Closed
Bug 1090137
Opened 10 years ago
Closed 10 years ago
Add moz-bluetooth permission for Loop application
Categories
(Firefox OS Graveyard :: Bluetooth, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1091417
People
(Reporter: shawnjohnjr, Assigned: shawnjohnjr)
References
Details
Attachments
(1 file, 1 obsolete file)
1.17 KB,
patch
|
sicking
:
feedback+
|
Details | Diff | Splinter Review |
Add moz-bluetooth permission
Assignee | ||
Comment 1•10 years ago
|
||
See also: Bug 1087463 - [Loop] FirfoxHello VT call is not routing to BT headset
Assignee | ||
Comment 2•10 years ago
|
||
See also: Bug 1088068 - Trusted hosted apps and AVRCP
Assignee | ||
Comment 3•10 years ago
|
||
Previous discussion with Paul: 1. If the THA gets hacked they get access to all of bluetooth. Given what we expose to THA already, I’m not _super_ worried but its is additional attack surface. THA can already get all your data anyways via deviceStorage. But just be aware of that. 2. The THA app would need to be very careful not to interfere with Gaia here. If we do want to expose it, then I would suggest we do something like loop, i.e. prefix the exposed permission with moz- so regular privileged apps can’t get the permission.
Assignee | ||
Updated•10 years ago
|
Summary: Add moz-bluetooth permission → Add moz-bluetooth permission for THA/Loop application
Assignee | ||
Comment 4•10 years ago
|
||
Given the fact, Loop application needs to have bluetooth permission to establish Bluetooth SCO connection, we need to have ALLOW_ACTION permission for privilege apps. https://bugzilla.mozilla.org/show_bug.cgi?id=1087463#c4
Assignee | ||
Comment 6•10 years ago
|
||
(In reply to Tony Chung [:tchung] from comment #5) > Is this bug a dupe of 1087483? I cannot access bug 1087483. I'm not authorized to access bug #1087483.
Flags: needinfo?(shawnjohnjr) → needinfo?(tchung)
Assignee | ||
Comment 8•10 years ago
|
||
(In reply to Tony Chung [:tchung] from comment #7) > typo. i meant bug 1087463. Not a dupe, but depends on this bug. Because Loop application still needs to call |ConnectSco| function in their application. Loop application needs moz-bluetooth permission to access those Certified only Bluetooth APIs.
Assignee | ||
Comment 9•10 years ago
|
||
Attachment #8513238 -
Flags: feedback?(ptheriault)
Assignee | ||
Updated•10 years ago
|
Attachment #8513238 -
Attachment description: 0001-Bug-1090137-Add-moz-bluetooth-permission-for-THA-Loo.patch → Bug 1090137 - Add moz-bluetooth permission for THA/Loop application
Comment 10•10 years ago
|
||
Comment on attachment 8513238 [details] [diff] [review] Bug 1090137 - Add moz-bluetooth permission for THA/Loop application I would suggest that we create a separate permission for THA. Exposing all of bluetooth to Loop is a bit of a risk, its only one app, and its at least privileged (static & protected by CSP), and we review the source. Since THA apps have a different risk profile, and only need AVRCP, maybe we should probably try to minimise the risk by creating a separate, more restrictive permission for them?
Assignee | ||
Updated•10 years ago
|
Attachment #8513238 -
Attachment is obsolete: true
Attachment #8513238 -
Flags: feedback?(ptheriault)
Assignee | ||
Comment 11•10 years ago
|
||
Assignee | ||
Updated•10 years ago
|
Summary: Add moz-bluetooth permission for THA/Loop application → Add moz-bluetooth permission for Loop application
Assignee | ||
Comment 12•10 years ago
|
||
(In reply to Paul Theriault [:pauljt] from comment #10) > Comment on attachment 8513238 [details] [diff] [review] > Bug 1090137 - Add moz-bluetooth permission for THA/Loop application > > I would suggest that we create a separate permission for THA. Exposing all > of bluetooth to Loop is a bit of a risk, its only one app, and its at least > privileged (static & protected by CSP), and we review the source. > > Since THA apps have a different risk profile, and only need AVRCP, maybe we > should probably try to minimise the risk by creating a separate, more > restrictive permission for them? Paul, thanks for your comments. I think for THA, I probably open another bug. This bug will focus on Loop application.
Assignee | ||
Updated•10 years ago
|
Attachment #8513283 -
Flags: review?(jonas)
Assignee | ||
Updated•10 years ago
|
Hardware: x86_64 → ARM
Comment 13•10 years ago
|
||
Blockign on this given we need it for https://bugzilla.mozilla.org/show_bug.cgi?id=1087463
Updated•10 years ago
|
blocking-b2g: --- → 2.1+
Comment on attachment 8513283 [details] [diff] [review] Bug 1090137 - Add moz-bluetooth permission for Loop application Review of attachment 8513283 [details] [diff] [review]: ----------------------------------------------------------------- This is fine with me, but I think paul should review. I'm also not sure what's involved with getting marketplace to add this permission to the list of permissions that they review for. It seems very unfortunate that Loop needs to access bluetooth in order to get the audio routed correctly. That seems like something we should just do automatically. But that's of course way too late to do for both 2.0 and 2.1.
Attachment #8513283 -
Flags: review?(ptheriault)
Attachment #8513283 -
Flags: review?(jonas)
Attachment #8513283 -
Flags: feedback+
Assignee | ||
Comment 15•10 years ago
|
||
(In reply to Jonas Sicking (:sicking) from comment #14) > Comment on attachment 8513283 [details] [diff] [review] > Bug 1090137 - Add moz-bluetooth permission for Loop application > > Review of attachment 8513283 [details] [diff] [review]: > ----------------------------------------------------------------- > It seems very unfortunate that Loop needs to access bluetooth in order to > get the audio routed correctly. That seems like something we should just do > automatically. But that's of course way too late to do for both 2.0 and 2.1. I opened a bug for long-term solution. See Bug 1091417 in detail.
Assignee | ||
Comment 16•10 years ago
|
||
See Bug 1087463, is it possible to defer BT SCO API to v2.2?
Assignee | ||
Updated•10 years ago
|
Attachment #8513283 -
Flags: review?(ptheriault)
Comment 17•10 years ago
|
||
(In reply to Shawn Huang [:shawnjohnjr] from comment #16) > See Bug 1087463, is it possible to defer BT SCO API to v2.2? I agree, nominating to 2.2
blocking-b2g: 2.1+ → 2.2?
Assignee | ||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Updated•10 years ago
|
blocking-b2g: 2.2? → ---
You need to log in
before you can comment on or make changes to this bug.
Description
•