Confirmed users
236
edits
Security/Reviews/Gaia/clock: Difference between revisions
finished
(simple app is simple) |
(finished) |
||
| Line 3: | Line 3: | ||
* Review Date: 2013-03-08 | * Review Date: 2013-03-08 | ||
* Review Lead: Frederik Braun (:freddyb) | * Review Lead: Frederik Braun (:freddyb) | ||
* Review Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=754737 | * Review Bug: [https://bugzilla.mozilla.org/show_bug.cgi?id=754737 bug 754737] | ||
=== Overview === | === Overview === | ||
| Line 17: | Line 17: | ||
====Relevant Source Code==== | ====Relevant Source Code==== | ||
[https://github.com/mozilla-b2g/gaia/tree/master/apps/clock Source code available on GitHub] | |||
Reviewed all JavaScript code in js/ | Reviewed all JavaScript code in js/ | ||
| Line 25: | Line 26: | ||
It also stores whether the clock is shown as a digital or an analog clock. | It also stores whether the clock is shown as a digital or an analog clock. | ||
It might be desirable to have more granular settings capabilities in general, | It might be desirable to have more granular settings capabilities in general, [https://bugzilla.mozilla.org/show_bug.cgi?id=841071 bug 841071] | ||
====Web Activity Handlers ==== | ====Web Activity Handlers ==== | ||
| Line 48: | Line 49: | ||
====2. Secure Communications ==== | ====2. Secure Communications ==== | ||
Communication with internal alarm handler code happens, but it's verification process as follows (dchan pointed this out correctly): | |||
# Child process / app calls AlarmsManager.js add(). [http://mxr.mozilla.org/mozilla-central/source/dom/alarm/AlarmsManager.js#46 [1]] This sends a message to the jsm file. The message includes the manifestURL of the current app | |||
# AlarmsService.jsm handles the message, checking that the sender has the alarms permission and that the sender is actually the correct app for the specified manifestURL [http://mxr.mozilla.org/mozilla-central/source/dom/alarm/AlarmService.jsm#81 [2]] | |||
# The alarm is pushed onto a queue. AlarmHALService is reponsible for triggering the alarms at the correct time [http://mxr.mozilla.org/mozilla-central/source/dom/alarm/AlarmHalService.cpp [3]] | |||
# A system message is fired using the data from the alarmDB. This sends a message to the manifestURL that was originally stored [http://mxr.mozilla.org/mozilla-central/source/dom/alarm/AlarmService.jsm#274 [4]] | |||
# More checks that the app registerd to listen for the alarm message [http://mxr.mozilla.org/mozilla-central/source/dom/messages/SystemMessageInternal.js#73 [5]] [http://mxr.mozilla.org/mozilla-central/source/dom/messages/SystemMessageInternal.js#433 [6]] | |||
====3. Secure data storage ==== | ====3. Secure data storage ==== | ||
| Line 56: | Line 63: | ||
====4. Denial of Service ==== | ====4. Denial of Service ==== | ||
None | |||
====5. Use of Privileged APIs ==== | ====5. Use of Privileged APIs ==== | ||