@metamask/snaps-controllers 17.1.1 → 17.1.2

package/CHANGELOG.md

@@ -7,6 +7,12 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+## [17.1.2]
+
+### Fixed
+
+- Detect and recover missing permissions for preinstalled Snaps ([#3775](https://github.com/MetaMask/snaps/pull/3775))
+
 ## [17.1.1]
 
 ### Fixed
@@ -990,7 +996,8 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
   - The version of the package no longer needs to match the version of all other
     MetaMask Snaps packages.
 
-[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@17.1.1...HEAD
+[Unreleased]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@17.1.2...HEAD
+[17.1.2]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@17.1.1...@metamask/snaps-controllers@17.1.2
 [17.1.1]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@17.1.0...@metamask/snaps-controllers@17.1.1
 [17.1.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@17.0.0...@metamask/snaps-controllers@17.1.0
 [17.0.0]: https://github.com/MetaMask/snaps/compare/@metamask/snaps-controllers@16.1.1...@metamask/snaps-controllers@17.0.0

package/dist/snaps/SnapController.cjs

@@ -367,6 +367,38 @@ class SnapController extends base_controller_1.BaseController {
                 this.messenger.publish('SnapController:snapInstalled', this.getTruncatedExpect(snapId), constants_1.METAMASK_ORIGIN, true);
             }
         }
+        // Ensure all preinstalled Snaps have their expected permissions.
+        for (const snap of Object.values(this.state.snaps).filter(({ preinstalled }) => preinstalled)) {
+            const processedPermissions = (0, snaps_rpc_methods_1.processSnapPermissions)(snap.manifest.initialPermissions);
+            this.#validateSnapPermissions(processedPermissions);
+            const { newPermissions, unusedPermissions } = this.#calculatePermissionsChange(snap.id, processedPermissions);
+            if ((0, utils_1.isNonEmptyArray)(Object.keys(newPermissions)) ||
+                (0, utils_1.isNonEmptyArray)(Object.keys(unusedPermissions))) {
+                const { proposedName } = (0, snaps_utils_1.getLocalizedSnapManifest)(snap.manifest, 'en', snap.localizationFiles ?? []);
+                // Recover the SVG icon from the constructor argument.
+                // Theoretically this may be out of date, but this is the best we can do.
+                const preinstalledSnap = preinstalledSnaps.find((potentialSnap) => potentialSnap.snapId === snap.id);
+                const { iconPath } = snap.manifest.source.location.npm;
+                const svgIcon = iconPath && preinstalledSnap
+                    ? preinstalledSnap.files.find((file) => file.path === iconPath)
+                    : undefined;
+                // If the permissions are out of sync, it is possible that the SubjectMetadataController also is.
+                this.messenger.call('SubjectMetadataController:addSubjectMetadata', {
+                    subjectType: permission_controller_1.SubjectType.Snap,
+                    name: proposedName,
+                    origin: snap.id,
+                    version: snap.version,
+                    svgIcon: svgIcon ? new snaps_utils_1.VirtualFile(svgIcon).toString() : null,
+                });
+                this.#updatePermissions({
+                    snapId: snap.id,
+                    newPermissions,
+                    unusedPermissions,
+                });
+                (0, snaps_utils_1.logWarning)(`The permissions for "${snap.id}" were out of sync and have been automatically restored. If you see this message, please file a bug report.`);
+                this.messenger.captureException?.(new Error(`The permissions for "${snap.id}" were out of sync and have been automatically restored. This could indicate persistence issues.`));
+            }
+        }
     }
     #pollForLastRequestStatus() {
         this.#timeoutForLastRequestStatus = setTimeout(() => {