fix: Recover missing permissions for preinstalled Snaps

FrederikBolding · FrederikBolding · commit c1ce02e3f9de · 2025-12-11T15:25:24.000+01:00
diff --git a/packages/snaps-controllers/src/snaps/SnapController.test.tsx b/packages/snaps-controllers/src/snaps/SnapController.test.tsx
@@ -6074,6 +6074,19 @@ describe('SnapController', () => {
         () => ({}),
       );
 
+      rootMessenger.registerActionHandler(
+        'PermissionController:grantPermissions',
+        () => {
+          // After install the snap should have permissions
+          rootMessenger.registerActionHandler(
+            'PermissionController:getPermissions',
+            () => MOCK_SNAP_PERMISSIONS,
+          );
+
+          return {};
+        },
+      );
+
       const preinstalledSnaps = [
         {
           snapId: MOCK_SNAP_ID,
@@ -6120,12 +6133,6 @@ describe('SnapController', () => {
         true,
       );
 
-      // After install the snap should have permissions
-      rootMessenger.registerActionHandler(
-        'PermissionController:getPermissions',
-        () => MOCK_SNAP_PERMISSIONS,
-      );
-
       const result = await snapController.handleRequest({
         snapId: MOCK_SNAP_ID,
         origin: MOCK_ORIGIN,
@@ -6236,6 +6243,19 @@ describe('SnapController', () => {
         () => ({}),
       );
 
+      rootMessenger.registerActionHandler(
+        'PermissionController:grantPermissions',
+        () => {
+          // After install the snap should have permissions
+          rootMessenger.registerActionHandler(
+            'PermissionController:getPermissions',
+            () => MOCK_SNAP_PERMISSIONS,
+          );
+
+          return {};
+        },
+      );
+
       const initialConnections = {
         'npm:filsnap': {},
         'https://snaps.metamask.io': {},
@@ -6279,12 +6299,6 @@ describe('SnapController', () => {
         },
       };
 
-      // After install the snap should have permissions
-      rootMessenger.registerActionHandler(
-        'PermissionController:getPermissions',
-        () => MOCK_SNAP_PERMISSIONS,
-      );
-
       expect(snapControllerOptions.messenger.call).toHaveBeenCalledWith(
         'PermissionController:grantPermissions',
         { approvedPermissions, subject: { origin: 'npm:filsnap' } },
@@ -6311,6 +6325,19 @@ describe('SnapController', () => {
         () => ({}),
       );
 
+      rootMessenger.registerActionHandler(
+        'PermissionController:grantPermissions',
+        () => {
+          // After install the snap should have permissions
+          rootMessenger.registerActionHandler(
+            'PermissionController:getPermissions',
+            () => MOCK_SNAP_PERMISSIONS,
+          );
+
+          return {};
+        },
+      );
+
       const preinstalledSnaps = [
         {
           snapId: MOCK_SNAP_ID,
@@ -6350,12 +6377,6 @@ describe('SnapController', () => {
         },
       );
 
-      // After install the snap should have permissions
-      rootMessenger.registerActionHandler(
-        'PermissionController:getPermissions',
-        () => MOCK_SNAP_PERMISSIONS,
-      );
-
       expect(
         await snapController.installSnaps(MOCK_ORIGIN, {
           [MOCK_SNAP_ID]: {},
@@ -6403,6 +6424,29 @@ describe('SnapController', () => {
         },
       ];
 
+      rootMessenger.registerActionHandler(
+        'PermissionController:grantPermissions',
+        () => {
+          // After install the snap should have permissions
+          rootMessenger.registerActionHandler(
+            'PermissionController:getPermissions',
+            () => ({
+              [SnapEndowments.Rpc]: MOCK_SNAP_PERMISSIONS[SnapEndowments.Rpc],
+              // eslint-disable-next-line @typescript-eslint/naming-convention
+              snap_getEntropy: {
+                caveats: null,
+                date: 1664187844588,
+                id: 'izn0WGUO8cvq_jqvLQuQP',
+                invoker: MOCK_SNAP_ID,
+                parentCapability: 'snap_getEntropy',
+              },
+            }),
+          );
+
+          return {};
+        },
+      );
+
       const snapControllerOptions = getSnapControllerWithEESOptions({
         preinstalledSnaps,
         rootMessenger,
@@ -6447,22 +6491,6 @@ describe('SnapController', () => {
         true,
       );
 
-      // After install the snap should have permissions
-      rootMessenger.registerActionHandler(
-        'PermissionController:getPermissions',
-        () => ({
-          [SnapEndowments.Rpc]: MOCK_SNAP_PERMISSIONS[SnapEndowments.Rpc],
-          // eslint-disable-next-line @typescript-eslint/naming-convention
-          snap_getEntropy: {
-            caveats: null,
-            date: 1664187844588,
-            id: 'izn0WGUO8cvq_jqvLQuQP',
-            invoker: MOCK_SNAP_ID,
-            parentCapability: 'snap_getEntropy',
-          },
-        }),
-      );
-
       const result = await snapController.handleRequest({
         snapId: MOCK_SNAP_ID,
         origin: MOCK_ORIGIN,
@@ -6516,6 +6544,19 @@ describe('SnapController', () => {
         () => ({}),
       );
 
+      rootMessenger.registerActionHandler(
+        'PermissionController:grantPermissions',
+        () => {
+          // After install the snap should have permissions
+          rootMessenger.registerActionHandler(
+            'PermissionController:getPermissions',
+            () => MOCK_SNAP_PERMISSIONS,
+          );
+
+          return {};
+        },
+      );
+
       const { manifest } = await getMockSnapFilesWithUpdatedChecksum({
         manifest: getSnapManifest({
           proposedName: '{{ proposedName }}',
@@ -6567,12 +6608,6 @@ describe('SnapController', () => {
         },
       );
 
-      // After install the snap should have permissions
-      rootMessenger.registerActionHandler(
-        'PermissionController:getPermissions',
-        () => MOCK_SNAP_PERMISSIONS,
-      );
-
       const result = await snapController.handleRequest({
         snapId: MOCK_SNAP_ID,
         origin: MOCK_ORIGIN,
@@ -6674,6 +6709,19 @@ describe('SnapController', () => {
         () => ({}),
       );
 
+      rootMessenger.registerActionHandler(
+        'PermissionController:grantPermissions',
+        () => {
+          // After install the snap should have permissions
+          rootMessenger.registerActionHandler(
+            'PermissionController:getPermissions',
+            () => MOCK_SNAP_PERMISSIONS,
+          );
+
+          return {};
+        },
+      );
+
       const preinstalledSnaps = [
         {
           snapId: MOCK_SNAP_ID,
@@ -6713,6 +6761,19 @@ describe('SnapController', () => {
         () => ({}),
       );
 
+      rootMessenger.registerActionHandler(
+        'PermissionController:grantPermissions',
+        () => {
+          // After install the snap should have permissions
+          rootMessenger.registerActionHandler(
+            'PermissionController:getPermissions',
+            () => MOCK_SNAP_PERMISSIONS,
+          );
+
+          return {};
+        },
+      );
+
       const preinstalledSnaps = [
         {
           snapId: MOCK_SNAP_ID,
@@ -6742,6 +6803,48 @@ describe('SnapController', () => {
       snapController.destroy();
     });
 
+    it('recovers if preinstalled permissions are out of sync', async () => {
+      const rootMessenger = getControllerMessenger();
+      jest.spyOn(rootMessenger, 'call');
+      const log = jest.spyOn(console, 'warn').mockImplementation();
+
+      // Never persist any granted permissions
+      rootMessenger.registerActionHandler(
+        'PermissionController:getPermissions',
+        () => ({}),
+      );
+
+      const preinstalledSnaps = [
+        {
+          snapId: MOCK_SNAP_ID,
+          manifest: getSnapManifest(),
+          hidden: true,
+          files: [
+            {
+              path: DEFAULT_SOURCE_PATH,
+              value: stringToBytes(DEFAULT_SNAP_BUNDLE),
+            },
+            {
+              path: DEFAULT_ICON_PATH,
+              value: stringToBytes(DEFAULT_SNAP_ICON),
+            },
+          ],
+        },
+      ];
+
+      const snapControllerOptions = getSnapControllerWithEESOptions({
+        preinstalledSnaps,
+        rootMessenger,
+      });
+      const [snapController] = getSnapControllerWithEES(snapControllerOptions);
+
+      expect(log).toHaveBeenCalledWith(
+        'The permissions for "npm:@metamask/example-snap" were out of sync and have been automatically restored. If you see this message, please file a bug report.',
+      );
+
+      snapController.destroy();
+    });
+
     it('supports onInstall for preinstalled Snaps', async () => {
       const rootMessenger = getControllerMessenger();
       jest.spyOn(rootMessenger, 'call');
@@ -6782,7 +6885,7 @@ describe('SnapController', () => {
       await new Promise((resolve) => setTimeout(resolve, 10));
 
       expect(messenger.call).toHaveBeenNthCalledWith(
-        6,
+        7,
         'ExecutionService:handleRpcRequest',
         MOCK_SNAP_ID,
         {
@@ -6848,7 +6951,7 @@ describe('SnapController', () => {
       await new Promise((resolve) => setTimeout(resolve, 10));
 
       expect(messenger.call).toHaveBeenNthCalledWith(
-        6,
+        7,
         'ExecutionService:handleRpcRequest',
         MOCK_SNAP_ID,
         {
@@ -10438,6 +10541,33 @@ describe('SnapController', () => {
       ];
 
       const rootMessenger = getControllerMessenger();
+
+      rootMessenger.registerActionHandler(
+        'PermissionController:revokeAllPermissions',
+        () => {
+          // After revoking the snap should have no permissions
+          rootMessenger.registerActionHandler(
+            'PermissionController:getPermissions',
+            () => ({}),
+          );
+
+          return {};
+        },
+      );
+
+      rootMessenger.registerActionHandler(
+        'PermissionController:grantPermissions',
+        () => {
+          // After install the snap should have permissions
+          rootMessenger.registerActionHandler(
+            'PermissionController:getPermissions',
+            () => MOCK_SNAP_PERMISSIONS,
+          );
+
+          return {};
+        },
+      );
+
       const messenger = getSnapControllerMessenger(rootMessenger);
       const snapController = getSnapController(
         getSnapControllerOptions({
diff --git a/packages/snaps-controllers/src/snaps/SnapController.ts b/packages/snaps-controllers/src/snaps/SnapController.ts
@@ -1457,6 +1457,34 @@ export class SnapController extends BaseController<
         );
       }
     }
+
+    // Ensure all preinstalled Snaps have their expected permissions.
+    for (const snap of Object.values(this.state.snaps).filter(
+      ({ preinstalled }) => preinstalled,
+    )) {
+      const processedPermissions = processSnapPermissions(
+        snap.manifest.initialPermissions,
+      );
+
+      this.#validateSnapPermissions(processedPermissions);
+
+      const { newPermissions, unusedPermissions } =
+        this.#calculatePermissionsChange(snap.id, processedPermissions);
+
+      if (
+        isNonEmptyArray(Object.keys(newPermissions)) ||
+        isNonEmptyArray(Object.keys(unusedPermissions))
+      ) {
+        this.#updatePermissions({
+          snapId: snap.id,
+          newPermissions,
+          unusedPermissions,
+        });
+        logWarning(
+          `The permissions for "${snap.id}" were out of sync and have been automatically restored. If you see this message, please file a bug report.`,
+        );
+      }
+    }
   }
 
   #pollForLastRequestStatus() {
