Closed Bug 1090137 Opened 10 years ago Closed 10 years ago

Add moz-bluetooth permission for Loop application

Categories

(Firefox OS Graveyard :: Bluetooth, defect)

Product:
Firefox OS Graveyard
Component:
Bluetooth
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1091417

People

(Reporter: shawnjohnjr, Assigned: shawnjohnjr)

References

Details

Attachments

(1 file, 1 obsolete file)

Bug 1090137 - Add moz-bluetooth permission for Loop application
1.17 KB, patch
sicking
: feedback+
Details | Diff | Splinter Review 
Add moz-bluetooth permission
See also:
Bug 1087463 - [Loop] FirfoxHello VT call is not routing to BT headset
See also:
Bug 1088068 - Trusted hosted apps and AVRCP
Previous discussion with Paul:
1. If the THA gets hacked they get access to all of bluetooth. Given what we expose to THA already, I’m not _super_ worried but its is additional attack surface.
THA can already get all your data anyways via deviceStorage. But just be aware of that. 
2. The THA app would need to be very careful not to interfere with Gaia here.
If we do want to expose it, then I would suggest we do something like loop, i.e. prefix the exposed permission with moz- so regular privileged apps can’t get the permission.
Summary: Add moz-bluetooth permission → Add moz-bluetooth permission for THA/Loop application
Given the fact, Loop application needs to have bluetooth permission to establish Bluetooth SCO connection, we need to have ALLOW_ACTION permission for privilege apps. 
https://bugzilla.mozilla.org/show_bug.cgi?id=1087463#c4
Is this bug a dupe of 1087483?
Flags: needinfo?(shawnjohnjr)
(In reply to Tony Chung [:tchung] from comment #5)
> Is this bug a dupe of 1087483?

I cannot access bug 1087483. I'm not authorized to access bug #1087483.
Flags: needinfo?(shawnjohnjr) → needinfo?(tchung)
typo. i meant bug 1087463.
Flags: needinfo?(tchung)
(In reply to Tony Chung [:tchung] from comment #7)
> typo. i meant bug 1087463.
Not a dupe, but depends on this bug.
Because Loop application still needs to call |ConnectSco| function in their application. Loop application needs moz-bluetooth permission to access those Certified only Bluetooth APIs.
Attachment #8513238 - Attachment description: 0001-Bug-1090137-Add-moz-bluetooth-permission-for-THA-Loo.patch → Bug 1090137 - Add moz-bluetooth permission for THA/Loop application
Comment on attachment 8513238 [details] [diff] [review]
Bug 1090137 - Add moz-bluetooth permission for THA/Loop application

I would suggest that we create a separate permission for THA. Exposing all of bluetooth to Loop is a bit of a risk, its only one app, and its at least privileged (static & protected by CSP), and we review the source.

Since THA apps have a different risk profile, and only need AVRCP, maybe we should probably try to minimise the risk by creating a separate, more restrictive permission for them?
Attachment #8513238 - Attachment is obsolete: true
Attachment #8513238 - Flags: feedback?(ptheriault)
Summary: Add moz-bluetooth permission for THA/Loop application → Add moz-bluetooth permission for Loop application
(In reply to Paul Theriault [:pauljt] from comment #10)
> Comment on attachment 8513238 [details] [diff] [review]
> Bug 1090137 - Add moz-bluetooth permission for THA/Loop application
> 
> I would suggest that we create a separate permission for THA. Exposing all
> of bluetooth to Loop is a bit of a risk, its only one app, and its at least
> privileged (static & protected by CSP), and we review the source.
> 
> Since THA apps have a different risk profile, and only need AVRCP, maybe we
> should probably try to minimise the risk by creating a separate, more
> restrictive permission for them?

Paul, thanks for your comments. I think for THA, I probably open another bug. This bug will focus on Loop application.
Hardware: x86_64 → ARM
Blockign on this given we need it for https://bugzilla.mozilla.org/show_bug.cgi?id=1087463
blocking-b2g: --- → 2.1+
Comment on attachment 8513283 [details] [diff] [review]
Bug 1090137 - Add moz-bluetooth permission for Loop application

Review of attachment 8513283 [details] [diff] [review]:
-----------------------------------------------------------------

This is fine with me, but I think paul should review.

I'm also not sure what's involved with getting marketplace to add this permission to the list of permissions that they review for.

It seems very unfortunate that Loop needs to access bluetooth in order to get the audio routed correctly. That seems like something we should just do automatically. But that's of course way too late to do for both 2.0 and 2.1.
Attachment #8513283 - Flags: review?(ptheriault)
Attachment #8513283 - Flags: review?(jonas)
Attachment #8513283 - Flags: feedback+
(In reply to Jonas Sicking (:sicking) from comment #14)
> Comment on attachment 8513283 [details] [diff] [review]
> Bug 1090137 - Add moz-bluetooth permission for Loop application
> 
> Review of attachment 8513283 [details] [diff] [review]:
> -----------------------------------------------------------------
> It seems very unfortunate that Loop needs to access bluetooth in order to
> get the audio routed correctly. That seems like something we should just do
> automatically. But that's of course way too late to do for both 2.0 and 2.1.
I opened a bug for long-term solution. See Bug 1091417 in detail.
See Bug 1087463, is it possible to defer BT SCO API to v2.2?
(In reply to Shawn Huang [:shawnjohnjr] from comment #16)
> See Bug 1087463, is it possible to defer BT SCO API to v2.2?

I agree, nominating to 2.2
blocking-b2g: 2.1+ → 2.2?
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
blocking-b2g: 2.2? → ---
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: