WebAPI Security Discussion: Power Management

11 views
Skip to first unread message

Lucas Adamski

unread,
May 1, 2012, 10:08:31 PM5/1/12
to dev-w...@lists.mozilla.org, dev-w...@lists.mozilla.org, dev-se...@lists.mozilla.org, dev-b2g
*Please reply-to dev-w...@lists.mozilla.org
*
Name of API: Power Management APIs
Reference: https://wiki.mozilla.org/WebAPI/PowerManagementAPI

Brief purpose of API: Allow apps to turn off or restart device and catch on-wake events
General Use Cases: None

Inherent threats: Denial of serviceto device (including telephone), annoyance

Threat severity: Moderate

== Regular web content (unauthenticated) ==
Use cases for unauthenticated code:None
Authorization model for normal content:
Authorization model for installed content:
Potential mitigations:

== Trusted (authenticated by publisher) ==
Use cases for authenticated code: None
Potential mitigations:

== Certified (vouched for by trusted 3rd party) ==
Use cases for certified code: Replacement Power Management App
Authorization model: Implicit
Potential mitigations:

pther...@mozilla.com

unread,
May 31, 2012, 6:48:12 AM5/31/12
to mozilla.d...@googlegroups.com, dev-w...@lists.mozilla.org
Final call for comment/changes to the permissions model for this API. Please provide comment by COB Friday June 1.

pther...@mozilla.com

unread,
May 31, 2012, 6:48:12 AM5/31/12
to mozilla-d...@lists.mozilla.org, dev-w...@lists.mozilla.org
Final call for comment/changes to the permissions model for this API. Please provide comment by COB Friday June 1.

On Wednesday, 2 May 2012 12:08:31 UTC+10, Lucas Adamski wrote:
Reply all
Reply to author
Forward
0 new messages