Closed Bug 848684 Opened 8 years ago Closed 8 years ago

B2G RIL: Permission for ICC

Categories

(Core :: DOM: Device Interfaces, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

()

RESOLVED WONTFIX

People

(Reporter: allstars.chh, Assigned: edgar)

References

Details

From Bug 838092 comment 44 Jonas has mentioned about the security model and the permissions for Read/Write SIM contact. 
(Read will be implemented in Bug 847741 and write will be Bug 847820)

Currently we don't have any particular permission for ICC.
(ICC is inside mozMobileConnection so Web apps need 'mobileconnection' permission to access icc)

This bug is filed to discuss the permissions for icc.

Jonas, do you have any suggestion here?

Should we just use 'icc' as other MobileConnection, SmsManager did, or should we use '(read/write)-icc-contact', as Contact API did?
I think using the "mobileconnection" permission for now is fine. Let's rediscuss if we hear about people wanting to use the icc API but where requesting "mobileconnection" is not appropriate.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
Hi Jonas:

In bug 857414, we plan to separate mozIccManager from mozMobileConnection to have a more clear design. (IccManager will not be inside MobileConnection but in Navigator)

But currently we don't have any particular permission for IccManager. (See comment #0).
we may need a new permission, 'icc', for accessing IccManger.

How do you think? :)
Assignee: nobody → echen
Status: RESOLVED → REOPENED
Resolution: WONTFIX → ---
Depends on: 847741
No longer depends on: 844741
Flags: needinfo?(jonas)
Blocks: 859220
I think it's fine to use the same mobileconnection permission for the iccmanager API.

Though we have gotten quite a few requests for being able to read only very basic information from the similar, such as the operator and country. But the current iccmanager allows reading a lot more info, right? Maybe even writing information?

If so I think we could consider a separate API which is much simpler and safer and has a different permission for just that use case
Flags: needinfo?(jonas)
(In reply to Jonas Sicking (:sicking) from comment #3)
> I think it's fine to use the same mobileconnection permission for the
> iccmanager API.
> 
> Though we have gotten quite a few requests for being able to read only very
> basic information from the similar, such as the operator and country. But
> the current iccmanager allows reading a lot more info, right? Maybe even
> writing information?
Yes, iccManager allows to access icc/sim related information including writing, like icc/sim contact.
And it also allows to perform icc/sim related operation, like SimToolkit.

> 
> If so I think we could consider a separate API which is much simpler and
> safer and has a different permission for just that use case
Since Jonas suggests to use the same 'mobileconnection' permission for iccManager in comment #3. So close this bug as WONFIX. Thanks
Status: REOPENED → RESOLVED
Closed: 8 years ago8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.