Intent to Ship: Unrestricted WebUSB (available only to Isolated Web Apps)
Ajay Rahatekar
Contact emails
Specification
https://wicg.github.io/webusb/#permissions-policy
Summary
Enables trusted applications to bypass security restrictions in the WebUSB API.
The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB. With this feature, Isolated Web Apps (https://github.com/WICG/isolated-web-apps) with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes.
Blink component
Search tags
TAG review
None
TAG review status
Not applicable
Risks
Interoperability and Compatibility
WebUSB is only implemented in Chromium-based browsers.
Gecko: No signal
WebKit: No signal
Web developers: No signals
Other signals:
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
None
Debuggability
None
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?
No
This feature is not available on Android because Isolated Web Apps are not supported in Chrome for Android.
Is this feature fully tested by web-platform-tests?
No, this feature is only available in Isolated Web Apps which are not yet supported for web platform tests.
Flag name on chrome://flags
chrome://flags/#enable-unrestricted-usb
Finch feature name
UnrestrictedUsb
Requires code in //chrome?
False
Tracking bug
Launch bug
https://launch.corp.google.com/launch/4281834
Estimated milestones
Anticipated spec changes
Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).
None
Link to entry on the Chrome Platform Status
https://chromestatus.com/feature/5106506475503616?gate=6251287998103552
Links to previous Intent discussions
Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAgOvR6ggk64OaEGkfJE%2BOsMh0jKjORBZ_LyN2Pdad%3Dg3w%40mail.gmail.com
This intent message was generated by Chrome Platform Status.
Reilly Grant
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com.
Mike Taylor
Could you please request the various Privacy, Security,
Enterprise, etc. review gates in your chromestatus entry?
Ajay Rahatekar
Mike Taylor
LGTM1 to ship this for IWAs only.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com.
Vladimir Levin
LGTM1 to ship this for IWAs only.
On 5/22/24 2:11 PM, Reilly Grant wrote:
LGTM as an IWA OWNER (3x LGTM from Blink API OWNERS are still required according to the IWA-specific API launch process).
This is a good example of IWA-specific behavior minimally extending an existing API and I think this approach strikes a good balance between capability and security.
On Wed, May 22, 2024 at 10:08 AM 'Ajay Rahatekar' via blink-dev <blin...@chromium.org> wrote:
Contact emails
Specification
https://wicg.github.io/webusb/#permissions-policy
Summary
Enables trusted applications to bypass security restrictions in the WebUSB API.
The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB. With this feature, Isolated Web Apps (https://github.com/WICG/isolated-web-apps) with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/757cd331-11b0-44b8-8088-24492aeae8b7%40chromium.org.
Matt Reynolds
https://wicg.github.io/webusb/#has-a-protected-interface-class
The blocklisted device list is maintained in a separate file in the spec repository and currently only includes USB security key devices:
https://github.com/WICG/webusb/blob/main/blocklist.txt
Alex Russell
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Chris Harrelson
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/757cd331-11b0-44b8-8088-24492aeae8b7%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/eb7c711c-7069-4268-b44a-f8bfee6101b7n%40chromium.org.