Bug 1225629: Always verify signatures for hotfixes and system add-on updates. r=rhelmer

--HG-- extra : commitid : HZM3glYLa3L extra : rebase_source : e6c2c366ba7a96f5b66ed24b00c97c3ca4333e6b extra : amend_source : e536be12a4d97d83f38b0cb8a9d931544902d75d
2015-11-17 14:05:04 -08:00 · 2015-11-17 14:05:04 -08:00 · 95d4a64276
--- a/toolkit/mozapps/extensions/internal/XPIProvider.jsm
+++ b/toolkit/mozapps/extensions/internal/XPIProvider.jsm
@ -1633,6 +1633,25 @@ function getSignedStatus(aRv, aCert, aAddonID) {
  }
 }

+function shouldVerifySignedState(aAddon) {
+  // Updated system add-ons should always have their signature checked
+  if (aAddon._installLocation.name == KEY_APP_SYSTEM_ADDONS)
+    return true;
+
+  // We don't care about signatures for default system add-ons
+  if (aAddon._installLocation.name == KEY_APP_SYSTEM_DEFAULTS)
+    return false;
+
+  // Hotfixes should always have their signature checked
+  let hotfixID = Preferences.get(PREF_EM_HOTFIX_ID, undefined);
+  if (hotfixID && aAddon.id == hotfixID)
+    return true;
+
+  // Otherwise only check signatures if signing is enabled and the add-on is one
+  // of the signed types.
+  return ADDON_SIGNING && SIGNED_TYPES.has(aAddon.type);
+}
+
 /**
 * Verifies that a zip file's contents are all correctly signed by an
 * AMO-issued certificate
@ -1644,7 +1663,7 @@ function getSignedStatus(aRv, aCert, aAddonID) {
 * @return a Promise that resolves to an AddonManager.SIGNEDSTATE_* constant.
 */
 function verifyZipSignedState(aFile, aAddon) {
-  if (!ADDON_SIGNING || !SIGNED_TYPES.has(aAddon.type))
+  if (!shouldVerifySignedState(aAddon))
    return Promise.resolve(AddonManager.SIGNEDSTATE_NOT_REQUIRED);

  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
@ -1674,7 +1693,7 @@ function verifyZipSignedState(aFile, aAddon) {
 * @return a Promise that resolves to an AddonManager.SIGNEDSTATE_* constant.
 */
 function verifyDirSignedState(aDir, aAddon) {
-  if (!ADDON_SIGNING || !SIGNED_TYPES.has(aAddon.type))
+  if (!shouldVerifySignedState(aAddon))
    return Promise.resolve(AddonManager.SIGNEDSTATE_NOT_REQUIRED);

  let certDB = Cc["@mozilla.org/security/x509certdb;1"]
--- a/toolkit/mozapps/extensions/test/xpcshell/test_system_reset.js
+++ b/toolkit/mozapps/extensions/test/xpcshell/test_system_reset.js
@ -281,7 +281,7 @@ add_task(function* test_bad_app_cert() {
  // Add-on will still be present
  let addon = yield promiseAddonByID("system1@tests.mozilla.org");
  do_check_neq(addon, null);
-  do_check_eq(addon.signedState, AddonManager.SIGNEDSTATE_BROKEN);
+  do_check_eq(addon.signedState, AddonManager.SIGNEDSTATE_NOT_REQUIRED);

  yield check_installed(false, "1.0", null, "1.0");