#33939: Decide which components of Fenix to rip out, disable, or use
----------------------------------------------+----------------------------
Reporter: gk | Owner: tbb-team
Type: task | Status: new
Priority: High | Milestone:
Component: Applications/Tor Browser | Version:
Severity: Normal | Resolution:
Keywords: tbb-mobile, TorBrowserTeam202006 | Actual Points:
Parent ID: #33661 | Points:
Reviewer: | Sponsor:
| Sponsor58-must
----------------------------------------------+----------------------------
Comment (by sysrqb):
Replying to [comment:3 sysrqb]:
> The follow list partitions the dependencies into "include", "exclude",
"disable", and "must-audit" sets
>
> "Must Audit" includes dependencies that we could allow depending on
their implementation
>
> "Disable" includes dependencies that we probably do not want and we
should always use "Dummy" implementations
>
> "Disable" and "Exclude" may merge into a single set.
>
> === Include ===
> {{{
> > # GeckoView
> > mozilla_browser_engine_gecko_nightly -> org.mozilla.components
:browser-engine-gecko-nightly
> > mozilla_browser_engine_gecko_beta -> org.mozilla.components:browser-
engine-gecko-beta
#34177
> {{{
> >
> > # Kotlin std library
> > kotlin_stdlib -> org.jetbrains.kotlin:kotlin-stdlib-jdk7
> >
> > # Import/enable coroutine functionality in Kotlin
> > kotlin_coroutines -> org.jetbrains.kotlinx:kotlinx-coroutines-core
> > kotlin_coroutines_android -> org.jetbrains.kotlinx:kotlinx-coroutines-
android
> >
> > # AndroidX compatibility libraries
> > androidx_appcompat -> androidx.appcompat:appcompat
> > androidx_constraintlayout ->
androidx.constraintlayout:constraintlayout
> > androidx_coordinatorlayout ->
androidx.coordinatorlayout:coordinatorlayout
Presumed safe.
> {{{
> >
> > # Dynamically (?) creates license list
> > osslicenses_library -> com.google.android.gms:play-services-oss-
licenses
It seems like `play-services-oss-licenses` is closed source? :(
The [https://github.com/google/play-services-plugins/tree/oss-licenses-
plugin-v0.9.5/oss-licenses-
plugin/src/main/groovy/com/google/android/gms/oss/licenses/plugin plugin]
seems fine and is a gradle build-time thing. As I understand it, the
plugin grabs all of the `<license>` elements from the dependencies and
places them in some-format in `res/raw/third_party_license_metadata`.
Then, `com.google.android.gms.oss.licenses.OssLicensesMenuActivity` takes
that `third_party_license` file and renders it. Therefore, `play-services-
oss-licenses` *should* be proxy-safe, but I'd feel better if we could
audit the code.
> {{{
> >
> > # High-level descriptions/contracts of a browser engine
> > mozilla_concept_engine -> org.mozilla.components:concept-engine
No references to `net`, `tcp`, `udp`, `write`, `read`, `send`, `recv`,
`launch`, `startActivity`. `Uri` is only used for parsing a string.
`write` used for serializing data (in memory). `connect` in
`Engine::speculativeConnect()` interface.
> {{{
> >
> > # High-level descriptions/contracts of a storage layer
> > mozilla_concept_storage -> org.mozilla.components:concept-storage
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `Uri`,
`send`, `recv`, `launch`, `startActivity`.
> {{{
> >
> > # High-level descriptions/contracts of a browser toolbar
> > mozilla_concept_toolbar -> org.mozilla.components:concept-toolbar
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `Uri`,
`send`, `recv`, `launch`, `startActivity`.
> {{{
> >
> > # High-level descriptions/contracts of a tabs tray component
> > mozilla_concept_tabstray -> org.mozilla.components:concept-tabstray
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `Uri`,
`send`, `recv`, `launch`, `startActivity`.
> {{{
> >
> > # A customizable Awesome Bar implementation for browsers
> > mozilla_browser_awesomebar -> org.mozilla.components:browser-
awesomebar
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `Uri`,
`send`, `recv`, `startActivity`. `launch` used for coroutines.
> {{{
> >
> > # APIs for managing localized and customizable domain lists
> > mozilla_browser_domains -> org.mozilla.components:browser-domains
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `Uri`,
`send`, `recv`, `startActivity`. `launch` used for coroutines.
> {{{
> >
> > # A customizable tabs tray for browsers implementation
> > mozilla_browser_tabstray -> org.mozilla.components:browser-tabstray
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `Uri`,
`send`, `recv`, `launch`, `startActivity`.
> {{{
> >
> > # A generic menu implementation with customizable items
> > mozilla_browser_menu -> org.mozilla.components:browser-menu
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `Uri`,
`send`, `recv`, `startActivity`. `launch` used for coroutines.
> {{{
> >
> > # Search plugins and companion code to load, parse and use them
> > mozilla_browser_search -> org.mozilla.components:browser-search
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `send`,
`recv`, `startActivity`. `launch` used for coroutines. `Uri` is used for
local Search Engine files.
> {{{
> >
> > # A generic representation of a browser Session and a SessionManager
to link browser sessions to underlying Engine Sessions and SessionStorage
> > mozilla_browser_session -> org.mozilla.components:browser-session
No references to `net`, `connect`, `tcp`, `udp`, `send`, `recv`,
`startActivity`. `write` and `read` used for reading/writing session
history/state files. `load` for receiving load requests from the OS. `Uri`
is only used for parsing a string. #34427
> {{{
> >
> > # A customizable toolbar for browsers
> > mozilla_browser_toolbar -> org.mozilla.components:browser-toolbar
No references to `net`, `tcp`, `udp`, `write`, `read`, or `Uri`. `connect`
is used for setting `ConstraintSet` for the UI. `launch` used for
coroutines.
> {{{
> >
> > # Contains building blocks for features implemented as web extensions
> > mozilla_support_extensions -> org.mozilla.components:support-
webextensions
No references to `net`, `tcp`, `udp`, `write`, `read`, `Uri`, `recv`,
`launch`, `startActivity`. `connect` used for
[https://developer.mozilla.org/en-US/docs/Mozilla/Add-
ons/WebExtensions/API/runtime/connectNative NativeMessaging]. `send` for
sending messages from a webextension into Content.
> {{{
> >
> > # Provides functionality for managing add-ons
> > mozilla_feature_addons -> org.mozilla.components:feature-addons
No references to `net`, `connect`, `tcp`, `udp`, `Uri`, `send`, `recv`,
`startActivity`. `read`/`write` used for caching on disk a list of
installed addons. The AddOn's feature periodically triggers an update
check which is handled by Gecko. `launch` used for coroutines.
> {{{
> >
> > # Ties together an FxaAccountManager with the tabs feature, to
facilitate OAuth authentication flows managed by the account manager
> > mozilla_feature_accounts -> org.mozilla.components:feature-accounts
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `send`,
`recv`, `launch`, `startActivity`. `Uri` is only used for parsing a
string. `launch` used for coroutines.
> {{{
> >
> > # Connects a concept-awesomebar implementation to a concept-toolbar
implementation and provides implementations of various suggestion
providers
> > mozilla_feature_awesomebar -> org.mozilla.components:feature-
awesomebar
No references to `net`, `tcp`, `udp`, `write`, `read`, `Uri`, `send`,
`recv`, `launch`, `startActivity`. `ClipboardSuggestionProvider` triggers
a `speculativeConnect` when a suggestion is created. Nifty.
> {{{
> >
> > # Displaying context menus when *long-pressing* web content
> > mozilla_feature_contextmenu -> org.mozilla.components:feature-
contextmenu
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `Uri`,
`recv`, `launch`. `startActivity` is called when "Share link" transfers
control to the operating system with a request to show the user a
"Chooser" menu. `send` comes with `sendSearch()` where a search query is
initiatiated based on text selection (when the user requests the search).
> {{{
> >
> > # Providing Custom Tabs functionality in browsers
> > mozilla_feature_customtabs -> org.mozilla.components:feature-
customtabs
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `recv`.
`Uri` is used for parsing a string, and it is passed to Android OS for
letting the OS (or user) to choose which app should open/handle that
request. `launch` used for coroutines. `send` from `sendWithSession` for
mutating a PendingIntent with a session's Uri.
#34428
DigitalAssetLinksHandler triggers [https://developers.google.com/digital-
asset-links/reference/rest/v1/assetlinks/check background request].
#34429
#21657
> {{{
> >
> > # Provides website media related features
> > mozilla_feature_media -> org.mozilla.components:feature-media
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `Uri`,
`send`, `recv`, `startActivity`. `launch` used for coroutines, and
creating a PendingIntent for itself that is used when a notification is
pressed. And MediaService?
> {{{
> >
> > # Handles common prompt dialogs from web content like select, option
and menu html elements
> > mozilla_feature_prompts -> org.mozilla.components:feature-prompts
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `send`,
`recv`. `startActivity` is an abstract function. Also, `startActivity` is
called for launching a Camera app ("capture"). `Uri` is used for passing
around file paths.
#33661
> {{{
> >
> > # Connects an (concept) engine implementation with the browser search
module
> > mozilla_feature_search -> org.mozilla.components:feature-search
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `recv`,
`Uri`, `launch`, `startActivity`. `send` is seen:
{{{
/**
* May be implemented by client code in order to allow a component to
start searches.
*/
interface SearchAdapter {
/**
* Called by the component to indicate that the user should be shown a
search.
*/
fun sendSearch(isPrivate: Boolean, text: String)
}}}
> {{{
> >
> > # Connects an (concept) engine implementation with the browser session
module
> > mozilla_feature_session -> org.mozilla.components:feature-session
No references to `net`, `connect`, `tcp`, `udp`, `write`, `send`, `read`,
`recv`, `launch`, `startActivity`. `Uri` is used for saving history state.
#34431
> {{{
> >
> > # Connects a (concept) toolbar implementation with the browser session
module
> > mozilla_feature_toolbar -> org.mozilla.components:feature-toolbar
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `recv`,
`Uri`, `startActivity`. `send` and `launch` used for coroutines.
> {{{
> >
> > # Connects a trabs tray implementation with the session and toolbar
modules
> > mozilla_feature_tabs -> org.mozilla.components:feature-tabs
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `recv`,
`Uri`, `send`, `launch`, `startActivity`
> {{{
> >
> > # Provides Find in Page functionality
> > mozilla_feature_findinpage -> org.mozilla.components:feature-
findinpage
No references to `net`, `connect`, `tcp`, `udp`, `write`, `read`, `recv`,
`Uri`, `send`, `launch`, `startActivity`
(I'll finish the remainder tomorrow, and begin auditing/eliminating
dependencies from Must Audit)
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/33939#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
