Hi all,
Yesterday Jonas and I have had a discussion about apps and
widgets/gadgets upon LockScreen, and we've found that we may need 3
changes among API and manifests to allow these apps and widgets to be
opened in secure mode. Since these 3 changes are relevant, I feel it
would be better to explain them at once, rather than send mails
separately.
Currently if you set passcode on your device, it would show LockScreen
with a camera icon. When you press the icon, it would actually launch
Camera app in 'secure mode', which means it has different UI from the
ordinary camera, and then user can't access Gallery from Camera.
However the current implementation is a hack: LockScreen would
directly launch the app with a hash tag ('#secure') after Camera's
URL. We want to change this with the capability to allow apps indicate
their secure pages in manifests, so that only those pages can be
launched in secure mode (Bug 1026920).
The draft is to add a property in manifest like:
safeLockedPages: [ 'secure-camera.html', 'page1.html' ]
Another manifest change is to add a property in the activities
section. This is for the use case that when a secure app or widget
invoke the web activity, the activity handler must handle it in secure
mode, too.
For example, given that we have a widget upon LockScreen in secure
mode, when it send a 'pick' activity to launch Camera, the app should
be launched in secure mode as well. So we need to have a flag like
(Bug 1026930):
activities: {
pick: '...html',
safeWhileLocked: true
}
Only apps with such activities flag can be launched via WebActivity
when the device is locked. However, we also need an API to let the app
detect whether the device is locked in the program level. So Jonas has
proposed two APIs for it (Bug 1026913):
navigator.deviceLocked
window.ondevicelockedchanged
( include one event can be handled by addEventListener)
Apps can detect whether now the device is locked with the first API,
and can listen to the event to change its state dynamically.
In this way the app can launch in secure pages, and it would work for
activities, too. The app can also listen to the locking state change
to decide whether it needs to do something to change the UI.
Furthermore, we can finally get rid of the tricky secure Camera from
LockScreen, which bothers us a long while (remembered the nasty,
duplicated camera.js in System app?)
--
Greg Weng
http://about.me/snowmantw
Understand y f = f [ y f ] ; lose last remaining non-major friend
-- Anonymous
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
