On Thu, Dec 10, 2015 at 5:17 PM, Robert O'Callahan <rob...@ocallahan.org> wrote: > On Fri, Dec 4, 2015 at 4:56 PM, Eric Rescorla <e...@rtfm.com> wrote: > >> (4) Have the APIs hidden behind access controls that need to be enabled by >> an extension >> (but a trivial one). Perhaps you think this is #2. >> > > I realized I don't understand exactly what this means.
The basic idea is similar to what we are currently doing for screensharing. Maintain a whitelist of sites that can access USB (or origin+device pairs). The extension/addon just adds a set of things to this whitelist. And yes, because this is installed in the same way that the worst of our addons is installed, we gain the same (limited) protections that we get from the addons, including the ability to block the addon if it turns out to be bad. For the record: I think is an awful solution, but it might work here. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform