Re: [web-bluetooth] Specify a Bluetooth Scanning API.

> Is the security issue just that processes that can intercept IPC 
messages will find out the advertisements?

No, I meant that the browser itself is not a privileged application 
which shouldn't be given direct access for things that have shared 
control such as scanning.

This is actually acknowledge in the Android API:

https://developer.android.com/reference/android/bluetooth/le/BluetoothLeScanner.html
- Note: Most of the scan methods here require BLUETOOTH_ADMIN 
permission. (Btw, I wouldn't be surprised if this gets bumped to 
BLUETOOTH_PRIVILEGED if used with SCAN_MODE_LOW_LATENCY)

In Linux this would translate to have CAP_NET_ADMIN a.k.a root and 
then using the kernel Bluetooth Management socket to control the 
scanning parameters and results.

-- 
GitHub Notification of comment by Vudentz
Please view or discuss this issue at 
https://github.com/WebBluetoothCG/web-bluetooth/pull/239#issuecomment-237207639
 using your GitHub account

Received on Wednesday, 3 August 2016 11:05:55 UTC