| A | B | C | D | E | F | G | J | K | L | M | T | U | V | W | X | Y | ||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | This Permissions Matrix is working copy only. See the latest version here --> | https://docs.google.com/spreadsheet/ccc?key=0Akyz_Bqjgf5pdENVekxYRjBTX0dCXzItMnRyUU1RQ0E | ||||||||||||||||
2 | ||||||||||||||||||
3 | ||||||||||||||||||
4 | API name | Action | Main API endpoints | Web Content | Installed Web App | Privileged Web App | Certified Web App | Visual Indicator | Permission Name | Comments | Detailed Security Model | |||||||
5 | API name | What does this API do? | Associated objects and functions | Regular web content | A regular web app | A "privileged" web app; more power = more responsibility | A "certified" web app; device-critical applications | Show a visual indicator to the user while this permission is active? | The permisison string(s) checked in code. | Link to detailed security model, which this spreadsheet attempts to summarize. | ||||||||
6 | Battery Status API | Information about battery charge level and if device is plugged in. | navigator.mozBattery | Implicit (no permission) | Implicit (no permission) | Implicit (no permission) | Implicit (no permission) | No | No permission required | https://wiki.mozilla.org/WebAPI/Security/Battery | ||||||||
7 | Network Information API | Get basic information about current network connectivity. | navigator.mozConnection | Implicit (no permission) | Implicit (no permission) | Implicit (no permission) | Implicit (no permission) | No | No permission required | https://wiki.mozilla.org/WebAPI/Security/NetworkInfo | ||||||||
8 | Vibration API | navigator.vibrate | Implicit (no permission) | Implicit (no permission) | Implicit (no permission) | Implicit (no permission) | No | No permission required | https://wiki.mozilla.org/WebAPI/Security/Vibration | |||||||||
9 | Web Activities | Delegate an activity to another application. | Implicit (no permission) | Implicit (no permission) | Implicit (no permission) | Implicit (no permission) | No | No permission required | ||||||||||
10 | Screen Orientation | lock screen orientation, detect changes | screen.mozOrientation screen.mozLockOrientation | Fullscreen content only (no permission) | Implicit (no permission) | Implicit (no permission) | Implicit (no permission) | No | No permission required | No permission involved, rather access is based on installed status, or for content, a check to allow fullscreen access only. (http://mxr.mozilla.org/mozilla-central/source/dom/base/nsScreen.cpp#331) | https://wiki.mozilla.org/WebAPI/Security/ScreenOrientation | |||||||
11 | attention screen | Ability to open the attention screen window that obstruct what user is doing or wake up the screen. Use case: call screen | Gaia permission. Allow content to open a window in front of all other content. Used by telephone and SMS. | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | attention | This is the permissions currently checked in gaia: https://github.com/mozilla-b2g/gaia/blob/master/apps/system/js/attention_screen.js#L199 | Not a web api, so no permission model. | ||||||||
12 | Background services | Enable a web application to run in the background and perform tasks like syncing or respond to incoming messages. | Gaia only. An app can specify a 'background_page' attribute in its manifest, in order to have this page loaded at startup. However the app must have this permission in order for the page to be loaded. | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | No | background | This permission is to allow certified apps to run services at startup. The permission in code is currently 'background', though some apps request 'backgroundservice' as well. Not sure which is the 'final' permission name. | Not a web api, so no permission model. | |||||||
13 | IdleAPI | Notify the App if the user is idle. | navigator.addIdleObserver navigator.removeIdleObserver | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | No | idle | https://wiki.mozilla.org/WebAPI/Security/Idle | ||||||||
14 | MobileConnection API | This exposes information about the current mobile voice and data connection to (certain) HTML content. | navigator.mozMobileConnection | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | No | mobileconnection | https://wiki.mozilla.org/WebAPI/Security/MobileConnection | ||||||||
15 | Open Webapps | Install web apps and manage installed webapps. Also allows an installed webapp to get payment information. Everything needed to build a Open WebApps app store. | navigator.mozApps.mgmt | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | webapps-manage | Installs are OS mediated. Only certified apps can get access to "webapps-manage" permission. | Not documented. | ||||||||
16 | Permissions | Allow an app to manage app permissions in a centralized location | navigator.mozPermissionSettings | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | permissions | https://wiki.mozilla.org/WebAPI/Security/PermissionsAPI | |||||||||
17 | PowerManagementAPI | Turn on/off screen, cpu, device power, etc. Listen and inspect resource lock events. | navigator.power.* | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | No | power | https://wiki.mozilla.org/WebAPI/Security/PowerManagement | ||||||||
18 | Settings API | API to configure device settings | navigator.mozSettings | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | No | settings | Access flag can set more fine grained permissions. (read, write etc) | https://wiki.mozilla.org/WebAPI/Security/Settings | |||||||
19 | WebBluetooth | Low level access to Bluetooth hardware. | navigator.mozBluetooth | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | Yes | mozBluetooth | https://wiki.mozilla.org/WebAPI/Security/Bluetooth | ||||||||
20 | WebSMS | All SMS APIs | navigator.mozSms | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | Yes | sms | https://wiki.mozilla.org/WebAPI/Security/SMS | ||||||||
21 | WebTelephony | All Web Telephony APIs | navigator.mozTelephony | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | Yes | telephony | https://wiki.mozilla.org/WebAPI/Security/WebTelephony | ||||||||
22 | Browser API | Enables implementing a browser completely in web technologies. | Ability to embed <iframe mozbrowser> | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | No | mozbrowser | https://wiki.mozilla.org/WebAPI/Security/BrowserAPI | ||||||||
23 | TCP Socket API | Connect to TCP socket | navigator.mozTCPSocket | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | No | tcp-socket | Permission string will change to 'networktcp' if/when https://bugzilla.mozilla.org/show_bug.cgi?id=783716 lands. Or maybe it will be 'network-tcp' in line with https://bug778326.bugzilla.mozilla.org/attachment.cgi?id=658698 | https://wiki.mozilla.org/WebAPI/Security/TCPSocket | |||||||
24 | Alarm API | Schedule a notification, or for an application to be started, at a specific time. | navigator.mozAlarms.* | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | No | alarms | https://wiki.mozilla.org/WebAPI/Security/Alarm | ||||||||
25 | Push Notifications API | implicit the platform to send notification messages to specific applications. | ? | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | No | push | Not implemented yet. | https://wiki.mozilla.org/WebAPI/Security/pushNotificationsAPI | |||||||
26 | Camera API | Take photos, shoot video, control camera (NOTE: this permission may need to be split into separate permissions) | navigator.mozCameras.* | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | Yes | camera | Note that web activities are expected to provide mediated access to web content and installed web apps. | The original discussion was at https://wiki.mozilla.org/WebAPI/Security/Camera. The final API is much more simple, and not exposed to web content or regular apps. | |||||||
27 | Contacts API | Add/Read/Modify the device contacts address book. | navigator.mozContacts | None (DENY_ACTION) | None (DENY_ACTION) | Explicit (PROMPT_ACTION) | Implicit (ALLOW_ACTION) | No | contacts | https://wiki.mozilla.org/WebAPI/Security/Contacts | ||||||||
28 | Device Storage API | Add/Read/Modify files stored on a central location on the device. For example the "pictures" folder on modern desktop platforms or the photo storage in mobile devices. | navigator.getDeviceStorage(mediaType) | None (DENY_ACTION) | None (DENY_ACTION) | Explicit (PROMPT_ACTION) | Implicit (ALLOW_ACTION) | No | device-storage:apps device-storage:pictures device-storage:music device-storage:videos device-storage:sdcard | The different permissions grant access to different areas storage locations. | https://wiki.mozilla.org/WebAPI/Security/DeviceStorage | |||||||
29 | WiFi Information API | Enumerate available WiFi networks, get signal strength and name of currently connected network, etc. | navigator.mozWifiManager | None (DENY_ACTION) | None (DENY_ACTION) | Explicit (PROMPT_ACTION) | Implicit (ALLOW_ACTION) | Yes | wifi-manage | Settings app has both 'wifi' and 'wifi-manage' ? Which is correct? | https://wiki.mozilla.org/WebAPI/Security/Wifi | |||||||
30 | Geolocation API | Obtain current location of user | navigator.geolocation.* | Explicit (PROMPT_ACTION) | Explicit (PROMPT_ACTION) | Explicit (PROMPT_ACTION) | Implicit (ALLOW_ACTION) | Yes | geolocation | https://wiki.mozilla.org/WebAPI/Security/Geolocation | ||||||||
31 | ResourceLock API | Prevent the screen from being dimmed or switched off | navigator.mozPower.addWakeLockListener() ??? | implicit(fullscreen), explicit (otherwise) | implicit | implicit | implicit | No | wake-lock-screen ? or is this just under 'power' | https://wiki.mozilla.org/WebAPI/Security/ResourceLock | ||||||||
32 | FM Radio | navigator.mozFMRadio.*? | Explicit (PROMPT_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | fmradio | https://wiki.mozilla.org/WebAPI/Security/FMRadioAPI | ||||||||||
33 | Desktop Notification API | ? | Explicit (PROMPT_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | Implicit (ALLOW_ACTION) | desktop-notification | I think this is http://mxr.mozilla.org/mozilla-central/source/dom/src/notification/ | ||||||||||
34 | mozApp | Ability to embed mozapp frames | Ability to embed <iframe mozapp> | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | embed-apps | ||||||||||
35 | Network Stats Manage | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | networkstats-manage | bug 746069 | |||||||||||
36 | Network Events | Permission to monitor network uploads and downloads | moznetworkupload and moznetworkdownload event handlers (window events) | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | network-events | This is a guess? I think this is intended for system app only? | |||||||||
37 | systemclock | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | systemclock | ||||||||||||
38 | Voicemail | None (DENY_ACTION) | None (DENY_ACTION) | None (DENY_ACTION) | Implicit (ALLOW_ACTION) | voicemail | Same permission model as telephony. | |||||||||||
39 | ||||||||||||||||||
40 | ||||||||||||||||||
41 | ||||||||||||||||||
42 | ||||||||||||||||||
43 | ||||||||||||||||||
44 | ||||||||||||||||||
45 | ||||||||||||||||||
46 | ||||||||||||||||||
47 | ||||||||||||||||||
48 | ||||||||||||||||||
49 | ||||||||||||||||||
50 | ||||||||||||||||||
51 | ||||||||||||||||||
52 | ||||||||||||||||||
53 | ||||||||||||||||||
54 | ||||||||||||||||||
55 | ||||||||||||||||||
56 | ||||||||||||||||||
57 | ||||||||||||||||||
58 | ||||||||||||||||||
59 | ||||||||||||||||||
60 | ||||||||||||||||||
61 | ||||||||||||||||||
62 | ||||||||||||||||||
63 | ||||||||||||||||||
64 | ||||||||||||||||||
65 | ||||||||||||||||||
66 | ||||||||||||||||||
67 | ||||||||||||||||||
68 | ||||||||||||||||||
69 | ||||||||||||||||||
70 | ||||||||||||||||||
71 | ||||||||||||||||||
72 | ||||||||||||||||||
73 | ||||||||||||||||||
74 | ||||||||||||||||||
75 | ||||||||||||||||||
76 | ||||||||||||||||||
77 | ||||||||||||||||||
78 | ||||||||||||||||||
79 | ||||||||||||||||||
80 | ||||||||||||||||||
81 | ||||||||||||||||||
82 | ||||||||||||||||||
83 | ||||||||||||||||||
84 | ||||||||||||||||||
85 | ||||||||||||||||||
86 | ||||||||||||||||||
87 | ||||||||||||||||||
88 | ||||||||||||||||||
89 | ||||||||||||||||||
90 | ||||||||||||||||||
91 | ||||||||||||||||||
92 | ||||||||||||||||||
93 | ||||||||||||||||||
94 |