Closed
Bug 814226
Opened 12 years ago
Closed 12 years ago
Permission checks for "webapps-manage" could probably be friendlier
Categories
(Core Graveyard :: DOM: Apps, defect)
Core Graveyard
DOM: Apps
Tracking
(blocking-basecamp:-, firefox19 wontfix, firefox20 wontfix, firefox21 fixed, b2g18 fixed)
People
(Reporter: bent.mozilla, Assigned: fabrice)
References
Details
Attachments
(1 file)
(deleted),
patch
|
sicking
:
review+
sicking
:
approval-mozilla-b2g18+
|
Details | Diff | Splinter Review |
The "webapps-manage" permission is checked in the child when the navigator.mozApps.mgmt is used, but we always return an object. Then we throw if you try to set oninstall/onuninstall handlers.
If you then call "applyDownload", "getAll", or "getNotInstalled" we for some reason *don't* throw and let the call succeed but then parent will kill the process.
Also, we send the "hasPrivileges" value from the child to the parent for the "getAll" function, and that value is used in the parent after we've already asserted the permission in the parent.
Assignee | ||
Comment 1•12 years ago
|
||
Ben, what would be the appropriate behavior ? Throw when accessing mozApps.mgmt without privileges, or returning null? I'll keep the assertion in the parent for all the calls that can come from mgmt.*
Assignee | ||
Updated•12 years ago
|
Assignee: nobody → fabrice
Reporter | ||
Comment 2•12 years ago
|
||
I think our unofficial convention is to return null when you don't have permission. Sicking?
Yes. The property should still exist as indication that we support the API. But it should return null as indication that the caller doesn't have permission to use it.
Comment 4•12 years ago
|
||
basecamp- as this is nice to have any not actually a security threat.
blocking-basecamp: ? → -
Assignee | ||
Comment 5•12 years ago
|
||
Attachment #704085 -
Flags: review?(bent.mozilla)
Comment on attachment 704085 [details] [diff] [review]
patch
Review of attachment 704085 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/apps/src/Webapps.js
@@ +256,5 @@
> + .getService(Ci.nsIScriptSecurityManager);
> + let perm = principal == secMan.getSystemPrincipal()
> + ? Ci.nsIPermissionManager.ALLOW_ACTION
> + : Services.perms
> + .testExactPermissionFromPrincipal(principal, "webapps-manage");
You should be able to call Services.perms.textExact..(principal, ...) even when principal is the system principal. It should always return ALLOW_ACTION.
@@ +260,5 @@
> + .testExactPermissionFromPrincipal(principal, "webapps-manage");
> +
> + //only pages with the webapps-manage permission set can get access to
> + // the mgmt object.
> + this.hasPrivileges = perm == Ci.nsIPermissionManager.ALLOW_ACTION;
Maybe name this this.hasMgmtPrivileges. I think elsewhere we use "hasPrivileges" to indicate if the feature itself is permitted.
Attachment #704085 -
Flags: review?(bent.mozilla) → review+
Assignee | ||
Comment 7•12 years ago
|
||
Assignee | ||
Comment 8•12 years ago
|
||
Comment on attachment 704085 [details] [diff] [review]
patch
[Approval Request Comment]
User impact if declined: Makes it harder to cleanly check access to mozApps.mgmt
Testing completed: passes tests and didn't regress my local b2g18 build
Risk to taking this patch (and alternatives if risky): none
String or UUID changes made by this patch: none
Attachment #704085 -
Flags: approval-mozilla-b2g18?
Attachment #704085 -
Flags: approval-mozilla-b2g18? → approval-mozilla-b2g18+
Comment 9•12 years ago
|
||
Backed out in https://hg.mozilla.org/integration/mozilla-inbound/rev/39bc4c77571f for Linux browser-chrome failures like https://tbpl.mozilla.org/php/getParsedLog.php?id=18945788&tree=Mozilla-Inbound
Assignee | ||
Comment 10•12 years ago
|
||
green run on try with a test fix:
https://tbpl.mozilla.org/?tree=Try&rev=8f67e699181a
https://hg.mozilla.org/integration/mozilla-inbound/rev/6d14b59b7ce5
Assignee | ||
Comment 11•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
status-b2g18:
--- → fixed
status-firefox19:
--- → wontfix
status-firefox20:
--- → wontfix
status-firefox21:
--- → fixed
Target Milestone: --- → mozilla21
Comment 12•12 years ago
|
||
Flags: in-testsuite+
Updated•7 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•