Permission denied running Native Messaging app

When a webextension tries to run a native messaging app nothing happens (no response or error message in the console), and strace shows “Permission denied” when execve tries to run the app.

Create simple example

A simple example to show this is a modified version of the MDN native messaging webextension example.

The only significant change is to background.js, which is modified to create a new connection to the app each time the icon is clicked, rather than when the extension is loaded. This is to make it easier to strace the attempt to start the app, which is where the problem seems to be.

/*  Each time the icon is clicked it replaces the port if any with a new one  
 *  before sending a message and listening for a reply.
 */

var port;
    
browser.browserAction.onClicked.addListener(() => {

    /* Disconnecting previous closes the app */
    if (port) {
        port.disconnect();
        console.log("Disconnected");
    }
    
    /* Connect to the "ping_pong" app */
    port = browser.runtime.connectNative("ping_pong");
    console.log("Conected to port", port);
    
    /* Add listener for replies from the app */
    port.onMessage.addListener((response) => {
        console.log("Received: " + response);
    });
    
    /* Send a message to the app */
    console.log("Sending:  ping");
    port.postMessage("ping");
    
});

The extension’s manifest.json can optionally be updated to reflect the changes:

{
  "description": "Native messaging example add-on, modified to first create a new port on each click".
  "manifest_version": 2,
  "name": "Modified native messaging example",
  "version": "2.1",
  "icons": {
    "48": "icons/message.svg"
  },
  ....
}

The app’s manifest (ping_pong.json) is normally stored in /usr/lib/mozilla/native-messaging-hosts/ or /usr/lib64/mozilla/native-messaging-hosts/, but according to some other discussions Tor looks for it deep in /home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/, which was confirmed by strace.

When this webext+app is tested in Firefox ESR the app can be executed OK in /usr/bin, but when I tried the same for Tor it produced the “Permission denied” problem. When I had tried to install the native-messaging.zip file in the usual way, using “Install Add-On From File”, Tor’s file browser couldn’t access any files above /home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/ because of permission problems. So I thought that the app’s problem might because it wasn’t below what seemed to be Tor’s root, so put it in a new in a new Extensions folder /home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/Extensions/.

{
  "name": "ping_pong",
  "description": "Example host for native messaging",
  "path": "/home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Extensions/ping_pong.py",
  "type": "stdio",
  "allowed_extensions": [ "ping_pong@example.org" ]
}

Test results

When the icon was clicked the debugging console logged the connection made and the “ping” sent, but no “pong” reply.

strace gave the following output:

strace -f -p $(pgrep fox.real) 2>&1 | grep -i ping
[pid 13982] openat(AT_FDCWD, "/home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/TorBrowser/Data/Browser/.mozilla/native-messaging-hosts/ping_pong.json", O_RDONLY) = 43
[pid 13982] <... read resumed>"{\n  \"name\": \"ping_pong\",\n  \"desc"..., 259) = 259
[pid 13975] stat("/home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/Extensions/ping_pong.py",  <unfinished ...>
[pid 14129] execve("/home/user/.local/share/torbrowser/tbb/x86_64/tor-browser_en-US/Browser/Extensions/ping_pong.py", ["/home/user/.local/share/torbrowser"..., "/home/user/.local/share/torbrowser"..., "ping_pong@example.org"], 0x7f50a0897000 /* 100 vars */) = -1 EACCES (Permission denied)

ping_pong.py has full execute permissions (-rwxr-xr-x), so why is permission denied? What permissions are required to enable it be run as a native messaging app from Tor Browser?

I am a Tor newbie, and hoping that someone can give advice on how to get native messaging working.
Thanks.

(This is using the Tor Browser 11.0.6 in Linux, installed using Tor Browser Launcher, at the standard security level.)