Closed
Bug 841196
Opened 12 years ago
Closed 7 years ago
Applications should stop using settings permission to just get locale info
Categories
(Firefox OS Graveyard :: General, defect)
Firefox OS Graveyard
General
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: st3fan, Unassigned)
References
Details
This is related to https://bugzilla.mozilla.org/show_bug.cgi?id=841071 It seems the only reason that many of the built-in applications need the "settings" permissions it to access language.current to find the current locale. This is done in gaia/shared/js/l10n.js and depending on that module implicitely means that the "settings":{"readonly"} is required. Because access to the settings is an all-or-nothing deal, this has big security implications. Specially since sensitive info is stored in the settings. I am filing this bug to find out if it is possible to use the locale info from navigator.language instead. This is a public property for which no special permission is needed. If navigator.language is usable then I think many of the built-in apps can drop the settings permission requirement. This can be a solution for both certified and privileged applications. This can also possibly be a much simpler solution than a complete redesign of the Settings API as discussed in bug 841071. (Although I think a 'tiered' model would still be very appropriate there) (I was not sure where to file this so I have moved it to General. Please move if needed.)
Comment 1•12 years ago
|
||
Stefan - Do you think this is worth tracking for v1? Important enough to stop ship?
The reason apps aren't using navigator.language is that there's no way of detecting when it changes other than constantly polling. So we need bug 780953 fixed in order to make navigator.language a good alternative.
Depends on: 780953
Updated•12 years ago
|
OS: Mac OS X → All
Hardware: x86 → All
Updated•11 years ago
|
Blocks: b2gsecurity
Updated•11 years ago
|
Comment 3•7 years ago
|
||
FxOS no longer in codebase. Marking INVALID.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•