Closed Bug 1111961 Opened 10 years ago Closed 10 years ago

Developer mode support

Categories

(Firefox OS Graveyard :: General, defect, P1)

Product:
Firefox OS Graveyard
Component:
General
Type:
defect

Tracking

(firefox40 fixed)

Status:
RESOLVED FIXED
Milestone:
2.2 S10 (17apr)
Tracking Flags:
Tracking Status
firefox40 --- fixed

People

(Reporter: fabrice, Assigned: fabrice)

References

Details

(Whiteboard: [spark])

Attachments

(2 files, 1 obsolete file)

Gaia patch - Add developer mode option in settings
83 bytes, text/plain
Details
dev-mode.patch
11.34 KB, patch
ferjm
: review+
pauljt
: review+
Details | Diff | Splinter Review
Attached patch dev-mode.patch (obsolete) — Splinter Review
Let's relax a bit the security model constraints.
Instead of encouraging people to write apps that wouldn't work on production device, shouldn't we just allow sideloading certified apps?? The security story is already quite complex to explain regarding devtools to not introduce yet another developer workflow :s Note that I'm not really about opening constraints. I'm fine making bug 1100964 even easier to enable! Why would sideloading certified apps be any different from enable certified permissions for any app? I wish we could end up with just one "make my phone hackable" toggle.
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
For tracking, here is the patch that enables this from settings, using a simple prompt. We are defaulting this to true for eng builds on the lightsaber branch: https://github.com/mozilla-b2g/gaia/commit/587febfa24014acbcf5119349b9a82792b68b2c2
Blocks: cypress
No longer blocks: spark
I'm reopening this since we need it in some form on m-c.
Status: RESOLVED → REOPENED
Priority: -- → P1
Resolution: FIXED → ---
Whiteboard: [lightsaber]
Attached patch dev-mode.patchSplinter Review
I didn't add the setting back. It's dangerous enough to only let that be turned on from WebIDE I think.
Attachment #8536959 - Attachment is obsolete: true
Attachment #8590043 - Flags: review?(ferjmoreno)
Comment on attachment 8590043 [details] [diff] [review] dev-mode.patch Review of attachment 8590043 [details] [diff] [review]: ----------------------------------------------------------------- The code change looks good to me, but I'd prefer to get approval from Paul before landing this change. ::: dom/apps/PermissionsInstaller.jsm @@ +178,5 @@ > } > } > catch (ex) { > + dump("Caught webapps install permissions error for " + aApp.origin + > + " : " + ex + "\n"); nit: indention
Attachment #8590043 - Flags: review?(ptheriault)
Attachment #8590043 - Flags: review?(ferjmoreno)
Attachment #8590043 - Flags: review+
So I'm a little unclear exactly what developer mode allows. From reviewing the code it looks like that it just relaxes the restrictions for importing and installing apps. Namely that: - apps can have any role (including the reserved 'system' role) - certified apps can be installed & "imported" (importexport.jsm) - there's no restrictions on app types (i.e. hosted apps can be certified or privilegd) - unsigned langpacks are allowed So on face value I'm OK-ish with this, given that you can sideload certified apps anyways. The most worrying part for me is the foot-gun we add here for regular users - I assume this is post-2.2 but we probably want to think about how we protect this on production devices. Comment 7 (ie don't have a setting for this, make it toggle-able by WebIDE only) sounds like a good control to me though, and make sure we warn the developers in WebIDE about the risk of flipping this mode.
Attachment #8590043 - Flags: review?(ptheriault) → review+
https://hg.mozilla.org/mozilla-central/rev/56aa2a5662eb
Status: REOPENED → RESOLVED
Closed: 10 years ago10 years ago
status-firefox40: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 2.2 S10 (17apr)
Depends on: 1155245
Whiteboard: [lightsaber] → [spark]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: