@metamask/snaps-controllers 3.6.0 → 4.1.0

package/dist/esm/snaps/SnapController.js

@@ -66,13 +66,13 @@ import { SubjectType } from '@metamask/permission-controller';
 import { rpcErrors } from '@metamask/rpc-errors';
 import { WALLET_SNAP_PERMISSION_KEY } from '@metamask/snaps-rpc-methods';
 import { AuxiliaryFileEncoding, getErrorMessage } from '@metamask/snaps-sdk';
-import { validateComponentLinks, assertIsSnapManifest, assertIsValidSnapId, DEFAULT_ENDOWMENTS, DEFAULT_REQUESTED_SNAP_VERSION, encodeAuxiliaryFile, HandlerType, isOriginAllowed, logError, normalizeRelative, OnTransactionResponseStruct, resolveVersionRange, SnapCaveatType, SnapStatus, SnapStatusEvents, validateFetchedSnap, unwrapError, OnHomePageResponseStruct, getValidatedLocalizationFiles, encodeBase64 } from '@metamask/snaps-utils';
+import { validateComponentLinks, assertIsSnapManifest, assertIsValidSnapId, DEFAULT_ENDOWMENTS, DEFAULT_REQUESTED_SNAP_VERSION, encodeAuxiliaryFile, HandlerType, isOriginAllowed, logError, normalizeRelative, OnTransactionResponseStruct, OnSignatureResponseStruct, resolveVersionRange, SnapCaveatType, SnapStatus, SnapStatusEvents, unwrapError, OnHomePageResponseStruct, getValidatedLocalizationFiles, VirtualFile, NpmSnapFileNames } from '@metamask/snaps-utils';
 import { assert, assertIsJsonRpcRequest, assertStruct, Duration, gtRange, gtVersion, hasProperty, inMilliseconds, isNonEmptyArray, isValidSemVerRange, satisfiesVersionRange, timeSince } from '@metamask/utils';
 import { createMachine, interpret } from '@xstate/fsm';
 import { nanoid } from 'nanoid';
 import { forceStrict, validateMachine } from '../fsm';
 import { log } from '../logging';
-import { getSnapFiles, hasTimedOut, setDiff, withTimeout } from '../utils';
+import { fetchSnap, hasTimedOut, setDiff, withTimeout } from '../utils';
 import { handlerEndowments, SnapEndowments } from './endowments';
 import { getKeyringCaveatOrigins } from './endowments/keyring';
 import { getRpcCaveatOrigins } from './endowments/rpc';
@@ -125,7 +125,7 @@ var _closeAllConnections = /*#__PURE__*/ new WeakMap(), _dynamicPermissions = /*
 _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    * Constructor helper for registering the controller's messaging system
    * actions.
-   */ _registerMessageHandlers = /*#__PURE__*/ new WeakSet(), _pollForLastRequestStatus = /*#__PURE__*/ new WeakSet(), _blockSnap = /*#__PURE__*/ new WeakSet(), /**
+   */ _registerMessageHandlers = /*#__PURE__*/ new WeakSet(), _handlePreinstalledSnaps = /*#__PURE__*/ new WeakSet(), _pollForLastRequestStatus = /*#__PURE__*/ new WeakSet(), _blockSnap = /*#__PURE__*/ new WeakSet(), /**
    * Unblocks a snap so that it can be enabled and started again. Emits
    * {@link SnapUnblocked}. Does nothing if the snap is not installed or already
    * unblocked.
@@ -142,7 +142,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    *
    * @param snapId - The id of the snap to transition.
    * @param event - The event enum to use to transition.
-   */ _transition = /*#__PURE__*/ new WeakSet(), _terminateSnap = /*#__PURE__*/ new WeakSet(), /**
+   */ _transition = /*#__PURE__*/ new WeakSet(), _terminateSnap = /*#__PURE__*/ new WeakSet(), _handleInitialConnections = /*#__PURE__*/ new WeakSet(), _addSnapToSubject = /*#__PURE__*/ new WeakSet(), /**
    * Removes a snap's permission (caveat) from all subjects.
    *
    * @param snapId - The id of the Snap.
@@ -163,7 +163,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    *
    * @param args - The add snap args.
    * @returns The resulting snap object.
-   */ _set = /*#__PURE__*/ new WeakSet(), _fetchSnap = /*#__PURE__*/ new WeakSet(), _validateSnapPermissions = /*#__PURE__*/ new WeakSet(), /**
+   */ _set = /*#__PURE__*/ new WeakSet(), _validateSnapPermissions = /*#__PURE__*/ new WeakSet(), /**
    * Gets the RPC message handler for the given snap.
    *
    * @param snapId - The id of the Snap whose message handler to get.
@@ -181,6 +181,16 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    * @throws {@link Error}. If the snap exists before creation or if creation fails.
    * @returns A `RollbackSnapshot`.
    */ _createRollbackSnapshot = /*#__PURE__*/ new WeakSet(), _rollbackSnap = /*#__PURE__*/ new WeakSet(), _rollbackSnaps = /*#__PURE__*/ new WeakSet(), _getRuntime = /*#__PURE__*/ new WeakSet(), _getRuntimeExpect = /*#__PURE__*/ new WeakSet(), _setupRuntime = /*#__PURE__*/ new WeakSet(), _calculatePermissionsChange = /*#__PURE__*/ new WeakSet(), /**
+   * Updates the permissions for a snap following an install, update or rollback.
+   *
+   * Grants newly requested permissions and revokes unused/revoked permissions.
+   *
+   * @param args - An options bag.
+   * @param args.snapId - The snap ID.
+   * @param args.newPermissions - New permissions to be granted.
+   * @param args.unusedPermissions - Unused permissions to be revoked.
+   * @param args.requestData - Optional request data from an approval.
+   */ _updatePermissions = /*#__PURE__*/ new WeakSet(), /**
    * Checks if a snap will pass version validation checks
    * with the new version range that is requested. The first
    * check that is done is to check if the existing snap version
@@ -471,6 +481,10 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
         if (!Array.isArray(snapIds)) {
             throw new Error('Expected array of snap ids.');
         }
+        snapIds.forEach((snapId)=>{
+            const snap = this.getExpect(snapId);
+            assert(snap.removable !== false, `${snapId} is not removable.`);
+        });
         await Promise.all(snapIds.map(async (snapId)=>{
             const snap = this.getExpect(snapId);
             const truncated = this.getTruncatedExpect(snapId);
@@ -485,7 +499,6 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
                 delete state.snaps[snapId];
                 delete state.snapStates[snapId];
             });
-            this.messagingSystem.publish(`SnapController:snapRemoved`, truncated);
             // If the snap has been fully installed before, also emit snapUninstalled.
             if (snap.status !== SnapStatus.Installing) {
                 this.messagingSystem.publish(`SnapController:snapUninstalled`, truncated);
@@ -665,6 +678,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             snapId,
             type: SNAP_APPROVAL_INSTALL
         });
+        this.messagingSystem.publish('SnapController:snapInstallStarted', snapId, origin, false);
         // Existing snaps must be stopped before overwriting
         if (existingSnap && this.isRunning(snapId)) {
             await this.stopSnap(snapId, SnapStatusEvents.Stop);
@@ -698,11 +712,13 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             return truncated;
         } catch (error) {
             logError(`Error when adding ${snapId}.`, error);
+            const errorString = error instanceof Error ? error.message : error.toString();
             _class_private_method_get(this, _updateApproval, updateApproval).call(this, pendingApproval.id, {
                 loading: false,
                 type: SNAP_APPROVAL_INSTALL,
-                error: error instanceof Error ? error.message : error.toString()
+                error: errorString
             });
+            this.messagingSystem.publish('SnapController:snapInstallFailed', snapId, origin, false, errorString);
             throw error;
         }
     }
@@ -734,9 +750,11 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             type: SNAP_APPROVAL_UPDATE
         });
         try {
+            this.messagingSystem.publish('SnapController:snapInstallStarted', snapId, origin, true);
             const snap = this.getExpect(snapId);
-            const newSnap = await _class_private_method_get(this, _fetchSnap, fetchSnap).call(this, snapId, location);
-            const { sourceCode: sourceCodeFile, manifest: manifestFile } = newSnap.files;
+            const oldManifest = snap.manifest;
+            const newSnap = await fetchSnap(snapId, location);
+            const { sourceCode: sourceCodeFile, manifest: manifestFile } = newSnap;
             const manifest = manifestFile.result;
             const newVersion = manifest.version;
             if (!gtVersion(newVersion, snap.version)) {
@@ -773,28 +791,22 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             _class_private_method_get(this, _set, set).call(this, {
                 origin,
                 id: snapId,
-                files: newSnap.files,
+                files: newSnap,
                 isUpdate: true
             });
-            const unusedPermissionsKeys = Object.keys(unusedPermissions);
-            if (isNonEmptyArray(unusedPermissionsKeys)) {
-                this.messagingSystem.call('PermissionController:revokePermissions', {
-                    [snapId]: unusedPermissionsKeys
-                });
-            }
-            if (isNonEmptyArray(Object.keys(approvedNewPermissions))) {
-                this.messagingSystem.call('PermissionController:grantPermissions', {
-                    approvedPermissions: approvedNewPermissions,
-                    subject: {
-                        origin: snapId
-                    },
-                    requestData
-                });
+            _class_private_method_get(this, _updatePermissions, updatePermissions).call(this, {
+                snapId,
+                unusedPermissions,
+                newPermissions: approvedNewPermissions,
+                requestData
+            });
+            if (manifest.initialConnections) {
+                _class_private_method_get(this, _handleInitialConnections, handleInitialConnections).call(this, snapId, oldManifest.initialConnections ?? null, manifest.initialConnections);
             }
             const rollbackSnapshot = _class_private_method_get(this, _getRollbackSnapshot, getRollbackSnapshot).call(this, snapId);
             if (rollbackSnapshot !== undefined) {
                 rollbackSnapshot.permissions.revoked = unusedPermissions;
-                rollbackSnapshot.permissions.granted = Object.keys(approvedNewPermissions);
+                rollbackSnapshot.permissions.granted = approvedNewPermissions;
                 rollbackSnapshot.permissions.requestData = requestData;
             }
             const sourceCode = sourceCodeFile.toString();
@@ -818,11 +830,13 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
             return truncatedSnap;
         } catch (error) {
             logError(`Error when updating ${snapId},`, error);
+            const errorString = error instanceof Error ? error.message : error.toString();
             _class_private_method_get(this, _updateApproval, updateApproval).call(this, pendingApproval.id, {
                 loading: false,
-                error: error instanceof Error ? error.message : error.toString(),
+                error: errorString,
                 type: SNAP_APPROVAL_UPDATE
             });
+            this.messagingSystem.publish('SnapController:snapInstallFailed', snapId, origin, true, errorString);
             throw error;
         }
     }
@@ -857,14 +871,13 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
                 permissions: processedPermissions
             });
             const { permissions: approvedPermissions, ...requestData } = await pendingApproval.promise;
-            if (isNonEmptyArray(Object.keys(approvedPermissions))) {
-                this.messagingSystem.call('PermissionController:grantPermissions', {
-                    approvedPermissions,
-                    subject: {
-                        origin: snapId
-                    },
-                    requestData
-                });
+            _class_private_method_get(this, _updatePermissions, updatePermissions).call(this, {
+                snapId,
+                newPermissions: approvedPermissions,
+                requestData
+            });
+            if (snap.manifest.initialConnections) {
+                _class_private_method_get(this, _handleInitialConnections, handleInitialConnections).call(this, snapId, null, snap.manifest.initialConnections);
             }
         } finally{
             const runtime = _class_private_method_get(this, _getRuntimeExpect, getRuntimeExpect).call(this, snapId);
@@ -926,7 +939,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
     }
     constructor({ closeAllConnections, messenger, state, dynamicPermissions = [
         'eth_accounts'
-    ], environmentEndowmentPermissions = [], excludedPermissions = {}, idleTimeCheckInterval = inMilliseconds(5, Duration.Second), maxIdleTime = inMilliseconds(30, Duration.Second), maxRequestTime = inMilliseconds(60, Duration.Second), fetchFunction = globalThis.fetch.bind(globalThis), featureFlags = {}, detectSnapLocation: detectSnapLocationFunction = detectSnapLocation }){
+    ], environmentEndowmentPermissions = [], excludedPermissions = {}, idleTimeCheckInterval = inMilliseconds(5, Duration.Second), maxIdleTime = inMilliseconds(30, Duration.Second), maxRequestTime = inMilliseconds(60, Duration.Second), fetchFunction = globalThis.fetch.bind(globalThis), featureFlags = {}, detectSnapLocation: detectSnapLocationFunction = detectSnapLocation, preinstalledSnaps }){
         super({
             messenger,
             metadata: {
@@ -964,6 +977,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
         });
         _class_private_method_init(this, _initializeStateMachine);
         _class_private_method_init(this, _registerMessageHandlers);
+        _class_private_method_init(this, _handlePreinstalledSnaps);
         _class_private_method_init(this, _pollForLastRequestStatus);
         /**
    * Blocks an installed snap and prevents it from being started again. Emits
@@ -981,6 +995,8 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    *
    * @param snapId - The snap to terminate.
    */ _class_private_method_init(this, _terminateSnap);
+        _class_private_method_init(this, _handleInitialConnections);
+        _class_private_method_init(this, _addSnapToSubject);
         _class_private_method_init(this, _removeSnapFromSubjects);
         _class_private_method_init(this, _revokeAllSnapPermissions);
         _class_private_method_init(this, _createApproval);
@@ -1008,13 +1024,6 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
    * @returns An array of the names of the endowments.
    */ _class_private_method_init(this, _getEndowments);
         _class_private_method_init(this, _set);
-        /**
-   * Fetches the manifest and source code of a snap.
-   *
-   * @param snapId - The id of the Snap.
-   * @param location - Source from which snap will be fetched.
-   * @returns A tuple of the Snap manifest object and the Snap source code.
-   */ _class_private_method_init(this, _fetchSnap);
         _class_private_method_init(this, _validateSnapPermissions);
         _class_private_method_init(this, _getRpcRequestHandler);
         _class_private_method_init(this, _triggerPhishingListUpdate);
@@ -1059,6 +1068,7 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
         _class_private_method_init(this, _getRuntimeExpect);
         _class_private_method_init(this, _setupRuntime);
         _class_private_method_init(this, _calculatePermissionsChange);
+        _class_private_method_init(this, _updatePermissions);
         _class_private_method_init(this, _isValidUpdate);
         /**
    * Call a lifecycle hook on a snap, if the snap has the
@@ -1155,7 +1165,10 @@ _initializeStateMachine = /*#__PURE__*/ new WeakSet(), /**
         });
         _class_private_method_get(this, _initializeStateMachine, initializeStateMachine).call(this);
         _class_private_method_get(this, _registerMessageHandlers, registerMessageHandlers).call(this);
-        Object.values(state?.snaps ?? {}).forEach((snap)=>_class_private_method_get(this, _setupRuntime, setupRuntime).call(this, snap.id));
+        if (preinstalledSnaps) {
+            _class_private_method_get(this, _handlePreinstalledSnaps, handlePreinstalledSnaps).call(this, preinstalledSnaps);
+        }
+        Object.values(this.state?.snaps ?? {}).forEach((snap)=>_class_private_method_get(this, _setupRuntime, setupRuntime).call(this, snap.id));
     }
 }
 function initializeStateMachine() {
@@ -1232,6 +1245,63 @@ function registerMessageHandlers() {
     this.messagingSystem.registerActionHandler(`${controllerName}:revokeDynamicPermissions`, (...args)=>this.revokeDynamicSnapPermissions(...args));
     this.messagingSystem.registerActionHandler(`${controllerName}:getFile`, async (...args)=>this.getSnapFile(...args));
 }
+function handlePreinstalledSnaps(preinstalledSnaps) {
+    for (const { snapId, manifest, files, removable } of preinstalledSnaps){
+        const existingSnap = this.get(snapId);
+        const isAlreadyInstalled = existingSnap !== undefined;
+        const isUpdate = isAlreadyInstalled && gtVersion(manifest.version, existingSnap.version);
+        // Disallow downgrades and overwriting non preinstalled snaps
+        if (isAlreadyInstalled && (!isUpdate || existingSnap.preinstalled !== true)) {
+            continue;
+        }
+        const manifestFile = new VirtualFile({
+            path: NpmSnapFileNames.Manifest,
+            value: JSON.stringify(manifest),
+            result: manifest
+        });
+        const virtualFiles = files.map(({ path, value })=>new VirtualFile({
+                value,
+                path
+            }));
+        const { filePath, iconPath } = manifest.source.location.npm;
+        const sourceCode = virtualFiles.find((file)=>file.path === filePath);
+        const svgIcon = iconPath ? virtualFiles.find((file)=>file.path === iconPath) : undefined;
+        assert(sourceCode, 'Source code not provided for preinstalled snap.');
+        assert(!iconPath || iconPath && svgIcon, 'Icon not provided for preinstalled snap.');
+        assert(manifest.source.files === undefined, 'Auxiliary files are not currently supported for preinstalled snaps.');
+        const localizationFiles = manifest.source.locales?.map((path)=>virtualFiles.find((file)=>file.path === path)) ?? [];
+        const validatedLocalizationFiles = getValidatedLocalizationFiles(localizationFiles.filter(Boolean));
+        assert(localizationFiles.length === validatedLocalizationFiles.length, 'Missing localization files for preinstalled snap.');
+        const filesObject = {
+            manifest: manifestFile,
+            sourceCode,
+            svgIcon,
+            auxiliaryFiles: [],
+            localizationFiles: validatedLocalizationFiles
+        };
+        // Add snap to the SnapController state
+        _class_private_method_get(this, _set, set).call(this, {
+            id: snapId,
+            origin: 'metamask',
+            files: filesObject,
+            removable,
+            preinstalled: true
+        });
+        // Setup permissions
+        const processedPermissions = processSnapPermissions(manifest.initialPermissions);
+        _class_private_method_get(this, _validateSnapPermissions, validateSnapPermissions).call(this, processedPermissions);
+        const { newPermissions, unusedPermissions } = _class_private_method_get(this, _calculatePermissionsChange, calculatePermissionsChange).call(this, snapId, processedPermissions);
+        _class_private_method_get(this, _updatePermissions, updatePermissions).call(this, {
+            snapId,
+            newPermissions,
+            unusedPermissions
+        });
+        // Set status
+        this.update((state)=>{
+            state.snaps[snapId].status = SnapStatus.Stopped;
+        });
+    }
+}
 function pollForLastRequestStatus() {
     _class_private_field_set(this, _timeoutForLastRequestStatus, setTimeout(()=>{
         _class_private_method_get(this, _stopSnapsLastRequestPastMax, stopSnapsLastRequestPastMax).call(this).catch((error)=>{
@@ -1294,6 +1364,52 @@ async function terminateSnap(snapId) {
     await this.messagingSystem.call('ExecutionService:terminateSnap', snapId);
     this.messagingSystem.publish('SnapController:snapTerminated', this.getTruncatedExpect(snapId));
 }
+function handleInitialConnections(snapId, previousInitialConnections, initialConnections) {
+    if (previousInitialConnections) {
+        const revokedInitialConnections = setDiff(previousInitialConnections, initialConnections);
+        for (const origin of Object.keys(revokedInitialConnections)){
+            this.removeSnapFromSubject(origin, snapId);
+        }
+    }
+    for (const origin of Object.keys(initialConnections)){
+        _class_private_method_get(this, _addSnapToSubject, addSnapToSubject).call(this, origin, snapId);
+    }
+}
+function addSnapToSubject(origin, snapId) {
+    const subjectPermissions = this.messagingSystem.call('PermissionController:getPermissions', origin);
+    const existingCaveat = subjectPermissions?.[WALLET_SNAP_PERMISSION_KEY]?.caveats?.find((caveat)=>caveat.type === SnapCaveatType.SnapIds);
+    const subjectHasSnap = Boolean((existingCaveat?.value)?.[snapId]);
+    // If the subject is already connected to the snap, this is a no-op.
+    if (subjectHasSnap) {
+        return;
+    }
+    // If an existing caveat exists, we add the snap to that.
+    if (existingCaveat) {
+        this.messagingSystem.call('PermissionController:updateCaveat', origin, WALLET_SNAP_PERMISSION_KEY, SnapCaveatType.SnapIds, {
+            ...existingCaveat,
+            [snapId]: {}
+        });
+        return;
+    }
+    const approvedPermissions = {
+        [WALLET_SNAP_PERMISSION_KEY]: {
+            caveats: [
+                {
+                    type: SnapCaveatType.SnapIds,
+                    value: {
+                        [snapId]: {}
+                    }
+                }
+            ]
+        }
+    };
+    this.messagingSystem.call('PermissionController:grantPermissions', {
+        approvedPermissions,
+        subject: {
+            origin
+        }
+    });
+}
 function removeSnapFromSubjects(snapId) {
     const subjects = this.messagingSystem.call('PermissionController:getSubjectNames');
     for (const subject of subjects){
@@ -1351,8 +1467,8 @@ async function add(args) {
         // If fetching and setting the snap succeeds, this property will be set
         // to null in the authorize() method.
         runtime.installPromise = (async ()=>{
-            const fetchedSnap = await _class_private_method_get(this, _fetchSnap, fetchSnap).call(this, snapId, location);
-            const manifest = fetchedSnap.files.manifest.result;
+            const fetchedSnap = await fetchSnap(snapId, location);
+            const manifest = fetchedSnap.manifest.result;
             if (!satisfiesVersionRange(manifest.version, versionRange)) {
                 throw new Error(`Version mismatch. Manifest for "${snapId}" specifies version "${manifest.version}" which doesn't satisfy requested version range "${versionRange}".`);
             }
@@ -1362,7 +1478,7 @@ async function add(args) {
             });
             return _class_private_method_get(this, _set, set).call(this, {
                 ...args,
-                ...fetchedSnap,
+                files: fetchedSnap,
                 id: snapId
             });
         })();
@@ -1425,10 +1541,10 @@ async function getEndowments(snapId) {
     return dedupedEndowments;
 }
 function set(args) {
-    const { id: snapId, origin, files, isUpdate = false } = args;
+    const { id: snapId, origin, files, isUpdate = false, removable, preinstalled } = args;
     const { manifest, sourceCode: sourceCodeFile, svgIcon, auxiliaryFiles: rawAuxiliaryFiles, localizationFiles } = files;
     assertIsSnapManifest(manifest.result);
-    const { version } = manifest.result;
+    const { version, proposedName } = manifest.result;
     const sourceCode = sourceCodeFile.toString();
     assert(typeof sourceCode === 'string' && sourceCode.length > 0, `Invalid source code for snap "${snapId}".`);
     const auxiliaryFiles = rawAuxiliaryFiles.map((file)=>{
@@ -1456,6 +1572,8 @@ function set(args) {
         // previous state.
         blocked: false,
         enabled: true,
+        removable,
+        preinstalled,
         id: snapId,
         initialPermissions: manifest.result.initialPermissions,
         manifest: manifest.result,
@@ -1480,42 +1598,18 @@ function set(args) {
             rollbackSnapshot.statePatches = inversePatches;
         }
     }
-    this.messagingSystem.publish(`SnapController:snapAdded`, snap, svgIcon?.toString());
+    this.messagingSystem.call('SubjectMetadataController:addSubjectMetadata', {
+        subjectType: SubjectType.Snap,
+        name: proposedName,
+        origin: snap.id,
+        version,
+        svgIcon: svgIcon?.toString() ?? null
+    });
     return {
         ...snap,
         sourceCode
     };
 }
-async function fetchSnap(snapId, location) {
-    try {
-        const manifest = await location.manifest();
-        const sourceCode = await location.fetch(manifest.result.source.location.npm.filePath);
-        const { iconPath } = manifest.result.source.location.npm;
-        const svgIcon = iconPath ? await location.fetch(iconPath) : undefined;
-        const auxiliaryFiles = await getSnapFiles(location, manifest.result.source.files);
-        await Promise.all(auxiliaryFiles.map(async (file)=>{
-            // This should still be safe
-            // eslint-disable-next-line require-atomic-updates
-            file.data.base64 = await encodeBase64(file);
-        }));
-        const localizationFiles = await getSnapFiles(location, manifest.result.source.locales);
-        const validatedLocalizationFiles = getValidatedLocalizationFiles(localizationFiles);
-        const files = {
-            manifest,
-            sourceCode,
-            svgIcon,
-            auxiliaryFiles,
-            localizationFiles: validatedLocalizationFiles
-        };
-        await validateFetchedSnap(files);
-        return {
-            files,
-            location
-        };
-    } catch (error) {
-        throw new Error(`Failed to fetch snap "${snapId}": ${getErrorMessage(error)}.`);
-    }
-}
 function validateSnapPermissions(processedPermissions) {
     const permissionKeys = Object.keys(processedPermissions);
     const handlerPermissions = Array.from(new Set(Object.values(handlerEndowments)));
@@ -1608,6 +1702,17 @@ async function assertSnapRpcRequestResult(handlerType, result) {
                 validateComponentLinks(result.content, _class_private_method_get(this, _checkPhishingList, checkPhishingList).bind(this));
                 break;
             }
+        case HandlerType.OnSignature:
+            {
+                assertStruct(result, OnSignatureResponseStruct);
+                // Null is an allowed return value here
+                if (result === null) {
+                    return;
+                }
+                await _class_private_method_get(this, _triggerPhishingListUpdate, triggerPhishingListUpdate).call(this);
+                validateComponentLinks(result.content, _class_private_method_get(this, _checkPhishingList, checkPhishingList).bind(this));
+                break;
+            }
         case HandlerType.OnHomePage:
             assertStruct(result, OnHomePageResponseStruct);
             await _class_private_method_get(this, _triggerPhishingListUpdate, triggerPhishingListUpdate).call(this);
@@ -1646,11 +1751,7 @@ function createRollbackSnapshot(snapId) {
     assert(_class_private_field_get(this, _rollbackSnapshots).get(snapId) === undefined, new Error(`Snap "${snapId}" rollback snapshot already exists.`));
     _class_private_field_get(this, _rollbackSnapshots).set(snapId, {
         statePatches: [],
-        permissions: {
-            revoked: null,
-            granted: [],
-            requestData: null
-        },
+        permissions: {},
         newVersion: ''
     });
     const newRollbackSnapshot = _class_private_field_get(this, _rollbackSnapshots).get(snapId);
@@ -1678,20 +1779,12 @@ async function rollbackSnap(snapId) {
             state.snaps[snapId].status = SnapStatus.Stopped;
         });
     }
-    if (permissions.revoked && Object.keys(permissions.revoked).length) {
-        this.messagingSystem.call('PermissionController:grantPermissions', {
-            approvedPermissions: permissions.revoked,
-            subject: {
-                origin: snapId
-            },
-            requestData: permissions.requestData
-        });
-    }
-    if (permissions.granted?.length) {
-        this.messagingSystem.call('PermissionController:revokePermissions', {
-            [snapId]: permissions.granted
-        });
-    }
+    _class_private_method_get(this, _updatePermissions, updatePermissions).call(this, {
+        snapId,
+        unusedPermissions: permissions.granted,
+        newPermissions: permissions.revoked,
+        requestData: permissions.requestData
+    });
     const truncatedSnap = this.getTruncatedExpect(snapId);
     this.messagingSystem.publish('SnapController:snapRolledback', truncatedSnap, rollbackSnapshot.newVersion);
     _class_private_field_get(this, _rollbackSnapshots).delete(snapId);
@@ -1747,6 +1840,23 @@ function calculatePermissionsChange(snapId, desiredPermissionsSet) {
         approvedPermissions
     };
 }
+function updatePermissions({ snapId, unusedPermissions = {}, newPermissions = {}, requestData }) {
+    const unusedPermissionsKeys = Object.keys(unusedPermissions);
+    if (isNonEmptyArray(unusedPermissionsKeys)) {
+        this.messagingSystem.call('PermissionController:revokePermissions', {
+            [snapId]: unusedPermissionsKeys
+        });
+    }
+    if (isNonEmptyArray(Object.keys(newPermissions))) {
+        this.messagingSystem.call('PermissionController:grantPermissions', {
+            approvedPermissions: newPermissions,
+            subject: {
+                origin: snapId
+            },
+            requestData
+        });
+    }
+}
 function isValidUpdate(snapId, newVersionRange) {
     const existingSnap = this.getExpect(snapId);
     if (satisfiesVersionRange(existingSnap.version, newVersionRange)) {