=== Types of Runnables ===
The scope of the permissions model is limited to Open Web Apps, which are applications written web technologies (HTML, JS, CSS).
These are the only applications which are installed on B2G, "the web is the platform", there are no user-installable native apps.
There are 4 (or more) types multiple layers of possible runnables so far identified on applications underneath these web apps, which make up the B2G:OS, but these are beyond the scope of the permissions model.
* 0) KernelIt is noted however that the permissions model will influence the design of lower layers: for example, drivers (including virtual device drivers), CLI tools(including services), browser engine and (maybe) plug-ins.* 1) Packaged programs (i.e. B2G Gaia apps that are written in HTML/CSS/JS)* 2) Installed non-local ideally Web apps (including sites)Apps of differing permission levels would be sandboxed to limit the impact of memory corruption vulnerabilities.* 3) Non-installed Web apps (including sites).* 4) B2G (Gaia) apps (same as 1) but manually installed in /usr/local, bypassing the Packaging system
(It seems all type 1 runnables can be implements as type 2 or 0. Maybewe needn't treat them as a seperate type) For type 0 & 1, a deployment mechanism like aptfurther detail on the underlying B2G architecture see: https:/yum works fine (andseems required for type 0)/wiki. But for type 2 & 3, such mechanism may notcover. I'm afraid that many apps will be implemented as type 2 or 3for smooth of (re)deployment (and this is a huge advantage for webapps to native ones)mozilla.org/B2G/Architecture
=== Trusted store with permissions delegation ===
