Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support for Permission System in VS Code Extensions #187386

Closed
danny007in opened this issue Jul 9, 2023 · 3 comments
Closed

Support for Permission System in VS Code Extensions #187386

danny007in opened this issue Jul 9, 2023 · 3 comments
Assignees
@isidorn @alexdima
Labels
*duplicate Issue identified as a duplicate of another issue(s)

Comments

@danny007in
Copy link

danny007in commented Jul 9, 2023
edited
Loading

Description:
Currently, the Visual Studio Code (VS Code) extension ecosystem lacks a robust permission system similar to the one found in Android applications. This feature is crucial for maintaining user privacy and ensuring secure access to sensitive resources by extensions.

Android provides a comprehensive permission system (https://developer.android.com/guide/topics/permissions/overview) that enables users to grant or deny permissions to applications based on their needs. Implementing a similar permission system for VS Code extensions would greatly enhance the overall security and user control within the platform.

Proposal:

  1. Define a permission model: Create a standardized set of permissions that cover various extension capabilities and resources. This model should consider both basic permissions (e.g., read/write access to files, network access) and potentially more advanced permissions (e.g., access to user settings, workspace information).

  2. Permission declaration: Provide a mechanism for extension developers to declare the permissions required by their extensions in the extension manifest file. This declaration should clearly state the purpose and scope of each permission.

  3. User consent and control: Introduce a user interface within VS Code that allows users to review and manage the permissions requested by each installed extension. Users should have the ability to grant or revoke permissions at any time.

  4. Permission enforcement: Ensure that extensions can only access resources and perform actions for which they have been granted permission. Implement mechanisms to prevent extensions from accessing unauthorized resources or performing potentially harmful operations.

Benefits:

  • Enhanced user privacy: Users will have more control over the permissions granted to extensions, ensuring their privacy is protected.
  • Improved security: A permission system will help prevent malicious extensions from accessing sensitive resources or performing unauthorized actions.
  • Transparency and trust: Clear permission declarations will enable users to make informed decisions when installing or updating extensions, fostering a more trustworthy extension ecosystem.

This issue aims to start a discussion and gather feedback on the implementation of a permission system for VS Code extensions. It is crucial to ensure the widespread adoption of this feature by extension developers, maintainers, and the VS Code community as a whole.

image
@chrmarti chrmarti assigned sandy081 and unassigned chrmarti Jul 10, 2023
@sandy081 sandy081 added the ~info-needed Issue requires more information from poster (with bot comment) label Jul 10, 2023
@vscodenpa
Copy link

Thanks for creating this issue! We figured it's missing some basic information or in some other way doesn't follow our issue reporting guidelines. Please take the time to review these and update the issue.

Happy Coding!

@vscodenpa vscodenpa added info-needed Issue requires more information from poster and removed ~info-needed Issue requires more information from poster (with bot comment) labels Jul 10, 2023
@danny007in danny007in changed the title extension permission Support for Permission System in VS Code Extensions Jul 10, 2023
@danny007in
Copy link
Author

Description: Currently, the Visual Studio Code (VS Code) extension ecosystem lacks a robust permission system similar to the one found in Android applications. This feature is crucial for maintaining user privacy and ensuring secure access to sensitive resources by extensions.

Android provides a comprehensive permission system (https://developer.android.com/guide/topics/permissions/overview) that enables users to grant or deny permissions to applications based on their needs. Implementing a similar permission system for VS Code extensions would greatly enhance the overall security and user control within the platform.

Proposal:

  1. Define a permission model: Create a standardized set of permissions that cover various extension capabilities and resources. This model should consider both basic permissions (e.g., read/write access to files, network access) and potentially more advanced permissions (e.g., access to user settings, workspace information).
  2. Permission declaration: Provide a mechanism for extension developers to declare the permissions required by their extensions in the extension manifest file. This declaration should clearly state the purpose and scope of each permission.
  3. User consent and control: Introduce a user interface within VS Code that allows users to review and manage the permissions requested by each installed extension. Users should have the ability to grant or revoke permissions at any time.
  4. Permission enforcement: Ensure that extensions can only access resources and perform actions for which they have been granted permission. Implement mechanisms to prevent extensions from accessing unauthorized resources or performing potentially harmful operations.

Benefits:

  • Enhanced user privacy: Users will have more control over the permissions granted to extensions, ensuring their privacy is protected.
  • Improved security: A permission system will help prevent malicious extensions from accessing sensitive resources or performing unauthorized actions.
  • Transparency and trust: Clear permission declarations will enable users to make informed decisions when installing or updating extensions, fostering a more trustworthy extension ecosystem.

This issue aims to start a discussion and gather feedback on the implementation of a permission system for VS Code extensions. It is crucial to ensure the widespread adoption of this feature by extension developers, maintainers, and the VS Code community as a whole.

image

information provided @sandy081

@sandy081 sandy081 assigned isidorn and unassigned sandy081 Jul 11, 2023
@sandy081 sandy081 removed the info-needed Issue requires more information from poster label Jul 11, 2023
@isidorn
Copy link
Contributor

isidorn commented Jul 11, 2023

Thanks for opening this request, however closing this as a duplicate of #52116 since I feel like most of this is already covered by that issue. Thank you

@isidorn isidorn closed this as completed Jul 11, 2023
@isidorn isidorn added the *duplicate Issue identified as a duplicate of another issue(s) label Jul 11, 2023
@github-actions github-actions bot locked and limited conversation to collaborators Aug 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@isidorn isidorn

@alexdima alexdima

Labels
*duplicate Issue identified as a duplicate of another issue(s)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@isidorn @alexdima @chrmarti @sandy081 @danny007in @vscodenpa