Enforcing the permissions granted to the webapps.Protecting the core and the content processes. -core manages access levels & content is where apps runEnsuring that comms between core and content are not used in unintended ways
The Core process is the process with very high privileges and has access to most of the hardware.It function however is to control the access any webapp has to the resources and devices
The Content Process is a sandbox process in which all the web apps run.Ideally each app should be loaded into a separate process but due to resource limitations webapps with similar access and trust levels may sometimes share a single content process.
The content process can communicate with the core process only through IPDL (IPC Protocol Definition Language).Each web api has an associated IPDL interface.
All the permissions given to any webapps are stored in a central database so that the core process can verify and enforce them.When any webapp sends a request to an access an api to which it has no permissions the call will not succeed. These permissions can be added at the runtime and also can be updated later using the permissions manager app.
As we know all apps run in thee content process which has the lowest access levels.B2G is web based os and thus there are no native apps and every app is a webapp. So every app uses only web apis , even the filesysytem is served only through web apis so there is little threat to the os.The only threats are :Corruption of the memoryLogical errors in gecko, daemons or the kernel.Vulnerability in IPDLHijacking webapps using XSS
OTA update – which is not yet defined for Firefoxos yet but will be similar to android’s OTA mechanismFirmware Image- connecting using usb and installing a firmware image using the fast bootloader
Strong cryptographic verification is required to install a firmware image.The keys used must be stored in a secure location on the device.Complete update must be downloaded in a secure location before update beginsNo webapps must be running in the system at the time of update
Gecko update process is similar to the update process of firefox on the desktop.Updates are fetched over SSL encrypted connectionsSSL certificates’ issuers names are pinned to the firefoxosAll the updates are signed in the update files.
Achieving finer separation between core and the content processesUsing separate arm trust zones for better security.Using Role-based access controlCore boot and fast boot like the ChromeosImplementing full disk encryption.