summaryrefslogtreecommitdiffstats
path: root/toolkit/mozapps/extensions/internal
diff options
context:
space:
mode:
Diffstat (limited to 'toolkit/mozapps/extensions/internal')
-rw-r--r--toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs59
-rw-r--r--toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs18
2 files changed, 67 insertions, 10 deletions
diff --git a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
index d7541167fa..e70322d3a4 100644
--- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
+++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs
@@ -200,6 +200,7 @@ const PROP_JSON_FIELDS = [
"incognito",
"userPermissions",
"optionalPermissions",
+ "requestedPermissions",
"sitePermissions",
"siteOrigin",
"icons",
@@ -1426,6 +1427,21 @@ AddonWrapper = class {
return addon.location.name == KEY_APP_PROFILE;
}
+ /**
+ * Returns true if the addon is configured to be installed
+ * by enterprise policy.
+ */
+ get isInstalledByEnterprisePolicy() {
+ const policySettings = Services.policies?.getExtensionSettings(this.id);
+ return ["force_installed", "normal_installed"].includes(
+ policySettings?.installation_mode
+ );
+ }
+
+ /**
+ * Required permissions that extension has access to based on its manifest.
+ * In mv3 this doesn't include host_permissions.
+ */
get userPermissions() {
return addonFor(this).userPermissions;
}
@@ -1434,6 +1450,49 @@ AddonWrapper = class {
return addonFor(this).optionalPermissions;
}
+ /**
+ * Additional permissions that extension is requesting in its manifest.
+ * Currently this is host_permissions in MV3.
+ */
+ get requestedPermissions() {
+ return addonFor(this).requestedPermissions;
+ }
+
+ /**
+ * A helper that returns all permissions for the install prompt.
+ */
+ get installPermissions() {
+ let required = this.userPermissions;
+ if (!required) {
+ return null;
+ }
+ let requested = this.requestedPermissions;
+ // Currently this can't result in duplicates, but if logic of what goes
+ // into these lists changes, make sure to check for dupes.
+ let perms = {
+ origins: required.origins.concat(requested?.origins ?? []),
+ permissions: required.permissions.concat(requested?.permissions ?? []),
+ };
+ return perms;
+ }
+
+ get optionalOriginsNormalized() {
+ const { permissions } = this.userPermissions;
+ const { origins } = this.optionalPermissions;
+
+ const { patterns } = new MatchPatternSet(origins, {
+ restrictSchemes: !(
+ this.isPrivileged && permissions?.includes("mozillaAddons")
+ ),
+ ignorePath: true,
+ });
+
+ // De-dup the normalized host permission patterns.
+ return patterns
+ ? [...new Set(patterns.map(matcher => matcher.pattern))]
+ : [];
+ }
+
isCompatibleWith(aAppVersion, aPlatformVersion) {
return addonFor(this).isCompatibleWith(aAppVersion, aPlatformVersion);
}
diff --git a/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs b/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs
index 4a26785da8..5bb81a5f60 100644
--- a/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs
+++ b/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs
@@ -97,7 +97,6 @@ const PREF_XPI_FILE_WHITELISTED = "xpinstall.whitelist.fileRequest";
const PREF_XPI_WHITELIST_REQUIRED = "xpinstall.whitelist.required";
const PREF_XPI_WEAK_SIGNATURES_ALLOWED =
"xpinstall.signatures.weakSignaturesTemporarilyAllowed";
-const PREF_XPI_WEAK_SIGNATURES_ALLOWED_DEFAULT = true;
const PREF_SELECTED_THEME = "extensions.activeThemeID";
@@ -543,8 +542,9 @@ async function loadManifestFromWebManifest(aPackage, aLocation) {
// WebExtensions don't use iconURLs
addon.iconURL = null;
addon.icons = manifest.icons || {};
- addon.userPermissions = extension.manifestPermissions;
+ addon.userPermissions = extension.getRequiredPermissions();
addon.optionalPermissions = extension.manifestOptionalPermissions;
+ addon.requestedPermissions = extension.getRequestedPermissions();
addon.applyBackgroundUpdates = AddonManager.AUTOUPDATE_DEFAULT;
function getLocale(aLocale) {
@@ -1664,12 +1664,13 @@ class AddonInstall {
this.addon.signedDate &&
!hasStrongSignature(this.addon)
) {
- const addonAllowedByPolicies = Services.policies.getExtensionSettings(
- this.addon.id
- )?.temporarily_allow_weak_signatures;
+ const addonAllowedByPolicies =
+ Services.policies?.getExtensionSettings(
+ this.addon.id
+ )?.temporarily_allow_weak_signatures;
const globallyAllowedByPolicies =
- Services.policies.getExtensionSettings(
+ Services.policies?.getExtensionSettings(
"*"
)?.temporarily_allow_weak_signatures;
@@ -4411,10 +4412,7 @@ export var XPIInstall = {
},
isWeakSignatureInstallAllowed() {
- return Services.prefs.getBoolPref(
- PREF_XPI_WEAK_SIGNATURES_ALLOWED,
- PREF_XPI_WEAK_SIGNATURES_ALLOWED_DEFAULT
- );
+ return Services.prefs.getBoolPref(PREF_XPI_WEAK_SIGNATURES_ALLOWED, false);
},
getWeakSignatureInstallPrefName() {