Plugins:UseCases

From MozillaWiki
Jump to: navigation, search

Plugin Use Cases

This page attempts to document the various use cases plugins currently support, from an API perspective.  The goal is to develop a set of requirements around what Plugins:PlatformIndependentNPAPI could support directly, esp. in a sandboxed environment.

Plugins can implement a wide range of functionality not always available directly to web content.  Some plugins simply extend a given page, and as such could be considered directly extending existing web-APIs (i.e. web conferencing, media players, device sync, Google gears, etc). 

Others implement an entire parallel application platform (Flash Player, Java, Silverlight) which include their own runtimes and enforce their own security model upon the content running within.

Especially in the latter case, it's important to capture the security model or mitigation that the plugin places upon content when it attempts to access those APIs.

Please note that the "APIs Required" column reflects the current APIs that plugins use or need to support this use case.  In some cases, Pepper may be able to support them directly instead.

Network Use Cases

Network-related use cases
Use Case APIs Required Plugin(s) Affected Security Mitigations
HTTP and other schemes Access to browser network APIs
Some use the network stack directly. 		All?  ? Do plugins ever rely on browsers to enforce same-origin for their network requests?  Seems that plugins generally implement their own same origin policy, combined with cross-domain security checks, instead.

Silverlight and Java support the concept of trusted content, which can override most security restrictions, including same-origin, port and protocol.
Raw TCP sockets Access to network APIs

Flash Player
Java
Silverlight

Depends on plugin;
Flash Player relies on own socket policy file spec *

Java allows same-origin socket connections or to anywhere if applet is signed & trusted. *

Silverlight relies on own socket policy file spec *

UDP Client-Server Streaming
 Access to network APIs

All media players, inc. Windows Media Player
Quicktime
RealPlayer
Flash Player
Silverlight
Java

Media players rely on media-specific protocol implementations?

Java requires applet to be signed and trusted.

UDP Multicast
 Access to network APIs
 Java
Silverlight
  ? Requires trust, or Silverlight also supports multicast policies *
P2P
 Access to network APIs
Firewall negotiation?
 Flash Player for P2P media and data

Octoshape for P2P Media

Torrent Plugins
 Flash Player implements user dialog?  Other mitigations unknown.

Device Use Cases

Device-related use cases
Use Case APIs Required Plugin(s) Affected Security Mitigations
Camera & Microphone Access to devices
 Flash Player
WebEX
 User prompt?
Printing
 Access to OS printing APIs
 Flash Player
Silverlight
Java
Acrobat Reader

 User interaction?
MP3 player integration
 Discover devices
Communicate with device
 Media players?
  ?  Not accessible via content?
GPS integration
 Get location
Update GPS maps and firmware
 Garmin
  ?
3D accelerated graphics
 Access to OS 3D APIs / OpenGL
 Flash Player
Silverlight
?

 Device drivers may not be hardened against untrusted callers.  In particular concern around shaders.

Filesystem Use Cases

Filesystem use cases
Use Case APIs Required Plugin(s) Affected Security Mitigations
File upload/download
 Ability to prompt user to select one or more files for upload
Ability to prompt user for download destination
Customize dialog to explain workflow or for specific filetypes (i.e. image preview)
Ability to read/write arbitrary files on disk.

Silverlight
Flash Player
Java
Various file downloaders.

User prompt?
Data / file persistence
 Virtualized ability to persist data for some period of time.  Preferably integrated with browser's settings.
 Most?
 Security dialogs
Quotas
Expiration
User prefs
Search filesystem for specific types of files (say all MP3 files)
 Filesystem API
  ?
  ?
Ability to read/write specific files in a specific location
 Filesystem API
 Crypto plugins in Korea need to access a specific directory in root
  ?

Not directly accessible via content.

OS Integration Use Cases

OS integration use cases
Use Case APIs Required Plugin(s) Affected Security Mitigations
Implement update mechanism
 Access to register, ability to install files or launch executables.

Java
Flash Player

 If this happens during plugin install via external installer, then it may not be a browser issue at all.
Settings persistance and sharing with desktop applications
 Registry / preference access
 Most?
 Not accessible via content.
Communicate with local desktop applications or services
 Shared memory or local sockets
  ?
 Not accessible via content.
Native dialogs
  ?
  ?
 Risk of phishing if accessible from content.

Browser Integration Use Cases

Browser integration use cases
Use Case APIs Required Plugin(s) Affected Security Mitigations
Sync privacy and security settings
 Browser APIs to query current settings
Event handlers to be notified of setting / state changes

Java
Flash Player
Silverlight

 State of settings not directly available to content, though may be guessable.
Participate in redirects
 Notification of all redirects
 Most
 Plugins need to be aware of all redirects so they can enforce origin restrictions.

Register handler for mimetypes / filetypes
  ?
 Runtime and media plugins
 Not accessible via content.
Retrieved from "https://wiki.mozilla.org/index.php?title=Plugins:UseCases&oldid=222383"