The list of protected interface classes is defined in the spec and currently includes Audio, Human Interface Device (HID), Mass Storage, Smart Card, Video, Audio/Video, and Wireless Controller:
https://wicg.github.io/webusb/#has-a-protected-interface-class The blocklisted device list is maintained in a separate file in the spec repository and currently only includes USB security key devices: https://github.com/WICG/webusb/blob/main/blocklist.txt On Wed, May 29, 2024 at 7:43 AM Vladimir Levin <vmp...@chromium.org> wrote: > > > On Wed, May 29, 2024 at 9:49 AM Mike Taylor <miketa...@chromium.org> > wrote: > >> LGTM1 to ship this for IWAs only. >> On 5/22/24 2:11 PM, Reilly Grant wrote: >> >> LGTM as an IWA OWNER (3x LGTM from Blink API OWNERS are still required >> according to the IWA-specific API launch process >> <https://www.chromium.org/blink/launching-features/isolated-web-apps/>). >> >> This is a good example of IWA-specific behavior minimally extending an >> existing API and I think this approach strikes a good balance between >> capability and security. >> Reilly Grant | Software Engineer | reil...@chromium.org | Google Chrome >> <https://www.google.com/chrome> >> >> >> On Wed, May 22, 2024 at 10:08 AM 'Ajay Rahatekar' via blink-dev < >> blink-dev@chromium.org> wrote: >> >>> Contact emails >>> >>> mattreyno...@chromium.org >>> >>> Specification >>> >>> https://wicg.github.io/webusb/#permissions-policy >>> >>> Summary >>> >>> Enables trusted applications to bypass security restrictions in the >>> WebUSB API. >>> >>> The WebUSB specification defines a blocklist of vulnerable devices and a >>> table of protected interfaces classes that are blocked from access through >>> WebUSB. With this feature, Isolated Web Apps ( >>> https://github.com/WICG/isolated-web-apps) with permission to access >>> the "usb-unrestricted" Permission Policy feature will be allowed to access >>> blocklisted devices and protected interface classes. >>> >> Can you comment on what types of "blocklisted devices and protected > interface classes" are there that this would enable access to? I'm just > looking over IWA-specific API launch process > <https://www.chromium.org/blink/launching-features/isolated-web-apps/>, > and there's the "unsafe at any speed" bucket. I presume this doesn't fall > into that category, but I'm still interested to see what this would enable > > Thanks! > Vlad > > >> >>> >>> Blink component >>> >>> Blink>USB >>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EUSB> >>> >>> Search tags >>> >>> usb <https://chromestatus.com/features#tags:usb>, webusb >>> <https://chromestatus.com/features#tags:webusb>, unrestricted >>> <https://chromestatus.com/features#tags:unrestricted> >>> >>> TAG review >>> >>> None >>> >>> TAG review status >>> >>> Not applicable >>> >>> Risks >>> >>> Interoperability and Compatibility >>> >>> WebUSB is only implemented in Chromium-based browsers. >>> >>> >>> Gecko: No signal >>> >>> WebKit: No signal >>> >>> Web developers: No signals >>> >>> Other signals: >>> >>> WebView application risks >>> >>> Does this intent deprecate or change behavior of existing APIs, such >>> that it has potentially high risk for Android WebView-based applications? >>> >>> None >>> >>> >>> Debuggability >>> >>> None >>> >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, ChromeOS, Android, and Android WebView)? >>> >>> No >>> >>> This feature is not available on Android because Isolated Web Apps are >>> not supported in Chrome for Android. >>> >>> >>> Is this feature fully tested by web-platform-tests >>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>> ? >>> >>> No, this feature is only available in Isolated Web Apps which are not >>> yet supported for web platform tests. >>> >>> Flag name on chrome://flags >>> >>> chrome://flags/#enable-unrestricted-usb >>> >>> Finch feature name >>> >>> UnrestrictedUsb >>> >>> Requires code in //chrome? >>> >>> False >>> >>> Tracking bug >>> >>> https://crbug.com/40783010 >>> >>> Launch bug >>> >>> https://launch.corp.google.com/launch/4281834 >>> >>> Estimated milestones >>> >>> Shipping on desktop >>> >>> 127 >>> >>> Anticipated spec changes >>> >>> Open questions about a feature may be a source of future web compat or >>> interop issues. Please list open issues (e.g. links to known github issues >>> in the project for the feature specification) whose resolution may >>> introduce web compat/interop risk (e.g., changing to naming or structure of >>> the API in a non-backward-compatible way). >>> >>> None >>> >>> Link to entry on the Chrome Platform Status >>> >>> https://chromestatus.com/feature/5106506475503616?gate=6251287998103552 >>> >>> Links to previous Intent discussions >>> >>> Intent to prototype: >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAgOvR6ggk64OaEGkfJE%2BOsMh0jKjORBZ_LyN2Pdad%3Dg3w%40mail.gmail.com >>> >>> This intent message was generated by Chrome Platform Status >>> <https://chromestatus.com/>. >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to blink-dev+unsubscr...@chromium.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/757cd331-11b0-44b8-8088-24492aeae8b7%40chromium.org >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/757cd331-11b0-44b8-8088-24492aeae8b7%40chromium.org?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGhmGSNLpwqsk_XcZk0T7ZX8%2BaE6i5DbanDPvvdnsUOt0h5t1w%40mail.gmail.com.