W3C home > Mailing lists > Public > public-web-bluetooth-log@w3.org > August 2016

Re: [web-bluetooth] Specify a Bluetooth Scanning API.

From: Luiz Augusto von Dentz via GitHub <sysbot+gh@w3.org>
Date: Wed, 03 Aug 2016 11:03:52 +0000
To: public-web-bluetooth-log@w3.org
Message-ID: <issue_comment.created-237207639-1470222229-sysbot+gh@w3.org>
> Is the security issue just that processes that can intercept IPC 
messages will find out the advertisements?

No, I meant that the browser itself is not a privileged application 
which shouldn't be given direct access for things that have shared 
control such as scanning.

This is actually acknowledge in the Android API:

https://developer.android.com/reference/android/bluetooth/le/BluetoothLeScanner.html
- Note: Most of the scan methods here require BLUETOOTH_ADMIN 
permission. (Btw, I wouldn't be surprised if this gets bumped to 
BLUETOOTH_PRIVILEGED if used with SCAN_MODE_LOW_LATENCY)

In Linux this would translate to have CAP_NET_ADMIN a.k.a root and 
then using the kernel Bluetooth Management socket to control the 
scanning parameters and results.

-- 
GitHub Notification of comment by Vudentz
Please view or discuss this issue at 
https://github.com/WebBluetoothCG/web-bluetooth/pull/239#issuecomment-237207639
 using your GitHub account
Received on Wednesday, 3 August 2016 11:05:55 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 3 August 2016 11:05:56 UTC