On 01/08/2013 11:10, Jonas Sicking wrote:
On Tue, Jul 30, 2013 at 1:02 PM, ANTONIO MANUEL AMAYA CALVO <a...@tid.es> wrote:
Besides that, that permission also allow apps to access any resource of any
packaged app on the system.
That's a very good point!
We should probably separate this such that we can give permissions to
use the mozApps.mgmt API, without also accessing application data.
We still need to allow the application to access resources that are
inside the app packages, so that you can load and display icons, but
we shouldn't allow accessing indexedDB or other app-local data.
Oh, I think I didn't explain myself correctly :) I don't believe the
permission allows accessing indexedDB or any other data created by the
app. In fact, I don't think there's any way to do that from any app
right now (other than the owner app exposing the data somehow).
What it allows, though, is reading anything that's included on the
application.zip. That is, it allows doing
app://anyrandomapp/anyresource. And that's not good either, for the same
reason that apps cannot read their own installation directories (nor any
other app) since its possible that the package file includes
confidential data.
Best regards,
Antonio
/ Jonas
On 30/07/2013, at 21:27, "Fabrice Desre" <fabr...@mozilla.com> wrote:
Hi,
Currently only certified apps can access the mozApps.mgmt object. This
prevent us to let 3rd party write alternative homescreens, something
that very much want in bug 898330.
This would privileged apps do the following:
- get the full list of installed apps.
- listen for oninstall/onuninstall events.
- uninstall apps.
- apply downloads.
I have no strong opinion on whether we should also let web apps access
this api, not directly but behind a prompt.
Any objection?
Fabrice
--
Fabrice Desré
b2g team
Mozilla Corporation
_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g
________________________________
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar
nuestra política de envío y recepción de correo electrónico en el enlace
situado más abajo.
This message is intended exclusively for its addressee. We only send and
receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g
_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g
________________________________
Este mensaje se dirige exclusivamente a su destinatario. Puede consultar
nuestra política de envío y recepción de correo electrónico en el enlace
situado más abajo.
This message is intended exclusively for its addressee. We only send and
receive email on the basis of the terms set out at:
http://www.tid.es/ES/PAGINAS/disclaimer.aspx
_______________________________________________
dev-b2g mailing list
dev-b2g@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-b2g
