diff options
Diffstat (limited to 'toolkit/mozapps/extensions/internal')
-rw-r--r-- | toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs | 59 | ||||
-rw-r--r-- | toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs | 18 |
2 files changed, 67 insertions, 10 deletions
diff --git a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs index d7541167fa..e70322d3a4 100644 --- a/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs +++ b/toolkit/mozapps/extensions/internal/XPIDatabase.sys.mjs @@ -200,6 +200,7 @@ const PROP_JSON_FIELDS = [ "incognito", "userPermissions", "optionalPermissions", + "requestedPermissions", "sitePermissions", "siteOrigin", "icons", @@ -1426,6 +1427,21 @@ AddonWrapper = class { return addon.location.name == KEY_APP_PROFILE; } + /** + * Returns true if the addon is configured to be installed + * by enterprise policy. + */ + get isInstalledByEnterprisePolicy() { + const policySettings = Services.policies?.getExtensionSettings(this.id); + return ["force_installed", "normal_installed"].includes( + policySettings?.installation_mode + ); + } + + /** + * Required permissions that extension has access to based on its manifest. + * In mv3 this doesn't include host_permissions. + */ get userPermissions() { return addonFor(this).userPermissions; } @@ -1434,6 +1450,49 @@ AddonWrapper = class { return addonFor(this).optionalPermissions; } + /** + * Additional permissions that extension is requesting in its manifest. + * Currently this is host_permissions in MV3. + */ + get requestedPermissions() { + return addonFor(this).requestedPermissions; + } + + /** + * A helper that returns all permissions for the install prompt. + */ + get installPermissions() { + let required = this.userPermissions; + if (!required) { + return null; + } + let requested = this.requestedPermissions; + // Currently this can't result in duplicates, but if logic of what goes + // into these lists changes, make sure to check for dupes. + let perms = { + origins: required.origins.concat(requested?.origins ?? []), + permissions: required.permissions.concat(requested?.permissions ?? []), + }; + return perms; + } + + get optionalOriginsNormalized() { + const { permissions } = this.userPermissions; + const { origins } = this.optionalPermissions; + + const { patterns } = new MatchPatternSet(origins, { + restrictSchemes: !( + this.isPrivileged && permissions?.includes("mozillaAddons") + ), + ignorePath: true, + }); + + // De-dup the normalized host permission patterns. + return patterns + ? [...new Set(patterns.map(matcher => matcher.pattern))] + : []; + } + isCompatibleWith(aAppVersion, aPlatformVersion) { return addonFor(this).isCompatibleWith(aAppVersion, aPlatformVersion); } diff --git a/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs b/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs index 4a26785da8..5bb81a5f60 100644 --- a/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs +++ b/toolkit/mozapps/extensions/internal/XPIInstall.sys.mjs @@ -97,7 +97,6 @@ const PREF_XPI_FILE_WHITELISTED = "xpinstall.whitelist.fileRequest"; const PREF_XPI_WHITELIST_REQUIRED = "xpinstall.whitelist.required"; const PREF_XPI_WEAK_SIGNATURES_ALLOWED = "xpinstall.signatures.weakSignaturesTemporarilyAllowed"; -const PREF_XPI_WEAK_SIGNATURES_ALLOWED_DEFAULT = true; const PREF_SELECTED_THEME = "extensions.activeThemeID"; @@ -543,8 +542,9 @@ async function loadManifestFromWebManifest(aPackage, aLocation) { // WebExtensions don't use iconURLs addon.iconURL = null; addon.icons = manifest.icons || {}; - addon.userPermissions = extension.manifestPermissions; + addon.userPermissions = extension.getRequiredPermissions(); addon.optionalPermissions = extension.manifestOptionalPermissions; + addon.requestedPermissions = extension.getRequestedPermissions(); addon.applyBackgroundUpdates = AddonManager.AUTOUPDATE_DEFAULT; function getLocale(aLocale) { @@ -1664,12 +1664,13 @@ class AddonInstall { this.addon.signedDate && !hasStrongSignature(this.addon) ) { - const addonAllowedByPolicies = Services.policies.getExtensionSettings( - this.addon.id - )?.temporarily_allow_weak_signatures; + const addonAllowedByPolicies = + Services.policies?.getExtensionSettings( + this.addon.id + )?.temporarily_allow_weak_signatures; const globallyAllowedByPolicies = - Services.policies.getExtensionSettings( + Services.policies?.getExtensionSettings( "*" )?.temporarily_allow_weak_signatures; @@ -4411,10 +4412,7 @@ export var XPIInstall = { }, isWeakSignatureInstallAllowed() { - return Services.prefs.getBoolPref( - PREF_XPI_WEAK_SIGNATURES_ALLOWED, - PREF_XPI_WEAK_SIGNATURES_ALLOWED_DEFAULT - ); + return Services.prefs.getBoolPref(PREF_XPI_WEAK_SIGNATURES_ALLOWED, false); }, getWeakSignatureInstallPrefName() { |