Closed Bug 756729 (privileged-apps) Opened 9 years ago Closed 8 years ago
Implement privileged apps
Here's the various pieces we need for this. We should probably do most of the work in dependent bugs in order to keep this bug more sane For developer-only signing we need: * Receive the app-developer's public-key from the app-store at installation time. * Read signatures from the appcache manifest for each loaded resource and verify them against the stored public-key For store-signing (needed in order to implement the ability for a store to review the source of an app) we need: * Receive a signature for all resources from the app-store at installation time. (We could do this by getting a signature from the store for the appcache manifest, and then get signatures from the manifest for the individual resources from the appcache manifest) * Receive an updated signature from the store when a appcache update is detected. IMHO we should add both the above capabilities. Either way we'll also need: * Flag all nsIPrincipals for a page loaded as part of a secure app. This needs to be done such that a is-same-origin check with a nsIPrincipal which does not have this flag returns false. * Ensure that a "minimal CSP policy" is used when loading the signed resources. We still need to figure out what that minimal CSP policy will be. * Add the ability to create CSP policies which says to only allow loading of signed resources. Possibly this means introducing a 'self'-like keyword. Or change the meaning of 'self' to mean only items from the same signed app. * Make sure that the "cookie jar" used for a signed facebook.com app is different from the "cookie jar" used by unsigned facebook.com pages opened in an <iframe> inside the facebook.com app. I.e. the signed-ness should be part of the key.
This bug should start out with a peer reviewed spec that we can all agree is what we're doing so we don't miss our target later. Is there an existing one already?
https://wiki.mozilla.org/Apps/Security is that spec, though its due for an update from the results of the work week.
https://wiki.mozilla.org/Apps/Security is the spec for now, and I need to update a few things.
9 years ago
Depends on: 768029
Depends on: 769568
Depends on: 772363
Depends on: 772364
Depends on: sign-packaged-apps
Depends on: 768862
Depends on: 758269
Not blocking on metabug, Jonas is marking the dependents.
blocking-basecamp: ? → -
Alias: trusted-apps → privileged-apps
Depends on: 790558
Summary: Implement trusted apps → Implement privileged apps
9 years ago
No longer blocks: 749372
Closing - we've finished to work here for v1. For post v1 work, watch bug 863032.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in before you can comment on or make changes to this bug.