Security/Reviews/Gaia/Camera

From MozillaWiki
< Security‎ | Reviews‎ | Gaia
Jump to: navigation, search

App Review Details

  • App: Gaia Camera App
  • Review Date: 23 Jun 2013
  • Review Lead: Paul Theriault

Overview

Camera takes photos and video using the certified-only Camera Control API (https://developer.mozilla.org/en-US/docs/Web/API/CameraControl) This API is only available tot he camera app for security reasons. The camera app however does handle certain web activities so that other apps can take pictures and video.

Architecture

Components

Relevant Source Code

The camera app consists of 2 javascript files: https://github.com/mozilla-b2g/gaia/blob/master/apps/camera/js/camera.js https://github.com/mozilla-b2g/gaia/blob/master/apps/camera/js/filmstrip.js

Permissions

"permissions": {
   "storage":{},
   "device-storage:pictures":{ "access": "readwrite" },
   "device-storage:videos":{ "access": "readwrite" },
   "settings":{ "access": "readonly" },
   "camera":{},
   "geolocation":{},
   "audio-channel-notification":{}
 },

Web Activity Handlers

Supports 2 activities: record (photo & video) & pick (images video)

Record starts the camera in either photo or video mode.

Pick returns an image to the calling page.


"activities": {

   "record": {
     "filters": {
       "type": ["photos", "videos"]
      },
     "disposition": "window"
   },
   "pick": {
     "filters": {
       "type": ["image/*", "image/jpeg"]
      },
     "returnValue": true,
     "disposition": "inline",
     "href": "/index.html#pick"
   }
 },



Web Activity Usage

Use mozactivity to launch the gallery. No security implications.

filmstrip launches a share activity. Again doesn't do anything with return value, so no security implications.

Notable Event Handlers

No issues identified.


Code Review Notes

Limited inputs apart from web activity usage discussed above.


1. XSS & HTML Injection attacks

Not really any inputs so no risk here.

2. Secure Communications

Doesn't do any communication

3. Secure data storage

No applicable.

4. Denial of Service

  1. Use all disk space with a recording?
  • No way for another app to start recording.
  1. Starting camera to waste battery?
  • Web activity could be used to start camera, which would consume a lot of bandwidth. Not really any different to other resource usage (e.g. deliberately chewing cpu etc)
  • DoS the camera by repeated recordings

5. Use of Privileged APIs

Settings access readonly, just used for shutter noise.


6. Interfaces with other Apps/Content

Device storage is only interface apart from web activities.


Security Risks & Mitigating Controls

Video indicator is broken - turns on but doesn't turn off.

Actions & Recommendations

Recording indicator shows that camera is enabled, but not which camera, or how to turn it off. (known issues 828600)