Closed
Bug 1044410
Opened 10 years ago
Closed 7 years ago
[Tarako] ConnectA2 attach image from camera could slow down the system
Categories
(Firefox OS Graveyard :: Runtime, defect, P3)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: seinlin, Unassigned)
References
Details
(Keywords: perf, Whiteboard: [c= p= s= u=tarako])
Attachments
(1 file)
|
(deleted),
patch
|
fabrice
:
feedback-
|
Details | Diff | Splinter Review |
When ConnectA2 try to attach an image from camera, something the camera will take a long time. If connectA2 can group apps in activities chains as bug 982491, it could be better. Now only certified app can use activities chains, but connectA2 is privileged type. Is there any concern to allow privileged type apps to use activities chains?
|
Reporter | |
Comment 1•10 years ago
|
||
Fabrice, Could you have a look to this patch? Is it reasonable to allow privileged app to use activities chains? Thanks!
Attachment #8462974 -
Flags: feedback?(fabrice)
|
|
Reporter | |
Comment 2•10 years ago
|
||
Tim, Do you have any concern about allow privileged type app to group apps in activities chains?
Flags: needinfo?(timdream)
|
||
Comment 3•10 years ago
|
||
I do, but I don't think there is any alternative either.
Group: b2g-core-security
Flags: needinfo?(timdream) → needinfo?(ptheriault)
|
||
Comment 4•10 years ago
|
||
Comment on attachment 8462974 [details] [diff] [review]
gecko_allow_privileged.patch
Review of attachment 8462974 [details] [diff] [review]:
-----------------------------------------------------------------
I really don't think we can run apps with different privilege levels in the same process. But we need the security people to weight in.
Attachment #8462974 -
Flags: feedback?(fabrice) → feedback-
|
||
Comment 5•10 years ago
|
||
I cannot reproduce this issue on my tarako device with same SD content.
kai-zhen, could you help to co-work with partner then try to provide STR and check cpu/memory usage?
Flags: needinfo?(kli)
|
|
Reporter | |
Comment 6•10 years ago
|
||
This issue is not easy to reproduce. Today partner can't reproduce it too. I'll collect the cpu/memory usage when it happened again.
Flags: needinfo?(kli)
|
||
Comment 7•10 years ago
|
||
I don't know what activity chains are, but from I can tell it allows an app to open a web activity in its own process or something like that. Do activity chains actually result in new permissions being granted to a process? I assume so, otherwise things like the camera picker wouldn't work. So basically +1 to what Fabrice said - if we allowed ConnectA2 to open the camera app to choose a photo in it's process, we would need to grant that process the permissions needed to run the camera app, which breaks our security model.
Two possible solutions:
- Camera permission is available to privileged - can we just implement a library version of the camera picker that they can include in their app?
- (complex and probably bad idea): allow same process activities, so long as the app initiating the activity is the same or higher app type than the handler, and contains all of the permissions of the handler (ie dont grant new permissions).
Flags: needinfo?(ptheriault)
|
||
Comment 8•10 years ago
|
||
Since this is not a security bug in shipping product we don't really need to hide this. If you feel we need to hide it because the code we're GOING to add is adding a vulnerability then we should not add the code, not hide it.
Group: b2g-core-security
|
||
Updated•10 years ago
|
Priority: -- → P3
I think bug 1050181 is linked with this problem.
What do you think?
Juanma
|
||
Comment 10•7 years ago
|
||
Firefox OS is not being worked on
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
You need to log in
before you can comment on or make changes to this bug.
Description
•