Confirmed users
971
edits
Security/Reviews/Gaia/Dialer: Difference between revisions
Security/Reviews/Gaia/Dialer (view source)
Revision as of 17:41, 26 February 2013
, 26 February 2013→System Messages
| Line 122: | Line 122: | ||
The real work of handling a call is done in https://github.com/mozilla-b2g/gaia/blob/v1-train/apps/communications/dialer/js/oncall.js | The real work of handling a call is done in https://github.com/mozilla-b2g/gaia/blob/v1-train/apps/communications/dialer/js/oncall.js | ||
===== bluetooth-dialer-command ===== | |||
The <code>bluetooth-dialer-command</code> message is handler by <code>btCommandHandler</code> in https://github.com/mozilla-b2g/gaia/blob/v1-train/apps/communications/dialer/js/dialer.js#L127 | |||
This function receives commands from a bluetooth device. I have not found a specification of what kind of commands these devices can send but we handle currently only two: | |||
* BLDN - To call the most recent number | |||
* ATD - To start a call. The rest of the command is blindly copied and passed to <code>CallHandler.call()</code> | |||
ISSUE: No input validation is done on commands received from the bluetooth device. I think we should at least make sure that the number is valid | |||
The commands are forwarded to the call screen (oncall.html) with type 'BT'. | |||
TODO: Does this require any interaction on the phone at all? It looks like CallHandler.call() immediately starts making the call. That means if someone can fake/inject a bluetooth message, it is possible to start calls without user interaction. (Stretch, but worth investigating. Related to injecting system messages.) | |||
===== headset-button ===== | |||
The <code>headset-button</code> message is handled by <code>headsetCommandHandler</code> at https://github.com/mozilla-b2g/gaia/blob/v1-train/apps/communications/dialer/js/dialer.js#L152 | |||
TODO: This message is received when the button on the headset is pushed? | |||
The message is simply forwarded to the call screen with type 'HS'. | |||
===== ussd-received ===== | |||
The <code>ussd-received</code> message is handler by <code>UssdManager.openUI()</code> in https://github.com/mozilla-b2g/gaia/blob/v1-train/apps/communications/dialer/js/ussd.js#L137 | |||
According to Wikipedia, USSD is ... | |||
<quote> Unstructured Supplementary Service Data (USSD) is a protocol used by GSM cellular telephones to communicate with the service provider's computers. USSD can be used for WAP browsing, prepaid callback service, mobile-money services, location-based content services, menu-based information services, and as part of configuring the phone on the network.</quote> | |||
TODO: This is not easy to understand code in <code>ussd.js</code> .. what messages are we exactly responding to. Will telcos implement this? | |||
==== Notifications ==== | ==== Notifications ==== | ||