WebAPI/Security/FMRadioAPI: Difference between revisions

Jump to navigation Jump to search

WebAPI/Security/FMRadioAPI (view source)

Revision as of 14:10, 24 September 2012

53 bytes added ,  24 September 2012
no edit summary
mNo edit summary
No edit summary
Line 1: Line 1:
==WebFM API==
==WebFM API==
References:
*https://bugzilla.mozilla.org/show_bug.cgi?id=749053
*https://groups.google.com/d/topic/mozilla.dev.webapi/PraULCQntqA/discussion
Brief purpose of API: FM radio feature.
Brief purpose of API: FM radio feature.


Line 15: Line 10:
Multiple apps/pages can try to modify radio settings at the same time with the most recent action taking effect.  Turning on the radio causes the audio stream to be played - there is no access to the stream data
Multiple apps/pages can try to modify radio settings at the same time with the most recent action taking effect.  Turning on the radio causes the audio stream to be played - there is no access to the stream data


== Regular web content (unauthenticated) ==
References:
Use cases for unauthenticated code: radio app/web page
*https://bugzilla.mozilla.org/show_bug.cgi?id=749053
 
*https://groups.google.com/d/topic/mozilla.dev.webapi/PraULCQntqA/discussion
Authorization model for normal content: Explicit
=== Permissions Table===
 
Authorization model for installed content: Implicit
 
Potential mitigations: An app or page can't access any of the radio API if another page/app is currently using it. Whenever a page/app uses the API for the first time since another page/app used it, always reset the current frequency to some specified value
 
== Privileged (approved by app store) ==
Use cases for privileged code: radio app
 
Authorization model: Implicit
 
Potential mitigations: Same as for unauthenticated.
 
== Certified (system-critical apps) ==
Use cases for certified code:  radio app
 
Authorization model: Implicit


Potential mitigations: Same as for unauthenticated. Technically we wouldn't need to reset the frequency here, but seems nicer to keep things consistent.
{| border="1" class="wikitable"
! Type
! Use Cases
! Authorization Model
! Notes & Other Controls
|-
| Web Content || radio app/web page || Explicit ||  An app or page can't access any of the radio API if another page/app is currently using it. Whenever a page/app uses the API for the first time since another page/app used it, always reset the current frequency to some specified value
|-
| Installed Web Apps || radio app/web page || Implicit ||  An app or page can't access any of the radio API if another page/app is currently using it. Whenever a page/app uses the API for the first time since another page/app used it, always reset the current frequency to some specified value
|-
| Privileged Web Apps || radio app || Implicit ||
| Certified Web Apps || radio app || Implicit || Same as for unauthenticated. Technically we wouldn't need to reset the frequency here, but seems nicer to keep things consistent.
|}


__NOTOC__
__NOTOC__
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/473000"

Navigation menu