New issue
Advanced search Search tips

Issue 808209 link

Starred by 1 user
Status: Fixed
Owner:
karandeepb@chromium.org
Closed: Feb 2018
Cc:
rdevlin....@chromium.org
Components:
EstimatedDays: 2
NextAction: ----
OS: ----
Pri: 2
Type: Bug



Sign in to add a comment

Permissions API: Optional host permissions are not removed correctly.

Project Member Reported by karandeepb@chromium.org, Feb 1 2018 
Steps:
1) Install an unpacked extension with the following manifest:
{
  "name" : "Extension",
  "version" : "1",
  "manifest_version": 2,
  "optional_permissions" : ["*://*/*", "bookmarks"],
  "background": {
    "scripts": ["background.js"]
  }
}

2) Go to the extension's background page console and request for the optional permissions as follows:

perm = {
  "permissions" : ["bookmarks"],
  "origins" : ["http://*.example.com/*"]
};

chrome.permissions.request(perm , function(granted) {
  console.log("granted " + granted);
});

3) Ensure using chrome.permissions.contains that the permissions were granted.

4) Remove the granted permissions

chrome.permissions.remove(perm , function(remove) {
  console.log("remove " + remove);
});

5) Ensure using chrome.permissions.contains that the permissions were removed.

6) Restart the browser.

7) See the Details for the extension. The extension still has permission to example.com.

8) Go to the background page console.

9) Using chrome.permissions.contains verify that the extension does not have the bookmarks permissions (correct) but still has host access to example.com (incorrect).

Comment 1 by karandeepb@chromium.org, Feb 1 2018 

The extension prefs code is buggy, will issue a fix.

Comment 2 by karandeepb@chromium.org, Feb 1 2018

Components: Platform>Extensions
Project Member

Comment 3 by bugdroid1@chromium.org, Feb 3 2018 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/599a50b51650d838e3c8c07badf9ec7504b2e1b4

commit 599a50b51650d838e3c8c07badf9ec7504b2e1b4
Author: Karan Bhatia <karandeepb@chromium.org>
Date: Sat Feb 03 04:56:30 2018

Extension Prefs: Fix bug with persisting extension permission sets.

ExtensionPrefs::SetExtensionPrefPermissionSet does not persists URLPatternSets
if the passed host and scriptable hosts URLPatternSets are empty. This is
incorrect, as for example, this can lead to an extension retaining permission
for hosts in its preferences even after these permissions have been removed.
This also has consequences for the permissions API.

This CL fixes the bug and adds unit tests to verify the same.

BUG= 808209 

Change-Id: Ie0466061d157a8ea9784b3eee0abeaaf2be6d333
Reviewed-on: https://chromium-review.googlesource.com/898407
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Commit-Queue: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#534261}
[modify] https://crrev.com/599a50b51650d838e3c8c07badf9ec7504b2e1b4/chrome/browser/extensions/extension_prefs_unittest.cc
[modify] https://crrev.com/599a50b51650d838e3c8c07badf9ec7504b2e1b4/chrome/browser/extensions/permissions_updater_unittest.cc
[modify] https://crrev.com/599a50b51650d838e3c8c07badf9ec7504b2e1b4/extensions/browser/extension_prefs.cc
[modify] https://crrev.com/599a50b51650d838e3c8c07badf9ec7504b2e1b4/extensions/browser/extension_prefs.h

Comment 4 by karandeepb@chromium.org, Feb 6 2018

Status: Fixed (was: Assigned)

Sign in to add a comment