Security/Reviews/Gaia/DownloadManager: Difference between revisions

Latest revision as of 03:53, 31 January 2014

Redirect to:

Security/Reviews/B2G/DownloadManager

@@ Line 1: / Line 1: @@
-= Download Manager API =
+#REDIRECT [[Security/Reviews/B2G/DownloadManager]]
-== Review Details ==
-* Topic: Download Manager API for FxOS
-* Review Date: January, 2014
-* Review Lead: Rob Fletcher <rfletcher@mozilla.com> (:omerta)
-* Repo: git://github.com/mozilla-b2g/B2G.git:5a5ab327af050bc622d475bb29ca3ad3955bd238
-* Connections: "Ghislain 'Aus' Lacroix" <aus@mozilla.com> (:auswerk), "Gregor Wagner" <gwagner@mozilla.com>
-* Main Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=926955
-* Landing: B2G 1.4
-== Overview ==
-Download Manager API handles downloads on Firefox OS. The settings and system applications are the only applications that have the certified 'downloads' permission and they are responsible for managing downloads. The system application handles the download event and the settings application has a "Download" section that allows a user to view, delete, stop, and restart current downloads. When a download is initiated, a notification is created in the notifications pull down menu.
-Any HTTP response with content type of "application/octet-stream" will cause the file to be downloaded. The files are saved to /sdcard/downloads/ on the filesystem.
-The main file responsible for Download Manager API is:
-* http://mxr.mozilla.org/mozilla-central/source/dom/downloads/src/DownloadsAPI.js
-[[File:Dl-manager.jpg|center|1000px]]
-== Gaia ==
-=== Code ===
-==== System App ====
-* [https://github.com/mozilla-b2g/gaia/blob/master/apps/system/js/download/download_manager.js github.com/mozilla-b2g/gaia/apps/system/js/download/download_manager.js]
-* [https://github.com/mozilla-b2g/gaia/blob/master/apps/system/js/download/download_notification.js github.com/mozilla-b2g/gaia/apps/system/js/download/download_notification.js]
-==== Settings App ====
-* [https://github.com/mozilla-b2g/gaia/blob/master/apps/settings/js/downloads/download_api_manager.js github.com/mozilla-b2g/gaia/apps/settings/js/downloads/download_api_manager.js]
-* [https://github.com/mozilla-b2g/gaia/blob/master/apps/settings/js/downloads/download_item.js github.com/mozilla-b2g/gaia/apps/settings/js/downloads/download_item.js]
-* [https://github.com/mozilla-b2g/gaia/blob/master/apps/settings/js/downloads/downloads_list.js github.com/mozilla-b2g/gaia/apps/settings/js/downloads/downloads_list.js]
-* [https://github.com/mozilla-b2g/gaia/blob/master/apps/settings/js/downloads/desktop/desktop_moz_downloads.js github.com/mozilla-b2g/gaia/apps/settings/js/downloads/desktop/desktop_moz_downloads.js]
-==== Shared Code ====
-* [https://github.com/mozilla-b2g/gaia/blob/master/shared/js/download/download_formatter.js github.com/mozilla-b2g/gaia/blob/master/shared/js/download/download_formatter.js]
-* [https://github.com/mozilla-b2g/gaia/blob/master/shared/js/download/download_helper.js github.com/mozilla-b2g/gaia/blob/master/shared/js/download/download_helper.js]
-* [https://github.com/mozilla-b2g/gaia/blob/master/shared/js/download/download_store.js github.com/mozilla-b2g/gaia/blob/master/shared/js/download/download_store.js]
-* [https://github.com/mozilla-b2g/gaia/blob/master/shared/js/download/download_ui.js github.com/mozilla-b2g/gaia/blob/master/shared/js/download/download_ui.js]
-=== Permissions ===
-Settings and System are only apps with certified ‘downloads’ permission.
- "downloads": {
-   app: DENY_ACTION,
-   privileged: DENY_ACTION,
-   certified: ALLOW_ACTION
- },
-== Gecko ==
-=== Code ===
-==== WebIDL File for mozDownloadManager ====
-* [http://mxr.mozilla.org/mozilla-central/source/dom/webidl/Downloads.webidl mxr.mozilla.org/mozilla-central/source/dom/webidl/Downloads.webidl]
-==== Parent Process ====
-* [http://mxr.mozilla.org/mozilla-central/source/dom/downloads/src/DownloadsAPI.jsm mxr.mozilla.org/mozilla-central/source/dom/downloads/src/DownloadsAPI.jsm]
-* [http://mxr.mozilla.org/mozilla-central/source/toolkit/components/jsdownloads/src/Downloads.jsm mxr.mozilla.org/mozilla-central/source/toolkit/components/jsdownloads/src/Downloads.jsm]
-==== Child Process ====
-* [http://mxr.mozilla.org/mozilla-central/source/dom/downloads/src/DownloadsAPI.js mxr.mozilla.org/mozilla-central/source/dom/downloads/src/DownloadsAPI.js]
-* [http://mxr.mozilla.org/mozilla-central/source/dom/downloads/src/DownloadsIPC.jsm mxr.mozilla.org/mozilla-central/source/dom/downloads/src/DownloadsIPC.jsm]
-=== Downloads.jsm ===
-Downloads.jsm depracates nsIDownloadManager and is used in Download Manager on FxOS. Downloads.jsm provides single point of entry for all things relating to downloading.
-[[File:Downloads-jsm.jpeg]]
-== Features ==
-* 906255 - ability to view status of downloads
-* 906256 - ability to cancel downloads
-* 906257 - ability to view list of previously downloaded files
-* 906265 - ability to open downloaded files with supported MIME types
-* 848371 - ability to download any content through Browser to the SD Card(including HTTP downloading)
-== Conclusion ==
-Attack surface is greatly reduced through the combination of using WebIDL, 'downloads' permissions is Certified, and the fact that Download Manager API uses the new Downloads.jsm.
-=== Future Work ===
-=== Issues ===
-* https://bugzilla.mozilla.org/show_bug.cgi?id=960739
-* https://bugzilla.mozilla.org/show_bug.cgi?id=960749

Security/Reviews/Gaia/DownloadManager: Difference between revisions

Latest revision as of 03:53, 31 January 2014

Navigation menu

Search