= Other =This section contains questions, sections and comments whose purpose has not been made clear, and open issues.==== Kernel permissions manager ==== {lkcl.15mar12.2223hrs - it's not clear to me what this section refers to: a userspace application that interacts with the user to help them select the level of access that they wish to grant to a particular application, or to the actual kernel-side implementation that enforces the permissions, or a developer "assistance" suite of software which helps the developer to create the permission set that's to be associated with the application when it's installed}* separate process that controls access to permissions* responsible for*# query permissions, true/false if permissions X is granted*#* support for prompting user in event permission isn't granted*# add / remove permissions*# audit permissions*# support observers for permission change* permissions requested are based on "uri signatures"** to be determined what the signature is{: domain, partial url, other?* permissions representation** type - usb, web, radio, etc** uri signature** value** source - user, manifest, system** expiration type - never, time-based, session, other?** expiration time** allow message - for UI Apps/ prompting user ** deny message* app obtains permission by querying Security/ asking central process* OS support required for properly constructing signature, app should not be able to influence this** there needs to be a unique identifier than an app can't spoof* permissions requests can be cached** cache needs to be invalidated on permission change=== Other (topics that don't fall into above proposals) ===* Last updated March 14, 2012* SSL should be used for content delivery** can provide authentication for client-store communication*** complicated compared to code signing since each mirror will either need same key or store/app needs to know each valid mirror** provides end-to-end security** does not address concerns of a malicious app* W^X / NX for WebApps* should the JS "eval" function have a permission added to it?* bypassing the official package system speeds up app development** at the risk of destabilising a system!** should still be allowed though (with caveat that warranty just got voided)** concept of /usr/local and /usr should be mirrored in B2G with e.g. /usr/gaia/apps and /usr/local/gaia/apps* self-host discussion http://groups.google.com/group/mozilla.dev.b2g/msg/b079d34ccdec0f85** The scenario is that we have an untrusted store attempting to sell an app which is hosted on a trusted store, how is this solved?== Open questions ==# What happens when a WebApp is revoked?#* removed from store?#* removed from user device?#* refund?# What is the identifier used when a WebApp is revoked?#* origin (scheme + host + port)#* certificate / hash embed inside WebApp manifest# Should eval() and similar functions be considered sensitive APIs / restricted?#* Adobe AIR restricts eval() in the application sandbox [http://help.adobe.com/en_US/air/html/security/WS485a42d56cd1964150c3d3a8124ef1cbd62-7ffe.html (docs)]# Should self-signed certificates be allowed?# What would be signed?#* CSS#* scripts#* content#* other}}
