Closed
Bug 814211
Opened 12 years ago
Closed 12 years ago
Need additional security checks for the "fmradio" permission
Categories
(Core :: DOM: Device Interfaces, defect, P1)
Core
DOM: Device Interfaces
Tracking
()
People
(Reporter: bent.mozilla, Assigned: gwagner)
References
Details
Attachments
(1 file)
(deleted),
patch
|
bent.mozilla
:
review+
|
Details | Diff | Splinter Review |
It looks like the "fmradio" permission is not properly checked. A few problems: 1. In the child process we throw an exception if the fmradio permission isn't granted. Most DOM APIs just return null instead of throwing. 2. The child process communicates with the parent via the message manager, but the parent message manager doesn't ever check the fmradio permission in DOMFMRadioParent.jsm. 3. Once we're in the parent process the HAL security checks are skipped.
Updated•12 years ago
|
blocking-basecamp: ? → +
Comment 1•12 years ago
|
||
Gregor, Doug said you should be the lucky owner of this bug. Congrats! :)
Assignee: nobody → anygregor
Assignee | ||
Comment 2•12 years ago
|
||
Comment 3•12 years ago
|
||
Setting priority based on triage discussions. Feel free to decrease priority if you disagree.
Priority: -- → P1
Assignee | ||
Updated•12 years ago
|
Attachment #686871 -
Flags: review?(bent.mozilla)
Reporter | ||
Updated•12 years ago
|
Attachment #686871 -
Flags: review?(bent.mozilla) → review+
Assignee | ||
Comment 4•12 years ago
|
||
There is still one point left: 3. Once we're in the parent process the HAL security checks are skipped. bent suggested a) remove the hal remoting entirely and rely only on messagemanager b) leave both in place and add additional checks to HalParent cjones any preferences for this?
Flags: needinfo?(jones.chris.g)
Component: DOM → DOM: Device Interfaces
I don't know why we remoted both the hal:: api and the dom api. At this point, option (1) seems to make more sense, since the hal:: remoting should all be dead code.
Flags: needinfo?(jones.chris.g)
Assignee | ||
Comment 6•12 years ago
|
||
(In reply to Chris Jones [:cjones] [:warhammer] from comment #5) > I don't know why we remoted both the hal:: api and the dom api. At this > point, option (1) seems to make more sense, since the hal:: remoting should > all be dead code. slee: can you file a followup and fix this?
Comment 7•12 years ago
|
||
(In reply to Gregor Wagner [:gwagner] from comment #6) > (In reply to Chris Jones [:cjones] [:warhammer] from comment #5) > > I don't know why we remoted both the hal:: api and the dom api. At this > > point, option (1) seems to make more sense, since the hal:: remoting should > > all be dead code. > > slee: can you file a followup and fix this? Sure, I will file a bug fixing this.
Assignee | ||
Comment 8•12 years ago
|
||
https://hg.mozilla.org/integration/mozilla-inbound/rev/b298c038c661
Comment 9•12 years ago
|
||
https://hg.mozilla.org/mozilla-central/rev/b298c038c661
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla20
Comment 10•12 years ago
|
||
https://hg.mozilla.org/releases/mozilla-aurora/rev/89af02e96916 https://hg.mozilla.org/releases/mozilla-beta/rev/51713a1c0b37
You need to log in
before you can comment on or make changes to this bug.
Description
•