enumerateDevices provides label of device without proper permission

RESOLVED INVALID

Status

()

Core
WebRTC
RESOLVED INVALID
2 months ago
2 months ago

People

(Reporter: Jun, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

2 months ago
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36

Steps to reproduce:

1. Make sure you have audio input and video input devices (Microphone and webcam)
2. Go to https://test.shhnjk.com/audio.html
3. Allow access to Microphone


Actual results:

enumerateDevices() provides Label of audio input device as well as video input device.


Expected results:

Step 2.6.2 of "When the enumerateDevices() method is called" (https://www.w3.org/TR/mediacapture-streams/#dom-mediadevices-enumeratedevices) says:

"If list-permission is not "granted", let filteredList be a copy of resultList, and all its elements, where the label member is the empty string."

Label should only be passed for devices which permission was granted. But Firefox passed all Labels if any of permission is granted.
(Reporter)

Comment 1

2 months ago
Hmm, I'm confused. https://www.w3.org/TR/mediacapture-streams/#privacy-and-security-considerations says:

"When authorization to any media device is given, application developers gain access to the labels of all available media capture devices."

Not sure if I'm right or wrong.

Comment 2

2 months ago
:jib, can you help triage this further? Thanks!
Group: firefox-core-security → core-security
Component: Untriaged → WebRTC
Flags: needinfo?(jib)
Product: Firefox → Core
Comment 1 is correct.

The language around "device-info" in https://www.w3.org/TR/permissions/#dom-permissionname-device-info is confusing. It mentions "deviceId" which links back to mediacapture-main.

But "deviceId" is confusingly also a permission descriptor in the permissions spec. But in mediacapture step 2.6.2 which you mention in comment 0, we pass in no deviceId descriptor, which means "If the descriptor does not have a deviceId, its semantic is that it queries for access to all devices of that class."

But "class" here is meaningless since "device-info" as a permission is a sibling of both "camera" and "microphone", and applies to all devices with info (both camera and microphone).

Hope that makes sense.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 months ago
Flags: needinfo?(jib)
Resolution: --- → INVALID
Even if that doesn't make sense, I'm positive the mediacapture WG intended for it to apply to both camera and mic.
Group: core-security
You need to log in before you can comment on or make changes to this bug.