Bug 1974419 - Avoid writing to ExtensionPermissions from install prompt on desktop r=willdurand

Differential Revision: https://phabricator.services.mozilla.com/D255531

Author: Rob--W

browser/base/content/test/webextensions/browser_permissions_dismiss.js

@@ -2,6 +2,7 @@
 
 const INSTALL_PAGE = `${BASE}/file_install_extensions.html`;
 const INSTALL_XPI = `${BASE}/browser_webext_permissions.xpi`;
+const ID = "permissions@test.mozilla.org"; // Add-on ID of INSTALL_XPI.
 
 // With the new dialog design both wildcards and non-wildcards host
 // permissions are expected to be shown as a single permission entry
@@ -68,7 +69,7 @@ add_task(async function test_tab_switch_dismiss() {
   BrowserTestUtils.removeTab(switchTo);
   await installCanceled;
 
-  let addon = await AddonManager.getAddonByID("permissions@test.mozilla.org");
+  let addon = await AddonManager.getAddonByID(ID);
   is(addon, null, "Extension is not installed");
 
   BrowserTestUtils.removeTab(tab);
@@ -114,10 +115,70 @@ add_task(async function test_add_tab_by_user_and_switch() {
   await listener.canceledPromise;
   info("Extension installation is canceled");
 
-  let addon = await AddonManager.getAddonByID("permissions@test.mozilla.org");
+  let addon = await AddonManager.getAddonByID(ID);
   is(addon, null, "Extension is not installed");
 
   AddonManager.removeInstallListener(listener);
   BrowserTestUtils.removeTab(tab);
   BrowserTestUtils.removeTab(newTab);
 });
+
+// Regression test for https://bugzilla.mozilla.org/show_bug.cgi?id=1974419
+// ExtensionPermissions.get() lazily populates the StartupCache. This method
+// should not be used when an extension is not installed, to avoid persisting
+// permission data for a non-installed extension.
+add_task(async function test_no_permissions_stored_after_dismiss() {
+  // This part could fail if any of the tests before (which also trigger
+  // installation of INSTALL_XPI) somehow populate the permissions.
+  Assert.deepEqual(
+    await getCachedPermissions(ID),
+    null,
+    "ExtensionPermissions should not contain entry before installation"
+  );
+
+  let tab = await BrowserTestUtils.openNewForegroundTab(gBrowser, INSTALL_PAGE);
+
+  let installCanceled = new Promise(resolve => {
+    let listener = {
+      onInstallCancelled() {
+        AddonManager.removeInstallListener(listener);
+        resolve();
+      },
+    };
+    AddonManager.addInstallListener(listener);
+  });
+
+  SpecialPowers.spawn(gBrowser.selectedBrowser, [INSTALL_XPI], function (url) {
+    content.wrappedJSObject.installMozAM(url);
+  });
+
+  const panel = await promisePopupNotificationShown("addon-webext-permissions");
+
+  let privateBrowsingCheckbox = panel.querySelector(
+    ".webext-perm-privatebrowsing > moz-checkbox"
+  );
+  ok(
+    BrowserTestUtils.isVisible(privateBrowsingCheckbox),
+    "Private browsing checkbox is present in install prompt"
+  );
+  Assert.deepEqual(
+    await getCachedPermissions(ID),
+    null,
+    "ExtensionPermissions should not be written to during installation"
+  );
+
+  // Cancel installation.
+  panel.secondaryButton.click();
+  await installCanceled;
+
+  let addon = await AddonManager.getAddonByID(ID);
+  is(addon, null, "Extension is not installed");
+
+  Assert.deepEqual(
+    await getCachedPermissions(ID),
+    null,
+    "ExtensionPermissions should not be written to after installation"
+  );
+
+  BrowserTestUtils.removeTab(tab);
+});

browser/base/content/test/webextensions/head.js

@@ -1,5 +1,6 @@
 ChromeUtils.defineESModuleGetters(this, {
   AddonTestUtils: "resource://testing-common/AddonTestUtils.sys.mjs",
+  ExtensionParent: "resource://gre/modules/ExtensionParent.sys.mjs",
   ExtensionsUI: "resource:///modules/ExtensionsUI.sys.mjs",
 });
 
@@ -9,11 +10,7 @@ const BASE = getRootDirectory(gTestPath).replace(
 );
 
 ChromeUtils.defineLazyGetter(this, "Management", () => {
-  // eslint-disable-next-line no-shadow
-  const { Management } = ChromeUtils.importESModule(
-    "resource://gre/modules/Extension.sys.mjs"
-  );
-  return Management;
+  return ExtensionParent.apiManager;
 });
 
 let { CustomizableUITestUtils } = ChromeUtils.importESModule(
@@ -679,6 +676,24 @@ async function interactiveUpdateTest(autoUpdate, checkFn) {
   );
 }
 
+async function getCachedPermissions(extensionId) {
+  const NotFound = Symbol("extension ID not found in permissions cache");
+  try {
+    return await ExtensionParent.StartupCache.permissions.get(
+      extensionId,
+      () => {
+        // Throw error to prevent the key from being created.
+        throw NotFound;
+      }
+    );
+  } catch (e) {
+    if (e === NotFound) {
+      return null;
+    }
+    throw e;
+  }
+}
+
 // The tests in this directory install a bunch of extensions but they
 // need to uninstall them before exiting, as a stray leftover extension
 // after one test can foul up subsequent tests.

browser/modules/ExtensionsUI.sys.mjs

@@ -414,7 +414,12 @@ export var ExtensionsUI = {
 
     const incognitoPermissionName = "internal:privateBrowsingAllowed";
     let grantPrivateBrowsingAllowed = false;
-    if (showIncognitoCheckbox) {
+    if (
+      showIncognitoCheckbox &&
+      // Usually false, unless the user tries to install a XPI file whose ID
+      // matches an already-installed add-on.
+      (await lazy.AddonManager.getAddonByID(addon.id))
+    ) {
       let { permissions } = await lazy.ExtensionPermissions.get(addon.id);
       grantPrivateBrowsingAllowed = permissions.includes(
         incognitoPermissionName