WebAPI/Security/PowerManagement: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
|||
Line 1: | Line 1: | ||
Name of API: Power Management APIs | Name of API: Power Management APIs | ||
References: | |||
*https://wiki.mozilla.org/WebAPI/PowerManagementAPI | |||
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/uXjjn_62Jek/discussion | |||
Brief purpose of API: Allow apps to turn off or restart device and catch on-wake events | Brief purpose of API: Allow apps to turn off or restart device and catch on-wake events | ||
General Use Cases: None | General Use Cases: None | ||
Line 10: | Line 14: | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Use cases for unauthenticated code: None | |||
== | Authorization model for normal content: None | ||
Authorization model for installed content: None | |||
Potential mitigations: N/A | |||
== Privileged (approved by app store) == | |||
Use cases for privileged code: None | |||
Authorization model: None | |||
Potential mitigations: N/A | |||
== Certified (vouched for by trusted 3rd party) == | == Certified (vouched for by trusted 3rd party) == | ||
Use cases for certified code: | Use cases for certified code: Power Management App | ||
Authorization model: Implicit | Authorization model: Implicit | ||
Potential mitigations: | |||
Potential mitigations: N/A |
Revision as of 21:41, 6 August 2012
Name of API: Power Management APIs References:
- https://wiki.mozilla.org/WebAPI/PowerManagementAPI
- Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/uXjjn_62Jek/discussion
Brief purpose of API: Allow apps to turn off or restart device and catch on-wake events
General Use Cases: None
Inherent threats: Denial of service to device (including telephone), annoyance
Threat severity: Moderate
Regular web content (unauthenticated)
Use cases for unauthenticated code: None
Authorization model for normal content: None
Authorization model for installed content: None
Potential mitigations: N/A
Privileged (approved by app store)
Use cases for privileged code: None
Authorization model: None
Potential mitigations: N/A
Certified (vouched for by trusted 3rd party)
Use cases for certified code: Power Management App
Authorization model: Implicit
Potential mitigations: N/A