Closed Bug 751050 Opened 10 years ago Closed 6 years ago

Secreview: B2G RIL


( :: Security Assurance, task, P4)



(Not tracked)

B2G C2 (20nov-10dec)


(Reporter: pauljt, Assigned: pauljt)




(Whiteboard: [LOE:M])

B2G RIL includes anything that touches RIL (SMS web telephony 3g data etc).
This bug is for tracking the security review of this feature.
Assignee: nobody → ptheriault
Blocks: b2g-ril
No longer depends on: b2g-ril
Priority: -- → P2
blocking-basecamp: --- → +
blocking-kilimanjaro: --- → +
I am going to unblock on this because this clutters the list of engineering bugs to work on. We should never the less obviously finish this work asap, and block on any mandatory follow-up items that come out of it. Please renom if you disagree with this rationale.
blocking-basecamp: + → ---
blocking-kilimanjaro: + → ---
Per conversation with :gal putting the flags back, we need to make sure this work is done before ship.
blocking-basecamp: --- → +
blocking-kilimanjaro: --- → +
Please make sure you complete this work within the remaining time window, which is very short.
Whiteboard: [pending secreview][start mm/dd/yyyy][target mm/dd/yyyy] → [LOE:M]
Note: reviewing this at the moment to determine what exactly we want to achieve with this review.
Some initial thoughts on this review:

AFAIK, there are three layers to RIL communications

- The gecko glue which talks to ril_proxy 
- ril_proxy, basically just passes messages between gecko and rild
- rild, talks to the modem

From what I gather rild (and maybe ril_proxy?) may vary on differing devices. So I think this review should focus on the code that is in mozilla-central (which is the dependent bug), which is mainly:

Actually we probably want to look at everything in dom/system/gonk directory.

Note that there are some mitigations to any security issues in this code:
- RIL code is not directly exposed to apps or web content
- RIL code is only exposed through APIs which require permissions only available to certified apps (e.g. navigator.mozTelephony, navigator.mozSMS navigator.mozMobileConnection)
Milestoning for C2 (deadline of 12/10), as this meets the criteria of "known bugs with LOE:M". We'll want to have this work done to be able to react to fallout in C3.
Target Milestone: --- → B2G C2 (20nov-10dec)
No updates since October. Also, the reference RIL will be replaced by the chipset manufacturer's RIL in production phones.

Does this need to block?

Paul, do you have any updates or input here?
Given mitigations noted above, ie,  this is not directly exposed to web content, I dont think this needs to block - this is the main reason why I havent priorisited this over the other outstanding security reviews.
blocking-basecamp: + → ---
blocking-kilimanjaro: + → ---
Permission check verified as part of 777602. Time permitting it would be good to do a more in-depth analysis of RIL functionality exposed through the various telephony APIs. But this isn't a priority I don't think.
Priority: P2 → P4
Closed: 6 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.