Skip to content

Only allow sessions to use features they explicity request or are implicitly granted based on mode #1189

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Apr 2, 2021
Merged

Only allow sessions to use features they explicity request or are implicitly granted based on mode #1189

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b302728
permissions: Only inherit granted features that are explicitly requested
Manishearth Mar 30, 2021
3371101
Use set instead of list for device's list of enabled features
Manishearth Mar 30, 2021
24373c9
Add set of granted features to XRSession
Manishearth Mar 30, 2021
8117c14
set of enabled features -> set of granted features
Manishearth Mar 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 14 additions & 9 deletions index.bs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ An <dfn for="">XR device</dfn> is a physical unit of hardware that can present i

An [=/XR device=] has a <dfn>list of supported modes</dfn> (a [=/list=] of [=/strings=]) that [=list/contains=] the enumeration values of {{XRSessionMode}} that the [=/XR device=] supports.

Each [=/XR device=] has a <dfn for="XR device">list of enabled features</dfn> for each {{XRSessionMode}} in its [=list of supported modes=], which is a [=/list=] of [=feature descriptors=] which MUST be initially an empty [=/list=].
Each [=/XR device=] has a <dfn for="XR device">set of granted features</dfn> for each {{XRSessionMode}} in its [=list of supported modes=], which is a [=/set=] of [=feature descriptors=] which MUST be initially an empty [=/set=].

The user-agent has a <dfn for="">list of immersive XR devices</dfn> (a [=/list=] of [=/XR device=]), which MUST be initially an empty [=/list=].

Expand Down Expand Up @@ -415,8 +415,9 @@ When this method is invoked, the user agent MUST run the following steps:
1. [=Reject=] |promise| with a "{{NotSupportedError}}" {{DOMException}}.
1. If |immersive| is `true`, set [=pending immersive session=] to `false`.
1. Abort these steps.
1. Let |granted| be a [=/set=] obtained from |status|' {{XRPermissionStatus/granted}}.
1. Let |session| be a [=new=] {{XRSession}} object in the [=relevant realm=] of this {{XRSystem}}.
1. [=Initialize the session=] with |session|, |mode|, and |device|.
1. [=Initialize the session=] with |session|, |mode|, |granted|, and |device|.
1. Potentially set the [=active immersive session=] as follows:
<dl class="switch">
: If |immersive| is `true`:
Expand Down Expand Up @@ -642,11 +643,14 @@ Each {{XRSession}} has a <dfn for="XRSession">mode</dfn>, which is one of the va

Each {{XRSession}} has an <dfn for=XRSession>animation frame</dfn>, which is an {{XRFrame}} initialized with [=XRFrame/active=] set to `false`, [=XRFrame/animationFrame=] set to `true`, and {{XRFrame/session}} set to the {{XRSession}}.

Each {{XRSession}} has a <dfn for=XRSession>set of granted features</dfn>, which is a [=/set=] of {{DOMString}}s corresponding the the [=feature descriptors=] that have been granted to the {{XRSession}}.

<div class="algorithm" data-algorithm="initialize-session">

To <dfn>initialize the session</dfn>, given |session|, |mode|, and |device|, the user agent MUST run the following steps:
To <dfn>initialize the session</dfn>, given |session|, |mode|, |granted|, and |device|, the user agent MUST run the following steps:
1. Set |session|'s [=XRSession/mode=] to |mode|.
1. Set |session|'s [=XRSession/XR device=] to |device|.
1. Set |session|'s [=XRSession/set of granted features=] to |granted|.
1. [=Initialize the render state=].
1. If no other features of the user agent have done so already, perform the necessary platform-specific steps to initialize the device's tracking and rendering capabilities, including showing any necessary instructions to the user.

Expand Down Expand Up @@ -1282,7 +1286,7 @@ When an {{XRReferenceSpace}} is requested with {{XRReferenceSpaceType}} |type| f
<div class="algorithm" data-algorithm="reference-space-supported">
To check if a <dfn>reference space is supported</dfn> for a given reference space type |type| and {{XRSession}} |session|, run the following steps:

1. If |type| is not [=list/contain|contained=] in |session|'s [=XRSession/XR device=]'s [=XR device/list of enabled features=] for [=XRSession/mode=] return `false`.
1. If |type| is not [=list/contain|contained=] in |session|'s [=XRSession/set of granted features=]'s return `false`.
1. If |type| is {{viewer}}, return `true`.
1. If |type| is {{local}} or {{local-floor}}, and |session| is an [=immersive session=], return `true`.
1. If |type| is {{local}} or {{local-floor}}, and the [=XRSession/XR device=] supports reporting orientation data, return `true`.
Expand Down Expand Up @@ -2761,7 +2765,7 @@ To <dfn lt="request the xr permission">request the "xr" permission</dfn> with an
1. If a clear signal of [=user intent=] to enable |feature| has not been determined, continue to the next entry.
1. If |feature| is not in |granted|, append |feature| to |granted|.
1. Set |status|'s {{XRPermissionStatus/granted}} to |granted|.
1. Set |device|'s [=list of enabled features=] for |mode| to |granted|.
1. Add all elements of |granted| to |device|'s [=set of granted features=] for |mode|.
1. Set |status|'s {{PermissionStatus/state}} to {{PermissionState/"granted"}}.

Note: The user agent has the freedom to batch up permissions prompts for all requested features when gauging if there is a clear signal of [=user intent=], but it is also allowed to show them one at a time.
Expand Down Expand Up @@ -2799,11 +2803,12 @@ To <dfn>resolve the requested features</dfn> given |requiredFeatures| and |optio

1. Let |consentRequired| be an empty [=/list=] of {{DOMString}}.
1. Let |consentOptional| be an empty [=/list=] of {{DOMString}}.
1. Let |granted| be an empty [=/list=] of {{DOMString}}.
1. Let |device| be the result of [=obtain the current device|obtaining the current device=] for |mode|, |requiredFeatures|, and |optionalFeatures|.
1. Let |granted| be a [=/list=] of {{DOMString}} initialized to |device|'s [=XR device/list of enabled features=] for |mode|.
1. Let |previouslyEnabled| be |device|'s [=XR device/set of granted features=] for |mode|.
1. If |device| is `null` or |device|'s [=list of supported modes=] does not [=list/contain=] |mode|, run the following steps:
1. Return the [=tuple=] (|consentRequired|, |consentOptional|, |granted|)
1. Add every [=feature descriptor=] in the [=default features=] table associated with |mode| to the indicated feature list if it is not already present.
1. Add every [=feature descriptor=] in the [=default features=] table associated with |mode| to |granted| if it is not already present.
1. For each |feature| in |requiredFeatures| perform the following steps:
1. If the |feature| is `null`, [=continue=] to the next entry.
1. If |feature| is not a valid [=feature descriptor=], perform the following steps:
Expand All @@ -2813,7 +2818,7 @@ To <dfn>resolve the requested features</dfn> given |requiredFeatures| and |optio
1. If |feature| is already in |granted|, continue to the next entry.
1. If the requesting document's [=origin=] is not allowed to use any [[#permissions-policy|permissions policy]] required by |feature| as indicated by the [=feature requirements=] table, return `null`.
1. If |session|'s [=XRSession/XR device=] is not [=capable of supporting=] the functionality described by |feature| or the user agent has otherwise determined to reject the feature, return `null`.
1. If the functionality described by |feature| requires [=explicit consent=], append it to |consentRequired|.
1. If the functionality described by |feature| requires [=explicit consent=] and |feature| is not in |previouslyEnabled|, append it to |consentRequired|.
1. Else append |feature| to |granted|.
1. For each |feature| in |optionalFeatures| perform the following steps:
1. If the |feature| is `null`, [=continue=] to the next entry.
Expand All @@ -2824,7 +2829,7 @@ To <dfn>resolve the requested features</dfn> given |requiredFeatures| and |optio
1. If |feature| is already in |granted|, continue to the next entry.
1. If the requesting document's origin is not allowed to use any [[#permissions-policy|permissions policy]] required by |feature| as indicated by the [=feature requirements=] table, continue to the next entry.
1. If |session|'s [=XRSession/XR device=] is not [=capable of supporting=] the functionality described by |feature| or the user agent has otherwise determined to reject the feature, continue to the next entry.
1. If the functionality described by |feature| requires [=explicit consent=], append it to |consentOptional|.
1. If the functionality described by |feature| requires [=explicit consent=] and |feature| is not in |previouslyEnabled|, append it to |consentOptional|.
1. Else append |feature| to |granted|.
1. Return the [=tuple=] `(|consentRequired|, |consentOptional|, |granted|)`

Expand Down