Mark certified apps only for APIs that won't exposed to privilege apps in BT API v2

RESOLVED FIXED in 2.1 S6 (10oct)

Status

Firefox OS
Bluetooth
RESOLVED FIXED
3 years ago
3 years ago

People

(Reporter: jocelyn, Assigned: jocelyn)

Tracking

unspecified
2.1 S6 (10oct)
ARM
Gonk (Firefox OS)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: webbt-api)

Attachments

(1 attachment, 2 obsolete attachments)

(Assignee)

Description

3 years ago
In WebBluetooth v2, we plan to expose some APIs to privileged apps in the near future.
This bug is to mark the subset of APIs that will be certified apps only.
(Assignee)

Updated

3 years ago
Assignee: nobody → joliu
Whiteboard: webbt-api
(Assignee)

Comment 1

3 years ago
Created attachment 8497338 [details] [diff] [review]
Bug 1074673: Mark certified apps only APIs for new WebBluetooth API.

Hi Ben,

This patch marked APIs that will remain certified apps only in WebBluetooth v2.
Could you give me your feedback on this?
I will ask for DOM peer's review after f+.

Thanks,
Jocelyn
Attachment #8497338 - Flags: feedback?(btian)

Comment 2

3 years ago
Comment on attachment 8497338 [details] [diff] [review]
Bug 1074673: Mark certified apps only APIs for new WebBluetooth API.

Review of attachment 8497338 [details] [diff] [review]:
-----------------------------------------------------------------

f=me with comment addressed. Thanks.

::: dom/webidl/BluetoothAdapter2.webidl
@@ +53,5 @@
>    // Fired when a remote device gets unpaired from the adapter
>             attribute EventHandler   ondeviceunpaired;
>  
>    // Fired when a2dp connection status changed
> +           [AvailableIn=CertifiedApps]

Applications can still add event listener to certified-apps-only event handlers as long as they know the event handler's name. I think we can remove [AvailableIn=CertifiedApps] from these event handlers since they are less security-sensitive.

--
nit: indent the extended attributes as following:

 // Fired when a2dp connection status changed
 [AvailableIn=CertifiedApps]
Attachment #8497338 - Flags: feedback?(btian) → feedback+
(Assignee)

Comment 3

3 years ago
Created attachment 8497928 [details] [diff] [review]
Bug 1074673 - Patch1(v2): Mark certified apps only APIs for new WebBluetooth API. f=btian

Removed certified apps only for those event handlers.
Thanks for pointing it out, Ben.
Attachment #8497338 - Attachment is obsolete: true
(Assignee)

Comment 4

3 years ago
Comment on attachment 8497928 [details] [diff] [review]
Bug 1074673 - Patch1(v2): Mark certified apps only APIs for new WebBluetooth API. f=btian

Hi Boris,

We're going through a security review process for new BT API recently, and we plan to make bluetooth permission available to privileged apps when we formally switch to new BT API.
This patch is marking certified apps only for attributes/methods in BluetoothAdapter2.webidl which will remain certified apps only in new BT API.
Could you take some time to review this patch?

Thanks,
Jocelyn
Attachment #8497928 - Flags: review?(bzbarsky)
Comment on attachment 8497928 [details] [diff] [review]
Bug 1074673 - Patch1(v2): Mark certified apps only APIs for new WebBluetooth API. f=btian

r=me on the mechanics of the IDL changes.  I assume a domain expert (btian) has looked over the set of things being marked, and should get r= credit.  ;)
Attachment #8497928 - Flags: review?(bzbarsky) → review+
(Assignee)

Updated

3 years ago
Attachment #8497928 - Flags: review?(btian)

Comment 6

3 years ago
Comment on attachment 8497928 [details] [diff] [review]
Bug 1074673 - Patch1(v2): Mark certified apps only APIs for new WebBluetooth API. f=btian

Review of attachment 8497928 [details] [diff] [review]:
-----------------------------------------------------------------

r=me with nit addressed. Thanks!

::: dom/webidl/BluetoothAdapter2.webidl
@@ +154,4 @@
>    DOMRequest toggleCalls();
>  
>    // AVRCP 1.3 methods
> +  [NewObject,Throws, AvailableIn=CertifiedApps]

nit: add space before "Throws" and the following.
Attachment #8497928 - Flags: review?(btian) → review+
(Assignee)

Comment 7

3 years ago
Created attachment 8498029 [details] [diff] [review]
[Final] Bug 1074673 : Mark certified apps only APIs for new WebBluetooth API. r=btian, r=bz

Thanks to both of you. ;)
Attachment #8497928 - Attachment is obsolete: true
(Assignee)

Comment 8

3 years ago
No try server result since this webidl won't be built.
Keywords: checkin-needed
https://hg.mozilla.org/mozilla-central/rev/fa8652026961
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → FIXED
Target Milestone: --- → 2.1 S6 (10oct)
You need to log in before you can comment on or make changes to this bug.