WebAPI/Security/PowerManagement: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
Line 1: Line 1:
Name of API: Power Management APIs
Name of API: Power Management APIs
Reference: https://wiki.mozilla.org/WebAPI/PowerManagementAPI
References:
*https://wiki.mozilla.org/WebAPI/PowerManagementAPI
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/uXjjn_62Jek/discussion
 


Brief purpose of API: Allow apps to turn off or restart device and catch on-wake events
Brief purpose of API: Allow apps to turn off or restart device and catch on-wake events
General Use Cases: None
General Use Cases: None


Line 10: Line 14:


== Regular web content (unauthenticated) ==
== Regular web content (unauthenticated) ==
*Use cases for unauthenticated code:None
Use cases for unauthenticated code: None
*Authorization model for normal content:None
*Authorization model for installed content:None
*Potential mitigations: N/A


== Trusted (authenticated by publisher) ==
Authorization model for normal content: None
*Use cases for authenticated code: None
 
*Authorization model: None
Authorization model for installed content: None
*Potential mitigations:N/A
 
Potential mitigations: N/A
 
== Privileged (approved by app store) ==
Use cases for privileged code: None
 
Authorization model: None
 
Potential mitigations: N/A


== Certified (vouched for by trusted 3rd party) ==
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code:  Replacement Power Management App
Use cases for certified code:  Power Management App
 
Authorization model: Implicit
Authorization model: Implicit
Potential mitigations:
 
Potential mitigations: N/A

Revision as of 21:41, 6 August 2012

Name of API: Power Management APIs References:


Brief purpose of API: Allow apps to turn off or restart device and catch on-wake events

General Use Cases: None

Inherent threats: Denial of service to device (including telephone), annoyance

Threat severity: Moderate

Regular web content (unauthenticated)

Use cases for unauthenticated code: None

Authorization model for normal content: None

Authorization model for installed content: None

Potential mitigations: N/A

Privileged (approved by app store)

Use cases for privileged code: None

Authorization model: None

Potential mitigations: N/A

Certified (vouched for by trusted 3rd party)

Use cases for certified code: Power Management App

Authorization model: Implicit

Potential mitigations: N/A