Closed Bug 764204 Opened 12 years ago Closed 12 years ago

Need to extend nsIPrincipal to recognize apps

Categories

(Core :: General, defect)

Product:
Core
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 758258
Project Flags:
blocking-basecamp +

People

(Reporter: ladamski, Assigned: mounir)

References

Details

We need to be able to differentiate privileged application assets from non-application assets that may be hosted on the same domain, or (in the future) different apps coming from the same origin.
Blocks: 764201
Blocks: basecamp-security
No longer blocks: 764201
Summary: Need to extend NSIPrincipal to recognize apps → Need to extend nsIPrincipal to recognize apps
Product: Boot2Gecko → Core
QA Contact: general → general
Mounir is going to work on this.
Assignee: nobody → mounir
blocking-basecamp: --- → ?
What is that bug for? Is it to make sure applications have different privileges/data/whatever or do we want to use that to differenciate trusted, certified and untrusted apps?

We already have plans for the former but AFAIK, there are no plans for the later and we might need to define something.
(In reply to Mounir Lamouri (:mounir) from comment #2)
> What is that bug for? Is it to make sure applications have different
> privileges/data/whatever or do we want to use that to differenciate trusted,
> certified and untrusted apps?

I was interpreting it as being for the former.
In that case, I believe this can be marked as a duplicate of bug 758258. However, we probably want to define how we would differentiate untrusted/trusted/certified apps because with jar identifiers, we will have no way to get that information.
Lucas, should we change this bug?
I think we need to be able to do both, but it depends on how we implement privileges.  The camera privilege means something very different for an untrusted vs trusted vs certified app.  If we simply say an app has "camera" privilege then we can't determine the correct experience at runtime.  We may also apply other things based upon app type like a specific CSP policy.  Maybe the best solution would be to keep a reference to the app manifest.  Is that stored in memory after load?
Blocks: 768029
My thought on privileges/permissions is that permissions for the various flavors of apps gets set when the manifest gets installed and parsed (nsIPermissionManager is getting a "SetDefaultPermissions" that takes the app type along with the list of permissions and origin/whatever is used to indicate an app).  After that I don't believe that the permission manager needs to know what type of app it is.  So bug 758258 may be sufficient for the permissions.
Depends on: 769280
Blocks: 758652
No longer blocks: basecamp-security
No longer depends on: 769280
For the moment, the plan is to use bug 758258 to do this. Marking as DUPLICATE. Will re-open if the plan changes.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → DUPLICATE
blocking-basecamp: ? → +
You need to log in before you can comment on or make changes to this bug.