Security/Reviews/Gaia/Camera: Difference between revisions
Ptheriault (talk | contribs) (Created page with "=== App Review Details === * App: * Review Date: * Review Lead: === Overview === ===Architecture=== ====Components==== ====Relevant Source Code==== ====Permission...") |
Ptheriault (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
=== App Review Details === | === App Review Details === | ||
* App: | * App: Gaia Camera App | ||
* Review Date: | * Review Date: 23 Jun 2013 | ||
* Review Lead: | * Review Lead: Paul Theriault | ||
=== Overview === | === Overview === | ||
Camera takes photos and video using the certified-only Camera Control API (https://developer.mozilla.org/en-US/docs/Web/API/CameraControl) | |||
This API is only available tot he camera app for security reasons. The camera app however does handle certain web activities so that other apps can take pictures and video. | |||
===Architecture=== | ===Architecture=== | ||
| Line 14: | Line 15: | ||
====Relevant Source Code==== | ====Relevant Source Code==== | ||
The camera app consists of 2 javascript files: | |||
https://github.com/mozilla-b2g/gaia/blob/master/apps/camera/js/camera.js | |||
https://github.com/mozilla-b2g/gaia/blob/master/apps/camera/js/filmstrip.js | |||
====Permissions==== | |||
"permissions": { | |||
"storage":{}, | |||
"device-storage:pictures":{ "access": "readwrite" }, | |||
"device-storage:videos":{ "access": "readwrite" }, | |||
"settings":{ "access": "readonly" }, | |||
"camera":{}, | |||
"geolocation":{}, | |||
"audio-channel-notification":{} | |||
}, | |||
====Web Activity Handlers ==== | |||
Supports 2 activities: record (photo & video) & pick (images video) | |||
Record starts the camera in either photo or video mode. | |||
Pick returns an image to the calling page. | |||
"activities": { | |||
"record": { | |||
"filters": { | |||
"type": ["photos", "videos"] | |||
}, | |||
"disposition": "window" | |||
}, | |||
"pick": { | |||
"filters": { | |||
"type": ["image/*", "image/jpeg"] | |||
}, | |||
"returnValue": true, | |||
"disposition": "inline", | |||
"href": "/index.html#pick" | |||
} | |||
}, | |||
====Web Activity Usage ==== | ====Web Activity Usage ==== | ||
Use mozactivity to launch the gallery. No security implications. | |||
filmstrip launches a share activity. Again doesn't do anything with return value, so no security implications. | |||
==== Notable Event Handlers ==== | ==== Notable Event Handlers ==== | ||
No issues identified. | |||
===Code Review Notes=== | |||
Limited inputs apart from web activity usage discussed above. | |||
====1. XSS & HTML Injection attacks==== | ====1. XSS & HTML Injection attacks==== | ||
Not really any inputs so no risk here. | |||
====2. Secure Communications ==== | ====2. Secure Communications ==== | ||
Doesn't do any communication | |||
====3. Secure data storage ==== | ====3. Secure data storage ==== | ||
No applicable. | |||
====4. Denial of Service ==== | ====4. Denial of Service ==== | ||
#Use all disk space with a recording? | |||
*No way for another app to start recording. | |||
#Starting camera to waste battery? | |||
*Web activity could be used to start camera, which would consume a lot of bandwidth. Not really any different to other resource usage (e.g. deliberately chewing cpu etc) | |||
* DoS the camera by repeated recordings | |||
====5. Use of Privileged APIs ==== | ====5. Use of Privileged APIs ==== | ||
Settings access readonly, just used for shutter noise. | |||
====6. Interfaces with other Apps/Content==== | ====6. Interfaces with other Apps/Content==== | ||
Device storage is only interface apart from web activities. | |||
=== Security Risks & Mitigating Controls === | === Security Risks & Mitigating Controls === | ||
Video indicator is broken - turns on but doesn't turn off. | |||
=== Actions & Recommendations === | === Actions & Recommendations === | ||
Recording indicator shows that camera is enabled, but not which camera, or how to turn it off. (known issues 828600) | |||
[[Category:SecReview]] | [[Category:SecReview]] | ||
Latest revision as of 02:32, 24 June 2013
App Review Details
- App: Gaia Camera App
- Review Date: 23 Jun 2013
- Review Lead: Paul Theriault
Overview
Camera takes photos and video using the certified-only Camera Control API (https://developer.mozilla.org/en-US/docs/Web/API/CameraControl) This API is only available tot he camera app for security reasons. The camera app however does handle certain web activities so that other apps can take pictures and video.
Architecture
Components
Relevant Source Code
The camera app consists of 2 javascript files: https://github.com/mozilla-b2g/gaia/blob/master/apps/camera/js/camera.js https://github.com/mozilla-b2g/gaia/blob/master/apps/camera/js/filmstrip.js
Permissions
"permissions": {
"storage":{},
"device-storage:pictures":{ "access": "readwrite" },
"device-storage:videos":{ "access": "readwrite" },
"settings":{ "access": "readonly" },
"camera":{},
"geolocation":{},
"audio-channel-notification":{}
},
Web Activity Handlers
Supports 2 activities: record (photo & video) & pick (images video)
Record starts the camera in either photo or video mode.
Pick returns an image to the calling page.
"activities": {
"record": {
"filters": {
"type": ["photos", "videos"]
},
"disposition": "window"
},
"pick": {
"filters": {
"type": ["image/*", "image/jpeg"]
},
"returnValue": true,
"disposition": "inline",
"href": "/index.html#pick"
}
},
Web Activity Usage
Use mozactivity to launch the gallery. No security implications.
filmstrip launches a share activity. Again doesn't do anything with return value, so no security implications.
Notable Event Handlers
No issues identified.
Code Review Notes
Limited inputs apart from web activity usage discussed above.
1. XSS & HTML Injection attacks
Not really any inputs so no risk here.
2. Secure Communications
Doesn't do any communication
3. Secure data storage
No applicable.
4. Denial of Service
- Use all disk space with a recording?
- No way for another app to start recording.
- Starting camera to waste battery?
- Web activity could be used to start camera, which would consume a lot of bandwidth. Not really any different to other resource usage (e.g. deliberately chewing cpu etc)
- DoS the camera by repeated recordings
5. Use of Privileged APIs
Settings access readonly, just used for shutter noise.
6. Interfaces with other Apps/Content
Device storage is only interface apart from web activities.
Security Risks & Mitigating Controls
Video indicator is broken - turns on but doesn't turn off.
Actions & Recommendations
Recording indicator shows that camera is enabled, but not which camera, or how to turn it off. (known issues 828600)