add CheckPermission annotation for voicemail interfaces

RESOLVED WONTFIX

Status

RESOLVED WONTFIX
4 years ago
9 months ago

People

(Reporter: rvid, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Comment hidden (empty)
Can you give some details, motivation?
Flags: needinfo?(roshanvid)
(Reporter)

Comment 2

4 years ago
https://bugzilla.mozilla.org/show_bug.cgi?id=906404#c15
Flags: needinfo?(roshanvid) → needinfo?(ehsan)

Comment 3

4 years ago
The motivation is consistency.
Flags: needinfo?(ehsan)
(In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment #3)
> The motivation is consistency.

Please take a look my comment in bug 1009645 comment 54 again. You also had replied with a new proposal that relying on preference at bug 1009645 comment 56.
Flags: needinfo?(ehsan)

Comment 5

4 years ago
(In reply to Vicamo Yang [:vicamo][:vyang] from comment #4)
> (In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment
> #3)
> > The motivation is consistency.
> 
> Please take a look my comment in bug 1009645 comment 54 again. You also had
> replied with a new proposal that relying on preference at bug 1009645
> comment 56.

Yes, but I thought that [CheckPermissions] and [HardwarePref] are orthogonal.  If the [HardwarePref] tells us that we can expose the API on the platform, we still don't want to expose it to all web pages and all types of apps, right?
Flags: needinfo?(ehsan) → needinfo?(vyang)
(In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment #5)
> Yes, but I thought that [CheckPermissions] and [HardwarePref] are
> orthogonal.  If the [HardwarePref] tells us that we can expose the API on
> the platform, we still don't want to expose it to all web pages and all
> types of apps, right?

Sure, so you agree the necessity of that hardware pref, or more specifically, "dom.voicemail.enabled" here? 

There is three levels of access control for RIL APIs.  MOZ_B2G_RIL is for platforms may or may not have RIL function in general.  "dom.foo.enabled" is for a target device, a SKU, or so.  And permissions are for per app. Please give an alternative before removing any of them. Thank you.
Flags: needinfo?(vyang) → needinfo?(ehsan)

Comment 7

4 years ago
(In reply to Vicamo Yang [:vicamo][:vyang] from comment #6)
> (In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment
> #5)
> > Yes, but I thought that [CheckPermissions] and [HardwarePref] are
> > orthogonal.  If the [HardwarePref] tells us that we can expose the API on
> > the platform, we still don't want to expose it to all web pages and all
> > types of apps, right?
> 
> Sure, so you agree the necessity of that hardware pref, or more
> specifically, "dom.voicemail.enabled" here? 

Yes.

> There is three levels of access control for RIL APIs.  MOZ_B2G_RIL is for
> platforms may or may not have RIL function in general.  "dom.foo.enabled" is
> for a target device, a SKU, or so.  And permissions are for per app. Please
> give an alternative before removing any of them. Thank you.

The issue is that right now the API entry points are hidden behind just the pref (for example: http://mxr.mozilla.org/mozilla-central/source/dom/webidl/MozVoicemail.webidl#7), which means that *everything* on devices that have that pref set to true will see the API entry points.  That includes certified apps, all privileged apps, and unprivileged web pages.

What I'm proposing is to add a [CheckPermissions] annotation on these API entry points to hide them from code that cannot use them because it does not have sufficient permissions.
Flags: needinfo?(ehsan)
(In reply to :Ehsan Akhgari (lagging on bugmail, needinfo? me!) from comment #7)
> What I'm proposing is to add a [CheckPermissions] annotation on these API
> entry points to hide them from code that cannot use them because it does not
> have sufficient permissions.

Correcting the summary to reflect this.
Summary: Use CheckPermission instead of Pref for voicemail interfaces → add CheckPermission annotation for voicemail interfaces

Comment 9

9 months ago
Firefox OS is not being worked on
Status: NEW → RESOLVED
Last Resolved: 9 months ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.