Skip to content

Commit

Permalink
Bug 1373386 Make xpcshell signing shims mark extensions as privileged…
Browse files Browse the repository at this point in the history 
… by default r=rhelmer

MozReview-Commit-ID: B6zFBwbjhax
  • Loading branch information
Andrew Swan committed Jun 8, 2017
1 parent 64c1073 commit fc4f083
Show file tree
Hide file tree
Showing 9 changed files with 46 additions and 27 deletions.
4 changes: 2 additions & 2 deletions toolkit/components/telemetry/tests/unit/test_TelemetryEnvironment.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1134,7 +1134,7 @@ add_task(async function test_addonsAndPlugins() {
hasBinaryComponents: false,
installDay: ADDON_INSTALL_DATE,
updateDay: ADDON_INSTALL_DATE,
signedState: mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED,
signedState: mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED,
isSystem: false,
isWebExtension: false,
multiprocessCompatible: false,
Expand Down Expand Up @@ -1174,7 +1174,7 @@ add_task(async function test_addonsAndPlugins() {
hasBinaryComponents: false,
installDay: WEBEXTENSION_ADDON_INSTALL_DATE,
updateDay: WEBEXTENSION_ADDON_INSTALL_DATE,
signedState: mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED,
signedState: mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED,
isSystem: false,
isWebExtension: true,
multiprocessCompatible: true,
Expand Down
4 changes: 4 additions & 0 deletions toolkit/mozapps/extensions/internal/AddonTestUtils.jsm
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,6 +215,7 @@ var AddonTestUtils = {
addonStartup: null,
testUnpacked: false,
useRealCertChecks: false,
usePrivilegedSignatures: true,

init(testScope) {
this.testScope = testScope;
Expand Down Expand Up @@ -499,6 +500,9 @@ var AddonTestUtils = {
let id = await this.getIDFromManifest(manifestURI);

let fakeCert = {commonName: id};
if (this.usePrivilegedSignatures) {
fakeCert.organizationalUnit = "Mozilla Extensions";
}

return [callback, Cr.NS_OK, fakeCert];
} catch (e) {
Expand Down
2 changes: 1 addition & 1 deletion toolkit/mozapps/extensions/test/xpcshell/test_blocklistchange.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ Cu.import("resource://gre/modules/NetUtil.jsm");
Cu.import("resource://testing-common/MockRegistrar.jsm");

// Allow insecure updates
Services.prefs.setBoolPref("extensions.checkUpdateSecurity", false)
Services.prefs.setBoolPref("extensions.checkUpdateSecurity", false);

var testserver = createHttpServer();
gPort = testserver.identity.primaryPort;
Expand Down
2 changes: 1 addition & 1 deletion toolkit/mozapps/extensions/test/xpcshell/test_install_from_sources.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -64,7 +64,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

await promiseRestartManager();

Expand Down
2 changes: 1 addition & 1 deletion toolkit/mozapps/extensions/test/xpcshell/test_proxy.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

do_check_true(proxyFile.exists());

Expand Down
6 changes: 6 additions & 0 deletions toolkit/mozapps/extensions/test/xpcshell/test_reload.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -187,6 +187,9 @@ add_task(async function test_reload_to_invalid_version_fails() {
});

add_task(async function test_manifest_changes_are_refreshed() {
if (!AppConstants.MOZ_ALLOW_LEGACY_EXTENSIONS) {
return;
}
await promiseRestartManager();
let tempdir = gTmpD.clone();

Expand Down Expand Up @@ -215,6 +218,9 @@ add_task(async function test_manifest_changes_are_refreshed() {
});

add_task(async function test_reload_fails_on_installation_errors() {
if (!AppConstants.MOZ_ALLOW_LEGACY_EXTENSIONS) {
return;
}
await promiseRestartManager();
let tempdir = gTmpD.clone();

Expand Down
15 changes: 12 additions & 3 deletions toolkit/mozapps/extensions/test/xpcshell/test_signed_verify.js
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,22 @@

Components.utils.import("resource://gre/modules/AppConstants.jsm");

// Enable signature checks for these tests
gUseRealCertChecks = true;
// Disable update security
Services.prefs.setBoolPref(PREF_EM_CHECK_UPDATE_SECURITY, false);

const DATA = "data/signing_checks/";
const GOOD = [
["signed_bootstrap_2.xpi", AddonManager.SIGNEDSTATE_SIGNED],
["signed_nonbootstrap_2.xpi", AddonManager.SIGNEDSTATE_SIGNED]
let GOOD = [
["privileged_bootstrap_2.xpi", AddonManager.SIGNEDSTATE_PRIVILEGED],
];
if (AppConstants.MOZ_ALLOW_LEGACY_EXTENSIONS) {
GOOD.push(
["signed_bootstrap_2.xpi", AddonManager.SIGNEDSTATE_SIGNED],
["signed_nonbootstrap_2.xpi", AddonManager.SIGNEDSTATE_SIGNED],
);
}

const BAD = [
["unsigned_bootstrap_2.xpi", AddonManager.SIGNEDSTATE_MISSING],
["signed_bootstrap_badid_2.xpi", AddonManager.SIGNEDSTATE_BROKEN],
Expand Down
30 changes: 15 additions & 15 deletions toolkit/mozapps/extensions/test/xpcshell/test_temporary.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -111,7 +111,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

await promiseRestartManager();

Expand Down Expand Up @@ -141,7 +141,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

let tempdir = gTmpD.clone();

Expand Down Expand Up @@ -178,7 +178,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

restartManager();

Expand All @@ -195,7 +195,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

unpacked_addon.remove(true);

Expand Down Expand Up @@ -229,7 +229,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

restartManager();

Expand All @@ -246,7 +246,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

packed_addon.remove(false);

Expand Down Expand Up @@ -277,7 +277,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

// test that re-loading a webextension works, using the same filename
webext.remove(false);
Expand Down Expand Up @@ -308,7 +308,7 @@ add_task(async function() {
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_true(addon.isWebExtension);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

// test reloading a webextension with the same name, but a different type.
webext.remove(false);
Expand Down Expand Up @@ -356,7 +356,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
}

// remove original add-on
Expand Down Expand Up @@ -441,7 +441,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

addon.uninstall();

Expand All @@ -458,7 +458,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

unpacked_addon.remove(true);
addon.uninstall();
Expand Down Expand Up @@ -689,7 +689,7 @@ add_task(async function() {
do_check_false(tempAddon.appDisabled);
do_check_true(tempAddon.isActive);
do_check_eq(tempAddon.type, "extension");
do_check_eq(tempAddon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(tempAddon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

tempAddon.uninstall();
unpacked_addon.remove(true);
Expand All @@ -708,7 +708,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

addon.uninstall();

Expand Down Expand Up @@ -743,7 +743,7 @@ add_task(async function() {
do_check_false(addon.appDisabled);
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

let tempdir = gTmpD.clone();
writeInstallRDFToDir({
Expand Down Expand Up @@ -799,7 +799,7 @@ add_task(async function() {
do_check_true(addon.isActive);
do_check_eq(addon.type, "extension");
do_check_false(addon.isWebExtension);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

await AddonManager.installTemporaryAddon(do_get_addon("test_bootstrap1_1"));

Expand Down
8 changes: 4 additions & 4 deletions toolkit/mozapps/extensions/test/xpcshell/test_webextension.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ add_task(async function() {
do_check_false(addon.isSystem);
do_check_eq(addon.type, "extension");
do_check_true(addon.isWebExtension);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

let uri = do_get_addon_root_uri(profileDir, ID);

Expand All @@ -73,7 +73,7 @@ add_task(async function() {
do_check_true(addon.isActive);
do_check_false(addon.isSystem);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

let file = getFileForAddon(profileDir, ID);
do_check_true(file.exists());
Expand Down Expand Up @@ -126,7 +126,7 @@ add_task(async function() {
do_check_true(addon.isActive);
do_check_false(addon.isSystem);
do_check_eq(addon.type, "extension");
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

let file = getFileForAddon(profileDir, ID);
do_check_true(file.exists());
Expand Down Expand Up @@ -414,7 +414,7 @@ add_task(async function testThemeExtension() {
do_check_false(addon.isSystem);
do_check_eq(addon.type, "theme");
do_check_true(addon.isWebExtension);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_SIGNED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);
do_check_eq(addon.signedState, mozinfo.addon_signing ? AddonManager.SIGNEDSTATE_PRIVILEGED : AddonManager.SIGNEDSTATE_NOT_REQUIRED);

addon.uninstall();

Expand Down

0 comments on commit fc4f083

Please sign in to comment.