Bug 1243602 - don't expose browser.* properties that lack required permissions. r=kmag

toolkit/components/extensions/Extension.jsm

@@ -384,9 +384,17 @@ GlobalManager = {
         injectAPI(api, browserObj);
 
         let schemaApi = Management.generateAPIs(extension, context, Management.schemaApis);
+
+        // Add in any extra API namespaces which do not have implementations
+        // outside of their schema file.
+        schemaApi.extensionTypes = {};
+
         function findPath(path) {
           let obj = schemaApi;
           for (let elt of path) {
+            if (!(elt in obj)) {
+              return null;
+            }
             obj = obj[elt];
           }
           return obj;
@@ -423,6 +431,10 @@ GlobalManager = {
             return context.wrapPromise(promise || Promise.resolve(), callback);
           },
 
+          shouldInject(path, name) {
+            return findPath(path) != null;
+          },
+
           getProperty(path, name) {
             return findPath(path)[name];
           },

toolkit/components/extensions/Schemas.jsm

@@ -1319,7 +1319,9 @@ this.Schemas = {
     for (let [namespace, ns] of this.namespaces) {
       let obj = Cu.createObjectIn(dest, {defineAs: namespace});
       for (let [name, entry] of ns) {
-        entry.inject([namespace], name, obj, new Context(wrapperFuncs));
+        if (wrapperFuncs.shouldInject([namespace], name)) {
+          entry.inject([namespace], name, obj, new Context(wrapperFuncs));
+        }
       }
 
       if (!Object.keys(obj).length) {

toolkit/components/extensions/test/mochitest/test_ext_schema.html

@@ -16,18 +16,20 @@
 add_task(function* testEmptySchema() {
   function background() {
     browser.test.assertTrue(!("manifest" in browser), "browser.manifest is not defined");
+    browser.test.assertTrue("storage" in browser, "browser.storage should be defined");
+    browser.test.assertTrue(!("contextMenus" in browser), "browser.contextMenus should not be defined");
     browser.test.notifyPass("schema");
   }
 
   let extension = ExtensionTestUtils.loadExtension({
     background: `(${background})()`,
+    manifest: {
+      permissions: ["storage"],
+    },
   });
 
-
   yield extension.startup();
-
   yield extension.awaitFinish("schema");
-
   yield extension.unload();
 });
 

toolkit/components/extensions/test/mochitest/test_ext_webnavigation.html

@@ -62,7 +62,7 @@ function backgroundScript() {
     browser.webNavigation[event].addListener(listeners[event]);
   }
 
-  browser.test.sendMessage("ready", browser.webRequest.ResourceType);
+  browser.test.sendMessage("ready");
 }
 
 const BASE = "http://mochi.test:8888/tests/toolkit/components/extensions/test/mochitest";

toolkit/components/extensions/test/xpcshell/test_ext_schemas.js

@@ -281,6 +281,18 @@ let json = [
      },
    ],
   },
+  {
+    namespace: "inject",
+    properties: {
+      PROP1: {value: "should inject"},
+    },
+  },
+  {
+    namespace: "do-not-inject",
+    properties: {
+      PROP1: {value: "should not inject"},
+    },
+  },
 ];
 
 let tallied = null;
@@ -322,6 +334,11 @@ let wrapper = {
     tally("call", ns, name, args);
   },
 
+  shouldInject(path) {
+    let ns = path.join(".");
+    return ns != "do-not-inject";
+  },
+
   getProperty(path, name) {
     let ns = path.join(".");
     tally("get", ns, name);
@@ -358,6 +375,9 @@ add_task(function* () {
   do_check_eq(root.testing.type1.VALUE1, "value1", "enum type");
   do_check_eq(root.testing.type1.VALUE2, "value2", "enum type");
 
+  do_check_eq("inject" in root, true, "namespace 'inject' should be injected");
+  do_check_eq("do-not-inject" in root, false, "namespace 'do-not-inject' should not be injected");
+
   root.testing.foo(11, true);
   verify("call", "testing", "foo", [11, true]);