Closed
Bug 772358
Opened 12 years ago
Closed 12 years ago
Enumerate elevated privileges in manifest
Categories
(Core Graveyard :: DOM: Apps, defect)
Tracking
(blocking-basecamp:+)
RESOLVED
FIXED
blocking-basecamp | + |
People
(Reporter: sicking, Assigned: anant)
References
(Blocks 1 open bug)
Details
(Keywords: dev-doc-needed, Whiteboard: [WebAPI:P0][LOE:S][qa-])
Trusted apps that want access to APIs beyond those exposed to normal web pages should enumerate these requested privileges along with a reason for why they are requested.
We should then at install time and update time update the data in the permission manager such that we enumerate both the API which trusted apps implicitly get access to, and to enumerate the APIs which the app can prompt about.
I'm not sure if anything is involved in adding more properties to the manifest. If so that work should happen in this bug. If not, the only work we need to do in this bug is to specify the exact format for how permissions are expressed in the manifest.
The work to copy data into the permission manager, as well as display that data in various pieces of UI, will happen in separate bugs.
Updated•12 years ago
|
blocking-basecamp: --- → ?
Reporter | ||
Updated•12 years ago
|
blocking-basecamp: ? → +
Comment 2•12 years ago
|
||
Will this format apply only to trusted (and certified?) applications or will it apply also to normal web content that requires access to some elevated privileges?
Also, isn't bug https://bugzilla.mozilla.org/show_bug.cgi?id=768931 a subset of this one?
Comment 3•12 years ago
|
||
It applies to web installed, trusted and certified apps, but not normal web content (which does not have a manifest).
Yes, its perhaps a little surprising to enumerate for installed apps and not web content, but the experience for the user is no different and at least we have consistency in the manifest format and between app types.
Updated•12 years ago
|
Assignee: nobody → anant
Updated•12 years ago
|
Component: General → DOM: Apps
Product: Web Apps → Core
Comment 4•12 years ago
|
||
Anant - Can we get an update on the spec piece on this bug?
Assignee | ||
Comment 5•12 years ago
|
||
We're working with the B2G folks to describe a common list of permissions. Work is progressing, I will update the bug when we are done.
Comment 6•12 years ago
|
||
Does this depend on bug 778326 ?
Comment 8•12 years ago
|
||
Anant, what is the status of this bug? Isn't this what Gregor did already?
Updated•12 years ago
|
QA Contact: jsmith
Updated•12 years ago
|
Whiteboard: [WebAPI:P0]
Comment 9•12 years ago
|
||
I believe this bug reflects the need to update the manifest spec to document how permissions are defined. I agree the bulk of the hard work has been done in the dependent bug. Anant?
Updated•12 years ago
|
Keywords: dev-doc-needed
Updated•12 years ago
|
Blocks: Apps-Dev-Doc-Needed
Assignee | ||
Updated•12 years ago
|
Whiteboard: [WebAPI:P0] → [WebAPI:P0][LOE:S]
Assignee | ||
Comment 10•12 years ago
|
||
https://github.com/mozilla/webapps-spec/commit/cdae925cc5b98537164fd9182be9e8827482044a
Done, thanks to all the hard work by Gregor & others!
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Updated•12 years ago
|
Whiteboard: [WebAPI:P0][LOE:S] → [WebAPI:P0][LOE:S][qa-]
Updated•7 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•