forked from mirrors/gecko-dev
161 lines
3.9 KiB
JavaScript
161 lines
3.9 KiB
JavaScript
"use strict";
|
|
|
|
const { ExtensionAPI } = ExtensionCommon;
|
|
|
|
AddonTestUtils.init(this);
|
|
AddonTestUtils.overrideCertDB();
|
|
AddonTestUtils.usePrivilegedSignatures = false;
|
|
AddonTestUtils.createAppInfo(
|
|
"xpcshell@tests.mozilla.org",
|
|
"XPCShell",
|
|
"1",
|
|
"42"
|
|
);
|
|
|
|
add_setup(async () => {
|
|
const schema = [
|
|
{
|
|
namespace: "privileged",
|
|
permissions: ["mozillaAddons"],
|
|
properties: {
|
|
test: {
|
|
type: "any",
|
|
},
|
|
},
|
|
},
|
|
];
|
|
|
|
class API extends ExtensionAPI {
|
|
getAPI() {
|
|
return {
|
|
privileged: {
|
|
test: "hello",
|
|
},
|
|
};
|
|
}
|
|
}
|
|
|
|
const modules = {
|
|
privileged: {
|
|
url: URL.createObjectURL(new Blob([API.toString()])),
|
|
schema: `data:,${JSON.stringify(schema)}`,
|
|
scopes: ["addon_parent"],
|
|
paths: [["privileged"]],
|
|
},
|
|
};
|
|
|
|
Services.catMan.addCategoryEntry(
|
|
"webextension-modules",
|
|
"test-privileged",
|
|
`data:,${JSON.stringify(modules)}`,
|
|
false,
|
|
false
|
|
);
|
|
|
|
await AddonTestUtils.promiseStartupManager();
|
|
|
|
registerCleanupFunction(async () => {
|
|
await AddonTestUtils.promiseShutdownManager();
|
|
Services.catMan.deleteCategoryEntry(
|
|
"webextension-modules",
|
|
"test-privileged",
|
|
false
|
|
);
|
|
});
|
|
});
|
|
|
|
add_task(
|
|
{
|
|
// Some builds (e.g. thunderbird) have experiments enabled by default.
|
|
pref_set: [["extensions.experiments.enabled", false]],
|
|
},
|
|
async function test_privileged_namespace_disallowed() {
|
|
// Try accessing the privileged namespace.
|
|
async function testOnce({
|
|
isPrivileged = false,
|
|
temporarilyInstalled = false,
|
|
} = {}) {
|
|
let extension = ExtensionTestUtils.loadExtension({
|
|
manifest: {
|
|
permissions: ["mozillaAddons", "tabs"],
|
|
},
|
|
background() {
|
|
browser.test.sendMessage(
|
|
"result",
|
|
browser.privileged instanceof Object
|
|
);
|
|
},
|
|
isPrivileged,
|
|
temporarilyInstalled,
|
|
});
|
|
|
|
if (temporarilyInstalled && !isPrivileged) {
|
|
ExtensionTestUtils.failOnSchemaWarnings(false);
|
|
let { messages } = await promiseConsoleOutput(async () => {
|
|
await Assert.rejects(
|
|
extension.startup(),
|
|
/Using the privileged permission/,
|
|
"Startup failed with privileged permission"
|
|
);
|
|
});
|
|
ExtensionTestUtils.failOnSchemaWarnings(true);
|
|
AddonTestUtils.checkMessages(
|
|
messages,
|
|
{
|
|
expected: [
|
|
{
|
|
message:
|
|
/Using the privileged permission 'mozillaAddons' requires a privileged add-on/,
|
|
},
|
|
],
|
|
},
|
|
true
|
|
);
|
|
return null;
|
|
}
|
|
await extension.startup();
|
|
let result = await extension.awaitMessage("result");
|
|
await extension.unload();
|
|
return result;
|
|
}
|
|
|
|
// Prevents startup
|
|
let result = await testOnce({ temporarilyInstalled: true });
|
|
equal(
|
|
result,
|
|
null,
|
|
"Privileged namespace should not be accessible to a regular webextension"
|
|
);
|
|
|
|
result = await testOnce({ isPrivileged: true });
|
|
equal(
|
|
result,
|
|
true,
|
|
"Privileged namespace should be accessible to a webextension signed with Mozilla Extensions"
|
|
);
|
|
|
|
// Allows startup, no access
|
|
result = await testOnce();
|
|
equal(
|
|
result,
|
|
false,
|
|
"Privileged namespace should not be accessible to a regular webextension"
|
|
);
|
|
}
|
|
);
|
|
|
|
// Test that Extension.sys.mjs and schema correctly match.
|
|
add_task(function test_privileged_permissions_match() {
|
|
const { PRIVILEGED_PERMS } = ChromeUtils.importESModule(
|
|
"resource://gre/modules/Extension.sys.mjs"
|
|
);
|
|
let perms = Schemas.getPermissionNames(["PermissionPrivileged"]);
|
|
if (AppConstants.platform == "android") {
|
|
perms.push("nativeMessaging");
|
|
}
|
|
Assert.deepEqual(
|
|
Array.from(PRIVILEGED_PERMS).sort(),
|
|
perms.sort(),
|
|
"List of privileged permissions is correct."
|
|
);
|
|
});
|