canmove, Confirmed users
1,537
edits
B2G App Security Model: Difference between revisions
no edit summary
No edit summary |
No edit summary |
||
| (12 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
{{FeatureStatus | {{FeatureStatus | ||
|Feature name=B2G App Security Model | |Feature name=B2G App Security and Privacy Model | ||
|Feature stage= | |Feature stage=Complete | ||
|Feature status=Complete | |||
|Feature version=B2G 1.0 | |Feature version=B2G 1.0 | ||
|Feature health=OK | |Feature health=OK | ||
| Line 7: | Line 8: | ||
{{FeatureTeam | {{FeatureTeam | ||
|Feature product manager=Lucas Adamski | |Feature product manager=Lucas Adamski | ||
|Feature feature manager=Lucas Adamski | |||
|Feature lead engineer=Jonas Sicking, Chris Jones | |Feature lead engineer=Jonas Sicking, Chris Jones | ||
|Feature security lead=Paul Theriault | |Feature security lead=Paul Theriault | ||
|Feature privacy lead=Sid Stamm | |||
}} | }} | ||
{{FeaturePageBody | {{FeaturePageBody | ||
| Line 32: | Line 35: | ||
Exploit mitigations for memory-safety attacks (multi-process with restricted rights for app processes) | Exploit mitigations for memory-safety attacks (multi-process with restricted rights for app processes) | ||
User control: Can the user always override the permission settings for an app? | |||
|Feature overview=The B2G app security model governs how applications are discovered, installed, managed, run and updated. | |Feature overview=The B2G app security model governs how applications are discovered, installed, managed, run and updated. | ||
| Line 49: | Line 54: | ||
*Apps should not be vulnerable to common web vulnerabilities when granted significant privileges | *Apps should not be vulnerable to common web vulnerabilities when granted significant privileges | ||
*Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties | *Ability to grant trust for certain highly sensitive privileges (such as phone dialing) may be restricted at the OS level to specific trusted parties | ||
|Feature | |Feature functional spec=The current state of the application security model is located here: [[Apps/Security]] | ||
A threat model is being documented here: [[B2G_App_Security_Model/Threat_Model]] | |||
WebAPI permissions manager implementation: https://bugzilla.mozilla.org/show_bug.cgi?id=707625 | WebAPI permissions manager implementation: https://bugzilla.mozilla.org/show_bug.cgi?id=707625 | ||
====Design Decisions Made==== | ====Design Decisions Made==== | ||
* One app per origin (FQDN) | * One app per origin (FQDN) where app URL may potentially be a new [[Apps/Security#New_URI_proposal_.28apt:.2F.2F_or_yum:.2F.2F.29|URI type]] | ||
* Multiple App stores | * Multiple App stores | ||
* Apps are peers to their native equivalents from an experience standpoint | * Apps are peers to their native equivalents from an experience standpoint | ||
* Four types of web applications | |||
}} | }} | ||
{{FeatureInfo | {{FeatureInfo | ||
|Feature priority=P1 | |Feature priority=P1 | ||
|Feature theme=Security Leadership | |||
|Feature roadmap=Security | |Feature roadmap=Security | ||
|Feature secondary roadmap=Gecko | |Feature secondary roadmap=Gecko | ||
|Feature engineering team=Security | |||
}} | }} | ||
{{FeatureTeamStatus | {{FeatureTeamStatus | ||
|Feature security status=sec-review-needed | |Feature security status=sec-review-needed | ||
|Feature security notes= | |Feature security health=Blocked | ||
|Feature security notes={{bug|744915}} | |||
}} | }} | ||