WebAPI/Security/PermissionsAPI

From MozillaWiki
< WebAPI‎ | Security
Revision as of 23:44, 6 August 2012 by Ladamski (talk | contribs)
Jump to navigation Jump to search

Permission API

References:

Brief purpose of API: Allow an app to manage app permissions in a centralized location

General Use Cases: None

Inherent threats: Change security and privacy permissions, potentially leading to device compromise

Threat severity: Critical

Regular web content (unauthenticated)

Use cases for unauthenticated code:None

Authorization model for normal content: None

Authorization model for installed content: None

Potential mitigations:

Privileged (approved by app store)

Use cases for privileged code: None

Use cases for trusted code: None

Potential mitigations:

Certified (system-critical apps)

Use cases for certified code: Centralized permissions management app; modify per-app settings

Authorization model: Implicit

Potential mitigations: None

Notes

We are not exposing permission settings to non-certified apps. Apps cannot determine their current settings without actually requesting a permission.


Retrieved from "https://wiki.mozilla.org/index.php?title=WebAPI/Security/PermissionsAPI&oldid=458374"