WebAPI/Security/FMRadioAPI: Difference between revisions

Jump to navigation Jump to search

WebAPI/Security/FMRadioAPI (view source)

Revision as of 06:24, 31 July 2012

3 bytes removed ,  31 July 2012
no edit summary
(Created page with "== FM Radio API== Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=749053 Brief purpose of API: FM radio feature. General Use Cases: Turn on/off the radio, change frequency, che...")
 
No edit summary
Line 1: Line 1:
== FM Radio API==
== FM Radio API==
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=749053
Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=749053
Brief purpose of API: FM radio feature.
Brief purpose of API: FM radio feature.
General Use Cases: Turn on/off the radio, change frequency, check status of various radio features
General Use Cases: Turn on/off the radio, change frequency, check status of various radio features
Inherent threats: annoyance, drain the battery
Inherent threats: annoyance, drain the battery
Threat severity: low
 
Threat severity: Low


General notes:  
General notes:  
*Multiple apps/pages can try to modify radio settings at the same time with the most recent action taking effect.
Multiple apps/pages can try to modify radio settings at the same time with the most recent action taking effect. Turning on the radio causes the audio stream to be played - there is no access to the stream data
*Turning on the radio causes the audio stream to be played - there is no access to the stream data


=== Regular web content (unauthenticated) ===
=== Regular web content (unauthenticated) ===
*Use cases for unauthenticated code: radio app/web page
Use cases for unauthenticated code: radio app/web page
*Authorization model for normal content: explicit
 
*Authorization model for installed content: implicit
Authorization model for normal content: Explicit
*Potential mitigations: An app or page can't access any of the radio API if another page/app is currently using it. Whenever a page/app uses the API for the first time since another page/app used it, always resent the current frequency to some specified value
 
Authorization model for installed content: Implicit
 
Potential mitigations: An app or page can't access any of the radio API if another page/app is currently using it. Whenever a page/app uses the API for the first time since another page/app used it, always reset the current frequency to some specified value


=== Trusted (authenticated by publisher) ===
=== Trusted (authenticated by publisher) ===
*Use cases for certified code:  radio app
Use cases for certified code:  radio app
*Authorization model: Implicit
 
*Potential mitigations: Same as for unauthenticated.
Authorization model: Implicit
 
Potential mitigations: Same as for unauthenticated.


=== Certified (vouched for by trusted 3rd party) ===
=== Certified (vouched for by trusted 3rd party) ===
*Use cases for certified code:  radio app
Use cases for certified code:  radio app
*Authorization model: Implicit
 
*Potential mitigations: Same as for unauthenticated. Technically we wouldn't need to resent the frequency here, but seems nicer to keep things consistent.
Authorization model: Implicit
 
Potential mitigations: Same as for unauthenticated. Technically we wouldn't need to reset the frequency here, but seems nicer to keep things consistent.
Ladamski
Confirmed users
717

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/456387"

Navigation menu