From MozillaWiki
Jump to: navigation, search

Weekly Status Update

Dimi Lee

  • Work on Serviceworker, nothing related to NSec last week
  • Will start to work on Bug 1178526 - Set appropriate origin attributes for signed packages

Ethan Tseng

  • Bug 1165267 - Use OriginAttributes for nsCookieService
    • Upload a WIP patch to remove |appId| and |inBrowserElement| as cookie key
    • The only cookie key is |baseDomain|
    • Investigate internal data format of cookie (DB, hashtable and cookie list, ..., etc.)
    • Make an implementation plan (thanks to Henry!) - reduce cookie DB records within the same domain while DB migration
    • Paul: I assume this doesn't help?
  • Bug 1181031 - Shared Cookie Jar

Henry Chang

  • Bug 1178525 - Ensure the package is verified before content is served
    • f+ by Valentin
    • Ideally should land after Bug 1178518 but only 2 weeks from milestone 1...
  • Bug 1186290 - Notify TabParent to switch process when a signed packaged is loading from different origin.
    • Works for most of the cases on both desktop browser and B2G with the following issues:
      • Need to deal with system XHR. May use "nsILoadInfo.securityFlags | SEC_SANDBOXED" to check.
      • Need to refresh the browser (like hide/show the menu bar) to get the content showed. (desktop)
      • Tab title keeps showing "Connecting"

Jonathan Hao

  • Bug 1178518 - Support for verifying signed packages
    • Finally verifying the output of signing tool successfully (thanks to discussion with Dimi)
    • Preparing to be reviewed
    • Created PrivilegedPackageRoot in nsIX509CertDB
    • Its private key is in my local machine, so only I can sign packages now.
  • TODO: a signed package generator
  • Can we reuse security/apps/marketplace-dev-public.crt?

Tim Huang

  • Studied the WiFi stack of the firefox os.

Winnie Sun

  • Bug 1011358 - [wifi][wi-fi] Gecko doesn't notify Gaia when wpa_supplicant scans and finds new SSIDs/nodes
    • Under reviewing.
  • Bug 1187262 - A device cannot connect B device through wifi
    • Fixed the code according to the review comment.
    • Waiting for the implementation of 'allNetworkInfo'. (Bug1197667)
  • Bug 1188617 - [Aries][Utility Tray] Re-enabling wi-fi from notification tray automatically launches Settings app.
    • Under discussion about the way to improve it.
  • Bug 1189143 - [Browser] Video cannot be loaded when network is connected back
    • Looking for the crush point.
  • Studying about the Wifi Direct.

Yoshi Huang

  • Bug 1165272 - unify Get*CodebasePrincipal with createCodebasePrincipal in nsIScriptSecurityManager. landed
  • Bug 1165466 - Fix up docshell and loadcontext inheriting code in nsIScriptSecurityManager to use originAttributes rather than explicitly querying appid/browser. r? sent on 8/24
  • Bug 1167100 - User nsIPrincipal.originAttribute in ContentPrincipalInfo. r?
  • Bug 1196652 - OriginSuffix is shown in about:serviceworker on b2g. ongoing

Aaron Wu (EPM)

  • Milestone 1 target (Sept 4, S6)
    • Signing
      • Tools for developers to make and sign packages
    • Verification
      • Add necko hooks for signature verification. Check package location
      • Implement signature checking (stretch goal)sd
    • CSP
      • Move to milestone 2-> Apply default CSP to signed package and add tests for CSP.
    • Process Isolation
      • Basic process switching (no session restore)
    • Installation & Update
      • Implement cache-pinning for packages.
      • Register permissions/ system messages on install & register web activities on pinning
    • Service Workers
      • Determine implementation strategy
    • Origin & Cookie Jars
      • Implement SignedPKG origin attribute. Make progress on refactoring gecko to use origin exclusively.
  • Scrum Status for S5 review and S6 planning