Bug 1847266 - Add new disabled flag for extensions not correctly signed. r=geckoview-reviewers,amejiamarmol,rpl,owlish

Differential Revision: https://phabricator.services.mozilla.com/D189423
2024-11-24 13:21:05 +00:00 · 2023-09-28 10:33:25 +00:00 · 2023-09-28 10:33:25 +00:00 · 7c296ccd35
commit 7c296ccd35
parent dc5e7702bf
5 changed files with 30 additions and 4 deletions
--- a/mobile/android/geckoview/api.txt
+++ b/mobile/android/geckoview/api.txt
@ -2270,6 +2270,7 @@ package org.mozilla.geckoview {
    ctor public DisabledFlags();
    field public static final int APP = 8;
    field public static final int BLOCKLIST = 4;
+    field public static final int SIGNATURE = 16;
    field public static final int USER = 2;
  }

--- a/mobile/android/geckoview/src/androidTest/java/org/mozilla/geckoview/test/WebExtensionTest.kt
+++ b/mobile/android/geckoview/src/androidTest/java/org/mozilla/geckoview/test/WebExtensionTest.kt
@ -119,8 +119,9 @@ class WebExtensionTest : BaseSessionTest() {
        userDisabled: Boolean = false,
        appDisabled: Boolean = false,
        blocklistDisabled: Boolean = false,
+        signatureDisabled: Boolean = false,
    ) {
-        val enabled = !userDisabled && !appDisabled && !blocklistDisabled
+        val enabled = !userDisabled && !appDisabled && !blocklistDisabled && !signatureDisabled

        mainSession.reload()
        sessionRule.waitForPageStop()
@ -152,6 +153,11 @@ class WebExtensionTest : BaseSessionTest() {
            extension.metaData.disabledFlags and DisabledFlags.BLOCKLIST > 0,
            equalTo(blocklistDisabled),
        )
+        assertThat(
+            "signatureDisabled should match",
+            extension.metaData.disabledFlags and DisabledFlags.SIGNATURE > 0,
+            equalTo(signatureDisabled),
+        )
    }

    @Test
@ -3188,7 +3194,8 @@ class WebExtensionTest : BaseSessionTest() {
        )
    }

-    fun extensionProcessCrash() {
+    @Test
+    fun testExtensionProcessCrash() {
        sessionRule.setPrefsUntilTestEnd(
            mapOf(
                "extensions.webextensions.remote" to true,
--- a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebExtension.java
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/WebExtension.java
@ -1776,12 +1776,20 @@ public class WebExtension {
     * WebExtensionController.EnableSource#APP} as <code>source</code>.
     */
    public static final int APP = 1 << 3;
+
+    /** The extension has been disabled because it is not correctly signed. */
+    public static final int SIGNATURE = 1 << 4;
  }

  @Retention(RetentionPolicy.SOURCE)
  @IntDef(
      flag = true,
-      value = {DisabledFlags.USER, DisabledFlags.BLOCKLIST, DisabledFlags.APP})
+      value = {
+        DisabledFlags.USER,
+        DisabledFlags.BLOCKLIST,
+        DisabledFlags.APP,
+        DisabledFlags.SIGNATURE,
+      })
  public @interface EnabledFlags {}

  /** Provides information about a {@link WebExtension}. */
@ -2004,6 +2012,8 @@ public class WebExtension {
          disabledFlags |= DisabledFlags.BLOCKLIST;
        } else if (flag.equals("appDisabled")) {
          disabledFlags |= DisabledFlags.APP;
+        } else if (flag.equals("signatureDisabled")) {
+          disabledFlags |= DisabledFlags.SIGNATURE;
        } else {
          Log.e(LOGTAG, "Unrecognized disabledFlag state: " + flag);
        }
--- a/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/doc-files/CHANGELOG.md
+++ b/mobile/android/geckoview/src/main/java/org/mozilla/geckoview/doc-files/CHANGELOG.md
@ -15,6 +15,7 @@ exclude: true

 ## v120
 - Added [`disableExtensionProcessSpawning`][120.1] for disabling the extension process spawning. ([bug 1855405]({{bugzilla}}1855405))
+- Added `DisabledFlags.SIGNATURE` for extensions disabled because they aren't correctly signed. ([bug 1847266]({{bugzilla}}1847266))

 [120.1]: {{javadoc_uri}}/WebExtensionController.html#disableExtensionProcessSpawning

@ -1436,4 +1437,4 @@ to allow adding gecko profiler markers.
 [65.24]: {{javadoc_uri}}/CrashReporter.html#sendCrashReport(android.content.Context,android.os.Bundle,java.lang.String)
 [65.25]: {{javadoc_uri}}/GeckoResult.html

-[api-version]: afb898d7ececc5cf154df9530c5fc6cf7125fe9e
+[api-version]: 150fd70ec1d59eba6d5354bdbb8f7c54ec7b0dba
--- a/mobile/android/modules/geckoview/GeckoViewWebExtension.sys.mjs
+++ b/mobile/android/modules/geckoview/GeckoViewWebExtension.sys.mjs
@ -15,6 +15,7 @@ const lazy = {};

 ChromeUtils.defineESModuleGetters(lazy, {
  AddonManager: "resource://gre/modules/AddonManager.sys.mjs",
+  AddonSettings: "resource://gre/modules/addons/AddonSettings.sys.mjs",
  EventDispatcher: "resource://gre/modules/Messaging.sys.mjs",
  Extension: "resource://gre/modules/Extension.sys.mjs",
  ExtensionData: "resource://gre/modules/Extension.sys.mjs",
@ -313,6 +314,7 @@ async function exportExtension(aAddon, aPermissions, aSourceURI) {
    isActive,
    isBuiltin,
    id,
+    isCorrectlySigned,
  } = aAddon;
  let creatorName = null;
  let creatorURL = null;
@ -333,6 +335,11 @@ async function exportExtension(aAddon, aPermissions, aSourceURI) {
  if (embedderDisabled) {
    disabledFlags.push("appDisabled");
  }
+  // Add-ons without an `isCorrectlySigned` property are correctly signed as
+  // they aren't the correct type for signing.
+  if (lazy.AddonSettings.REQUIRE_SIGNING && isCorrectlySigned === false) {
+    disabledFlags.push("signatureDisabled");
+  }
  const baseURL = policy ? policy.getURL() : "";
  const privateBrowsingAllowed = policy ? policy.privateBrowsingAllowed : false;
  const promptPermissions = aPermissions