Closed
Bug 1040348
Opened 10 years ago
Closed 6 years ago
add CheckPermission annotation for voicemail interfaces
Categories
(Firefox OS Graveyard :: RIL, defect)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: rvid, Unassigned)
Details
No description provided.
Reporter | ||
Comment 2•10 years ago
|
||
https://bugzilla.mozilla.org/show_bug.cgi?id=906404#c15
Flags: needinfo?(roshanvid) → needinfo?(ehsan)
Comment 4•10 years ago
|
||
(In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment #3) > The motivation is consistency. Please take a look my comment in bug 1009645 comment 54 again. You also had replied with a new proposal that relying on preference at bug 1009645 comment 56.
Flags: needinfo?(ehsan)
Comment 5•10 years ago
|
||
(In reply to Vicamo Yang [:vicamo][:vyang] from comment #4) > (In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment > #3) > > The motivation is consistency. > > Please take a look my comment in bug 1009645 comment 54 again. You also had > replied with a new proposal that relying on preference at bug 1009645 > comment 56. Yes, but I thought that [CheckPermissions] and [HardwarePref] are orthogonal. If the [HardwarePref] tells us that we can expose the API on the platform, we still don't want to expose it to all web pages and all types of apps, right?
Flags: needinfo?(ehsan) → needinfo?(vyang)
Comment 6•10 years ago
|
||
(In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment #5) > Yes, but I thought that [CheckPermissions] and [HardwarePref] are > orthogonal. If the [HardwarePref] tells us that we can expose the API on > the platform, we still don't want to expose it to all web pages and all > types of apps, right? Sure, so you agree the necessity of that hardware pref, or more specifically, "dom.voicemail.enabled" here? There is three levels of access control for RIL APIs. MOZ_B2G_RIL is for platforms may or may not have RIL function in general. "dom.foo.enabled" is for a target device, a SKU, or so. And permissions are for per app. Please give an alternative before removing any of them. Thank you.
Flags: needinfo?(vyang) → needinfo?(ehsan)
Comment 7•10 years ago
|
||
(In reply to Vicamo Yang [:vicamo][:vyang] from comment #6) > (In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment > #5) > > Yes, but I thought that [CheckPermissions] and [HardwarePref] are > > orthogonal. If the [HardwarePref] tells us that we can expose the API on > > the platform, we still don't want to expose it to all web pages and all > > types of apps, right? > > Sure, so you agree the necessity of that hardware pref, or more > specifically, "dom.voicemail.enabled" here? Yes. > There is three levels of access control for RIL APIs. MOZ_B2G_RIL is for > platforms may or may not have RIL function in general. "dom.foo.enabled" is > for a target device, a SKU, or so. And permissions are for per app. Please > give an alternative before removing any of them. Thank you. The issue is that right now the API entry points are hidden behind just the pref (for example: http://mxr.mozilla.org/mozilla-central/source/dom/webidl/MozVoicemail.webidl#7), which means that *everything* on devices that have that pref set to true will see the API entry points. That includes certified apps, all privileged apps, and unprivileged web pages. What I'm proposing is to add a [CheckPermissions] annotation on these API entry points to hide them from code that cannot use them because it does not have sufficient permissions.
Flags: needinfo?(ehsan)
Comment 8•10 years ago
|
||
(In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment #7) > What I'm proposing is to add a [CheckPermissions] annotation on these API > entry points to hide them from code that cannot use them because it does not > have sufficient permissions. Correcting the summary to reflect this.
Summary: Use CheckPermission instead of Pref for voicemail interfaces → add CheckPermission annotation for voicemail interfaces
Comment 9•6 years ago
|
||
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•