Closed
Bug 1036423
Opened 10 years ago
Closed 10 years ago
Reintroduce "permissions" permission.
Categories
(Firefox OS Graveyard :: FindMyDevice, defect)
Tracking
(blocking-b2g:2.0+, b2g-v2.0 fixed, b2g-v2.1 fixed)
People
(Reporter: ggp, Assigned: ggp)
Details
Attachments
(1 file)
Bug 1032903 removed the "permissions" permission from FMD. As it turns out, this permission controls access to the mozPermissionSettings API, which is needed by the track command. We need to reintroduce the permission, and "track" will be broken until we do.
Updated•10 years ago
|
Target Milestone: --- → 2.0 S6 (18july)
Assignee | ||
Comment 1•10 years ago
|
||
Sorry for overlooking this, here's a patch.
Attachment #8453126 -
Flags: review?(lissyx+mozillians)
Updated•10 years ago
|
blocking-b2g: --- → 2.0?
Updated•10 years ago
|
Attachment #8453126 -
Flags: review?(lissyx+mozillians) → review+
Assignee | ||
Updated•10 years ago
|
Keywords: checkin-needed
Comment 2•10 years ago
|
||
Looks good on gaia-try[1], merging. Master: https://github.com/mozilla-b2g/gaia/commit/bc59445675c1cadefdd9d6b2db185aca7b2f099d [1] https://tbpl.mozilla.org/?rev=a00a82bb082927d43f3f0a7a3059560705142c8f&tree=Gaia-Try
Status: NEW → RESOLVED
Closed: 10 years ago
status-b2g-v2.1:
--- → fixed
Keywords: checkin-needed
Resolution: --- → FIXED
Updated•10 years ago
|
blocking-b2g: 2.0? → 2.0+
Comment 3•10 years ago
|
||
v2.0: https://github.com/mozilla-b2g/gaia/commit/6af4a6a5d0b5b420c59cf5c856cd5a13ee35aac9
status-b2g-v2.0:
--- → fixed
Comment 4•10 years ago
|
||
How come this doesn't have a proper security and webapi review? The 'permission' permission is probably the API that can cause the most damage for the user.
Flags: needinfo?(ggoncalves)
Assignee | ||
Comment 5•10 years ago
|
||
This bug is just about restoring a permission that was accidentally removed in another patch, so I assume you are questioning its introduction in the first place. The 'permission' permission was added back in bug 938901, when FMD first landed on Gaia after being reviewed by a module owner. FMD has since gone through a client-side security review (bug 938357) as well, but no issues related to permissions were raised. If there was any other review procedure we should have followed, for either this bug or bug 938901, I wasn't aware of it, and I apologize. Please let me know what we can do about it, and I'll make sure this doesn't happen again.
Flags: needinfo?(ggoncalves)
Comment 6•10 years ago
|
||
(In reply to Guilherme Gonçalves [:ggp] from comment #5) > This bug is just about restoring a permission that was accidentally removed > in another patch, so I assume you are questioning its introduction in the > first place. The 'permission' permission was added back in bug 938901, when > FMD first landed on Gaia after being reviewed by a module owner. FMD has > since gone through a client-side security review (bug 938357) as well, but > no issues related to permissions were raised. > > If there was any other review procedure we should have followed, for either > this bug or bug 938901, I wasn't aware of it, and I apologize. Please let me > know what we can do about it, and I'll make sure this doesn't happen again. Using the permission API for this use-case is pretty big overkill. We should rather fix it in another way. I talked to Jonas about this and the easiest fix is to introduce a geolocation-noprompt permission.
Assignee | ||
Comment 7•10 years ago
|
||
Fair enough, I filed bug 1058330 for the FMD changes.
Comment 8•10 years ago
|
||
Dear Guilherme, Could you please provide a repro video or steps, thanks!
Flags: needinfo?(ggoncalves)
Assignee | ||
Comment 9•10 years ago
|
||
This change ended up being reverted by bug 1058330, in which we replaced the 'permissions' permission with 'geolocation-noprompt'. Verifying this only requires making sure that FMD manages to track a device successfully without triggering the geolocation permission prompt.
Flags: needinfo?(ggoncalves)
You need to log in
before you can comment on or make changes to this bug.
Description
•