1 files changed, 59 insertions, 0 deletions

diff --git a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
index d7541167fa..e70322d3a4 100644
--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
@@ -200,6 +200,7 @@ const PROP_JSON_FIELDS = [
   "incognito",
   "userPermissions",
   "optionalPermissions",
+  "requestedPermissions",
   "sitePermissions",
   "siteOrigin",
   "icons",
@@ -1426,6 +1427,21 @@ AddonWrapper = class {
     return addon.location.name == KEY_APP_PROFILE;
   }
 
+  /**
+   * Returns true if the addon is configured to be installed
+   * by enterprise policy.
+   */
+  get isInstalledByEnterprisePolicy() {
+    const policySettings = Services.policies?.getExtensionSettings(this.id);
+    return ["force_installed", "normal_installed"].includes(
+      policySettings?.installation_mode
+    );
+  }
+
+  /**
+   * Required permissions that extension has access to based on its manifest.
+   * In mv3 this doesn't include host_permissions.
+   */
   get userPermissions() {
     return addonFor(this).userPermissions;
   }
@@ -1434,6 +1450,49 @@ AddonWrapper = class {
     return addonFor(this).optionalPermissions;
   }
 
+  /**
+   * Additional permissions that extension is requesting in its manifest.
+   * Currently this is host_permissions in MV3.
+   */
+  get requestedPermissions() {
+    return addonFor(this).requestedPermissions;
+  }
+
+  /**
+   * A helper that returns all permissions for the install prompt.
+   */
+  get installPermissions() {
+    let required = this.userPermissions;
+    if (!required) {
+      return null;
+    }
+    let requested = this.requestedPermissions;
+    // Currently this can't result in duplicates, but if logic of what goes
+    // into these lists changes, make sure to check for dupes.
+    let perms = {
+      origins: required.origins.concat(requested?.origins ?? []),
+      permissions: required.permissions.concat(requested?.permissions ?? []),
+    };
+    return perms;
+  }
+
+  get optionalOriginsNormalized() {
+    const { permissions } = this.userPermissions;
+    const { origins } = this.optionalPermissions;
+
+    const { patterns } = new MatchPatternSet(origins, {
+      restrictSchemes: !(
+        this.isPrivileged && permissions?.includes("mozillaAddons")
+      ),
+      ignorePath: true,
+    });
+
+    // De-dup the normalized host permission patterns.
+    return patterns
+      ? [...new Set(patterns.map(matcher => matcher.pattern))]
+      : [];
+  }
+
   isCompatibleWith(aAppVersion, aPlatformVersion) {
     return addonFor(this).isCompatibleWith(aAppVersion, aPlatformVersion);
   }