WebAPI/Security/Vibration: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
== Vibration == | |||
Brief purpose of API: Let content activate the vibration motor. | |||
General use cases: Vibrate when hit in a game, | |||
Reference: http://dev.w3.org/2009/dap/vibration/ | Reference: http://dev.w3.org/2009/dap/vibration/ | ||
| Line 5: | Line 8: | ||
Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5# | Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5# | ||
Inherent threats: Obnoxious if abused, consume extra battery. | |||
Inherent threats: Obnoxious if | |||
Threat severity: low | Threat severity: low | ||
== | === Permissions Table=== | ||
== | |||
Authorization | {| border="1" class="wikitable" | ||
! Type | |||
! Use Cases | |||
! Authorization Model | |||
! Notes & Other Controls | |||
|- | |||
| Web Content || As per general use case. || Implicit || Limit how long vibrations can run. Only foreground content can trigger vibration. | |||
|- | |||
| Installed Web Apps || As per general use case. || Implicit || Limit how long vibrations can run. Only foreground content can trigger vibration. | |||
|- | |||
| Privileged Web Apps || As per general use case. || Implicit|| Limit how long vibrations can run. Only foreground content can trigger vibration. | |||
|- | |||
| Certified Web Apps || As per general use case. || Implicit || Limit how long vibrations can run. Only foreground content can trigger vibration. | |||
|} | |||
==Notes== | ==Notes== | ||
This API may be implicitly granted. User can deny from Permission Manager to | This API may be implicitly granted. User can deny from Permission Manager to override an abusive app. | ||
Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content. | Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content. | ||
__NOTOC__ | __NOTOC__ | ||
Revision as of 04:06, 24 September 2012
Vibration
Brief purpose of API: Let content activate the vibration motor.
General use cases: Vibrate when hit in a game,
Reference: http://dev.w3.org/2009/dap/vibration/
Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/6aa715e1d7a5a9f5#
Inherent threats: Obnoxious if abused, consume extra battery.
Threat severity: low
Permissions Table
| Type | Use Cases | Authorization Model | Notes & Other Controls |
|---|---|---|---|
| Web Content | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Installed Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Privileged Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
| Certified Web Apps | As per general use case. | Implicit | Limit how long vibrations can run. Only foreground content can trigger vibration. |
Notes
This API may be implicitly granted. User can deny from Permission Manager to override an abusive app. Since only foreground content can trigger vibrator, this seems equivalent to other potentially annoying feedback mechanisms and should be implicit for uninstalled web content.