Bug 1372033 - Added option to permanently disallow addon installation for a website. r=johannh,aswan

Differential Revision: https://phabricator.services.mozilla.com/D28867 --HG-- extra : moz-landing-system : lando
2019-05-16 10:20:07 +00:00 · 2019-05-16 10:20:07 +00:00 · 225d93a362
--- a/browser/base/content/browser-addons.js
+++ b/browser/base/content/browser-addons.js
@ -480,7 +480,7 @@ var gXPInstallObserver = {
          installInfo.install();
        },
      };
-      let secondaryAction = {
+      let dontAllowAction = {
        label: gNavigatorBundle.getString("xpinstallPromptMessage.dontAllow"),
        accessKey: gNavigatorBundle.getString("xpinstallPromptMessage.dontAllow.accesskey"),
        callback: () => {
@ -491,11 +491,23 @@ var gXPInstallObserver = {
          }
        },
      };
+      let neverAllowAction = {
+        label: gNavigatorBundle.getString("xpinstallPromptMessage.neverAllow"),
+        accessKey: gNavigatorBundle.getString("xpinstallPromptMessage.neverAllow.accesskey"),
+        callback: () => {
+          SitePermissions.set(browser.currentURI, "install", SitePermissions.BLOCK);
+          for (let install of installInfo.installs) {
+            if (install.state != AddonManager.STATE_CANCELLED) {
+              install.cancel();
+            }
+          }
+        },
+      };

      secHistogram.add(Ci.nsISecurityUITelemetry.WARNING_ADDON_ASKING_PREVENTED);
      let popup = PopupNotifications.show(browser, notificationID,
                                          messageString, anchorID,
-                                          action, [secondaryAction], options);
+                                          action, [dontAllowAction, neverAllowAction], options);
      removeNotificationOnEnd(popup, installInfo.installs);
      break; }
    case "addon-install-started": {
--- a/browser/base/content/browser.xul
+++ b/browser/base/content/browser.xul
@ -888,6 +888,8 @@
                         tooltiptext="&urlbar.flashPluginBlocked.tooltip;"/>
                  <image data-permission-id="midi" class="blocked-permission-icon midi-icon" role="button"
                         tooltiptext="&urlbar.midiBlocked.tooltip;"/>
+                  <image data-permission-id="install" class="blocked-permission-icon install-icon" role="button"
+                         tooltiptext="&urlbar.installBlocked.tooltip;"/>
                </box>
                <box id="notification-popup-box"
                     hidden="true"
--- a/browser/locales/en-US/chrome/browser/browser.dtd
+++ b/browser/locales/en-US/chrome/browser/browser.dtd
@ -248,6 +248,7 @@ These should match what Safari and other Apple applications use on OS X Lion. --
 <!ENTITY urlbar.canvasBlocked.tooltip            "You have blocked canvas data extraction for this website.">
 <!ENTITY urlbar.flashPluginBlocked.tooltip       "You have blocked this website from using the Adobe Flash plugin.">
 <!ENTITY urlbar.midiBlocked.tooltip              "You have blocked MIDI access for this website.">
+<!ENTITY urlbar.installBlocked.tooltip           "You have blocked add-on installation for this website.">

 <!ENTITY urlbar.openHistoryPopup.tooltip                "Show history">

--- a/browser/locales/en-US/chrome/browser/browser.properties
+++ b/browser/locales/en-US/chrome/browser/browser.properties
@ -30,6 +30,8 @@ xpinstallPromptMessage.message.unknown=You are attempting to install an add-on f
 xpinstallPromptMessage.learnMore=Learn more about installing add-ons safely
 xpinstallPromptMessage.dontAllow=Don’t Allow
 xpinstallPromptMessage.dontAllow.accesskey=D
+xpinstallPromptMessage.neverAllow=Never Allow
+xpinstallPromptMessage.neverAllow.accesskey=N
 # Accessibility Note:
 # Be sure you do not choose an accesskey that is used elsewhere in the active context (e.g. main menu bar, submenu of the warning popup button)
 # See https://website-archive.mozilla.org/www.mozilla.org/access/access/keyboard/ for details
--- a/browser/modules/SitePermissions.jsm
+++ b/browser/modules/SitePermissions.jsm
@ -299,11 +299,6 @@ var SitePermissions = {

      // filter out unknown permissions
      if (gPermissionObject[permission.type]) {
-        // XXX Bug 1303108 - Control Center should only show non-default permissions
-        if (permission.type == "install") {
-          continue;
-        }
-
        // Hide canvas permission when privacy.resistFingerprinting is false.
        if ((permission.type == "canvas") && !this.resistFingerprinting) {
          continue;
@ -919,9 +914,8 @@ var gPermissionObject = {
  "install": {
    getDefault() {
      return Services.prefs.getBoolPref("xpinstall.whitelist.required") ?
-               SitePermissions.BLOCK : SitePermissions.ALLOW;
+               SitePermissions.UNKNOWN : SitePermissions.ALLOW;
    },
-    states: [ SitePermissions.ALLOW, SitePermissions.BLOCK ],
  },

  "geo": {
--- a/browser/modules/test/unit/test_SitePermissions.js
+++ b/browser/modules/test/unit/test_SitePermissions.js
@ -79,11 +79,6 @@ add_task(async function testGetAllByURI() {
  SitePermissions.remove(uri, "desktop-notification");
  Assert.deepEqual(SitePermissions.getAllByURI(uri), []);

-  // XXX Bug 1303108 - Control Center should only show non-default permissions
-  SitePermissions.set(uri, "addon", SitePermissions.BLOCK);
-  Assert.deepEqual(SitePermissions.getAllByURI(uri), []);
-  SitePermissions.remove(uri, "addon");
-
  Assert.equal(Services.prefs.getIntPref("permissions.default.shortcuts"), 0);
  SitePermissions.set(uri, "shortcuts", SitePermissions.BLOCK);

--- a/browser/themes/shared/notification-icons.inc.css
+++ b/browser/themes/shared/notification-icons.inc.css
@ -250,6 +250,7 @@ html|*#webRTC-previewVideo {
  list-style-image: url(chrome://mozapps/skin/extensions/extensionGeneric-16.svg);
 }

+.install-icon.blocked-permission-icon,
 .popup-notification-icon[popupid="xpinstall-disabled"],
 .popup-notification-icon[popupid="addon-install-blocked"],
 .popup-notification-icon[popupid="addon-install-origin-blocked"] {
--- a/toolkit/mozapps/extensions/AddonManager.jsm
+++ b/toolkit/mozapps/extensions/AddonManager.jsm
@ -1867,12 +1867,21 @@ var AddonManagerInternal = {

        AddonManagerInternal.startInstall(aBrowser, aInstallingPrincipal.URI, aInstall);
      };
-      if (!this.isInstallAllowed(aMimetype, aInstallingPrincipal)) {
-        this.installNotifyObservers("addon-install-blocked", topBrowser,
-                                    aInstallingPrincipal.URI, aInstall,
-                                    () => startInstall("other"));
-      } else {
+
+      let installAllowed = this.isInstallAllowed(aMimetype, aInstallingPrincipal);
+      let installPerm = Services.perms.testPermissionFromPrincipal(aInstallingPrincipal, "install");
+
+      if (installAllowed) {
        startInstall("AMO");
+      } else if (installPerm === Ci.nsIPermissionManager.DENY_ACTION) {
+        // Block without prompt
+        aInstall.cancel();
+        this.installNotifyObservers("addon-install-blocked-silent", topBrowser, aInstallingPrincipal.URI, aInstall);
+      } else {
+        // Block with prompt
+        this.installNotifyObservers("addon-install-blocked", topBrowser,
+          aInstallingPrincipal.URI, aInstall,
+          () => startInstall("other"));
      }
    } catch (e) {
      // In the event that the weblistener throws during instantiation or when
--- a/toolkit/mozapps/extensions/test/xpinstall/browser_doorhanger_installs.js
+++ b/toolkit/mozapps/extensions/test/xpinstall/browser_doorhanger_installs.js
@ -301,6 +301,57 @@ async function test_blockedInstall() {
  await BrowserTestUtils.removeTab(gBrowser.selectedTab);
 },

+async function test_permaBlockInstall() {
+  let notificationPromise = waitForNotification("addon-install-blocked");
+  let triggers = encodeURIComponent(JSON.stringify({
+    "XPI": "amosigned.xpi",
+  }));
+  let target = TESTROOT + "installtrigger.html?" + triggers;
+
+  BrowserTestUtils.openNewForegroundTab(gBrowser, target);
+  let notification = (await notificationPromise).firstElementChild;
+  let neverAllowBtn = notification.menupopup.firstElementChild;
+
+  neverAllowBtn.click();
+
+  await TestUtils.waitForCondition(() => !PopupNotifications.isPanelOpen, "Waiting for notification to close");
+
+  let installs = await AddonManager.getAllInstalls();
+  is(installs.length, 0, "Should be no pending installs");
+
+  let installPerm = Services.perms.testPermission(gBrowser.currentURI, "install");
+  is(installPerm, Ci.nsIPermissionManager.DENY_ACTION, "Addon installation should be blocked for site");
+
+  await BrowserTestUtils.removeTab(gBrowser.selectedTab);
+
+  SitePermissions.remove(NetUtil.newURI(target), "install");
+},
+
+async function test_permaBlockedInstallNoPrompt() {
+  let triggers = encodeURIComponent(JSON.stringify({
+    "XPI": "amosigned.xpi",
+  }));
+  let target = TESTROOT + "installtrigger.html?" + triggers;
+
+  SitePermissions.set(NetUtil.newURI(target), "install", SitePermissions.BLOCK);
+  await BrowserTestUtils.openNewForegroundTab(gBrowser, target);
+
+  let panelOpened;
+  try {
+    panelOpened = await TestUtils.waitForCondition(() => PopupNotifications.isPanelOpen, 100, 10);
+  } catch (ex) {
+    panelOpened = false;
+  }
+  is(panelOpened, false, "Addon prompt should not open");
+
+  let installs = await AddonManager.getAllInstalls();
+  is(installs.length, 0, "Should be no pending installs");
+
+  await BrowserTestUtils.removeTab(gBrowser.selectedTab);
+
+  SitePermissions.remove(NetUtil.newURI(target), "install");
+},
+
 async function test_whitelistedInstall() {
  Services.prefs.setBoolPref("extensions.allowPrivateBrowsingByDefault", false);
  let originalTab = gBrowser.selectedTab;