WebAPI/Security/FMRadioAPI

From MozillaWiki
< WebAPI‎ | Security
Revision as of 03:08, 16 July 2012 by Ptheriault (talk | contribs) (Created page with "== FM Radio API== Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=749053 Brief purpose of API: FM radio feature. General Use Cases: Turn on/off the radio, change frequency, che...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

FM Radio API

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=749053 Brief purpose of API: FM radio feature. General Use Cases: Turn on/off the radio, change frequency, check status of various radio features Inherent threats: annoyance, drain the battery Threat severity: low

General notes:

  • Multiple apps/pages can try to modify radio settings at the same time with the most recent action taking effect.
  • Turning on the radio causes the audio stream to be played - there is no access to the stream data

Regular web content (unauthenticated)

  • Use cases for unauthenticated code: radio app/web page
  • Authorization model for normal content: explicit
  • Authorization model for installed content: implicit
  • Potential mitigations: An app or page can't access any of the radio API if another page/app is currently using it. Whenever a page/app uses the API for the first time since another page/app used it, always resent the current frequency to some specified value

Trusted (authenticated by publisher)

  • Use cases for certified code: radio app
  • Authorization model: Implicit
  • Potential mitigations: Same as for unauthenticated.

Certified (vouched for by trusted 3rd party)

  • Use cases for certified code: radio app
  • Authorization model: Implicit
  • Potential mitigations: Same as for unauthenticated. Technically we wouldn't need to resent the frequency here, but seems nicer to keep things consistent.
Retrieved from "https://wiki.allizom.org/index.php?title=WebAPI/Security/FMRadioAPI&oldid=450875"