Closed Bug 1074673 Opened 10 years ago Closed 10 years ago

Mark certified apps only for APIs that won't exposed to privilege apps in BT API v2

Categories

(Firefox OS Graveyard :: Bluetooth, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
2.1 S6 (10oct)

People

(Reporter: yrliou, Assigned: yrliou)

Details

(Whiteboard: webbt-api)

Attachments

(1 file, 2 obsolete files)

In WebBluetooth v2, we plan to expose some APIs to privileged apps in the near future.
This bug is to mark the subset of APIs that will be certified apps only.
Assignee: nobody → joliu
Whiteboard: webbt-api
Hi Ben,

This patch marked APIs that will remain certified apps only in WebBluetooth v2.
Could you give me your feedback on this?
I will ask for DOM peer's review after f+.

Thanks,
Jocelyn
Attachment #8497338 - Flags: feedback?(btian)
Comment on attachment 8497338 [details] [diff] [review]
Bug 1074673: Mark certified apps only APIs for new WebBluetooth API.

Review of attachment 8497338 [details] [diff] [review]:
-----------------------------------------------------------------

f=me with comment addressed. Thanks.

::: dom/webidl/BluetoothAdapter2.webidl
@@ +53,5 @@
>    // Fired when a remote device gets unpaired from the adapter
>             attribute EventHandler   ondeviceunpaired;
>  
>    // Fired when a2dp connection status changed
> +           [AvailableIn=CertifiedApps]

Applications can still add event listener to certified-apps-only event handlers as long as they know the event handler's name. I think we can remove [AvailableIn=CertifiedApps] from these event handlers since they are less security-sensitive.

--
nit: indent the extended attributes as following:

 // Fired when a2dp connection status changed
 [AvailableIn=CertifiedApps]
Attachment #8497338 - Flags: feedback?(btian) → feedback+
Removed certified apps only for those event handlers.
Thanks for pointing it out, Ben.
Attachment #8497338 - Attachment is obsolete: true
Comment on attachment 8497928 [details] [diff] [review]
Bug 1074673 - Patch1(v2): Mark certified apps only APIs for new WebBluetooth API. f=btian

Hi Boris,

We're going through a security review process for new BT API recently, and we plan to make bluetooth permission available to privileged apps when we formally switch to new BT API.
This patch is marking certified apps only for attributes/methods in BluetoothAdapter2.webidl which will remain certified apps only in new BT API.
Could you take some time to review this patch?

Thanks,
Jocelyn
Attachment #8497928 - Flags: review?(bzbarsky)
Comment on attachment 8497928 [details] [diff] [review]
Bug 1074673 - Patch1(v2): Mark certified apps only APIs for new WebBluetooth API. f=btian

r=me on the mechanics of the IDL changes.  I assume a domain expert (btian) has looked over the set of things being marked, and should get r= credit.  ;)
Attachment #8497928 - Flags: review?(bzbarsky) → review+
Attachment #8497928 - Flags: review?(btian)
Comment on attachment 8497928 [details] [diff] [review]
Bug 1074673 - Patch1(v2): Mark certified apps only APIs for new WebBluetooth API. f=btian

Review of attachment 8497928 [details] [diff] [review]:
-----------------------------------------------------------------

r=me with nit addressed. Thanks!

::: dom/webidl/BluetoothAdapter2.webidl
@@ +154,4 @@
>    DOMRequest toggleCalls();
>  
>    // AVRCP 1.3 methods
> +  [NewObject,Throws, AvailableIn=CertifiedApps]

nit: add space before "Throws" and the following.
Attachment #8497928 - Flags: review?(btian) → review+
No try server result since this webidl won't be built.
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/fa8652026961
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2.1 S6 (10oct)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: