → review+

Comment 9

5 years ago
Comment on attachment 832114 [details] [review]
Patch V1 - pull request 13693

r=me - Looks great! Thanks for handling this one Rudy!
Attachment #832114 - Flags: review?(gnarf37) → review+
Merged,
https://github.com/mozilla-b2g/gaia/commit/c943970387dfc74c6c4e71a4e576424e593e8e97

Corey, Gary,
Thanks for the reviews.
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → FIXED
Uplifted c943970387dfc74c6c4e71a4e576424e593e8e97 to:
v1.2: bbe813e70ab89c604d02f8cf483b08e953e3e79a
status-b2g-v1.2: --- → fixed
You need to log in before you can comment on or make changes to this bug.