Bug 1153428 (nsec-isolation)

[META] Tracking bug for Process Isolation implementation of New Security Model

RESOLVED WONTFIX

Status

Firefox OS
General
P1
normal
RESOLVED WONTFIX
3 years ago
a year ago

People

(Reporter: jgong, Assigned: kanru)

Tracking

(Depends on: 1 bug)

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [newsecurity])

User Story

This is a V3 initiative for a New Security Model.  https://wiki.mozilla.org/FirefoxOS/New_security_model

This Meta Bug is for tracking the "Process Isolation" implementation, a sub-component of the bigger New Security Model project. https://wiki.mozilla.org/FirefoxOS/New_security_model#Process_isolation

*****
Process Isolation

In order to ensure that only signed content can access the APIs that it has been signed for, we want to always use separate child processes to run such content.

This means that when a user navigates from an unsigned page to a signed page, that we need to switch which process render the pages. Right now this can only be done by creating a new <iframe mozbrowser>.

However only Gecko knows that a particular URL is signed. Gaia could not simply look at a URL to know if it will return signed content or not. And Gecko only knows that it's signed content once response data starts arriving.

Even if we add some way for gecko to signal to the <iframe mozbrowser> embedder that a new <iframe mozbrowser> needs to be created, this will make going "back"/"forward" between the two very messy.
(Reporter)

Description

3 years ago
This is a V3 initiative for a New Security Model.  https://wiki.mozilla.org/FirefoxOS/New_security_model

This Meta Bug is for tracking the "Process Isolation" implementation, a sub-component of the bigger New Security Model project. https://wiki.mozilla.org/FirefoxOS/New_security_model#Process_isolation
(Reporter)

Updated

3 years ago
User Story: (updated)
No longer depends on: 1153420
Summary: [META] Tracking bug for Signing implementation of New Security Model → [META] Tracking bug for Process Isolation implementation of New Security Model
(Reporter)

Updated

3 years ago
Blocks: 1153432
(Reporter)

Updated

3 years ago
No longer blocks: 1153432
(Reporter)

Updated

3 years ago
Blocks: 1149545
(Reporter)

Updated

3 years ago
Blocks: 1153420
(Reporter)

Updated

3 years ago
Blocks: 1153435
(Reporter)

Updated

3 years ago
No longer blocks: 1153420, 1153422, 1153435
(Reporter)

Updated

3 years ago
Blocks: 1153433
No longer depends on: 1153433
(Reporter)

Updated

3 years ago
Blocks: 1153423
No longer depends on: 1153423
(Reporter)

Updated

3 years ago
Blocks: 1153432
No longer depends on: 1153432
(Reporter)

Updated

3 years ago
Blocks: 1153420
No longer depends on: 1153420
(Reporter)

Updated

3 years ago
Blocks: 1153422
No longer depends on: 1153422
(Reporter)

Updated

3 years ago
Blocks: 1153449
(Reporter)

Updated

3 years ago
Whiteboard: [NewSecurity] → [newsecurity]
(Reporter)

Updated

3 years ago
Priority: -- → P1
(Assignee)

Comment 1

3 years ago
Assign to me for tracking.
Assignee: nobody → kchen
(Assignee)

Updated

3 years ago
Depends on: 1170894
No longer blocks: 1153420
No longer blocks: 1153422
No longer blocks: 1153423
Alias: nsec-isolation
No longer depends on: 1153435
No longer blocks: 1153432
No longer blocks: 1153433
Depends on: 1180085
Depends on: 1180087
Depends on: 1180088
(Assignee)

Updated

2 years ago
Depends on: 1186290
(Assignee)

Updated

2 years ago
Depends on: 1186294
(Assignee)

Updated

2 years ago
Depends on: 1186296
(Assignee)

Updated

2 years ago
Depends on: 1033999
(Assignee)

Updated

2 years ago
Depends on: 1186843
blocking-b2g: --- → 2.5+
blocking-b2g: --- → ---
(Assignee)

Updated

2 years ago
Depends on: 1209662
(Assignee)

Updated

2 years ago
No longer depends on: 1033999

Updated

2 years ago
Depends on: 1214572

Updated

2 years ago
Depends on: 1216443
Component: Security → General
Product: Firefox → Firefox OS
(Reporter)

Updated

a year ago
Status: NEW → RESOLVED
Last Resolved: a year ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.