Security/B2G/2014 02 11

From MozillaWiki
< Security‎ | B2G
Jump to: navigation, search

FirefoxOS Security Team Meeting

1pm PST, B2G Vidyo room Prior notes are here:

Agenda Items


  • Goals:
    • Mochitests need to be running on emulators with seccomp enabled
    • Gaia UI Automated tests need to pass at the same rate as a non-seccomp build
    • Daily smoketests should pass at the same rate as a non-seccomp build
    • Have an ability to pref off the feature if something goes horribly wrong
  • Testing progress
    • Buri
      • Smoketests run, mainly passing
      • Gecko Mochitests run? passed: 276, failed: 116, todo: 25
       *** problems with the testrunner, mainly. Still investigating
       - seems like a lot of failed, but need to compare to master
       - noticed a lot variance (testing environment, 
       - e.g. tests will fail because on french network
       - most failures are related to the test runner
      • Gaia-ui-tests? [arroway] I've been running some of them, but it's pretty slow so I'll have complete coverage tomorrow. No seccomp violation at the moment.
    • Emulator?
    • Other devices?
  • Peak & Keon

Use nightly peak & keon

  • [cr] ran a rather huge set of tests around calls, sms, radio, flight mode, sensors, camera, sim card, bluetooth, wifi, hotspot, USB, sd card, alerts, sound volume, music, video
    • all on Keon, partly also on Peak
    • found several bugs, but none triggered by seccomp

[actions] [pt] [arroway] build patched version of buri + marrionette


horrible news are horrible:

  • [kang] seccomp & threading
    • cat /proc/<pid>/task/status
    • ps -t
    • b2g-ps "SEC" (2 = enabled, 0 = disabled)
  • [kang] setuid & bionic & threading


Previous Action Items

New Action Items

Goal Status Updates

Other stuff