FirefoxOS/New security model/2.5 Status
From MozillaWiki
Summary
- Usable developer prototype is landed.
- Developers can create and host signed packages which can be navigated to in the browser.
- Signed packages can request any permission and packages are loaded properly in isolated child process
- Known limitations:
- Some APIs depend on existing App infrastructure and need to be refactored
- No support for “Pinning” signed packages
- Still landing bug fixes as possible (but prioritising 2.5 blockers instead)
Detailed Status
For 2.5 the following is supported:
- Signed package support can be enabled by a preference
- Tool available for developers to package and sign their own content
- Signed packages are able to use certified & priviliged APIs (some limitations, see below)
- Signed packages are hosted on a web server and navigated to in the browser
- Signed packages load in isolated content processes (i.e. transparent process switching)
- Packages will update (inline with normal HTTP semantics)
- Signed packages are granted an isolated data jar (however web content that signed packages load is in the regular web cookie jar)
Not available in 2.5:
- The ability to "pin" signed packages and actions that depend on pinning:
- http cache pinning of packages (i.e. packages currently follow normal web semantics, not available offline unless http cached)
- Registration of web activities & system messages
- Service worker support
- Known issues with some APIs which depend on existing app concepts (notably system messages are not yet supported)
- Process switching away from signed packages isn’t working yet (only switching _to_ the package)
Key "blocking" bugs: (none really block since nsec is not blocking 2.5, but these are priority to get landed to improve dev experience)
- bug 1180088 - fixing an app permission which prevent some permissions being available to signed packages
- bug 1178526 - important to ensure the segregation between the signed packages, and the web server they are hosted on
- bug 1178448 - allows devs to sign packages with their own certificates (rather than bypassing signature checks)