Intent to Ship: Unrestricted WebUSB (available only to Isolated Web Apps)

Ajay Rahatekar

unread,

May 22, 2024, 1:08:56 PMMay 22

to blink-dev, mattre...@chromium.org

Contact emails

mattre...@chromium.org

Specification

https://wicg.github.io/webusb/#permissions-policy

Summary

Enables trusted applications to bypass security restrictions in the WebUSB API.

The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB. With this feature, Isolated Web Apps (https://github.com/WICG/isolated-web-apps) with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes.

Blink component

Blink>USB

Search tags

usb, webusb, unrestricted

TAG review

None

TAG review status

Not applicable

Risks

Interoperability and Compatibility

WebUSB is only implemented in Chromium-based browsers.

Gecko: No signal

WebKit: No signal

Web developers: No signals

Other signals:

WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None

Debuggability

None

Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

No

This feature is not available on Android because Isolated Web Apps are not supported in Chrome for Android.

Is this feature fully tested by web-platform-tests?

No, this feature is only available in Isolated Web Apps which are not yet supported for web platform tests.

Flag name on chrome://flags

chrome://flags/#enable-unrestricted-usb

Finch feature name

UnrestrictedUsb

Requires code in //chrome?

False

Tracking bug

https://crbug.com/40783010

Launch bug

https://launch.corp.google.com/launch/4281834

Estimated milestones

Shipping on desktop

127

Anticipated spec changes

Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).

None

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5106506475503616?gate=6251287998103552

Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAgOvR6ggk64OaEGkfJE%2BOsMh0jKjORBZ_LyN2Pdad%3Dg3w%40mail.gmail.com

This intent message was generated by Chrome Platform Status.

Reilly Grant

unread,

May 22, 2024, 2:11:46 PMMay 22

to Ajay Rahatekar, blink-dev, mattre...@chromium.org

LGTM as an IWA OWNER (3x LGTM from Blink API OWNERS are still required according to the IWA-specific API launch process).

This is a good example of IWA-specific behavior minimally extending an existing API and I think this approach strikes a good balance between capability and security.

Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com.

Mike Taylor

unread,

May 22, 2024, 9:31:11 PMMay 22

to Ajay Rahatekar, blink-dev, mattre...@chromium.org

Could you please request the various Privacy, Security, Enterprise, etc. review gates in your chromestatus entry?

Ajay Rahatekar

unread,

May 23, 2024, 8:20:26 PMMay 23

to blink-dev, mike...@chromium.org, blink-dev, mattre...@chromium.org, Ajay Rahatekar

Ty, Mike. Reviews have been requested.

Mike Taylor

unread,

May 29, 2024, 9:49:58 AMMay 29

to Reilly Grant, Ajay Rahatekar, blink-dev, mattre...@chromium.org

LGTM1 to ship this for IWAs only.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com.

Vladimir Levin

unread,

May 29, 2024, 10:43:20 AMMay 29

to Mike Taylor, Reilly Grant, Ajay Rahatekar, blink-dev, mattre...@chromium.org

On Wed, May 29, 2024 at 9:49 AM Mike Taylor <mike...@chromium.org> wrote:

LGTM1 to ship this for IWAs only.

On 5/22/24 2:11 PM, Reilly Grant wrote:

LGTM as an IWA OWNER (3x LGTM from Blink API OWNERS are still required according to the IWA-specific API launch process).

This is a good example of IWA-specific behavior minimally extending an existing API and I think this approach strikes a good balance between capability and security.

Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome

On Wed, May 22, 2024 at 10:08 AM 'Ajay Rahatekar' via blink-dev <blin...@chromium.org> wrote:

Contact emails

mattre...@chromium.org

Specification

https://wicg.github.io/webusb/#permissions-policy

Summary

Enables trusted applications to bypass security restrictions in the WebUSB API.

The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB. With this feature, Isolated Web Apps (https://github.com/WICG/isolated-web-apps) with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes.

Can you comment on what types of "blocklisted devices and protected interface classes" are there that this would enable access to? I'm just looking over IWA-specific API launch process, and there's the "unsafe at any speed" bucket. I presume this doesn't fall into that category, but I'm still interested to see what this would enable

Thanks!

Vlad

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/757cd331-11b0-44b8-8088-24492aeae8b7%40chromium.org.

Matt Reynolds

unread,

May 29, 2024, 4:05:39 PMMay 29

to Vladimir Levin, Mike Taylor, Reilly Grant, Ajay Rahatekar, blink-dev

The list of protected interface classes is defined in the spec and currently includes Audio, Human Interface Device (HID), Mass Storage, Smart Card, Video, Audio/Video, and Wireless Controller:

https://wicg.github.io/webusb/#has-a-protected-interface-class

The blocklisted device list is maintained in a separate file in the spec repository and currently only includes USB security key devices:

https://github.com/WICG/webusb/blob/main/blocklist.txt

Alex Russell

unread,

May 29, 2024, 7:30:31 PMMay 29

to blink-dev, Matt Reynolds, Mike Taylor, Reilly Grant, ajayra...@google.com, blink-dev, Vladimir Levin

Thanks, Matt. This is helpful.

LGTM2.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Chris Harrelson

unread,

May 30, 2024, 2:59:01 PMMay 30

to Alex Russell, blink-dev, Matt Reynolds, Mike Taylor, Reilly Grant, ajayra...@google.com, Vladimir Levin

LGTM3

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/757cd331-11b0-44b8-8088-24492aeae8b7%40chromium.org.

--

You received this message because you are subscribed to the Google Groups "blink-dev" group.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/eb7c711c-7069-4268-b44a-f8bfee6101b7n%40chromium.org.

Reply all

Reply to author

Forward