Bug 1525718 fix setting private permission when private browsing r=rpl

Setting the permission has to happen after the call to parseManifest so
it may be set if the manifest is already cached.  Also grant permission
when installed from permanent private browsing.

Differential Revision: https://phabricator.services.mozilla.com/D18879

--HG--
extra : moz-landing-system : lando

toolkit/components/extensions/Extension.jsm

@@ -53,6 +53,7 @@ XPCOMUtils.defineLazyModuleGetters(this, {
   NetUtil: "resource://gre/modules/NetUtil.jsm",
   OS: "resource://gre/modules/osfile.jsm",
   PluralForm: "resource://gre/modules/PluralForm.jsm",
+  PrivateBrowsingUtils: "resource://gre/modules/PrivateBrowsingUtils.jsm",
   Schemas: "resource://gre/modules/Schemas.jsm",
   XPIProvider: "resource://gre/modules/addons/XPIProvider.jsm",
 });
@@ -711,13 +712,6 @@ class ExtensionData {
         permissions.add(perm);
       }
 
-      // We only want to set permissions if the feature is preffed on
-      // (allowPrivateBrowsingByDefault is false)
-      if (!allowPrivateBrowsingByDefault &&
-          manifest.incognito !== "not_allowed" &&
-          this.isPrivileged && !this.addonData.temporarilyInstalled) {
-        permissions.add("internal:privateBrowsingAllowed");
-      }
 
       if (this.id) {
         // An extension always gets permission to its own url.
@@ -1890,6 +1884,22 @@ class Extension extends ExtensionData {
         return;
       }
 
+      // If we're in permanent private browsing and an extension is installed, we
+      // add the permission. Any other situation requires the user to explicitly
+      // enable the permission in about:addons.
+      // Privileged/system extensions get private browsing access automatically,
+      // unless they opt-out by setting "not_allowed".
+      if (!allowPrivateBrowsingByDefault && this.manifest.incognito !== "not_allowed" &&
+          !this.permissions.has("internal:privateBrowsingAllowed")) {
+        if ((PrivateBrowsingUtils.permanentPrivateBrowsing && this.startupReason == "ADDON_INSTALL") ||
+            (this.isPrivileged && !this.addonData.temporarilyInstalled)) {
+          // Add to EP so it is preserved after ADDON_INSTALL.  We don't wait on the add here
+          // since we are pushing the value into this.permissions.  EP will eventually save.
+          ExtensionPermissions.add(this.id, {permissions: ["internal:privateBrowsingAllowed"], origins: []});
+          this.permissions.add("internal:privateBrowsingAllowed");
+        }
+      }
+
       GlobalManager.init(this);
 
       this.initSharedData();

toolkit/components/extensions/test/xpcshell/test_ext_background_private_browsing.js

@@ -2,8 +2,17 @@
 /* vim: set sts=2 sw=2 et tw=80: */
 "use strict";
 
+const {AddonManager} = ChromeUtils.import("resource://gre/modules/AddonManager.jsm");
+const {ExtensionPermissions} = ChromeUtils.import("resource://gre/modules/ExtensionPermissions.jsm");
+
+AddonTestUtils.init(this);
+AddonTestUtils.overrideCertDB();
+AddonTestUtils.createAppInfo("[email protected]", "XPCShell", "1", "1");
+AddonTestUtils.usePrivilegedSignatures = false;
+
 add_task(async function test_background_incognito() {
   info("Test background page incognito value with permanent private browsing enabled");
+  await AddonTestUtils.promiseStartupManager();
 
   Services.prefs.setBoolPref("extensions.allowPrivateBrowsingByDefault", false);
   Services.prefs.setBoolPref("browser.privatebrowsing.autostart", true);
@@ -12,8 +21,16 @@ add_task(async function test_background_incognito() {
     Services.prefs.clearUserPref("extensions.allowPrivateBrowsingByDefault");
   });
 
+  let extensionId = "@permTest";
+  // We do not need to override incognito here, an extension installed during
+  // permanent private browsing gets the permission during install.
   let extension = ExtensionTestUtils.loadExtension({
-    incognitoOverride: "spanning",
+    useAddonManager: "permanent",
+    manifest: {
+      applications: {
+        gecko: {id: extensionId},
+      },
+    },
     async background() {
       browser.test.assertEq(window, browser.extension.getBackgroundPage(),
                             "Caller should be able to access itself as a background page");
@@ -23,12 +40,42 @@ add_task(async function test_background_incognito() {
       browser.test.assertEq(browser.extension.inIncognitoContext, true,
                             "inIncognitoContext is true for permanent private browsing");
 
-      browser.test.notifyPass("incognito");
+      browser.test.sendMessage("incognito");
     },
   });
 
+  // Startup reason is ADDON_INSTALL
   await extension.startup();
 
-  await extension.awaitFinish("incognito");
+  await extension.awaitMessage("incognito");
+
+  let addon = await AddonManager.getAddonByID(extensionId);
+  await addon.disable();
+
+  // Permission remains when an extension is disabled.
+  let perms = await ExtensionPermissions.get(extensionId);
+  equal(perms.permissions.length, 1, "one permission");
+  equal(perms.permissions[0], "internal:privateBrowsingAllowed", "internal permission present");
+
+  // Startup reason is ADDON_ENABLE, the permission is
+  // not granted in this case, but the extension should
+  // still have permission.
+  await addon.enable();
+  await Promise.all([
+    extension.awaitStartup(),
+    extension.awaitMessage("incognito"),
+  ]);
+
+  // ExtensionPermissions should still have it.
+  perms = await ExtensionPermissions.get(extensionId);
+  equal(perms.permissions.length, 1, "one permission");
+  equal(perms.permissions[0], "internal:privateBrowsingAllowed", "internal permission present");
+
+  // This is the same as uninstall, no permissions after.
   await extension.unload();
+
+  perms = await ExtensionPermissions.get(extensionId);
+  equal(perms.permissions.length, 0, "no permission");
+
+  await AddonTestUtils.promiseShutdownManager();
 });