Intent to Ship: Unrestricted WebUSB (available only to Isolated Web Apps)

525 views
Skip to first unread message

Ajay Rahatekar

unread,
May 22, 2024, 1:08:56 PMMay 22
to blink-dev, mattre...@chromium.org

Contact emails

mattre...@chromium.org


Specification

https://wicg.github.io/webusb/#permissions-policy


Summary

Enables trusted applications to bypass security restrictions in the WebUSB API.


The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB. With this feature, Isolated Web Apps (https://github.com/WICG/isolated-web-apps) with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes.



Blink component

Blink>USB


Search tags

usb, webusb, unrestricted


TAG review

None


TAG review status

Not applicable


Risks



Interoperability and Compatibility

WebUSB is only implemented in Chromium-based browsers.



Gecko: No signal


WebKit: No signal


Web developers: No signals


Other signals:


WebView application risks

Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?

None



Debuggability

None



Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)?

No

This feature is not available on Android because Isolated Web Apps are not supported in Chrome for Android.



Is this feature fully tested by web-platform-tests?

No, this feature is only available in Isolated Web Apps which are not yet supported for web platform tests.


Flag name on chrome://flags

chrome://flags/#enable-unrestricted-usb


Finch feature name

UnrestrictedUsb


Requires code in //chrome?

False


Tracking bug

https://crbug.com/40783010


Launch bug

https://launch.corp.google.com/launch/4281834


Estimated milestones

Shipping on desktop

127


Anticipated spec changes

Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).

None


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5106506475503616?gate=6251287998103552


Links to previous Intent discussions

Intent to prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAgOvR6ggk64OaEGkfJE%2BOsMh0jKjORBZ_LyN2Pdad%3Dg3w%40mail.gmail.com


This intent message was generated by Chrome Platform Status.


Reilly Grant

unread,
May 22, 2024, 2:11:46 PMMay 22
to Ajay Rahatekar, blink-dev, mattre...@chromium.org
LGTM as an IWA OWNER (3x LGTM from Blink API OWNERS are still required according to the IWA-specific API launch process).

This is a good example of IWA-specific behavior minimally extending an existing API and I think this approach strikes a good balance between capability and security.
Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome


--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com.

Mike Taylor

unread,
May 22, 2024, 9:31:11 PMMay 22
to Ajay Rahatekar, blink-dev, mattre...@chromium.org

Could you please request the various Privacy, Security, Enterprise, etc. review gates in your chromestatus entry?

Ajay Rahatekar

unread,
May 23, 2024, 8:20:26 PMMay 23
to blink-dev, mike...@chromium.org, blink-dev, mattre...@chromium.org, Ajay Rahatekar
Ty, Mike. Reviews have been requested. 

Mike Taylor

unread,
May 29, 2024, 9:49:58 AMMay 29
to Reilly Grant, Ajay Rahatekar, blink-dev, mattre...@chromium.org

Vladimir Levin

unread,
May 29, 2024, 10:43:20 AMMay 29
to Mike Taylor, Reilly Grant, Ajay Rahatekar, blink-dev, mattre...@chromium.org
On Wed, May 29, 2024 at 9:49 AM Mike Taylor <mike...@chromium.org> wrote:

LGTM1 to ship this for IWAs only.

On 5/22/24 2:11 PM, Reilly Grant wrote:
LGTM as an IWA OWNER (3x LGTM from Blink API OWNERS are still required according to the IWA-specific API launch process).

This is a good example of IWA-specific behavior minimally extending an existing API and I think this approach strikes a good balance between capability and security.
Reilly Grant | Software Engineer | rei...@chromium.org | Google Chrome


On Wed, May 22, 2024 at 10:08 AM 'Ajay Rahatekar' via blink-dev <blin...@chromium.org> wrote:

Contact emails

mattre...@chromium.org


Specification

https://wicg.github.io/webusb/#permissions-policy


Summary

Enables trusted applications to bypass security restrictions in the WebUSB API.


The WebUSB specification defines a blocklist of vulnerable devices and a table of protected interfaces classes that are blocked from access through WebUSB. With this feature, Isolated Web Apps (https://github.com/WICG/isolated-web-apps) with permission to access the "usb-unrestricted" Permission Policy feature will be allowed to access blocklisted devices and protected interface classes.

Can you comment on what types of "blocklisted devices and protected interface classes" are there that this would enable access to? I'm just looking over IWA-specific API launch process, and there's the "unsafe at any speed" bucket. I presume this doesn't fall into that category, but I'm still interested to see what this would enable

Thanks!
Vlad
 

Matt Reynolds

unread,
May 29, 2024, 4:05:39 PMMay 29
to Vladimir Levin, Mike Taylor, Reilly Grant, Ajay Rahatekar, blink-dev
The list of protected interface classes is defined in the spec and currently includes Audio, Human Interface Device (HID), Mass Storage, Smart Card, Video, Audio/Video, and Wireless Controller:

https://wicg.github.io/webusb/#has-a-protected-interface-class

The blocklisted device list is maintained in a separate file in the spec repository and currently only includes USB security key devices:

https://github.com/WICG/webusb/blob/main/blocklist.txt

Alex Russell

unread,
May 29, 2024, 7:30:31 PMMay 29
to blink-dev, Matt Reynolds, Mike Taylor, Reilly Grant, ajayra...@google.com, blink-dev, Vladimir Levin
Thanks, Matt. This is helpful.

LGTM2.

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Chris Harrelson

unread,
May 30, 2024, 2:59:01 PMMay 30
to Alex Russell, blink-dev, Matt Reynolds, Mike Taylor, Reilly Grant, ajayra...@google.com, Vladimir Levin
LGTM3

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/eb7c711c-7069-4268-b44a-f8bfee6101b7n%40chromium.org.

Ajay Rahatekar

unread,
Jun 18, 2024, 4:21:05 PMJun 18
to blink-dev, Chris Harrelson, blink-dev, mattre...@chromium.org, mike...@chromium.org, rei...@chromium.org, Ajay Rahatekar, vmp...@chromium.org, sligh...@chromium.org
FYI: This feature is now planned for shipping in M128.
Reply all
Reply to author
Forward
0 new messages