MozillaWiki

Reviews/B2G/AppUpdates

Revision as of 10:54, 8 January 2013 by Ptheriault (talk | contribs) (→‎Download App Update)

App Updates Security Review

Overview

In bug 772404 (https://wiki.mozilla.org/Security/Reviews/B2GUpdates) we have looked at gecko and gaia updates. We also need to review the update process for third party apps, which is the purpose of this bug.


Architecture

The following components play a role in app updates:

  • Gaia System App
    • update_manager.js: This code is responsible for starting the process of checking for updates, manages queues of updates and downloads, and provides UI via notifications to alert the user of the various stages of the updates
    • updatable.js: This code represents an update - either an app or system update. It has methods like download() and applyUpdate() and provides an object to register callbacks for progress updates.
  • Gecko
    • Webapps.jsm: WebApps registry service handles the actual downloads of manifest at the request of the Gaia system app, passing the results back to the system app via WebApps.js
    • [1]: This is the child process half of the webapps service, which talks to the parent via system messages. The system app (update_manager.js) calls methods on app objects which are defined by this file.

Open Questions

Data Flow Enumeration

Inside Gecko, Apps are represented by a mozIDOMApplication object, which has a checkForUpdate() function. Apps can request to check for an update to themselves, or the system app also checks for app updates as part of a global update check (by setting the gaia.system.checkForUpdates setting to true, which is picked up by update_manager.js)

Check for App Update

Either way, the process to check for an update to an individual app is as follows:

  1. Check each app to see if there is an available update
  2. If there is an update for an app, the process depends on whether the app is packaged/hosted or removable/non removable:
  • Removable Hosted Apps (http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.jsm#1149)
    1. Update web apps registration (system messages & web activities)
    2. Store the new manifest
    3. Update the webapps registry
    4. If not updatable then send Webapps:CheckForUpdate:Return:OK message to fire a downloadapplied event
    5. Else, Start app cache update (nsOfflineCacheUpdateService::CheckForUpdate)
    6. Observer for this update sends Webapps:CheckForUpdate:Return:OK, when check has been done.
    7. downloadapplied/downloadavailable event caught in system app (updatable.js) which adds itself updates queue in update manager (UpdateManager.js)

Download App Update

The update Manager fires a notification which has a download button on it. When clicked, the download process is started downloading all the queued updates.

  1. Handle the user click, calling startDownloads [2]
  2. Call updatable.download [3]
  3. Calls download on the app object itself [4]
  4. Enter app.download function, which just send message to WebApps.jsm [5]
  5. WebApps.jsm catches the message and calls startDownload(manifestURL) [6]
  6. WebApps,jsm loads the app object for that Manifest, does some checks, then:
  1719     // Here are the steps when installing a package:
  1720     // - create a temp directory where to store the app.
  1721     // - download the zip in this directory.
  1722     // - check the signature on the zip.
  1723     // - extract the manifest from the zip and check it.
  1724     // - ask confirmation to the user.
  1725     // - add the new app to the registry. 1726     // If we fail at any step, we backout the previous ones and return an error.

This is actually done inside http://mxr.mozilla.org/mozilla-central/source/dom/apps/src/Webapps.jsm#1718

Threat Analysis

Links

Retrieved from "https://wiki.mozilla.org/index.php?title=Reviews/B2G/AppUpdates&oldid=497163"