Cool, sounds like a good idea.
On Wed, Feb 5, 2014 at 6:58 PM, Paul Theriault <[email protected]> wrote: > The problem with this approach is it relies on developers knowing which > permissions are should be system app only, and which ones can be used by > other certified apps. We have already run into this with partner developers, > and fair enough since this restriction isn't documented anywhere. > > Regardless of if we enforce this or not, then at least we need to documents > which permissions should be only used by the system app so that this will be > more well know. (I'll raise a bug assigned to me I guess to make this list) > > > > On Feb 6, 2014, at 12:48 PM, Jonas Sicking wrote: > >> On Jan 30, 2014 9:21 AM, "Stéphanie Ouillon" <[email protected]> >> wrote: >>> >>> Hi, >>> >>> >>> The "nfc-manager" permission allows a certified app to receive any >>> broadcasted message (such as "nfc-manager-send-file) coming from Gecko. >>> These messages are meant to be routed by the System app to all other NFC >>> enabled applications. Thus only the System app should be able to have >>> this permission (the browser shouldn't have it, see bug 963488). >>> >>> There is a bunch of certified permissions that are only used in System: >>> cellbroadcast, input-manage, embed-apps, background-censors (and another >>> bunch used in both System and Settings only). But I'm not sure whether >>> it could be used somewhere else someday or not. >>> >>> The question is the following one: it is worth considering having a set >>> of permissions restricted to the System app only? >> >> Certified APIs are only exposed to certified apps that at build time >> enumerate the appropriate permission in their manifest. >> >> So these APIs are effectively already only exposed to the system app. >> >> This has the security benefits you mention, while also keeping us flexible >> for future changes. >> >> / Jonas >> _______________________________________________ >> dev-b2g mailing list >> [email protected] >> https://lists.mozilla.org/listinfo/dev-b2g > _______________________________________________ dev-b2g mailing list [email protected] https://lists.mozilla.org/listinfo/dev-b2g
