WebAPI/Security/PermissionsAPI

From MozillaWiki
< WebAPI‎ | Security
Revision as of 03:57, 19 June 2012 by Ptheriault (talk | contribs) (Created page with "== Permission API== Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=707625 <br> Brief purpose of API: Allow an app to manage app permissions in a centralized location <b...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Permission API

Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=707625
Brief purpose of API: Allow an app to manage app permissions in a centralized location
General Use Cases: None
Inherent threats: Change security and privacy permissions, potentially leading to device compromise
Threat severity: Critical

Regular web content (unauthenticated)

  • Use cases for unauthenticated code:None
  • Authorization model for normal content: None
  • Authorization model for installed content: None
  • Potential mitigations:

Trusted (authenticated by publisher)

  • Use cases for authenticated code: None
  • Use cases for trusted code: None
  • Potential mitigations:

Certified (vouched for by trusted 3rd party)

  • Use cases for certified code: Centralized permissions management app; modify per-app settings
  • Authorization model: Implicit
  • Potential mitigations: None

Note: We are not exposing permission settings to non-certified apps. Apps cannot determine their current settings without actually requesting a permission.

Retrieved from "https://wiki.mozilla.org/index.php?title=WebAPI/Security/PermissionsAPI&oldid=442663"