1068048 - Should check wifi-manage permission in TetheringManager

Status: RESOLVED WONTFIX

(Firefox OS Graveyard :: Wifi, defect)

Description

[Dimi Lee [ooo 16.04 - 21.04］]

In bug 936367, Comment30 , we should check permission according to different tethering type.

Comment 1

[Dimi Lee [ooo 16.04 - 21.04］]

We already check wifi-manage permission in WifiWorker.js , should we still check it in DOM layer ?

Comment 2

[Dimi Lee [ooo 16.04 - 21.04］]

Hi Paul,
According to your comment in  bug 936367, Comment30. If TetheringManager is certified API only, we could just check corresponding permission according to different tethering type for setTetheringEnabled API.
http://dxr.mozilla.org/mozilla-central/source/dom/tethering/TetheringManager.js#76

In previous patch I did not check permission in content process DOM layer(TetheringManager.js)
But this API will eventually send message to chrome process and it will check wifi-manage permission in WifiWorker.js
http://dxr.mozilla.org/mozilla-central/source/dom/wifi/WifiWorker.js?from=WifiWorker.js&case=true#2709

In this case, do we still have to check wifi-manage permission in DOM layer (TetheringManager.js)?
Thanks for help !

Comment 3

[Paul Theriault [:pauljt] (no longer reading bugmail)]

Yes you should check in both places - check in the DOM to reduce attack surface exposed to the web, and check in the parent to enforce security. But in the patch in bug 936367, we already have a certified apps check, so only certified apps will see the navigator.mozTethering manager. This might be enough in this case. 

For consistency though, you may want to just copy mozWifiManager and implement a hasNavigator::HasTetheringManagerSupport function.  See this code here:  http://dxr.mozilla.org/mozilla-central/source/dom/webidl/MozWifiManager.webidl#63

Comment 4

[Dimi Lee [ooo 16.04 - 21.04］]

Not actively working on b2g

Comment 5

[BMO Automation]

Firefox OS is not being worked on