MozillaWiki

WebAPI/Security/Bluetooth: Difference between revisions

Page Discussion

WebAPI/Security/Bluetooth (view source)

Revision as of 12:46, 24 September 2012

59 bytes removed ,  24 September 2012
no edit summary
mNo edit summary
No edit summary
Line 1: Line 1:
===Web Bluetooth API===
==Web Bluetooth API==
References:
*https://bugzilla.mozilla.org/show_bug.cgi?id=674737
*https://wiki.mozilla.org/WebAPI/WebBluetooth
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/ztmSvKP3Z8U/discussion
 
Brief purpose of API: The aim of WebBluetooth is to establish a DOM API to set up and communicate with Bluetooth devices.  This includes setting properties on  adapters and devices, scanning for devices, bonding, and socket initialization for audio and communication.
Brief purpose of API: The aim of WebBluetooth is to establish a DOM API to set up and communicate with Bluetooth devices.  This includes setting properties on  adapters and devices, scanning for devices, bonding, and socket initialization for audio and communication.


Line 13: Line 8:
Threat severity: High
Threat severity: High


== Regular web content (unauthenticated) ==
References:
Use cases: None
*https://bugzilla.mozilla.org/show_bug.cgi?id=674737
 
*https://wiki.mozilla.org/WebAPI/WebBluetooth
Authorization model for normal content: None
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/ztmSvKP3Z8U/discussion
 
Authorization model for installed content: None


Potential mitigations:
=== Permissions Table===


== Privileged (approved by app store) ==
{| border="1" class="wikitable"
Use cases: None
! Type
 
! Use Cases
Authorization model: None
! Authorization Model
 
! Notes & Other Controls
Potential mitigations:
|-
 
| Web Content || None || No access
== Certified (system-critical apps) ==
|-
Use cases:
| Installed Web Apps || None || No access
*Read bluetooth adapter state
|-
| Privileged Web Apps || None || No access
|-
| Certified Web Apps ||
*Read Bluetooth adapter state
*Start/Stop device discovery
*Start/Stop device discovery
*List discoverd devices
*List discovered devices
*Pair with device
*Pair with device  
 
|| Implicit || Potential mitigations:  Status indicator showing active bluetooth connection, user can click the status indicator to cancel the connection.  Potentially limits on device types.
Authorization model: Implicit
|}


Potential mitigations:  Status indicator showing active bluetooth connection, user can click the status indicator to cancel the connection.  Any limit on types of devices?


==Notes==
=== Notes ===
Non-certified use cases are out of scope for 1.0.  We will consider those for a subsequent release.
Non-certified use cases are out of scope for 1.0.  We will consider those for a subsequent release.


__NOTOC__
__NOTOC__
Ptheriault
canmove, Confirmed users
1,220

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/472980"