Closed
Bug 1095417
Opened 10 years ago
Closed 7 years ago
Secreview for Privileged NFC API
Categories
(mozilla.org :: Security Assurance: Review Request, task)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: allstars.chh, Assigned: arroway)
References
Details
For the next milestone of NFC API we'd like to make some of NFC API privileged. The first stage will be make current NFC-sharing API as privileged, which includes - onpeerready/onpeerlost in MozNFC [1] - MozNFCPeer.webidl [2] - MozNFCPeerEvent.webidl [3] These features are currently used by certified Apps like Gallery, Music, Video and System app since FirefoxOS v2.0. (Browser app has been replaced by System Browser in v2.1) And the way it works please look back to Bug 933136. Basically how it works is System app (or Shrinking UI) will notify the information of the current foreground app to Gecko, then Gecko will dispatch onpeerready to the app. Also we would like to change the permission a little bit. We will merge nfc-read/nfc-write into 'nfc', and make it privilege ALLOWED in Bug 1048676. The reason why to make it privilege ALLOW instead of privileged PROMPTED is because of the usage of NFC. User has to put his phone to a NFC device or tag within 3 ~ 5 cm, which I think already contains some degree of trust from the user. We'd still keep nfc-manager as certified permission, also for some new features still in developement like ontagfound/lost, we will use 'nfc-manager' to protect them for now (Bug 1048676). [1]: http://dxr.mozilla.org/mozilla-central/source/dom/webidl/MozNFC.webidl#89 http://dxr.mozilla.org/mozilla-central/source/dom/webidl/MozNFC.webidl#102 [2]: http://dxr.mozilla.org/mozilla-central/source/dom/webidl/MozNFCPeer.webidl [3]: http://dxr.mozilla.org/mozilla-central/source/dom/webidl/MozNFCPeerEvent.webidl
|
Reporter | |
Updated•10 years ago
|
Flags: sec-review?(ptheriault)
|
|
Reporter | |
Comment 1•10 years ago
|
||
To be updated we change to open the followings to privileged - MozNFC * ontagfound * ontaglost * onpeerfound * onpeerlost - MozNFCTag * readNDEF * writeNDEF * some other attributes. - MozNFCPeer * sendNDEF * some other attributes. - MozNFCTagEvent (will be passed in ontagfound) - MozNFCPeerEvent (will be passed in onpeerfound/onpeerready)
|
|
Reporter | |
Comment 2•10 years ago
|
||
Paul said secure review should NOT block moving NFC API to privileged, but should block next FirefoxOS release.
No longer blocks: b2g-nfc-privilege
|
||
Updated•10 years ago
|
Flags: sec-review?(ptheriault) → sec-review?(stephouillon)
|
|
||
Comment 3•10 years ago
|
||
(In reply to Yoshi Huang[:allstars.chh] from comment #2) > Paul said secure review should NOT block moving NFC API to privileged, but > should block next FirefoxOS release. Yes I did, please go ahead and make the change that need for now. Stephanie can I get you to finish off the review here? The APIs above sound ok to me to be exposed to privileged apps, but we should probably do some testing once the change lands to look for edge cases etc.
|
|
||
Updated•10 years ago
|
Assignee: nobody → stephouillon
|
Assignee | |
Comment 4•10 years ago
|
||
Hi Yoshi, the only question I have is related to the concern raised in bug 1082453 comment 1, about letting the applications handle themselves BT and Wi-Fi. Is it still planned?
Flags: needinfo?(allstars.chh)
|
|
Reporter | |
Comment 5•10 years ago
|
||
(In reply to Stephanie Ouillon [:arroway] from comment #4) > Hi Yoshi, > > the only question I have is related to the concern raised in bug 1082453 > comment 1, about letting the applications handle themselves BT and Wi-Fi. Is > it still planned? Hi Stephanie What NFC API is missing now is the NFC Handover API, i.e. API to exchange the BT/Wifi information. Once the App gets the BT/WIFI information of the other device, the remaining depends on the BT/WiFi API will be privileged or not, or when will they be. On the other hand, if the App just wants to share data, the alternatives for sharing is to use MozActivity, and we might need a new MozActivity to handle 'nfc-share'.
Flags: needinfo?(allstars.chh)
|
|
Assignee | |
Comment 6•10 years ago
|
||
(In reply to Yoshi Huang[:allstars.chh] from comment #5) > What NFC API is missing now is the NFC Handover API, i.e. API to exchange > the BT/Wifi information. Once the App gets the BT/WIFI information of the > other device, the remaining depends on the BT/WiFi API will be privileged or > not, or when will they be. > So, if I understand correctly, in the future, if an app uses this NFC handover API, it would still require the bluetooth or wifi-manage permissions to use the BT/WiFi APIs? The NFC Handover API wouldn't handle transparently the actions for turning on BT/WiFi, connecting to a device, sharing the data, shutting down BT/WiFi, right?
|
|
Reporter | |
Comment 7•10 years ago
|
||
(In reply to Stephanie Ouillon [:arroway] from comment #6) > So, if I understand correctly, in the future, if an app uses this NFC > handover API, it would still require the bluetooth or wifi-manage > permissions to use the BT/WiFi APIs? > The NFC Handover API wouldn't handle transparently the actions for turning > on BT/WiFi, connecting to a device, sharing the data, shutting down BT/WiFi, > right? Yeah, that's the idea.
|
|
Assignee | |
Comment 8•10 years ago
|
||
This sounds ok, I'll do additionnal testing when it lands.
Flags: sec-review?(stephouillon) → sec-review+
|
|
Assignee | |
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•