Security/Reviews/FxOSGecko/Template
Jump to navigation
Jump to search
Overview
FirefoxOS Review Details
- API: XXXXX API
- Review Date: October 2013
- Review Lead: L.E. Taccor
Context
- Why are we doing a review
- Has it been reviewed before
- Any special risks or concerns
Scope
- What parts of Gaia, Gecko and or Gonk are we looking.
The following system components were reviewed:
- Gaia
Configuration of Wifi via the settings (and other Apps)
- Gaia
- Foo app
- Web Activities provided by Bar app
- Gecko
- mozXXX interface
- Gecko Permissions
- Messaging ( messages, system messages)
- Interface to XYZ service on IPC socket (JSON-based communication protocol)
- Gonk
- XYZ Service
The following items were deemed lower risk and not reviewed:
- Communication between XYZ and hardware
- etc etc
Components
See Web NFC review for example
Relevant Source Code
Permission Model
- Paste from Permissions Table.jsm (see below)
- Discuss anything special like access
- Discuss where permissions are enforced (access to object, on IPC messages, at each function call etc)
"wifi-manage": {
190 app: DENY_ACTION,
191 privileged: DENY_ACTION,
192 certified: ALLOW_ACTION
193 },