Confirmed users
353
edits
Security/Reviews/Gaia/InterAppCommunicationAPI: Difference between revisions
Security/Reviews/Gaia/InterAppCommunicationAPI (view source)
Revision as of 20:59, 3 February 2014
, 3 February 2014→2. Process Segregation
| (14 intermediate revisions by the same user not shown) | |||
| Line 22: | Line 22: | ||
=== Gecko === | === Gecko === | ||
* dom/apps/src/Webapps.js - cpmm("Webapps:Connect"...), cpmm("Webapps:GetConnections"...) | * [http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.js dom/apps/src/Webapps.js] - cpmm("Webapps:Connect"...), cpmm("Webapps:GetConnections"...) | ||
* dom/apps/src/Webapps.jsm - process manifest file for new ‘connections’ | * [http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.jsm dom/apps/src/Webapps.jsm] - process manifest file for new ‘connections’ | ||
* dom/apps/src/InterAppComm.cpp | * [http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/InterAppComm.cpp dom/apps/src/InterAppComm.cpp] | ||
* | * [http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/InterAppCommService.js dom/apps/src/InterAppCommService.js] | ||
** parent process, does checking of installOrigin, manifestURLs, and minimumAcccessLevel, main file for API | ** parent process, does checking of installOrigin, manifestURLs, and minimumAcccessLevel, main file for API | ||
* dom/apps/src/InterAppConnection.js - child process, InterAppConnection object | * [http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/InterAppConnection.js dom/apps/src/InterAppConnection.js] - child process, InterAppConnection object | ||
* dom/apps/src/InterAppMessagePort.js - child process, InterAppMessagePort object | * [http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/InterAppMessagePort.js dom/apps/src/InterAppMessagePort.js] - child process, InterAppMessagePort object | ||
=== WebIDL === | === WebIDL === | ||
| Line 52: | Line 52: | ||
== Current Usage == | == Current Usage == | ||
=== connect() === | |||
* apps/bluetooth/js/transfer.js:216: app.connect('bluetoothTransfercomms').then(function(ports) { | |||
* apps/communications/dialer/js/calls_handler.js:114: app.connect('dialercomms').then(function(ports) { | |||
* apps/communications/ftu/js/tutorial.js:123: app.connect('ftucomms').then(function onConnAccepted(ports) { | |||
* apps/homescreen/everything.me/js/search/control.js:12: app.connect('search-results').then( | |||
* apps/search/js/search.js:37: app.connect('search-results').then( | |||
* apps/system/js/rocketbar.js:249: app.connect('search').then( | |||
* apps/system/test/marionette/fakemusic/js/comms.js:34: app.connect('mediacomms').then(function(ports) { | |||
* shared/js/media/remote_controls.js:184: app.connect('mediacomms').then(function(ports) { | |||
=== apps/search/manifest.webapp === | === apps/search/manifest.webapp === | ||
28 "search": { | 28 "search": { | ||
| Line 57: | Line 67: | ||
30 "description": "Proxies search to copied search app. Should be moved to the search app manifest if we split the app up.", | 30 "description": "Proxies search to copied search app. Should be moved to the search app manifest if we split the app up.", | ||
31 "rules": {} | 31 "rules": {} | ||
apps/system/js/rocketbar.js:249: app.connect('search')... | |||
Used by System app, in rocketbar.js, to insert '...the search app iframe into the dom' | |||
=== apps/system/manifest.webapp === | === apps/system/manifest.webapp === | ||
| Line 86: | Line 99: | ||
107 } | 107 } | ||
== Concerns == | == Review Notes== | ||
=== Gaia === | |||
==== XSS & HTML Injection Attacks ==== | |||
TBD | |||
==== Secure Communications ==== | |||
TBD | |||
==== Secure Data Storage ==== | |||
TBD | |||
==== Denial of Service ==== | |||
TBD | |||
==== Interfaces with other Apps/Content==== | |||
TBD | |||
=== Gecko === | |||
==== 1. Content/Chrome Segregation ==== | |||
TBD | |||
==== 2. Process Segregation ==== | |||
The message which the parent listens for: | |||
* Webapps:Connect | |||
* Webapps:GetConnections | |||
* InterAppConnection:Cancel | |||
* InterAppMessagePort:PostMessage | |||
* InterAppMessagePort:Register | |||
* InterAppMessagePort:Unregister | |||
* child-process-shutdown | |||
There is no permission associated with Inter App Communications, so we do not have the assertPermission() check in the parent. | |||
The parent process prevents a compromised child process from sending messages to the parent by verifying the manifestURL sent in the message matches the manifest URL of the publishing app. | |||
==== 3. Data validation & Sanitization ==== | |||
TBD | |||
====4. Denial of Service ==== | |||
TBD | |||
== Concerns (To-Delete) == | |||
* http://mxr.mozilla.org/mozilla-central/source/b2g/chrome/content/shell.js#748 | * http://mxr.mozilla.org/mozilla-central/source/b2g/chrome/content/shell.js#748 | ||
** I think we can control ‘keyword’ and this looks like its chrome code | ** I think we can control ‘keyword’ and this looks like its chrome code | ||