@metamask/snaps-controllers 15.0.2 → 16.1.0

package/dist/snaps/SnapController.mjs

@@ -5,12 +5,12 @@ import { rpcErrors } from "@metamask/rpc-errors";
 import { WALLET_SNAP_PERMISSION_KEY, getMaxRequestTimeCaveat, handlerEndowments, SnapEndowments, getKeyringCaveatOrigins, getRpcCaveatOrigins, processSnapPermissions, getEncryptionEntropy, getChainIdsCaveat } from "@metamask/snaps-rpc-methods";
 import { AuxiliaryFileEncoding, getErrorMessage, OnAssetsLookupResponseStruct } from "@metamask/snaps-sdk";
 import { logWarning, getPlatformVersion, assertIsSnapManifest, assertIsValidSnapId, DEFAULT_ENDOWMENTS, encodeAuxiliaryFile, HandlerType, isOriginAllowed, logError, normalizeRelative, OnTransactionResponseStruct, OnSignatureResponseStruct, resolveVersionRange, SnapCaveatType, SnapStatus, SnapStatusEvents, unwrapError, OnHomePageResponseStruct, getValidatedLocalizationFiles, VirtualFile, NpmSnapFileNames, OnNameLookupResponseStruct, getLocalizedSnapManifest, MAX_FILE_SIZE, OnSettingsPageResponseStruct, isValidUrl, OnAssetHistoricalPriceResponseStruct, OnAssetsConversionResponseStruct, OnAssetsMarketDataResponseStruct } from "@metamask/snaps-utils";
-import { hexToNumber, assert, assertIsJsonRpcRequest, assertStruct, Duration, gtRange, gtVersion, hasProperty, inMilliseconds, isNonEmptyArray, satisfiesVersionRange, timeSince, createDeferredPromise } from "@metamask/utils";
+import { assert, assertIsJsonRpcRequest, assertStruct, Duration, gtRange, gtVersion, hasProperty, inMilliseconds, isNonEmptyArray, satisfiesVersionRange, timeSince, createDeferredPromise } from "@metamask/utils";
 import { createMachine, interpret } from "@xstate/fsm";
 import { Mutex } from "async-mutex";
 import { nanoid } from "nanoid";
 import { gt, gte } from "semver";
-import { ALLOWED_PERMISSIONS, CLIENT_ONLY_HANDLERS, LEGACY_ENCRYPTION_KEY_DERIVATION_OPTIONS, METAMASK_ORIGIN, STATE_DEBOUNCE_TIMEOUT } from "./constants.mjs";
+import { ALLOWED_PERMISSIONS, CLIENT_ONLY_HANDLERS, DYNAMIC_PERMISSION_DEPENDENCIES, LEGACY_ENCRYPTION_KEY_DERIVATION_OPTIONS, METAMASK_ORIGIN, STATE_DEBOUNCE_TIMEOUT } from "./constants.mjs";
 import { detectSnapLocation } from "./location/index.mjs";
 import { SnapsRegistryStatus } from "./registry/index.mjs";
 import { getRunnableSnaps } from "./selectors.mjs";
@@ -80,20 +80,20 @@ export class SnapController extends BaseController {
     #preinstalledSnaps;
     #trackEvent;
     #trackSnapExport;
-    constructor({ closeAllConnections, messenger, state, dynamicPermissions = ['eth_accounts'], environmentEndowmentPermissions = [], excludedPermissions = {}, idleTimeCheckInterval = inMilliseconds(5, Duration.Second), maxIdleTime = inMilliseconds(30, Duration.Second), maxRequestTime = inMilliseconds(60, Duration.Second), fetchFunction = globalThis.fetch.bind(undefined), featureFlags = {}, detectSnapLocation: detectSnapLocationFunction = detectSnapLocation, preinstalledSnaps = null, encryptor, getMnemonicSeed, getFeatureFlags = () => ({}), clientCryptography, trackEvent, }) {
+    constructor({ closeAllConnections, messenger, state, dynamicPermissions = ['endowment:caip25', 'wallet_snap'], environmentEndowmentPermissions = [], excludedPermissions = {}, idleTimeCheckInterval = inMilliseconds(5, Duration.Second), maxIdleTime = inMilliseconds(30, Duration.Second), maxRequestTime = inMilliseconds(60, Duration.Second), fetchFunction = globalThis.fetch.bind(undefined), featureFlags = {}, detectSnapLocation: detectSnapLocationFunction = detectSnapLocation, preinstalledSnaps = null, encryptor, getMnemonicSeed, getFeatureFlags = () => ({}), clientCryptography, trackEvent, }) {
         super({
             messenger,
             metadata: {
                 snapStates: {
                     includeInStateLogs: false,
                     persist: true,
-                    anonymous: false,
+                    includeInDebugSnapshot: false,
                     usedInUi: false,
                 },
                 unencryptedSnapStates: {
                     includeInStateLogs: false,
                     persist: true,
-                    anonymous: false,
+                    includeInDebugSnapshot: false,
                     usedInUi: false,
                 },
                 snaps: {
@@ -124,7 +124,7 @@ export class SnapController extends BaseController {
                             return memo;
                         }, {}));
                     },
-                    anonymous: false,
+                    includeInDebugSnapshot: false,
                     // TODO: Ensure larger snap properties are not sent to the UI
                     // Currently these are stripped out manually in the extension
                     usedInUi: true,
@@ -159,21 +159,21 @@ export class SnapController extends BaseController {
         this.#trackEvent = trackEvent;
         this.#pollForLastRequestStatus();
         /* eslint-disable @typescript-eslint/unbound-method */
-        this.messagingSystem.subscribe('ExecutionService:unhandledError', this._onUnhandledSnapError);
-        this.messagingSystem.subscribe('ExecutionService:outboundRequest', this._onOutboundRequest);
-        this.messagingSystem.subscribe('ExecutionService:outboundResponse', this._onOutboundResponse);
+        this.messenger.subscribe('ExecutionService:unhandledError', this._onUnhandledSnapError);
+        this.messenger.subscribe('ExecutionService:outboundRequest', this._onOutboundRequest);
+        this.messenger.subscribe('ExecutionService:outboundResponse', this._onOutboundResponse);
         /* eslint-enable @typescript-eslint/unbound-method */
-        this.messagingSystem.subscribe('SnapController:snapInstalled', ({ id }, origin) => {
+        this.messenger.subscribe('SnapController:snapInstalled', ({ id }, origin) => {
             this.#callLifecycleHook(origin, id, HandlerType.OnInstall).catch((error) => {
                 logError(`Error when calling \`onInstall\` lifecycle hook for snap "${id}": ${getErrorMessage(error)}`);
             });
         });
-        this.messagingSystem.subscribe('SnapController:snapUpdated', ({ id }, _oldVersion, origin) => {
+        this.messenger.subscribe('SnapController:snapUpdated', ({ id }, _oldVersion, origin) => {
             this.#callLifecycleHook(origin, id, HandlerType.OnUpdate).catch((error) => {
                 logError(`Error when calling \`onUpdate\` lifecycle hook for snap "${id}": ${getErrorMessage(error)}`);
             });
         });
-        this.messagingSystem.subscribe('KeyringController:lock', this.#handleLock.bind(this));
+        this.messenger.subscribe('KeyringController:lock', this.#handleLock.bind(this));
         this.#initializeStateMachine();
         this.#registerMessageHandlers();
         Object.values(this.state?.snaps ?? {}).forEach((snap) => this.#setupRuntime(snap.id));
@@ -181,7 +181,7 @@ export class SnapController extends BaseController {
             this.#handlePreinstalledSnaps(this.#preinstalledSnaps);
         }
         this.#trackSnapExport = throttleTracking((snapId, handler, success, origin) => {
-            const snapMetadata = this.messagingSystem.call('SnapsRegistry:getMetadata', snapId);
+            const snapMetadata = this.messenger.call('SnapsRegistry:getMetadata', snapId);
             this.#trackEvent({
                 event: 'Snap Export Used',
                 category: 'Snaps',
@@ -264,29 +264,29 @@ export class SnapController extends BaseController {
      * actions.
      */
     #registerMessageHandlers() {
-        this.messagingSystem.registerActionHandler(`${controllerName}:init`, (...args) => this.init(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:clearSnapState`, (...args) => this.clearSnapState(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:get`, (...args) => this.get(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:getSnapState`, async (...args) => this.getSnapState(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:handleRequest`, async (...args) => this.handleRequest(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:has`, (...args) => this.has(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:updateRegistry`, async () => this.updateRegistry());
-        this.messagingSystem.registerActionHandler(`${controllerName}:updateSnapState`, async (...args) => this.updateSnapState(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:enable`, (...args) => this.enableSnap(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:disable`, async (...args) => this.disableSnap(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:remove`, async (...args) => this.removeSnap(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:getPermitted`, (...args) => this.getPermittedSnaps(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:install`, async (...args) => this.installSnaps(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:getAll`, (...args) => this.getAllSnaps(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:getRunnableSnaps`, (...args) => this.getRunnableSnaps(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:incrementActiveReferences`, (...args) => this.incrementActiveReferences(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:decrementActiveReferences`, (...args) => this.decrementActiveReferences(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:disconnectOrigin`, (...args) => this.removeSnapFromSubject(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:revokeDynamicPermissions`, (...args) => this.revokeDynamicSnapPermissions(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:getFile`, async (...args) => this.getSnapFile(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:stopAllSnaps`, async (...args) => this.stopAllSnaps(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:isMinimumPlatformVersion`, (...args) => this.isMinimumPlatformVersion(...args));
-        this.messagingSystem.registerActionHandler(`${controllerName}:setClientActive`, (...args) => this.setClientActive(...args));
+        this.messenger.registerActionHandler(`${controllerName}:init`, (...args) => this.init(...args));
+        this.messenger.registerActionHandler(`${controllerName}:clearSnapState`, (...args) => this.clearSnapState(...args));
+        this.messenger.registerActionHandler(`${controllerName}:get`, (...args) => this.get(...args));
+        this.messenger.registerActionHandler(`${controllerName}:getSnapState`, async (...args) => this.getSnapState(...args));
+        this.messenger.registerActionHandler(`${controllerName}:handleRequest`, async (...args) => this.handleRequest(...args));
+        this.messenger.registerActionHandler(`${controllerName}:has`, (...args) => this.has(...args));
+        this.messenger.registerActionHandler(`${controllerName}:updateRegistry`, async () => this.updateRegistry());
+        this.messenger.registerActionHandler(`${controllerName}:updateSnapState`, async (...args) => this.updateSnapState(...args));
+        this.messenger.registerActionHandler(`${controllerName}:enable`, (...args) => this.enableSnap(...args));
+        this.messenger.registerActionHandler(`${controllerName}:disable`, async (...args) => this.disableSnap(...args));
+        this.messenger.registerActionHandler(`${controllerName}:remove`, async (...args) => this.removeSnap(...args));
+        this.messenger.registerActionHandler(`${controllerName}:getPermitted`, (...args) => this.getPermittedSnaps(...args));
+        this.messenger.registerActionHandler(`${controllerName}:install`, async (...args) => this.installSnaps(...args));
+        this.messenger.registerActionHandler(`${controllerName}:getAll`, (...args) => this.getAllSnaps(...args));
+        this.messenger.registerActionHandler(`${controllerName}:getRunnableSnaps`, (...args) => this.getRunnableSnaps(...args));
+        this.messenger.registerActionHandler(`${controllerName}:incrementActiveReferences`, (...args) => this.incrementActiveReferences(...args));
+        this.messenger.registerActionHandler(`${controllerName}:decrementActiveReferences`, (...args) => this.decrementActiveReferences(...args));
+        this.messenger.registerActionHandler(`${controllerName}:disconnectOrigin`, (...args) => this.removeSnapFromSubject(...args));
+        this.messenger.registerActionHandler(`${controllerName}:revokeDynamicPermissions`, (...args) => this.revokeDynamicSnapPermissions(...args));
+        this.messenger.registerActionHandler(`${controllerName}:getFile`, async (...args) => this.getSnapFile(...args));
+        this.messenger.registerActionHandler(`${controllerName}:stopAllSnaps`, async (...args) => this.stopAllSnaps(...args));
+        this.messenger.registerActionHandler(`${controllerName}:isMinimumPlatformVersion`, (...args) => this.isMinimumPlatformVersion(...args));
+        this.messenger.registerActionHandler(`${controllerName}:setClientActive`, (...args) => this.setClientActive(...args));
     }
     /**
      * Initialise the SnapController.
@@ -356,10 +356,10 @@ export class SnapController extends BaseController {
             this.#setupRuntime(snapId);
             // Emit events
             if (isUpdate) {
-                this.messagingSystem.publish('SnapController:snapUpdated', this.getTruncatedExpect(snapId), existingSnap.version, METAMASK_ORIGIN, true);
+                this.messenger.publish('SnapController:snapUpdated', this.getTruncatedExpect(snapId), existingSnap.version, METAMASK_ORIGIN, true);
             }
             else {
-                this.messagingSystem.publish('SnapController:snapInstalled', this.getTruncatedExpect(snapId), METAMASK_ORIGIN, true);
+                this.messenger.publish('SnapController:snapInstalled', this.getTruncatedExpect(snapId), METAMASK_ORIGIN, true);
             }
         }
     }
@@ -381,8 +381,8 @@ export class SnapController extends BaseController {
      */
     async updateRegistry() {
         this.#assertCanUsePlatform();
-        await this.messagingSystem.call('SnapsRegistry:update');
-        const blockedSnaps = await this.messagingSystem.call('SnapsRegistry:get', Object.values(this.state.snaps).reduce((blockListArg, snap) => {
+        await this.messenger.call('SnapsRegistry:update');
+        const blockedSnaps = await this.messenger.call('SnapsRegistry:get', Object.values(this.state.snaps).reduce((blockListArg, snap) => {
             blockListArg[snap.id] = {
                 version: snap.version,
                 checksum: snap.manifest.source.shasum,
@@ -409,6 +409,7 @@ export class SnapController extends BaseController {
                     versionRange: resolvedVersion,
                     fetch: this.#fetchFunction,
                     allowLocal: false,
+                    useNpmProxy: true,
                 });
                 await this.#updateSnap({
                     origin: ORIGIN_METAMASK,
@@ -441,7 +442,7 @@ export class SnapController extends BaseController {
         catch (error) {
             logError(`Encountered error when stopping blocked snap "${snapId}".`, error);
         }
-        this.messagingSystem.publish(`${controllerName}:snapBlocked`, snapId, blockedSnapInfo);
+        this.messenger.publish(`${controllerName}:snapBlocked`, snapId, blockedSnapInfo);
     }
     /**
      * Unblocks a snap so that it can be enabled and started again. Emits
@@ -458,10 +459,10 @@ export class SnapController extends BaseController {
             state.snaps[snapId].blocked = false;
             delete state.snaps[snapId].blockInformation;
         });
-        this.messagingSystem.publish(`${controllerName}:snapUnblocked`, snapId);
+        this.messenger.publish(`${controllerName}:snapUnblocked`, snapId);
     }
     async #assertIsInstallAllowed(snapId, { platformVersion, ...snapInfo }) {
-        const results = await this.messagingSystem.call('SnapsRegistry:get', {
+        const results = await this.messenger.call('SnapsRegistry:get', {
             [snapId]: snapInfo,
         });
         const result = results[snapId];
@@ -578,7 +579,7 @@ export class SnapController extends BaseController {
         this.update((state) => {
             state.snaps[snapId].enabled = true;
         });
-        this.messagingSystem.publish('SnapController:snapEnabled', this.getTruncatedExpect(snapId));
+        this.messenger.publish('SnapController:snapEnabled', this.getTruncatedExpect(snapId));
     }
     /**
      * Disables the given snap. A snap can only be started if it is enabled.
@@ -596,7 +597,7 @@ export class SnapController extends BaseController {
         if (this.isRunning(snapId)) {
             await this.stopSnap(snapId, SnapStatusEvents.Stop);
         }
-        this.messagingSystem.publish('SnapController:snapDisabled', this.getTruncatedExpect(snapId));
+        this.messenger.publish('SnapController:snapDisabled', this.getTruncatedExpect(snapId));
     }
     /**
      * Stops the given snap, removes all hooks, closes all connections, and
@@ -656,7 +657,7 @@ export class SnapController extends BaseController {
      * @param snapId - The snap to terminate.
      */
     async #terminateSnap(snapId) {
-        await this.messagingSystem.call('ExecutionService:terminateSnap', snapId);
+        await this.messenger.call('ExecutionService:terminateSnap', snapId);
         // Hack to give up execution for a bit to let gracefully terminating Snaps return.
         await new Promise((resolve) => setTimeout(resolve, 1));
         const runtime = this.#getRuntimeExpect(snapId);
@@ -666,7 +667,7 @@ export class SnapController extends BaseController {
             .forEach((pendingRequest) => pendingRequest.timer.finish());
         // Hack to give up execution for a bit to let timed out requests return.
         await new Promise((resolve) => setTimeout(resolve, 1));
-        this.messagingSystem.publish('SnapController:snapTerminated', this.getTruncatedExpect(snapId));
+        this.messenger.publish('SnapController:snapTerminated', this.getTruncatedExpect(snapId));
     }
     /**
      * Returns whether the given snap is running.
@@ -1051,7 +1052,7 @@ export class SnapController extends BaseController {
             });
             // If the snap has been fully installed before, also emit snapUninstalled.
             if (snap.status !== SnapStatus.Installing) {
-                this.messagingSystem.publish(`SnapController:snapUninstalled`, truncated);
+                this.messenger.publish(`SnapController:snapUninstalled`, truncated);
             }
         }));
     }
@@ -1067,7 +1068,7 @@ export class SnapController extends BaseController {
         }
     }
     #addSnapToSubject(origin, snapId) {
-        const subjectPermissions = this.messagingSystem.call('PermissionController:getPermissions', origin);
+        const subjectPermissions = this.messenger.call('PermissionController:getPermissions', origin);
         const existingCaveat = subjectPermissions?.[WALLET_SNAP_PERMISSION_KEY]?.caveats?.find((caveat) => caveat.type === SnapCaveatType.SnapIds);
         const subjectHasSnap = Boolean(existingCaveat?.value?.[snapId]);
         // If the subject is already connected to the snap, this is a no-op.
@@ -1076,7 +1077,7 @@ export class SnapController extends BaseController {
         }
         // If an existing caveat exists, we add the snap to that.
         if (existingCaveat) {
-            this.messagingSystem.call('PermissionController:updateCaveat', origin, WALLET_SNAP_PERMISSION_KEY, SnapCaveatType.SnapIds, { ...existingCaveat.value, [snapId]: {} });
+            this.messenger.call('PermissionController:updateCaveat', origin, WALLET_SNAP_PERMISSION_KEY, SnapCaveatType.SnapIds, { ...existingCaveat.value, [snapId]: {} });
             return;
         }
         const approvedPermissions = {
@@ -1091,7 +1092,7 @@ export class SnapController extends BaseController {
                 ],
             },
         };
-        this.messagingSystem.call('PermissionController:grantPermissions', {
+        this.messenger.call('PermissionController:grantPermissions', {
             approvedPermissions,
             subject: { origin },
         });
@@ -1103,7 +1104,7 @@ export class SnapController extends BaseController {
      * @param snapId - The id of the snap to remove.
      */
     removeSnapFromSubject(origin, snapId) {
-        const subjectPermissions = this.messagingSystem.call('PermissionController:getPermissions', origin);
+        const subjectPermissions = this.messenger.call('PermissionController:getPermissions', origin);
         const snapIdsCaveat = subjectPermissions?.[WALLET_SNAP_PERMISSION_KEY]?.caveats?.find((caveat) => caveat.type === SnapCaveatType.SnapIds);
         if (!snapIdsCaveat) {
             return;
@@ -1115,10 +1116,10 @@ export class SnapController extends BaseController {
             };
             delete newCaveatValue[snapId];
             if (Object.keys(newCaveatValue).length > 0) {
-                this.messagingSystem.call('PermissionController:updateCaveat', origin, WALLET_SNAP_PERMISSION_KEY, SnapCaveatType.SnapIds, newCaveatValue);
+                this.messenger.call('PermissionController:updateCaveat', origin, WALLET_SNAP_PERMISSION_KEY, SnapCaveatType.SnapIds, newCaveatValue);
             }
             else {
-                this.messagingSystem.call('PermissionController:revokePermissions', {
+                this.messenger.call('PermissionController:revokePermissions', {
                     [origin]: [WALLET_SNAP_PERMISSION_KEY],
                 });
             }
@@ -1133,7 +1134,7 @@ export class SnapController extends BaseController {
      */
     revokeDynamicSnapPermissions(snapId, permissionNames) {
         assert(permissionNames.every((permissionName) => this.#dynamicPermissions.includes(permissionName)), 'Non-dynamic permissions cannot be revoked');
-        this.messagingSystem.call('PermissionController:revokePermissions', {
+        this.messenger.call('PermissionController:revokePermissions', {
             [snapId]: permissionNames,
         });
     }
@@ -1143,7 +1144,7 @@ export class SnapController extends BaseController {
      * @param snapId - The id of the Snap.
      */
     #removeSnapFromSubjects(snapId) {
-        const subjects = this.messagingSystem.call('PermissionController:getSubjectNames');
+        const subjects = this.messenger.call('PermissionController:getSubjectNames');
         for (const subject of subjects) {
             this.removeSnapFromSubject(subject, snapId);
         }
@@ -1154,8 +1155,8 @@ export class SnapController extends BaseController {
      * @param snapId - The snap ID.
      */
     #revokeAllSnapPermissions(snapId) {
-        if (this.messagingSystem.call('PermissionController:hasPermissions', snapId)) {
-            this.messagingSystem.call('PermissionController:revokeAllPermissions', snapId);
+        if (this.messenger.call('PermissionController:hasPermissions', snapId)) {
+            this.messenger.call('PermissionController:revokeAllPermissions', snapId);
         }
     }
     /**
@@ -1200,7 +1201,7 @@ export class SnapController extends BaseController {
      * @returns The serialized permitted snaps for the origin.
      */
     getPermittedSnaps(origin) {
-        const permissions = this.messagingSystem.call('PermissionController:getPermissions', origin) ?? {};
+        const permissions = this.messenger.call('PermissionController:getPermissions', origin) ?? {};
         const snaps = permissions[WALLET_SNAP_PERMISSION_KEY]?.caveats?.find((caveat) => caveat.type === SnapCaveatType.SnapIds)?.value ?? {};
         return Object.keys(snaps).reduce((permittedSnaps, snapId) => {
             const snap = this.get(snapId);
@@ -1263,8 +1264,8 @@ export class SnapController extends BaseController {
                 result[snapId] = await this.#processRequestedSnap(origin, snapId, location, version);
             }
             // Once we finish all installs / updates, emit events.
-            pendingInstalls.forEach((snapId) => this.messagingSystem.publish(`SnapController:snapInstalled`, this.getTruncatedExpect(snapId), origin, false));
-            pendingUpdates.forEach(({ snapId, oldVersion }) => this.messagingSystem.publish(`SnapController:snapUpdated`, this.getTruncatedExpect(snapId), oldVersion, origin, false));
+            pendingInstalls.forEach((snapId) => this.messenger.publish(`SnapController:snapInstalled`, this.getTruncatedExpect(snapId), origin, false));
+            pendingUpdates.forEach(({ snapId, oldVersion }) => this.messenger.publish(`SnapController:snapUpdated`, this.getTruncatedExpect(snapId), oldVersion, origin, false));
             snapIds.forEach((snapId) => this.#rollbackSnapshots.delete(snapId));
         }
         catch (error) {
@@ -1309,7 +1310,7 @@ export class SnapController extends BaseController {
             snapId,
             type: SNAP_APPROVAL_INSTALL,
         });
-        this.messagingSystem.publish('SnapController:snapInstallStarted', snapId, origin, false);
+        this.messenger.publish('SnapController:snapInstallStarted', snapId, origin, false);
         // Existing snaps must be stopped before overwriting
         if (existingSnap && this.isRunning(snapId)) {
             await this.stopSnap(snapId, SnapStatusEvents.Stop);
@@ -1350,13 +1351,13 @@ export class SnapController extends BaseController {
                 type: SNAP_APPROVAL_INSTALL,
                 error: errorString,
             });
-            this.messagingSystem.publish('SnapController:snapInstallFailed', snapId, origin, false, errorString);
+            this.messenger.publish('SnapController:snapInstallFailed', snapId, origin, false, errorString);
             throw error;
         }
     }
     #createApproval({ origin, snapId, type, }) {
         const id = nanoid();
-        const promise = this.messagingSystem.call('ApprovalController:addRequest', {
+        const promise = this.messenger.call('ApprovalController:addRequest', {
             origin,
             id,
             type,
@@ -1373,7 +1374,7 @@ export class SnapController extends BaseController {
     }
     #updateApproval(id, requestState) {
         try {
-            this.messagingSystem.call('ApprovalController:updateRequestState', {
+            this.messenger.call('ApprovalController:updateRequestState', {
                 id,
                 requestState,
             });
@@ -1419,7 +1420,7 @@ export class SnapController extends BaseController {
                 type: SNAP_APPROVAL_UPDATE,
             });
         try {
-            this.messagingSystem.publish('SnapController:snapInstallStarted', snapId, origin, true);
+            this.messenger.publish('SnapController:snapInstallStarted', snapId, origin, true);
             const oldManifest = snap.manifest;
             const newSnap = await fetchSnap(snapId, location);
             const { sourceCode: sourceCodeFile, manifest: manifestFile } = newSnap;
@@ -1527,12 +1528,12 @@ export class SnapController extends BaseController {
                     type: SNAP_APPROVAL_UPDATE,
                 });
             }
-            this.messagingSystem.publish('SnapController:snapInstallFailed', snapId, origin, true, errorString);
+            this.messenger.publish('SnapController:snapInstallFailed', snapId, origin, true, errorString);
             throw error;
         }
     }
     async #resolveAllowlistVersion(snapId, versionRange) {
-        return await this.messagingSystem.call('SnapsRegistry:resolveVersion', snapId, versionRange);
+        return await this.messenger.call('SnapsRegistry:resolveVersion', snapId, versionRange);
     }
     /**
      * Returns a promise representing the complete installation of the requested snap.
@@ -1595,7 +1596,7 @@ export class SnapController extends BaseController {
         }
         try {
             const runtime = this.#getRuntimeExpect(snapId);
-            const result = await this.messagingSystem.call('ExecutionService:executeSnap', {
+            const result = await this.messenger.call('ExecutionService:executeSnap', {
                 ...snapData,
                 endowments: await this.#getEndowments(snapId),
             });
@@ -1623,8 +1624,8 @@ export class SnapController extends BaseController {
     async #getEndowments(snapId) {
         let allEndowments = [];
         for (const permissionName of this.#environmentEndowmentPermissions) {
-            if (this.messagingSystem.call('PermissionController:hasPermission', snapId, permissionName)) {
-                const endowments = await this.messagingSystem.call('PermissionController:getEndowments', snapId, permissionName);
+            if (this.messenger.call('PermissionController:hasPermission', snapId, permissionName)) {
+                const endowments = await this.messenger.call('PermissionController:getEndowments', snapId, permissionName);
                 if (endowments) {
                     // We don't have any guarantees about the type of the endowments
                     // value, so we have to guard at runtime.
@@ -1724,7 +1725,7 @@ export class SnapController extends BaseController {
         // In case the Snap uses a localized manifest, we need to get the
         // proposed name from the localized manifest.
         const { proposedName } = getLocalizedSnapManifest(manifest.result, 'en', localizedFiles);
-        this.messagingSystem.call('SubjectMetadataController:addSubjectMetadata', {
+        this.messenger.call('SubjectMetadataController:addSubjectMetadata', {
             subjectType: SubjectType.Snap,
             name: proposedName,
             origin: snap.id,
@@ -1810,11 +1811,11 @@ export class SnapController extends BaseController {
             clearTimeout(this.#timeoutForLastRequestStatus);
         }
         /* eslint-disable @typescript-eslint/unbound-method */
-        this.messagingSystem.unsubscribe('ExecutionService:unhandledError', this._onUnhandledSnapError);
-        this.messagingSystem.unsubscribe('ExecutionService:outboundRequest', this._onOutboundRequest);
-        this.messagingSystem.unsubscribe('ExecutionService:outboundResponse', this._onOutboundResponse);
-        this.messagingSystem.clearEventSubscriptions('SnapController:snapInstalled');
-        this.messagingSystem.clearEventSubscriptions('SnapController:snapUpdated');
+        this.messenger.unsubscribe('ExecutionService:unhandledError', this._onUnhandledSnapError);
+        this.messenger.unsubscribe('ExecutionService:outboundRequest', this._onOutboundRequest);
+        this.messenger.unsubscribe('ExecutionService:outboundResponse', this._onOutboundResponse);
+        this.messenger.clearEventSubscriptions('SnapController:snapInstalled');
+        this.messenger.clearEventSubscriptions('SnapController:snapUpdated');
         /* eslint-enable @typescript-eslint/unbound-method */
     }
     /**
@@ -1840,7 +1841,7 @@ export class SnapController extends BaseController {
         assertIsJsonRpcRequest(request);
         const permissionName = handlerEndowments[handlerType];
         assert(typeof permissionName === 'string' || permissionName === null, "'permissionName' must be either a string or null.");
-        const permissions = this.messagingSystem.call('PermissionController:getPermissions', snapId);
+        const permissions = this.messenger.call('PermissionController:getPermissions', snapId);
         // If permissionName is null, the handler does not require a permission.
         if (permissionName !== null &&
             (!permissions || !hasProperty(permissions, permissionName))) {
@@ -1852,7 +1853,7 @@ export class SnapController extends BaseController {
         if (permissionName === SnapEndowments.Rpc ||
             permissionName === SnapEndowments.Keyring) {
             assert(handlerPermissions);
-            const subject = this.messagingSystem.call('SubjectMetadataController:getSubjectMetadata', origin);
+            const subject = this.messenger.call('SubjectMetadataController:getSubjectMetadata', origin);
             const origins = permissionName === SnapEndowments.Rpc
                 ? getRpcCaveatOrigins(handlerPermissions)
                 : getKeyringCaveatOrigins(handlerPermissions);
@@ -1890,7 +1891,7 @@ export class SnapController extends BaseController {
         const transformedRequest = this.#transformSnapRpcRequest(snapId, handlerType, request);
         const timer = new Timer(timeout);
         this.#recordSnapRpcRequestStart(snapId, transformedRequest.id, timer);
-        const handleRpcRequestPromise = this.messagingSystem.call('ExecutionService:handleRpcRequest', snapId, { origin, handler: handlerType, request: transformedRequest });
+        const handleRpcRequestPromise = this.messenger.call('ExecutionService:handleRpcRequest', snapId, { origin, handler: handlerType, request: transformedRequest });
         // This will either get the result or reject due to the timeout.
         try {
             const result = await withTimeout(handleRpcRequestPromise, timer);
@@ -1954,11 +1955,11 @@ export class SnapController extends BaseController {
      * @returns An identifier that can be used to identify the interface.
      */
     async #createInterface(snapId, content, contentType) {
-        return this.messagingSystem.call('SnapInterfaceController:createInterface', snapId, content, undefined, contentType);
+        return this.messenger.call('SnapInterfaceController:createInterface', snapId, content, undefined, contentType);
     }
     #assertInterfaceExists(snapId, id) {
         // This will throw if the interface isn't accessible, but we assert nevertheless.
-        assert(this.messagingSystem.call('SnapInterfaceController:getInterface', snapId, id));
+        assert(this.messenger.call('SnapInterfaceController:getInterface', snapId, id));
     }
     /**
      * Transform a RPC response if necessary.
@@ -2012,7 +2013,7 @@ export class SnapController extends BaseController {
      * @returns The transformed result.
      */
     #transformOnAssetsLookupResult(snapId, { params: requestedParams }, { assets }) {
-        const permissions = this.messagingSystem.call('PermissionController:getPermissions', snapId);
+        const permissions = this.messenger.call('PermissionController:getPermissions', snapId);
         // We know the permissions are guaranteed to be set here.
         assert(permissions);
         const permission = permissions[SnapEndowments.Assets];
@@ -2095,7 +2096,7 @@ export class SnapController extends BaseController {
             case HandlerType.OnUserInput: {
                 assert(request.params && hasProperty(request.params, 'id'));
                 const interfaceId = request.params.id;
-                const { context } = this.messagingSystem.call('SnapInterfaceController:getInterface', snapId, interfaceId);
+                const { context } = this.messenger.call('SnapInterfaceController:getInterface', snapId, interfaceId);
                 return {
                     ...request,
                     params: { ...request.params, context },
@@ -2251,7 +2252,7 @@ export class SnapController extends BaseController {
         // Calling this in reverse order to undo the changes
         this.#handleInitialConnections(snapId, newInitialConnections ?? null, previousInitialConnections ?? {});
         const truncatedSnap = this.getTruncatedExpect(snapId);
-        this.messagingSystem.publish('SnapController:snapRolledback', truncatedSnap, rollbackSnapshot.newVersion);
+        this.messenger.publish('SnapController:snapRolledback', truncatedSnap, rollbackSnapshot.newVersion);
         this.#rollbackSnapshots.delete(snapId);
     }
     /**
@@ -2300,19 +2301,48 @@ export class SnapController extends BaseController {
             getStateMutex: new Mutex(),
         });
     }
+    /**
+     * Get the desired permissions including dynamic permissions. That is, if a
+     * dynamic permission was previously granted and at least one of its
+     * dependencies is still desired, it will be included in the desired
+     * permissions.
+     *
+     * @param oldPermissions - The old permissions.
+     * @param desiredPermissions - The desired permissions.
+     * @returns The desired permissions including dynamic permissions.
+     */
+    #getDesiredPermissions(oldPermissions, desiredPermissions) {
+        return Object.keys(oldPermissions).reduce((accumulator, permissionName) => {
+            if (this.#dynamicPermissions.includes(permissionName)) {
+                const hasDependencies = hasProperty(DYNAMIC_PERMISSION_DEPENDENCIES, permissionName);
+                const hasDependency = DYNAMIC_PERMISSION_DEPENDENCIES[permissionName]?.some((dependency) => hasProperty(desiredPermissions, dependency));
+                // If the permission doesn't have dependencies, or if at least one of
+                // its dependencies is desired, include it in the desired permissions.
+                // NOTE: This effectively means that any permissions granted in the manifest
+                // that are considered dynamic, will not be automatically revoked
+                // when the permission is removed from the manifest.
+                // TODO: Deal with this technical debt.
+                if (!hasDependencies || hasDependency) {
+                    accumulator[permissionName] = oldPermissions[permissionName];
+                }
+            }
+            return accumulator;
+        }, desiredPermissions);
+    }
     #calculatePermissionsChange(snapId, desiredPermissionsSet) {
-        const oldPermissions = this.messagingSystem.call('PermissionController:getPermissions', snapId) ?? {};
-        const newPermissions = permissionsDiff(desiredPermissionsSet, oldPermissions);
-        // TODO(ritave): The assumption that these are unused only holds so long as we do not
-        //               permit dynamic permission requests.
-        const unusedPermissions = permissionsDiff(oldPermissions, desiredPermissionsSet);
+        const oldPermissions = this.messenger.call('PermissionController:getPermissions', snapId) ?? {};
+        const desiredPermissionsSetWithDynamic = this.#getDesiredPermissions(oldPermissions, desiredPermissionsSet);
+        const newPermissions = permissionsDiff(desiredPermissionsSetWithDynamic, oldPermissions);
+        // TODO: The assumption that these are unused only holds so long as we do
+        //  not permit dynamic permission requests.
+        const unusedPermissions = permissionsDiff(oldPermissions, desiredPermissionsSetWithDynamic);
         // It's a Set Intersection of oldPermissions and desiredPermissionsSet
         // oldPermissions ∖ (oldPermissions ∖ desiredPermissionsSet) ⟺ oldPermissions ∩ desiredPermissionsSet
         const approvedPermissions = permissionsDiff(oldPermissions, unusedPermissions);
         return { newPermissions, unusedPermissions, approvedPermissions };
     }
     #isSubjectConnectedToSnap(snapId, origin) {
-        const subjectPermissions = this.messagingSystem.call('PermissionController:getPermissions', origin);
+        const subjectPermissions = this.messenger.call('PermissionController:getPermissions', origin);
         const existingCaveat = subjectPermissions?.[WALLET_SNAP_PERMISSION_KEY]?.caveats?.find((caveat) => caveat.type === SnapCaveatType.SnapIds);
         return Boolean(existingCaveat?.value?.[snapId]);
     }
@@ -2332,46 +2362,6 @@ export class SnapController extends BaseController {
         const approvedConnections = setDiff(filteredOldConnections, unusedConnections);
         return { newConnections, unusedConnections, approvedConnections };
     }
-    /**
-     * Get the permissions to grant to a Snap following an install, update or
-     * rollback.
-     *
-     * @param snapId - The snap ID.
-     * @param newPermissions - The new permissions to be granted.
-     * @returns The permissions to grant to the Snap.
-     */
-    #getPermissionsToGrant(snapId, newPermissions) {
-        if (Object.keys(newPermissions).includes(SnapEndowments.EthereumProvider)) {
-            // This will return the globally selected network if the Snap doesn't have
-            // one set.
-            const networkClientId = this.messagingSystem.call('SelectedNetworkController:getNetworkClientIdForDomain', snapId);
-            const { configuration } = this.messagingSystem.call('NetworkController:getNetworkClientById', networkClientId);
-            const chainId = hexToNumber(configuration.chainId);
-            // This needs to be assigned to have proper type inference.
-            const modifiedPermissions = {
-                ...newPermissions,
-                'endowment:caip25': {
-                    caveats: [
-                        {
-                            type: 'authorizedScopes',
-                            value: {
-                                requiredScopes: {},
-                                optionalScopes: {
-                                    [`eip155:${chainId}`]: {
-                                        accounts: [],
-                                    },
-                                },
-                                sessionProperties: {},
-                                isMultichainOrigin: false,
-                            },
-                        },
-                    ],
-                },
-            };
-            return modifiedPermissions;
-        }
-        return newPermissions;
-    }
     /**
      * Update the permissions for a snap following an install, update or rollback.
      *
@@ -2386,14 +2376,13 @@ export class SnapController extends BaseController {
     #updatePermissions({ snapId, unusedPermissions = {}, newPermissions = {}, requestData, }) {
         const unusedPermissionsKeys = Object.keys(unusedPermissions);
         if (isNonEmptyArray(unusedPermissionsKeys)) {
-            this.messagingSystem.call('PermissionController:revokePermissions', {
+            this.messenger.call('PermissionController:revokePermissions', {
                 [snapId]: unusedPermissionsKeys,
             });
         }
         if (isNonEmptyArray(Object.keys(newPermissions))) {
-            const approvedPermissions = this.#getPermissionsToGrant(snapId, newPermissions);
-            this.messagingSystem.call('PermissionController:grantPermissions', {
-                approvedPermissions,
+            this.messenger.call('PermissionController:grantPermissions', {
+                approvedPermissions: newPermissions,
                 subject: { origin: snapId },
                 requestData,
             });
@@ -2434,7 +2423,7 @@ export class SnapController extends BaseController {
     #callLifecycleHooks(origin, handler) {
         const snaps = this.getRunnableSnaps();
         for (const { id } of snaps) {
-            const hasLifecycleHooksEndowment = this.messagingSystem.call('PermissionController:hasPermission', id, SnapEndowments.LifecycleHooks);
+            const hasLifecycleHooksEndowment = this.messenger.call('PermissionController:hasPermission', id, SnapEndowments.LifecycleHooks);
             if (!hasLifecycleHooksEndowment) {
                 continue;
             }
@@ -2457,7 +2446,7 @@ export class SnapController extends BaseController {
     async #callLifecycleHook(origin, snapId, handler) {
         const permissionName = handlerEndowments[handler];
         assert(permissionName, 'Lifecycle hook must have an endowment.');
-        const hasPermission = this.messagingSystem.call('PermissionController:hasPermission', snapId, permissionName);
+        const hasPermission = this.messenger.call('PermissionController:hasPermission', snapId, permissionName);
         if (!hasPermission) {
             return;
         }