Closed Bug 763052 Opened 12 years ago Closed 12 years ago

Add logic to detect new sensitive permissions for re-review

Categories

(Marketplace Graveyard :: Reviewer Tools, defect, P4)

Product:
Marketplace Graveyard
Component:
Reviewer Tools
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: robhudson, Unassigned)

References

Details

Detect new sensitive permissions and place in re-review queue.
Depends on: 753375
Blocks: 752013
Blocks: 741513
Matching priority of blocking bug
No longer blocks: 752013
Priority: P1 → P4
Is this bug still valid?  Only packaged apps will have sensitive permissions (right?) and each version will be reviewed anyway rather than being selectively flagged in the re-review queue.

(please reopen if this isn't the case)
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
What happens if a hosted (manifest) app starts asking for new permissions?
(In reply to Chris Van Wiemeersch [:cvan] from comment #3)
> What happens if a hosted (manifest) app starts asking for new permissions?

from what I understand hosted apps can't get sensitive permissions:
https://wiki.mozilla.org/Apps/Security#Open_Web_Apps_Security_and_Privacy_Model
(disclaimer: I only skim-read that page :) )
(In reply to Andrew Williamson [:eviljeff] from comment #4)
> (In reply to Chris Van Wiemeersch [:cvan] from comment #3)
> > What happens if a hosted (manifest) app starts asking for new permissions?
> 
> from what I understand hosted apps can't get sensitive permissions:
> https://wiki.mozilla.org/Apps/
> Security#Open_Web_Apps_Security_and_Privacy_Model
> (disclaimer: I only skim-read that page :) )

Yeah I understand they don't receive sensitive permissions but it's unclear to me what happens if an app requests them. I assume we fail silently? I don't know?
(In reply to Chris Van Wiemeersch [:cvan] from comment #5)
> (In reply to Andrew Williamson [:eviljeff] from comment #4)
> > (In reply to Chris Van Wiemeersch [:cvan] from comment #3)
> > > What happens if a hosted (manifest) app starts asking for new permissions?
> > 
> > from what I understand hosted apps can't get sensitive permissions:
> > https://wiki.mozilla.org/Apps/
> > Security#Open_Web_Apps_Security_and_Privacy_Model
> > (disclaimer: I only skim-read that page :) )
> 
> Yeah I understand they don't receive sensitive permissions but it's unclear
> to me what happens if an app requests them. I assume we fail silently? I
> don't know?

I'd expect it to be ignored, yeah.
You need to log in before you can comment on or make changes to this bug.