FirefoxOS/New security model/2.5 Status

From MozillaWiki
Jump to: navigation, search


  • Usable developer prototype is landed.
  • Developers can create and host signed packages which can be navigated to in the browser.
  • Signed packages can request any permission and packages are loaded properly in isolated child process
  • Known limitations:
    • Some APIs depend on existing App infrastructure and need to be refactored
    • No support for “Pinning” signed packages
  • Still landing bug fixes as possible (but prioritising 2.5 blockers instead)

Detailed Status

For 2.5 the following is supported:

  • Signed package support can be enabled by a preference
  • Tool available for developers to package and sign their own content
  • Signed packages are able to use certified & priviliged APIs (some limitations, see below)
  • Signed packages are hosted on a web server and navigated to in the browser
  • Signed packages load in isolated content processes (i.e. transparent process switching)
  • Packages will update (inline with normal HTTP semantics)
  • Signed packages are granted an isolated data jar (however web content that signed packages load is in the regular web cookie jar)

Not available in 2.5:

  • The ability to "pin" signed packages and actions that depend on pinning:
    • http cache pinning of packages (i.e. packages currently follow normal web semantics, not available offline unless http cached)
    • Registration of web activities & system messages
  • Service worker support
  • Known issues with some APIs which depend on existing app concepts (notably system messages are not yet supported)
  • Process switching away from signed packages isn’t working yet (only switching _to_ the package)

Key "blocking" bugs: (none really block since nsec is not blocking 2.5, but these are priority to get landed to improve dev experience)

  • bug 1180088 - fixing an app permission which prevent some permissions being available to signed packages
  • bug 1178526 - important to ensure the segregation between the signed packages, and the web server they are hosted on
  • bug 1178448 - allows devs to sign packages with their own certificates (rather than bypassing signature checks)