WebAPI/Security/ResourceLock: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Created page with "Name of API: Resource Lock API Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132 Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_th...")
 
No edit summary
Line 1: Line 1:
Name of API: Resource Lock API
== Resource Lock API==
 
Reference: https://bugzilla.mozilla.org/show_bug.cgi?id=697132
 
Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/20372fc7d949f57c/3af154eb549703d5


Brief purpose of API: Prevent the screen from being dimmed or switched off
Brief purpose of API: Prevent the screen from being dimmed or switched off


General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)
References:
*https://bugzilla.mozilla.org/show_bug.cgi?id=697132
*https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/20372fc7d949f57c/3af154eb549703d5


Inherent threats: Drain power, annoyances
Inherent threats: Drain power, annoyances
Line 13: Line 13:
Threat severity: Low
Threat severity: Low


== Regular web content (unauthenticated) ==
=== Permissions Table===
Use cases for unauthenticated code: Same as General
 
Authorization model for normal content: Implicit for fullscreen only, explicit otherwise
 
Authorization model for installed content: Implicit
 
Potential mitigations:
 
== Trusted (authenticated by publisher) ==
Use cases for authenticated code: Same as General
 
Authorization model: Implicit
 
Potential mitigations:
 
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code:  Same as General
 
Authorization model: Implicit
 
Potential mitigations:


Notes: It would be great if the spec also specified that the phone /needs to/should/
{| border="1" class="wikitable"
provide a resource consumption manager.  That way concerned users could see
! Type
which trusted/certified apps are responsible for a short battery life, if
! Use Cases
the phone is being drained too fast. [apf]
! Authorization Model
! Notes & Other Controls
|-
| Web Content || Same as General || Implicit for full-screen only, explicit otherwise
|-
| Installed Web Apps || Same as General || Implicit
|-
| Privileged Web Apps || Same as General || Implicit
|-
| Certified Web Apps || Same as General || Implicit
|}

Revision as of 03:22, 24 September 2012

Resource Lock API

Brief purpose of API: Prevent the screen from being dimmed or switched off

General Use Cases: Request a lock to stop the screen from being dimmed, even if the user is idle (eg. watching a movie)

References:

Inherent threats: Drain power, annoyances

Threat severity: Low

Permissions Table

Type Use Cases Authorization Model Notes & Other Controls
Web Content Same as General Implicit for full-screen only, explicit otherwise
Installed Web Apps Same as General Implicit
Privileged Web Apps Same as General Implicit
Certified Web Apps Same as General Implicit
Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/ResourceLock&oldid=472937"