Closed Bug 841196 Opened 7 years ago Closed 2 years ago

Applications should stop using settings permission to just get locale info

Categories

(Firefox OS Graveyard :: General, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED INVALID

People

(Reporter: st3fan, Unassigned)

References

Details

This is related to https://bugzilla.mozilla.org/show_bug.cgi?id=841071

It seems the only reason that many of the built-in applications need the "settings" permissions it to access language.current to find the current locale.

This is done in gaia/shared/js/l10n.js and depending on that module implicitely means that the "settings":{"readonly"} is required.

Because access to the settings is an all-or-nothing deal, this has big security implications. Specially since sensitive info is stored in the settings.

I am filing this bug to find out if it is possible to use the locale info from navigator.language instead. This is a public property for which no special permission is needed.

If navigator.language is usable then I think many of the built-in apps can drop the settings permission requirement.

This can be a solution for both certified and privileged applications.

This can also possibly be a much simpler solution than a complete redesign of the Settings API as discussed in bug 841071. (Although I think a 'tiered' model would still be very appropriate there)

(I was not sure where to file this so I have moved it to General. Please move if needed.)
Stefan - Do you think this is worth tracking for v1? Important enough to stop ship?
The reason apps aren't using navigator.language is that there's no way of detecting when it changes other than constantly polling. So we need bug 780953 fixed in order to make navigator.language a good alternative.
Depends on: 780953
OS: Mac OS X → All
Hardware: x86 → All
Blocks: 754747
FxOS no longer in codebase. Marking INVALID.
Status: NEW → RESOLVED
Closed: 2 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.