942163 - WebNFC: Security problem: Content process does not have `nfc-write'. It will be killed.

Status: RESOLVED DUPLICATE of bug 948850

(Firefox OS Graveyard :: NFC, defect)

Description

[Christoph Diehl [:posidron]]

Attachment: testcase

I/Gecko   (  178): Security problem: Content process does not have `nfc-write'.  It will be killed.
I/Gecko   (  178):
I/Gecko   (  178): ###!!! [Parent][MessageChannel] Error: Channel error: cannot send/recv

Not sure about whether this is actually a security problem or caused by not yet implemented functionality.

Tested with https://github.com/svic/B2G

Comment 1

[Garner Lee]

Currently, that's expected behavior (mainly developers would find this problem, and likely hit it soon in development), unless there's a failover mechanism/best practices established to a UI for the user (Force Kill: This application has insufficient permissions to use the following permission [%s], and has been killed."

The fix is of course, update the manifest if intended, or find out who's injecting javascript into the local webapp...

Comment 2

[Andrew McCreight [:mccr8]]

Can we unhide this, if we're just failing a permission check?

Comment 3

[Daniel Veditz [:dveditz]]

The parent killing a misbehaving child sounds fine (of course the child bug would need to be fixed if it weren't a test app), but if I'm understanding him correctly Christoph says this appears to also be killing the b2g parent process and requires rebooting the device.

Comment 4

[Garner Lee]

From what I have seen in the past, only the app gets killed, and not the B2G parent itself (the homescreen shows up), which I think makes perfect sense.

If the app somehow segfaults, I expect the parent B2G process to remain untouched, and still alive in the same manner.

Comment 5

[Yoshi Cheng-Hao Huang [:allstars.chh][:allstarschh][:yoshi]]

The crash should be from setting onpeerready callbacks, which I already fixed in Bug 948850.