FirefoxOS/New security model/Removing certified apps

Removing certified apps as an app type comes with a number of issues that need to be addressed.

APIs that have to run in system app/parent process

Some APIs only work in the system app (e.g. embed-apps, or APIs that must run in the parent process).

Options:

• Ensure that we never grant these permissions in Marketplace
  • how will this work with 3rd party marketplaces?)
• Are there any APIs which MUST run in the parent any more?
  • anything that depends on nested child processes?

APIs that are restricted to App type rather than a permission

Many APIs & functions are restricted to certified apps only (check is based on based on app type of a principal, not the associated permissions).

This includes (not complete list):

• DOM APIs guarded by [AvailableIn=CertifiedApps] in WebIDL (with no permission check)
  • Inter-app communication API
  • Datastores API
  • navigator.mozResendAllNotifications

Certified apps was a way to implement APIs without exposing to 3rd parties

• Certified provides a level for Mozilla to experiment with APIs without 3rd party content relying on them
• Going forward we would need to add permission checks for these features instead of App type check
• Same applies to vendor modifications (but ideally vendors should use engineering-mode permission to restrict any vendor APIs)