Security/Reviews/B2G/WebRTC1 3

From MozillaWiki
< Security‎ | Reviews‎ | B2G
Jump to: navigation, search

Overview

FirefoxOS Review Details

  • API: WebRTC components included in Firefox OS in 1.3
  • Review Date: November 2013
  • Review Lead:Paul Theriault

Context

This review is to cover the WebRTC features planned to land in 1.3. This review also covers analysis of the getUserMedia features present in 1.2 (which were limited to audio recording only).

  • 1.2
    • WebRTC: getUserMedia (audio)
  • 1.3
    • WebRTC: getUserMedia for image/video (for camera) (923361) -- [DONE]
    • WebRTC: audio-only PeerConnection calls (923363)
    • WebRTC: video PeerConnection calls (923364)
    • WebRTC: DataChannels (923365)

Scope

  • What parts of Gaia, Gecko and or Gonk are we looking.

The following system components were reviewed:

  • Gaia

UI implmented in the system app for permission prompts and UI notifications when Camera/Microphone is active.

  • Gecko
    • mozXXX interface
    • Gecko Permissions
    • Messaging ( messages, system messages)
    • Interface to XYZ service on IPC socket (JSON-based communication protocol)
  • Gonk
    • XYZ Service

The following items were deemed lower risk and not reviewed:

  • Communication between XYZ and hardware
  • etc etc

Components

See Web NFC review for example

Relevant Source Code

Permission Model

  • Paste from Permissions Table.jsm (see below)
  • Discuss anything special like access
  • Discuss where permissions are enforced (access to object, on IPC messages, at each function call etc)
 "wifi-manage": {
 190                              app: DENY_ACTION,
 191                              privileged: DENY_ACTION,
 192                              certified: ALLOW_ACTION
 193                            },

Review Notes

1. Content/Chrome Segregation

2. Process Segregation

3. Data validation & Sanitization

4. Denial of Service

Security Risks & Mitigating Controls

Actions & Recommendations

  • List of recommendations, and corresponding bug numbers
  • For sensitive bugs, just put bug number (or omit entirely maybe it is really dangerous & obvious)