Bug 1903606 - Prevent recovery from backups created from an application with a different appName. r=backup-reviewers,sthompson,kpatenio

Differential Revision: https://phabricator.services.mozilla.com/D215002

browser/components/backup/BackupService.sys.mjs

@@ -2085,6 +2085,12 @@ export class BackupService extends EventTarget {
 
       let meta = manifest.meta;
 
+      if (meta.appName != AppConstants.MOZ_APP_NAME) {
+        throw new Error(
+          `Cannot recover a backup from ${meta.appName} in ${AppConstants.MOZ_APP_NAME}`
+        );
+      }
+
       // Okay, we have a valid backup-manifest.json. Let's create a new profile
       // and start invoking the recover() method on each BackupResource.
       let profileSvc = Cc["@mozilla.org/toolkit/profile-service;1"].getService(

browser/components/backup/tests/xpcshell/test_BackupService.js

@@ -374,6 +374,17 @@ add_task(async function test_recoverFromSnapshotFolder() {
 
   let { stagingPath } = await bs.createBackup({ profilePath: oldProfilePath });
 
+  // Ensure that the appName in the written manifest matches the current
+  // MOZ_APP_NAME.
+  let manifest = await IOUtils.readJSON(
+    PathUtils.join(stagingPath, BackupService.MANIFEST_FILE_NAME)
+  );
+  Assert.equal(
+    manifest.meta.appName,
+    AppConstants.MOZ_APP_NAME,
+    "appName matches MOZ_APP_NAME"
+  );
+
   let testTelemetryStateObject = {
     clientID: "ed209123-04a1-04a1-04a1-c0ffeec0ffee",
   };

browser/components/backup/tests/xpcshell/test_BackupService_recoverFromSnapshotFolder.js

@@ -0,0 +1,57 @@
+/* Any copyright is dedicated to the Public Domain.
+https://creativecommons.org/publicdomain/zero/1.0/ */
+
+"use strict";
+
+const { AppConstants } = ChromeUtils.importESModule(
+  "resource://gre/modules/AppConstants.sys.mjs"
+);
+const { ArchiveUtils } = ChromeUtils.importESModule(
+  "resource:///modules/backup/ArchiveUtils.sys.mjs"
+);
+const { JsonSchema } = ChromeUtils.importESModule(
+  "resource://gre/modules/JsonSchema.sys.mjs"
+);
+
+/**
+ * Tests that if the backup-manifest.json provides an appName different from
+ * AppConstants.MOZ_APP_NAME of the currently running application, then
+ * recoverFromSnapshotFolder should throw an exception.
+ */
+add_task(async function test_different_appName() {
+  let testRecoveryPath = await IOUtils.createUniqueDirectory(
+    PathUtils.tempDir,
+    "testDifferentAppName"
+  );
+
+  let meta = Object.assign({}, FAKE_METADATA);
+  meta.appName = "Some other application";
+  Assert.notEqual(
+    meta.appName,
+    AppConstants.MOZ_APP_NAME,
+    "Set up a different appName in the manifest correctly."
+  );
+
+  let manifest = {
+    version: ArchiveUtils.SCHEMA_VERSION,
+    meta,
+    resources: {},
+  };
+  let schema = await BackupService.MANIFEST_SCHEMA;
+  let validationResult = JsonSchema.validate(manifest, schema);
+  Assert.ok(validationResult.valid, "Schema matches manifest");
+
+  await IOUtils.writeJSON(
+    PathUtils.join(testRecoveryPath, BackupService.MANIFEST_FILE_NAME),
+    manifest
+  );
+
+  let bs = new BackupService();
+  // This should reject and mention the invalid appName from the manifest.
+  await Assert.rejects(
+    bs.recoverFromSnapshotFolder(testRecoveryPath),
+    new RegExp(`${meta.appName}`)
+  );
+
+  await IOUtils.remove(testRecoveryPath, { recursive: true });
+});

browser/components/backup/tests/xpcshell/xpcshell.toml

@@ -29,6 +29,8 @@ skip-if = ["apple_silicon && automation"] # bug 1729538
 ["test_BackupService_enable_disable_encryption.js"]
 skip-if = ["apple_silicon && automation"] # bug 1729538
 
+["test_BackupService_recoverFromSnapshotFolder.js"]
+
 ["test_BackupService_renderTemplate.js"]
 
 ["test_BackupService_scheduler.js"]