Intent to Prototype: Unrestricted WebUSB (available only to Isolated Web Apps)

264 views
Skip to first unread message

Ajay Rahatekar

unread,
Dec 20, 2023, 10:20:50 AM12/20/23
to blink-dev, Matt Reynolds, Alvin Ji

Contact emails

mattre...@chromium.org, alv...@chromium.org


Specification

https://wicg.github.io/webusb/#permissions-policy


Summary

Enables trusted applications to bypass security restrictions in the WebUSB API.


The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB. With this feature, Isolated Web Apps with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes.



Blink component

Blink>USB


Search tags

usb, webusb, unrestricted


TAG review

None


Risks


Interoperability and Compatibility

WebUSB is only implemented in Chromium-based browsers.



Gecko: No signal


WebKit: No signal


Web developers: No signals


Other signals:


WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Goals for experimentation

Allow partners to validate the feature by integrating it into their isolated web applications.


Ongoing technical constraints

None



Debuggability

None



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

Unrestricted WebUSB will be supported on desktop OSes (Windows/Mac/Linux/ChromeOS).

The feature will not be available on Android since Isolated Web Apps are not supported in mobile Chrome.


Is this feature fully tested by web-platform-tests?

No, this feature cannot be tested by web platform tests because WPT does not support Isolated Web Apps and this feature is only available in IWAs. Exercising this feature requires a connected device with a protected interface class or blocklisted device IDs and there is no testing API to simulate a connected device of this type.


Flag name on chrome://flags

None


Finch feature name

UnrestrictedUsb


Requires code in //chrome?

Yes, permissions logic in //chrome/browser/usb is modified to allow Isolated Web Apps with the "usb-unrestricted" feature to request access to blocklisted devices.


Tracking bug

https://crbug.com/1236706


Launch bug

https://launch.corp.google.com/launch/4281834


Estimated milestones

Shipping on desktop

123


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5106506475503616


This intent message was generated by Chrome Platform Status.


Reply all
Reply to author
Forward
0 new messages