WebAPI/Security/PermissionsAPI

From MozillaWiki
Jump to: navigation, search

Permission API

Brief purpose of API: Allow an app to manage app permissions in a centralized location

General Use Cases: None

Inherent threats: Change security and privacy permissions, potentially leading to device compromise

Threat severity: Critical

References:

Permissions Table

Type Use Cases Authorization Model Notes & Other Controls
Web Content None No access
Installed Web Apps None No access
Privileged Web Apps None No access
Certified Web Apps Centralized permissions management app; modify per-app settings Implicit

Notes

We are not exposing permission settings to non-certified apps. Apps cannot determine their current settings without actually requesting a permission.