LGTM3 On Wed, May 29, 2024 at 4:30 PM Alex Russell <slightly...@chromium.org> wrote:
> Thanks, Matt. This is helpful. > > LGTM2. > > On Wednesday, May 29, 2024 at 1:05:39 PM UTC-7 Matt Reynolds wrote: > >> The list of protected interface classes is defined in the spec and >> currently includes Audio, Human Interface Device (HID), Mass Storage, Smart >> Card, Video, Audio/Video, and Wireless Controller: >> >> https://wicg.github.io/webusb/#has-a-protected-interface-class >> >> The blocklisted device list is maintained in a separate file in the spec >> repository and currently only includes USB security key devices: >> >> https://github.com/WICG/webusb/blob/main/blocklist.txt >> >> On Wed, May 29, 2024 at 7:43 AM Vladimir Levin <vmp...@chromium.org> >> wrote: >> >>> >>> >>> On Wed, May 29, 2024 at 9:49 AM Mike Taylor <miketa...@chromium.org> >>> wrote: >>> >>>> LGTM1 to ship this for IWAs only. >>>> On 5/22/24 2:11 PM, Reilly Grant wrote: >>>> >>>> LGTM as an IWA OWNER (3x LGTM from Blink API OWNERS are still required >>>> according to the IWA-specific API launch process >>>> <https://www.chromium.org/blink/launching-features/isolated-web-apps/>). >>>> >>>> >>>> This is a good example of IWA-specific behavior minimally extending an >>>> existing API and I think this approach strikes a good balance between >>>> capability and security. >>>> Reilly Grant | Software Engineer | reil...@chromium.org | Google Chrome >>>> <https://www.google.com/chrome> >>>> >>>> >>>> On Wed, May 22, 2024 at 10:08 AM 'Ajay Rahatekar' via blink-dev < >>>> blink-dev@chromium.org> wrote: >>>> >>>>> Contact emails >>>>> >>>>> mattreyno...@chromium.org >>>>> >>>>> Specification >>>>> >>>>> https://wicg.github.io/webusb/#permissions-policy >>>>> >>>>> Summary >>>>> >>>>> Enables trusted applications to bypass security restrictions in the >>>>> WebUSB API. >>>>> >>>>> The WebUSB specification defines a blocklist of vulnerable devices and >>>>> a table of protected interfaces classes that are blocked from access >>>>> through WebUSB. With this feature, Isolated Web Apps ( >>>>> https://github.com/WICG/isolated-web-apps) with permission to access >>>>> the "usb-unrestricted" Permission Policy feature will be allowed to access >>>>> blocklisted devices and protected interface classes. >>>>> >>>> Can you comment on what types of "blocklisted devices and protected >>> interface classes" are there that this would enable access to? I'm just >>> looking over IWA-specific API launch process >>> <https://www.chromium.org/blink/launching-features/isolated-web-apps/>, >>> and there's the "unsafe at any speed" bucket. I presume this doesn't fall >>> into that category, but I'm still interested to see what this would enable >>> >>> Thanks! >>> Vlad >>> >>> >>>> >>>>> >>>>> Blink component >>>>> >>>>> Blink>USB >>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EUSB> >>>>> >>>>> Search tags >>>>> >>>>> usb <https://chromestatus.com/features#tags:usb>, webusb >>>>> <https://chromestatus.com/features#tags:webusb>, unrestricted >>>>> <https://chromestatus.com/features#tags:unrestricted> >>>>> >>>>> TAG review >>>>> >>>>> None >>>>> >>>>> TAG review status >>>>> >>>>> Not applicable >>>>> >>>>> Risks >>>>> >>>>> Interoperability and Compatibility >>>>> >>>>> WebUSB is only implemented in Chromium-based browsers. >>>>> >>>>> >>>>> Gecko: No signal >>>>> >>>>> WebKit: No signal >>>>> >>>>> Web developers: No signals >>>>> >>>>> Other signals: >>>>> >>>>> WebView application risks >>>>> >>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>> that it has potentially high risk for Android WebView-based applications? >>>>> >>>>> None >>>>> >>>>> >>>>> Debuggability >>>>> >>>>> None >>>>> >>>>> >>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? >>>>> >>>>> No >>>>> >>>>> This feature is not available on Android because Isolated Web Apps are >>>>> not supported in Chrome for Android. >>>>> >>>>> >>>>> Is this feature fully tested by web-platform-tests >>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>> ? >>>>> >>>>> No, this feature is only available in Isolated Web Apps which are not >>>>> yet supported for web platform tests. >>>>> >>>>> Flag name on chrome://flags >>>>> >>>>> chrome://flags/#enable-unrestricted-usb >>>>> >>>>> Finch feature name >>>>> >>>>> UnrestrictedUsb >>>>> >>>>> Requires code in //chrome? >>>>> >>>>> False >>>>> >>>>> Tracking bug >>>>> >>>>> https://crbug.com/40783010 >>>>> >>>>> Launch bug >>>>> >>>>> https://launch.corp.google.com/launch/4281834 >>>>> >>>>> Estimated milestones >>>>> >>>>> Shipping on desktop >>>>> >>>>> 127 >>>>> >>>>> Anticipated spec changes >>>>> >>>>> Open questions about a feature may be a source of future web compat or >>>>> interop issues. Please list open issues (e.g. links to known github issues >>>>> in the project for the feature specification) whose resolution may >>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>> of >>>>> the API in a non-backward-compatible way). >>>>> >>>>> None >>>>> >>>>> Link to entry on the Chrome Platform Status >>>>> >>>>> https://chromestatus.com/feature/5106506475503616?gate=6251287998103552 >>>>> >>>>> Links to previous Intent discussions >>>>> >>>>> Intent to prototype: >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAgOvR6ggk64OaEGkfJE%2BOsMh0jKjORBZ_LyN2Pdad%3Dg3w%40mail.gmail.com >>>>> >>>>> This intent message was generated by Chrome Platform Status >>>>> <https://chromestatus.com/>. >>>>> >>>>> -- >>>>> You received this message because you are subscribed to the Google >>>>> Groups "blink-dev" group. >>>>> To unsubscribe from this group and stop receiving emails from it, send >>>>> an email to blink-dev+unsubscr...@chromium.org. >>>>> To view this discussion on the web visit >>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com >>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAHB%2BDAigp8dfbrCYbzs7A9W03%2BpCzZmu58p90tptrTtXh7bRrg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>> . >>>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEmk%3DMZdMg1AmuwhGH7OXL9%3DpEZEur-%3D3bTa19zRXRtniKR%3DaA%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>> . >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "blink-dev" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to blink-dev+unsubscr...@chromium.org. >>>> To view this discussion on the web visit >>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/757cd331-11b0-44b8-8088-24492aeae8b7%40chromium.org >>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/757cd331-11b0-44b8-8088-24492aeae8b7%40chromium.org?utm_medium=email&utm_source=footer> >>>> . >>>> >>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/eb7c711c-7069-4268-b44a-f8bfee6101b7n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/eb7c711c-7069-4268-b44a-f8bfee6101b7n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOMQ%2Bw8D%2B2BVH8w%3DbTFWFv_A-y0U9VsJW73uWVBu1Wp7LuuuWQ%40mail.gmail.com.
