Security/B2G/2013 9 14
From MozillaWiki
FirefoxOS Security Team Meeting
1pm PST, B2G Vidyo room Prior notes are here: https://wiki.mozilla.org/Security/B2G/2013_8_27
News
1.2 Reviews https://docs.google.com/a/mozilla.com/spreadsheet/ccc?key=0Ap-jgPe0UrMhdHNaNUFrQS00Q09FbUFZUmQ5eThpOFE#gid=0 https://wiki.mozilla.org/B2G/Architecture/System_Security/Seccomp#Whitelist_performance_optimizations
- Scrum for Security (see emails first)
* http://scrumbu.gs/ * http://standu.ps/
HN article template flatfish New actors for 1.2 freeze
- file manager actor
- uploading applications
- taking screenshots
mozapp roles https://bugzilla.mozilla.org/show_bug.cgi?id=912340 updates frederik
- dialer-issue filed https://developer.mozilla.org/en-US/docs/Web/API/Navigator.battery
- buri working w/ app manager \o/
- something else I forgot but will remember quite soon :-P
Weekly goals
[dchan] - finish gecko review doc and other reviews
Goal Status Updates
- [:cr] compiled list of JavaScript code analysis tools: https://wiki.mozilla.org/Security/B2G/JavaScript_code_analysis (concludes Q3 goal)
- [:cr] We now have FxOS app access via s3 !!1!11 (malware statistics Q3 goal)
- 1.3 GByte of zip files
- 1071 app archives (some are several versions of one app)
- 847 unique app IDs
- A little permission statistics for the curious:
809 no permissions 110 geolocation 91 systemXHR 62 storage 49 desktop-notification 29 contacts/readwrite 25 device-storage:sdcard/readonly 24 alarms 21 device-storage:sdcard/readwrite 19 browser 15 device-storage:pictures/readonly 14 audio-channel-content 13 tcp-socket 13 fmradio 11 mobilenetwork 11 device-storage:videos/readonly 10 device-storage:music/readonly 7 device-storage:pictures/readcreate 6 camera 6 audio-channel-normal 5 device-storage:pictures/readwrite 4 wifi-manage/readcreate 3 device-storage:videos/readcreate 3 device-storage:music/readcreate 3 contacts/readcreate 3 audio-channel-notification 2 wifi-manage 2 push 2 mobileconnection 1 device-storage:videos/readwrite 1 device-storage/readwrite 1 contacts/readonly 1 audio-channel-alarm
Sandboxing discussion (hardening communications protocols) https://docs.google.com/a/mozilla.com/document/d/1FzEoykPYnI_abQnb1EzyEjUHJAn4oEyWg4DGP936hKo/edit#heading=h.jhnrxuan8rc1
