Lucas Adamski
unread,May 8, 2012, 7:47:47 PM5/8/12You do not have permission to delete messages in this group
Sign in to report message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, dev-b2g
Please reply-to
dev-w...@lists.mozilla.org
Name of API: Permission API
Reference:
https://bugzilla.mozilla.org/show_bug.cgi?id=707625
Brief purpose of API: Allow an app to manage app permissions in a centralized location
General Use Cases: None
Inherent threats: Change security and privacy permissions, potentially leading to device compromise
Threat severity: Critical
== Regular web content (unauthenticated) ==
Use cases for unauthenticated code:None
Authorization model for normal content: None
Authorization model for installed content: None
Potential mitigations:
== Trusted (authenticated by publisher) ==
Use cases for authenticated code: None
Use cases for trusted code: None
Potential mitigations:
== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: Centralized permissions management app; modify per-app settings
Authorization model: Implicit
Potential mitigations: None
Note: We are not exposing permission settings to non-certified apps. Apps cannot determine their current settings without actually requesting a permission.