|
|
| Line 2: |
Line 2: |
|
| |
|
| ===Permissions=== | | ===Permissions=== |
| The table below shows the list of permissions associated with new Web APIs.
| | [https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E#gid=0 This spreadsheet] shows the list of permissions associated with new Web APIs |
|
| |
|
| Note: this table does not include functionality provided to apps via web activities. | | Note: this table does not include functionality provided to apps via web activities. |
|
| |
| {| border="1"
| |
| ! API!!Action!!Web Content!!Untrusted App!!Trusted App!!Certified App!!Visual Indicator!!Mitigations!!Notes
| |
| |-
| |
| | Geolocation API||Obtain current location of user||Explicit (prompt)||Explicit (prompt)||Explicit (prompt)||Implicit||Yes||||
| |
| |-
| |
| | IdleAPI||Detect user inactive||Explicit (prompt)||Explicit (prompt)||Implicit||Implicit||No||Fuzz Idle time to prevent fingerprinting. Enforce minimum time to prevent keystroke inference.||
| |
| |-
| |
| | Battery Status API||Information about battery charge level and if device is plugged in.||Implicit||Implicit||Implicit||Implicit||No||||
| |
| |-
| |
| | Network Information API||Get basic information about current network connectivity.||Implicit||Implicit||Implicit||Implicit||No||||
| |
| |-
| |
| | ResourceLock API||Prevent the screen from being dimmed or switched off||Implicit||Implicit||Implicit||Implicit||No||||
| |
| |-
| |
| | Vibration API||||Implicit||Implicit||Implicit||Implicit||||Limit how long vibrations can run. Only foreground content can trigger vibration.||
| |
| |-
| |
| | Screen Orientation||lock screen orientation, detect changes||Implicit (foreground only)||Implicit (foreground only)||Implicit||Implicit||No||Rules regarding fullscreen and iframe ancestors||
| |
| |-
| |
| | WebSMS||All SMS APIs||||||Explicit (prompt)||Implicit||No||Open question: can trusted app register as a SMS handler. Can\'t replace certified SMS app||
| |
| |-
| |
| | TCP Socket API||Connect to TCP socket||||||Implicit||Implicit||No||Open question for trusted apps: port/address limitations? Connect only? No listen?||
| |
| |-
| |
| | UDP Datagram Socket API||Low-level UDP API||||||Implicit||Implicit||No||||
| |
| |-
| |
| | WebTelephony||All Web Telephony APIs||||||Implicit||Implicit||Yes||Can\'t replace certified dialer||
| |
| |-
| |
| | Alarm API||Schedule a notification, or for an application to be started, at a specific time.||||||||Implicit||No||||
| |
| |-
| |
| | Background services||Enable a web application to run in the background and perform tasks like syncing or respond to incoming messages.||||||||Implicit||No||Fuzz Idle time to prevent fingerprinting. Enforce minimum time to prevent keystroke inference.||
| |
| |-
| |
| | Browser API||Enables implementing a browser completely in web technologies.||||||||Implicit||No||||
| |
| |-
| |
| | Calendar API||Add/Read/Modify to the device calendar.||||||||Implicit||No||||
| |
| |-
| |
| | Camera API||This is part of the larger WebRTC effort. This is a big piece of work so see the link.||||||||Implicit||No||||
| |
| |-
| |
| | Contacts API||Add/Read/Modify the device contacts address book.||||||||Implicit||No||||
| |
| |-
| |
| | Device Capabilities API||Check if the device has certain capabilities, such as front-facing camera, gps, etc.||||||||Implicit||No||||
| |
| |-
| |
| | Device Storage API||Add/Read/Modify files stored on a central location on the device. For example the \"pictures\" folder on modern desktop platforms or the photo storage in mobile devices.||||||||Implicit||No||||
| |
| |-
| |
| | HTTP-cache API||Query what\'s stored in the browsers http-cache. Add/remove entries. Update expiration time. Get data directly from cache.||||||||Implicit||No||||
| |
| |-
| |
| | Keyboard/IME API||Enables implementing virtual keyboards.||||||||Implicit||No||||
| |
| |-
| |
| | LogAPI ||Allows to register the user activity on the phone. ||||||||Implicit||No||||
| |
| |-
| |
| | MobileConnection API||This exposes information about the current mobile voice and data connection to (certain) HTML content.||||||||Implicit||No||||
| |
| |-
| |
| | PowerManagementAPI||Turn on/off screen, cpu, device power, etc. Listen and inspect resource lock events.||||||||Implicit||No||||
| |
| |-
| |
| | Push Notifications API||Allow the platform to send notification messages to specific applications.||||||||Implicit||No||||
| |
| |-
| |
| | Sensor API||Access to device sensors such as accelerometer, magnetic field (compass), proximity, ambient light etc.||||||||Implicit||No||||
| |
| |-
| |
| | Settings API||API to configure device settings||||||||Implicit||No||||
| |
| |-
| |
| | Time/Clock API||Set current time. Timezone will go in the Settings API.||||||||Implicit||No||||
| |
| |-
| |
| | USB file-reading API||Add/Read/Modify files stored on memory cards and USB keys connected to the device. Get notified when storage devices are connected/disconnected. Will be very similar to the Device Storage API above with a few additional methods.||||||||Implicit||No||||
| |
| |-
| |
| | WebBluetooth||Low level access to Bluetooth hardware.||||||||Implicit||No||||
| |
| |-
| |
| | WebNFC||Low level access to NFC hardware. So far focusing on NDEF support.||||||||Implicit||No||||
| |
| |-
| |
| | WebUSB||Low level access to USB hardware.||||||||Implicit||No||||
| |
| |-
| |
| | WiFi Information API|| Enumerate available WiFi networks, get signal strength and name of currently connected network, etc.||||||||Implicit||No||||
| |
| |}
| |