Hi,
The "nfc-manager" permission allows a certified app to receive any broadcasted message (such as "nfc-manager-send-file) coming from Gecko. These messages are meant to be routed by the System app to all other NFC enabled applications. Thus only the System app should be able to have this permission (the browser shouldn't have it, see bug 963488). There is a bunch of certified permissions that are only used in System: cellbroadcast, input-manage, embed-apps, background-censors (and another bunch used in both System and Settings only). But I'm not sure whether it could be used somewhere else someday or not. The question is the following one: it is worth considering having a set of permissions restricted to the System app only? Pros and cons I see at the moment: + If a permission is _designed_ to be used only by the System app, such as "nfc-manager", it feels like it shouldn't be exposed at all to other apps. + From a security perspective, this kind of permissions can only be used by certified apps anyway. But it would ensure that no design mistakes or bypasses of the System app are possible (cf bug 963488). - This model is less flexible if someday one of the restricted permission is required for another certified app. Stéphanie _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
