WebAPI/Security/FMRadioAPI

From MozillaWiki
Jump to: navigation, search

WebFM API

Brief purpose of API: FM radio feature.

General Use Cases: Turn on/off the radio, change frequency, check status of various radio features Inherent threats: annoyance, drain the battery

Threat severity: Low

General notes: Multiple apps/pages can try to modify radio settings at the same time with the most recent action taking effect. Turning on the radio causes the audio stream to be played - there is no access to the stream data

References:

Permissions Table

Type Use Cases Authorization Model Notes & Other Controls
Web Content radio app/web page Explicit An app or page can't access any of the radio API if another page/app is currently using it. Whenever a page/app uses the API for the first time since another page/app used it, always reset the current frequency to some specified value
Installed Web Apps radio app/web page Implicit An app or page can't access any of the radio API if another page/app is currently using it. Whenever a page/app uses the API for the first time since another page/app used it, always reset the current frequency to some specified value
Privileged Web Apps radio app Implicit
Certified Web Apps radio app Implicit Same as for unauthenticated. Technically we wouldn't need to reset the frequency here, but seems nicer to keep things consistent.