Security/Reviews/Mobile/ExposeJNI

From MozillaWiki
Jump to: navigation, search
Please use "Edit with form" above to edit this page.

Item Reviewed

Expose some JNI to js through js-ctypes
Target * SecReview: Mobile - Expose some JNI to js through js-ctypes Full Query
ID Summary Priority Status
787271 Expose some JNI to js through js-ctypes -- RESOLVED
813985 SecReview: Mobile - Expose some JNI to js through js-ctypes -- RESOLVED

2 Total; 0 Open (0%); 2 Resolved (100%); 0 Verified (0%);

The given value "* SecReview: Mobile - Expose some JNI to js through js-ctypes Full Query
ID Summary Priority Status
787271 Expose some JNI to js through js-ctypes -- RESOLVED
813985 SecReview: Mobile - Expose some JNI to js through js-ctypes -- RESOLVED

2 Total; 0 Open (0%); 2 Resolved (100%); 0 Verified (0%);

" contains strip markers and therefore it cannot be parsed sufficiently.

Introduce the Feature

Goal of Feature, what is trying to be achieved (problem solved, use cases, etc)

  • allow the call of Java methods or objects via extensions
    • can't do anything that fennec can't do

What solutions/approaches were considered other than the proposed solution?

Why was this solution chosen?

`

Any security threats already considered in the design and why?

  • same subset as in desktop
    • addons have a great deal of power as they have the same rights as the browser

Threat Brainstorming

  • Malicious addons using this API
  • What if an addon exposes some API to content. And content causes a buffer overflow (eg) in this API. Could that give content access to chrome via bugs in ctypes?
  • Property "SecReview feature goal" (as page type) with input value "* allow the call of Java methods or objects via extensions
      • can't do anything that fennec can't do" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
      • Property "SecReview alt solutions" (as page type) with input value "* could have implemented in pure JS
    • https://github.com/cscott/skeleton-addon-fxandroid/blob/jni/jni.jsm
      • does not use native parts" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
      • Property "SecReview threats considered" (as page type) with input value "* same subset as in desktop
      • addons have a great deal of power as they have the same rights as the browser" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.
      • Property "SecReview threat brainstorming" (as page type) with input value "* Malicious addons using this API
    • What if an addon exposes some API to content. And content causes a buffer overflow (eg) in this API. Could that give content access to chrome via bugs in ctypes?" contains invalid characters or is incomplete and therefore can cause unexpected results during a query or annotation process.

Action Items

Action Item Status None
Release Target `
Action Items
*dchan: Find out if we have metrics about non-AMO installed addons on Fennec
    • File a bug to create pref. for non AMO addons in Fennec
  • SA-TBD: Has ctypes been reviewed? Fuzzed?
Full Query
ID Summary Priority Status
816289 Create about:config pref for allowing non-AMO addon installs -- RESOLVED
816360 Fuzzing: ctypes (mobile/desktop) -- NEW

2 Total; 1 Open (50%); 1 Resolved (50%); 0 Verified (0%);

The given value "*dchan: Find out if we have metrics about non-AMO installed addons on Fennec
    • File a bug to create pref. for non AMO addons in Fennec
  • SA-TBD: Has ctypes been reviewed? Fuzzed?
Full Query
ID Summary Priority Status
816289 Create about:config pref for allowing non-AMO addon installs -- RESOLVED
816360 Fuzzing: ctypes (mobile/desktop) -- NEW

2 Total; 1 Open (50%); 1 Resolved (50%); 0 Verified (0%);

" contains strip markers and therefore it cannot be parsed sufficiently.