feat(snaps): Add support for custom network per Snap (#26389)

Like with websites, we want to support a custom network per Snap rather
than relying on the globally selected network. For Snaps, the permission
for the network to switch to is automatically granted.

[![Open in GitHub
Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/MetaMask/metamask-extension/pull/26389?quickstart=1)

1. Copy the build files for `@metamask/selected-network-controller` from
[this PR](MetaMask/core#4602).
2. Copy the build files for `@metamask/snaps-controllers` and
`@metamask/snaps-execution-environments` from [this
PR](MetaMask/snaps#2634).
3. Run `test-snaps` for the PR above (`yarn start` in
`packages/test-snaps`).
4. Install the Ethereum Provider Example Snap.
5. Switch the chain ID using the `test-snaps` button for the Ethereum
Provider example.
6. The Snap should now use the new network, without any permission
requests.

Step 1 and 2 are no longer necessary once these PRs are merged and
released.

<!-- If applicable, add screenshots and/or recordings to visualize the
before and after of your change. -->

<!-- [screenshots/recordings] -->

<!-- [screenshots/recordings] -->

- [ ] I've followed [MetaMask Contributor
Docs](https://github.com/MetaMask/contributor-docs) and [MetaMask
Extension Coding
Standards](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/CODING_GUIDELINES.md).
- [ ] I've completed the PR template to the best of my ability
- [ ] I’ve included tests if applicable
- [ ] I’ve documented my code using [JSDoc](https://jsdoc.app/) format
if applicable
- [ ] I’ve applied the right labels on the PR (see [labeling
guidelines](https://github.com/MetaMask/metamask-extension/blob/develop/.github/guidelines/LABELING_GUIDELINES.md)).
Not required for external contributors.

- [ ] I've manually tested the PR (e.g. pull and build branch, run the
app, test code being changed).
- [ ] I confirm that this PR addresses all acceptance criteria described
in the ticket it closes and includes the necessary testing evidence such
as recordings and or screenshots.

Author: Mrtenz

app/scripts/lib/rpc-method-middleware/handlers/switch-ethereum-chain.js

@@ -1,4 +1,5 @@
 import { providerErrors } from '@metamask/rpc-errors';
+import { isSnapId } from '@metamask/snaps-utils';
 
 import { MESSAGE_TYPE } from '../../../../../shared/constants/app';
 import {
@@ -80,6 +81,7 @@ async function switchEthereumChainHandler(
   return switchChain(res, end, chainId, networkClientIdToSwitchTo, {
     origin,
     isSwitchFlow: true,
+    autoApprove: isSnapId(origin),
     setActiveNetwork,
     getCaveat,
     requestPermittedChainsPermissionIncrementalForOrigin,

app/scripts/lib/rpc-method-middleware/handlers/switch-ethereum-chain.test.js

@@ -168,6 +168,7 @@ describe('switchEthereumChainHandler', () => {
       '0xdeadbeef',
       'mainnet',
       {
+        autoApprove: false,
         setActiveNetwork: mocks.setActiveNetwork,
         fromNetworkConfiguration: {
           chainId: '0xe708',
@@ -198,4 +199,31 @@ describe('switchEthereumChainHandler', () => {
       },
     );
   });
+
+  it('calls `switchChain` with `autoApprove: true` if the origin is a Snap', async () => {
+    const { mocks } = createMockedHandler();
+
+    const switchEthereumChainHandler = switchEthereumChain.implementation;
+    await switchEthereumChainHandler(
+      {
+        origin: 'npm:foo-snap',
+        params: [{ chainId: CHAIN_IDS.MAINNET }],
+      },
+      {},
+      jest.fn(),
+      jest.fn(),
+      mocks,
+    );
+
+    expect(EthChainUtils.switchChain).toHaveBeenCalledTimes(1);
+    expect(EthChainUtils.switchChain).toHaveBeenCalledWith(
+      {},
+      expect.any(Function),
+      CHAIN_IDS.MAINNET,
+      NETWORK_TYPES.MAINNET,
+      expect.objectContaining({
+        autoApprove: true,
+      }),
+    );
+  });
 });

app/scripts/metamask-controller.js

@@ -130,8 +130,6 @@ import {
   TransactionType,
 } from '@metamask/transaction-controller';
 
-import { isSnapId } from '@metamask/snaps-utils';
-
 import { Interface } from '@ethersproject/abi';
 import { abiERC1155, abiERC721 } from '@metamask/metamask-eth-abis';
 import {
@@ -5894,12 +5892,6 @@ export default class MetamaskController extends EventEmitter {
     autoApprove,
     metadata,
   }) {
-    if (isSnapId(origin)) {
-      throw new Error(
-        `Cannot request permittedChains permission for Snaps with origin "${origin}"`,
-      );
-    }
-
     const caveatValueWithChains = setPermittedEthChainIds(
       {
         requiredScopes: {},
@@ -5951,11 +5943,11 @@ export default class MetamaskController extends EventEmitter {
    * Requests user approval for the CAIP-25 permission for the specified origin
    * and returns a granted permissions object.
    *
-   * @param {string} origin - The origin to request approval for.
+   * @param {string} _origin - The origin to request approval for.
    * @param requestedPermissions - The legacy permissions to request approval for.
    * @returns the approved permissions object.
    */
-  getCaip25PermissionFromLegacyPermissions(origin, requestedPermissions = {}) {
+  getCaip25PermissionFromLegacyPermissions(_origin, requestedPermissions = {}) {
     const permissions = pick(requestedPermissions, [
       RestrictedMethods.eth_accounts,
       PermissionNames.permittedChains,
@@ -5969,10 +5961,6 @@ export default class MetamaskController extends EventEmitter {
       permissions[PermissionNames.permittedChains] = {};
     }
 
-    if (isSnapId(origin)) {
-      delete permissions[PermissionNames.permittedChains];
-    }
-
     const requestedAccounts =
       permissions[RestrictedMethods.eth_accounts]?.caveats?.find(
         (caveat) => caveat.type === CaveatTypes.restrictReturnedAccounts,
@@ -5996,7 +5984,7 @@ export default class MetamaskController extends EventEmitter {
 
     const caveatValueWithChains = setPermittedEthChainIds(
       newCaveatValue,
-      isSnapId(origin) ? [] : requestedChains,
+      requestedChains,
     );
 
     const caveatValueWithAccountsAndChains = setEthAccounts(

app/scripts/metamask-controller.test.js

@@ -1293,7 +1293,7 @@ describe('MetaMaskController', () => {
         );
       });
 
-      it('returns approval from the PermissionsController for only eth_accounts when only permittedChains is specified in params and origin is snapId', async () => {
+      it('returns approval from the PermissionsController for both eth_accounts and permittedChains when only permittedChains is specified in params and origin is snapId', async () => {
         const permissions =
           await metamaskController.getCaip25PermissionFromLegacyPermissions(
             'npm:snap',
@@ -1318,6 +1318,9 @@ describe('MetaMaskController', () => {
                   value: {
                     requiredScopes: {},
                     optionalScopes: {
+                      'eip155:100': {
+                        accounts: [],
+                      },
                       'wallet:eip155': {
                         accounts: [],
                       },
@@ -1332,7 +1335,7 @@ describe('MetaMaskController', () => {
         );
       });
 
-      it('returns approval from the PermissionsController for only eth_accounts when both eth_accounts and permittedChains are specified in params and origin is snapId', async () => {
+      it('returns approval from the PermissionsController for both eth_accounts and permittedChains when both eth_accounts and permittedChains are specified in params and origin is snapId', async () => {
         const permissions =
           await metamaskController.getCaip25PermissionFromLegacyPermissions(
             'npm:snap',
@@ -1365,6 +1368,9 @@ describe('MetaMaskController', () => {
                   value: {
                     requiredScopes: {},
                     optionalScopes: {
+                      'eip155:100': {
+                        accounts: ['eip155:100:foo'],
+                      },
                       'wallet:eip155': {
                         accounts: ['wallet:eip155:foo'],
                       },
@@ -1432,31 +1438,28 @@ describe('MetaMaskController', () => {
         );
       });
 
-      it('returns CAIP-25 approval with approved accounts for the `wallet:eip155` scope (and no approved chainIds) with isMultichainOrigin: false if origin is snapId', async () => {
+      it('returns CAIP-25 approval with approved accounts and chain IDs with isMultichainOrigin: false if origin is snapId', async () => {
         const origin = 'npm:snap';
 
         const permissions =
-          await metamaskController.getCaip25PermissionFromLegacyPermissions(
-            origin,
-            {
-              [RestrictedEthMethods.eth_accounts]: {
-                caveats: [
-                  {
-                    type: 'restrictReturnedAccounts',
-                    value: ['0xdeadbeef'],
-                  },
-                ],
-              },
-              [EndowmentTypes.permittedChains]: {
-                caveats: [
-                  {
-                    type: 'restrictNetworkSwitching',
-                    value: ['0x1', '0x5'],
-                  },
-                ],
-              },
+          metamaskController.getCaip25PermissionFromLegacyPermissions(origin, {
+            [RestrictedEthMethods.eth_accounts]: {
+              caveats: [
+                {
+                  type: 'restrictReturnedAccounts',
+                  value: ['0xdeadbeef'],
+                },
+              ],
             },
-          );
+            [EndowmentTypes.permittedChains]: {
+              caveats: [
+                {
+                  type: 'restrictNetworkSwitching',
+                  value: ['0x1', '0x5'],
+                },
+              ],
+            },
+          });
 
         expect(permissions).toStrictEqual(
           expect.objectContaining({
@@ -1467,6 +1470,12 @@ describe('MetaMaskController', () => {
                   value: {
                     requiredScopes: {},
                     optionalScopes: {
+                      'eip155:1': {
+                        accounts: ['eip155:1:0xdeadbeef'],
+                      },
+                      'eip155:5': {
+                        accounts: ['eip155:5:0xdeadbeef'],
+                      },
                       'wallet:eip155': {
                         accounts: ['wallet:eip155:0xdeadbeef'],
                       },
@@ -1540,19 +1549,6 @@ describe('MetaMaskController', () => {
     });
 
     describe('requestPermittedChainsPermissionIncremental', () => {
-      it('throws if the origin is snapId', async () => {
-        await expect(() =>
-          metamaskController.requestPermittedChainsPermissionIncremental({
-            origin: 'npm:snap',
-            chainId: '0x1',
-          }),
-        ).rejects.toThrow(
-          new Error(
-            'Cannot request permittedChains permission for Snaps with origin "npm:snap"',
-          ),
-        );
-      });
-
       it('requests permittedChains approval if autoApprove: false', async () => {
         const expectedCaip25Permission = {
           [Caip25EndowmentPermissionName]: {