1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
|
---
title: Présentation de la sécurité de Firefox OS
slug: Archive/B2G_OS/securite/Security_model
translation_of: Archive/B2G_OS/Security/Security_model
---
<div class="summary">
<p>Ce document donne un aperçu du cadre de la sécurité de Mozilla Firefox OS, qui est conçu pour protéger les appareils mobiles contre les menaces de la plateforme, des applications et des données. Dans le Firefox OS, Mozilla a mis en place un modèle de sécurité globale, intégrée et multicouche qui offre une protection best-of-breed contre les risques de sécurité pour les téléphones mobiles.</p>
</div>
<h2 id="Sécurité_de_la_plate-forme">Sécurité de la plate-forme</h2>
<p><span id="result_box" lang="fr"><span class="hps">La plate-forme</span> <span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">utilise</span> <span class="hps">un modèle de sécurité</span> <span class="hps">multi-couches</span> <span class="hps">qui est conçu pour</span> <span class="hps">atténuer les risques</span> <span class="hps">d'exploitation</span> <span class="hps">à tous les niveaux</span><span>. Une </span></span>première ligne de <span id="result_box" lang="fr"><span class="hps">contre-mesures </span></span>combinée avec une stratégie de sécurité en profondeur offrent une protection complète contre les menaces.</p>
<h3 id="L'architecture_sécurisée">L'architecture sécurisée</h3>
<p><span id="result_box" lang="fr"><span class="hps">Le</span> <span class="hps">système d'exploitation Firefox</span> <span class="hps">OS connecte</span> <span class="hps">des applications Web</span> <span class="hps">au</span> <span class="hps">matériel sous-jacent</span><span>.</span> <span class="hps">C</span>'<span class="hps">est une</span> <span class="hps">technologie de pile</span> <span class="hps">intégrée, composée</span> <span class="hps">des niveaux suivants</span><span>:</span></span></p>
<p><img alt="" src="https://mdn.mozillademos.org/files/5023/platform.png" style="height: 478px; width: 678px;"></p>
<ul>
<li>
<div id="gt-src-tools">
<div id="tts_button"><span id="result_box" lang="fr"><span class="hps">Gaia</span><span>:</span> <span class="hps">La</span> <span class="hps">suite d'applications</span> <span class="hps">Web</span> <span class="hps">qui composent</span> <span class="hps">l'expérience utilisateur</span> <span class="atn hps">(les </span><span>applications</span> <span class="hps">se composent de</span> <span class="hps">HTML5</span><span>,</span> <span class="hps">CSS</span><span>,</span> <span class="hps">JavaScript</span><span>,</span> <span class="hps">les images</span><span>, les médias</span><span>,</span> <span class="hps">et ainsi de suite</span><span>)</span><span>.</span></span></div>
</div>
</li>
<li><span id="result_box" lang="fr"><span class="hps">Gecko</span><span>:</span> <span class="hps">La couche</span> <span class="hps">d'exécution</span> <span class="hps">d'application qui fournit</span> <span class="hps">le cadre</span> <span class="hps">pour l'exécution</span> <span class="hps">de</span> <span class="hps">l'application</span><span>,</span> <span class="hps">et met en œuvre</span> <span class="hps">les API</span> <span class="hps">Web utilisées pour</span> <span class="hps">accéder à des fonctions</span> <span class="hps">dans l'appareil mobile</span><span>.</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">Gonk</span><span>:</span> <span class="hps">Le noyau</span> <span class="hps">Linux sous-jacent</span><span>,</span> <span class="hps">les bibliothèques du système</span><span>, le micrologiciel</span> <span class="hps">et les pilotes de périphériques</span> que <span class="hps">tout ce qui fonctionne </span><span class="hps">au-dessus</span><span>.</span></span></li>
<li>Le dispositif mobile: <span id="result_box" lang="fr"><span class="hps">Le téléphone</span> <span class="hps">mobile fonctionnant</span> <span class="hps">avec Firefox</span> <span class="hps">OS</span><span>.</span></span></li>
</ul>
<p><span id="result_box" lang="fr"><span class="hps">Gecko</span> <span class="hps">est le </span></span><span class="short_text" id="result_box" lang="fr"><span class="alt-edited">contrôleur d'accès</span></span><span lang="fr"> <span class="hps">qui applique</span> <span class="hps">les politiques de sécurité</span> <span class="atn hps">destinées à protéger l'</span><span>appareil mobile</span> <span class="hps">d'une mauvaise utilisation</span><span>.</span> <span class="hps">La couche</span> <span class="hps">Gecko</span> <span class="hps">agit comme</span> <span class="hps">intermédiaire entre</span> <span class="hps">les applications web</span> <span class="atn hps">(</span><span>à la</span> <span class="hps">couche</span> <span class="hps">Gaia</span><span>)</span> <span class="hps">et le téléphone</span><span>.</span> <span class="hps">Gonk</span> <span class="hps">offre des caractéristiques</span> <span class="hps">du matériel du</span> <span class="hps">téléphone mobile</span> <span class="hps">sous-jacent</span> <span class="hps">directement à la couche</span> <span class="hps">Gecko</span><span>. </span><span class="hps">Les applications</span> <span class="hps">Web accèdent à</span> <span class="hps">des fonctionnalités du téléphone</span> <span class="hps">mobile uniquement</span> <span class="hps">via les API</span> <span class="hps">Web</span><span>,</span> <span class="hps">et seulement si</span> <span class="hps">Gecko</span> <span class="hps">permet</span> <span class="hps">la demande d'accès</span> </span>— <span lang="fr"><span class="hps">il n'y a</span> <span class="hps">pas d'accès direct</span><span>,</span> <span class="hps">pas de</span> <span class="hps">«porte arrière»</span> <span class="hps">dans le téléphone</span><span>.</span> <span class="hps">Gecko</span> <span class="hps">applique des autorisations</span> <span class="hps">et empêche l'accès</span> <span class="hps">aux demandes</span> <span class="hps">non autorisées</span><span>.</span></span></p>
<h3 id="le_déploiement_du_système">le déploiement du système</h3>
<p><span id="result_box" lang="fr"><span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">est livré installé</span> <span class="hps">sur un</span> <span class="hps">téléphone intelligent</span></span>. <span id="result_box" lang="fr"><span class="hps">L'image du système</span> <span class="hps">d'origine est créée</span> <span class="hps">par une</span> <span class="hps">source de confiance</span> <span class="hps">connue</span></span> — <span id="result_box" lang="fr"><span class="hps">habituellement le OEM</span></span> (<span class="lang-en" lang="en">Original Equipment Manufacturer)</span> <span id="result_box" lang="fr"><span class="hps">de l'appareil </span></span>— <span id="result_box" lang="fr"><span class="hps">qui est</span> <span class="hps">responsable de l'assemblage</span><span>, la construction</span><span>, les tests et</span> <span class="hps">la signature numérique de</span> <span class="hps">l'emballage</span> <span class="hps">de distribution</span><span>.</span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">Les mesures de sécurité</span> <span class="hps">sont utilisées dans</span> <span class="hps">la pile de</span> <span class="hps">technologie.</span> Les <span class="hps">privilèges</span> <span class="hps">du système de fichiers</span> <span class="hps">sont appliqués par</span> <span class="hps">les</span> <span class="hps">listes</span> <span class="hps">de contrôle d'accès</span> <span class="hps">de</span> <span class="hps">Linux</span> <span class="hps">(les</span> <span class="hps">ACL)</span><span>.</span> Les a<span class="hps">pplications</span> <span class="hps">du système sont</span> <span class="hps">installées</span> <span class="hps">sur un support de stockage qui</span> <span class="hps">est en lecture seule</span> <span class="atn hps">(</span><span>sauf pendant</span> <span class="hps">les mises à jour</span><span>,</span> <span class="hps">quand il</span> <span class="hps">est temporairement</span> <span class="hps">en lecture-écriture</span><span>)</span><span>;</span> <span class="hps">généralement</span> il n'y a <span class="hps">que les zones contenant</span> <span class="hps">le contenu</span> <span class="hps">de l'utilisateur qui peuvent être</span> <span class="hps">en lecture-écriture</span><span>.</span> <span class="hps">Divers composants</span> <span class="hps">dans le</span> <span class="hps">matériel de l'appareil</span> <span class="hps">sont équipés de</span> <span class="hps">protections</span> <span class="hps">qui sont</span> <span class="hps">mises en œuvre par</span> <span class="hps">défaut</span> <span class="hps">en tant que pratique</span> <span class="hps">standard de l'industrie</span> <span class="hps">-</span> <span class="hps">les fabricants de puces</span><span>, par exemple</span><span>,</span> <span class="hps">employent des</span> <span class="hps">techniques</span> <span class="hps">de durcissement</span> <span class="hps">pour réduire les vulnérabilités</span><span>.</span> <span class="hps">La plate-forme</span> <span class="hps">de base</span> <span class="atn hps">(</span><span>Gecko</span> <span class="hps">et</span> <span class="hps">Gonk</span><span>)</span> <span class="hps">est durcie</span> <span class="hps">pour renforcer</span> <span class="hps">sa défense</span> <span class="hps">contre les menaces potentielles</span><span>,</span> <span class="hps">et les caractéristiques</span> <span class="hps">de durcissement</span> <span class="hps">du</span> <span class="hps">compilateur sont utilisées</span> <span class="hps">le cas échéant</span><span>.</span> <span class="hps">Pour plus de</span> <span class="hps">détails, voir</span> </span><a href="https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Runtime_security" title="/en-US/docs/Mozilla/Firefox_OS/Security/Runtime_security">Runtime security</a>.</p>
<h3 id="Mises_à_jour_de_Système_Sécurisé">Mises à jour de Système Sécurisé</h3>
<p>Les mises à jour ultérieures et les correctifs de la plate-forme Firefox OS sont déployés en utilisant un processus Mozilla sécurisé qui garantit l'intégrité continue de l'image du système sur le téléphone mobile. <span id="result_box" lang="fr"><span class="hps">La mise à jour</span> <span class="hps">est créée par une entité </span><span class="hps">connue</span><span>,</span> <span class="hps">une source de confiance</span> <span class="hps">-</span> <span class="hps">habituellement le</span> <span class="hps">OEM</span> <span class="hps">de l'appareil</span> <span class="hps">-</span> <span class="hps">qui est</span> <span class="hps">responsable de l'assemblage</span><span>, la construction</span><span>, les tests et</span> <span class="hps">la signature numérique</span> <span class="hps">du paquet</span> <span class="hps">de mise à jour</span><span>.</span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">Les mises à jour</span> <span class="hps">du système peuvent</span> <span class="hps">concerner tout ou</span> <span class="hps">une partie</span> <span class="hps">de la pile</span> <span class="hps">Firefox</span> <span class="hps">OS</span><span>. </span><span class="hps">Si des changements</span> <span class="hps">à</span> <span class="hps">Gonk</span> <span class="hps">sont inclus dans</span> <span class="hps">la mise à jour</span><span>,</span> cependant <span class="hps">FOTA</span> <span class="hps">(Firmware</span> <span class="hps">Over The Air</span><span>)</span> <span class="hps">est</span> <span class="hps">le processus d'installation</span> <span class="hps">utilisé</span><span>. </span><span class="hps">Les mises à jour</span> <span class="hps">FOTA</span> <span class="hps">peuvent également inclure</span> <span class="hps">toute autre</span> <span class="hps">partie de la pile de Firefox OS</span><span>,</span> <span class="hps">y compris la gestion</span> <span class="atn hps">de l'appareil (</span><span>FOTA</span><span>,</span> <span class="hps">firmware</span> <span class="hps">/ drivers</span><span>)</span><span>, la gestion des</span> <span class="hps">paramètres</span> <span class="hps">(paramètres de</span> <span class="hps">Firefox</span> <span class="hps">OS</span><span>)</span><span>,</span> <span class="hps">les mises à jour</span> <span class="hps">de sécurité</span><span>,</span> <span class="hps">Gaia</span><span>,</span> <span class="hps">Gecko</span><span>,</span> <span class="hps">et d'autres</span> <span class="hps">correctifs</span><span>.</span></span><span lang="fr"><span> </span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">Les mises à jour</span> <span class="hps">qui ne comportent pas</span> <span class="hps">Gonk</span> <span class="hps">peuvent être</span> <span class="hps">effectuées en utilisant</span> <span class="hps">la mise à jour</span> <span class="hps">de l'utilitaire système</span> <span class="hps">Mozilla</span><span>.</span> <span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">utilise le même</span> <span class="hps">framework de </span><span class="hps">mise à jour</span><span>, les mêmes processus et</span> le même format <span class="hps">Mozilla</span> <span class="atn hps">ARCHIVE (</span><span>MAR</span><span>) </span><span class="atn hps">(</span><span>utilisé</span> <span class="hps">pour les packages</span> <span class="hps">de mise à jour</span><span>)</span> <span class="hps">que le produit</span> <span class="hps">Firefox</span> <span class="hps">Desktop.</span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">Un service</span> <span class="hps">intégré</span> <span class="hps">dans</span> <span class="hps">la mise à jour</span> </span>— lequel<span lang="fr"><span class="hps"> peut être fourni</span> <span class="hps">par le fabricant</span> </span>—<span lang="fr"> <span class="hps">sur le téléphone mobile</span> <span class="hps">vérifie périodiquement les</span> <span class="hps">mises à jour système</span><span>.</span> <span class="hps">Une fois</span> <span class="hps">un paquet</span> <span class="hps">système devient</span> <span class="hps">disponible et</span> <span class="hps">est détecté</span> <span class="hps">par le service</span> <span class="hps">de mise à jour</span><span>,</span> <span class="atn hps">l'</span><span>utilisateur est invité à</span> <span class="hps">confirmer l'installation</span><span>. </span><span class="hps">Avant</span> que <span class="hps">les mises à jour</span> soient <span class="hps">installées sur</span> <span class="atn hps">l'</span><span>appareil mobile, le</span> <span class="hps">stockage de l'appareil</span> <span class="hps">est vérifié pour</span> <span class="hps">un espace suffisant pour</span> <span class="hps">appliquer la</span> <span class="hps">mise à jour</span><span>,</span> <span class="hps">et</span> <span class="hps">la distribution</span> <span class="hps">est vérifiée pour</span><span>: </span></span></p>
<ul>
<li>Update origin <span id="result_box" lang="fr"><span class="atn hps">(</span><span>vérifier</span> <span class="hps">le protocole</span> <span class="hps">de</span> <span class="hps">localisation de la source</span><span>:</span> <span class="hps">domaine</span><span>:</span> <span class="hps">port de</span> <span class="hps">la mise à jour</span> <span class="hps">du système et</span> <span class="hps">manifeste)</span></span></li>
<li>File integrity (<span class="short_text" id="result_box" lang="fr"><span class="hps">SHA-256</span> vérifie <span class="hps">de hachage</span></span>)</li>
<li>Code signature (vérification de cetificat)</li>
</ul>
<p><span id="result_box" lang="fr"><span class="hps">Les</span> <span class="hps">mesures de sécurité</span> <span class="hps">suivantes sont utilisées</span> <span class="hps">au cours du processus</span> <span class="hps">de mise à jour</span><span>:</span></span></p>
<ul>
<li><span id="result_box" lang="fr"><span class="hps">Mozilla</span> <span class="hps">recommande</span> <span class="hps">et espère que</span> <span class="hps">les mises à jour</span> <span class="hps">sont récupérées</span> <span class="hps">via une connexion</span> <span class="hps">SSL</span><span>.</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">Une vérification cryptographique</span> <span class="hps">forte</span> <span class="hps">est nécessaire</span> <span class="hps">avant d'installer</span> <span class="hps">un paquet</span> <span class="hps">de</span> <span class="hps">firmware</span><span>.</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">La mise à jour</span> <span class="hps">complète</span> <span class="hps">doit être téléchargé</span>e <span class="hps">dans un emplacement spécifique</span> <span class="hps">et sécurisé</span> <span class="hps">avant le début du</span> <span class="hps">processus de</span> <span class="hps">mise à jour</span><span>.</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">Le système doit être</span> <span class="hps">dans un état</span> <span class="hps">sécurisé</span> <span class="hps">lorsque le processus de</span> <span class="hps">mise à jour démarre</span><span>,</span> <span class="hps">sans</span> <span class="hps">les applications </span><span class="hps">en marche.</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">Les</span> <span class="hps">clés doivent être</span> <span class="hps">stockées dans un</span> <span class="hps">emplacement sécurisé sur</span> <span class="hps">le dispositif</span><span>.</span></span></li>
</ul>
<p><span id="result_box" lang="fr"><span class="hps">Des contrôles rigoureux</span> <span class="hps">sont en mis place pour</span> <span class="hps">veiller à ce que</span> <span class="hps">la mise à jour</span> <span class="hps">est appliquée</span> <span class="hps">correctement</span> <span class="hps">sur le téléphone mobile</span><span>.</span></span></p>
<div class="note">
<p><strong>Note</strong>: <span id="result_box" lang="fr"><span>Pour plus d'informations</span> <span>sur la façon dont</span> <span>les mises à jour</span> <span>fonctionnent et comment</span> <span>créer et distribuer des</span> <span>mises à jour</span><span>,</span> <span>lire </span></span><a href="/en-US/Firefox_OS/Building_and_installing_Firefox_OS/Creating_Firefox_OS_update_packages">Création et application des paquets de mise à jour de Firefox OS</a>.</p>
</div>
<h2 id="Securité_des_applications">Securité des applications</h2>
<p><span id="result_box" lang="fr"><span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">utilise une stratégie de</span> <span class="hps">sécurité de défense</span> <span class="hps">en profondeur</span> <span class="hps">pour protéger le</span> <span class="hps">téléphone mobile</span> <span class="hps">des applications</span> <span class="hps">intrusives</span> <span class="hps">ou malveillantes</span><span>.</span> <span class="hps">Cette stratégie</span> <span class="hps">utilise une</span> <span class="hps">variété de</span> <span class="hps">mécanismes</span><span>,</span> <span class="hps">y compris les</span> <span class="hps">niveaux d'autorisation</span> <span class="hps">implicites</span> <span class="hps">basés sur</span> <span class="hps">un</span> <span class="hps">modèle de confiance</span> <span class="hps">de</span> <span class="hps">l'application</span><span>, l'exécution</span> <span class="hps">en sandbox</span> <span class="hps">au</span> <span class="hps">moment de l'exécution</span><span>, d'un accès</span><span class="hps"> </span>au <span class="hps">matériel sous-jacent</span> <span class="hps">du téléphone mobile uniquement par API</span></span><span lang="fr"><span>,</span> <span class="hps">un modèle d'autorisation</span> <span class="hps">robuste,</span> <span class="hps">et les processus</span> <span class="hps">d'installation et de</span> <span class="hps">mise à jour sécurisé</span><span>.</span> <span class="hps">Pour les détails techniques</span><span>,</span></span> <span class="short_text" id="result_box" lang="fr"><span class="hps">faire référence à</span></span> <a href="/en-US/docs/Mozilla/Firefox_OS/Security/Application_security" title="/en-US/docs/Mozilla/Firefox_OS/Security/Application_security">Application security.</a></p>
<p><span id="result_box" lang="fr"><span class="hps">Dans Firefox</span> <span class="hps">OS</span><span>,</span> <span class="hps">toutes les applications</span> <span class="hps">sont</span> <span class="hps">des applications Web</span> <span class="hps">-</span> <span class="hps">programmes écrits</span> <span class="hps">en utilisant</span> <span class="hps">HTML5</span><span>,</span> <span class="hps">JavaScript, CSS</span><span>, les médias,</span> <span class="hps">et d'autres technologies</span> <span class="hps">Web ouvertes</span> <span class="hps">(les pages</span> <span class="hps">en cours d'exécution</span> <span class="hps">dans le navigateur</span> <span class="hps">ne sont pas visées</span>; <span class="hps">que les applications</span> <span class="hps">Web</span> <span class="hps">dans ce contexte</span><span>). </span><span class="hps">Parce qu'il</span> <span class="hps">n'y a d'application binaires </span> <span class="atn hps">(</span><span class="atn hps">«natives</span><span>»)</span> <span class="hps">installées</span> <span class="hps">par l'utilisateur</span><span>,</span> <span class="hps">tous les</span> <span class="hps">accès au système sont</span> <span class="hps">strictement</span> effectués <span class="hps">via les API</span> <span class="hps">Web</span><span>.</span> <span class="hps">Même</span> <span class="hps">l'accès au</span> <span class="hps">système de fichiers</span> <span class="hps">ne se produit que</span> <span class="hps">par le biais</span> <span class="hps">des API</span> <span class="hps">Web et</span> <span class="hps">une base de données</span> <span class="hps">SQLite</span> <span class="hps">back-end</span> <span class="hps">-</span> <span class="hps">il n'y a</span> <span class="hps">pas d'accès direct</span> entre les <span class="hps">applications</span> et les<span class="hps"> fichiers stockés sur</span> <span class="hps">la carte SD</span><span>.</span></span></p>
<p>Firefox OS limite <span id="result_box" lang="fr"><span class="hps">et fait respecter</span> <span class="hps">la portée</span> <span class="hps">des ressources</span> <span class="hps">qui peuvent être consultées</span> <span class="hps">ou utilisées par une</span> <span class="hps">application</span><span>,</span> <span class="hps">tout en soutenant</span> <span class="atn hps">un large éventail d'</span><span>applications</span> <span class="hps">avec différents</span> <span class="hps">niveaux d'autorisation</span><span>. </span><span class="hps">Mozilla</span> <span class="hps">a mis en place</span> <span class="hps">un contrôle serré sur</span> <span class="hps">ce</span> <span class="hps">type d'applications qui peuvent accéder aux API. Par exemple</span><span>,</span> seules l<span class="hps">es applications</span> <span class="hps">certifiées</span> <span class="hps">(livrées avec</span> <span class="hps">le téléphone</span><span>)</span> <span class="hps">peuvent</span> <span class="hps">avoir accès à</span> <span class="atn hps">l'</span><span>API de téléphonie</span><span>.</span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">Cela empêche</span> <span class="hps">une situation</span><span>, par exemple</span><span>,</span> <span class="hps">dans laquelle</span> <span class="hps">une application</span> <span class="hps">arbitraire</span> <span class="hps">tiers</span> <span class="hps">est installée</span><span>,</span> <span class="hps">compose un numéro</span> <span class="hps">de téléphone</span> <span class="atn hps">pay-per-use </span><span class="atn hps">(</span><span>900 et</span> <span class="hps">910</span><span>)</span><span>,</span> <span class="hps">et engrange </span><span class="hps">une grosse facture</span> <span class="hps">de téléphone cellulaire</span><span>.</span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">D'autres</span> <span class="hps">applications</span> <span class="hps">OEM</span> <span class="hps">pourraient cependant être</span> <span class="hps">sélectionnées</span> pour avoir <span class="hps">accès à l'API</span> <span class="hps">de téléphonie. Par exemple</span><span>,</span> <span class="hps">un opérateur</span> <span class="hps">pourrait fournir une</span> <span class="hps">application de systèmes de gestion</span> <span class="hps">qui permet à un</span> <span class="hps">client de gérer</span> sont <span class="hps">compte</span><span>,</span> <span class="hps">y compris la possibilité</span> <span class="hps">de téléphoner au service client </span><span class="hps">ou le service d'aide </span> <span class="hps">de l'opérateur</span> <span class="hps">directement</span><span>.</span></span></p>
<h3 id="sect1"> </h3>
<h3 id="Applications_approuvées_et_non_approuvées"><span class="short_text" id="result_box" lang="fr"><span class="hps">Applications</span> <span class="hps">approuvées et non approuvées</span></span></h3>
<p> </p>
<p><span id="result_box" lang="fr"><span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">catégorise</span> <span class="hps">les applications</span> <span class="hps">selon les</span> <span class="hps">types</span> <span class="hps">suivants</span><span>:</span></span></p>
<table class="standard-table" style="height: 404px; width: 765px;">
<thead>
<tr>
<th scope="col">Type</th>
<th scope="col">Niveau de confiance</th>
<th scope="col">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td>Certifié</td>
<td><span class="short_text" id="result_box" lang="fr"><span class="hps">Très fiable</span></span></td>
<td><span id="result_box" lang="fr"><span class="hps">Les applications</span> <span class="hps">du système</span> <span class="hps">qui ont été approuvées</span> <span class="hps">par l'opérateur</span> <span class="hps">ou l'OEM</span> <span class="hps">(en raison de</span> <span class="hps">risques de corruption</span> <span class="hps">de l'appareil</span> <span class="hps">ou un risque pour</span> <span class="hps">la fonctionnalité</span> <span class="hps">critique)</span><span>.</span> <span class="hps">Les applications</span> <span class="hps">et services</span> <span class="hps">système</span> <span class="hps">uniquement;</span> <span class="hps">non destinées à</span> <span class="hps">des applications tierces</span><span>.</span><br>
<span class="hps">Cette désignation</span> <span class="hps">est réservée à</span> <span class="hps">un petit nombre</span> <span class="hps">d'applications critiques</span><span>.</span> <span class="hps">Exemples:</span> <span class="hps">SMS</span><span>,</span> <span class="hps">Bluetooth</span><span>, appareil photo,</span> <span class="hps">horloge système</span><span>, la téléphonie et</span> <span class="hps">le numéroteur</span> <span class="hps">par défaut</span> <span class="atn hps">(</span><span>pour que les services</span> <span class="hps">d'urgence</span> <span class="hps">soient toujours accessibles</span><span>)</span><span>.</span></span></td>
</tr>
<tr>
<td><span class="short_text" id="result_box" lang="fr"><span class="hps">Privilégié</span></span></td>
<td>Fiable</td>
<td><span id="result_box" lang="fr"><span class="hps">Des applications tierces</span> <span class="hps">qui ont été examinées</span><span>,</span> <span class="hps">approuvées</span> <span class="hps">et</span> <span class="hps">signées numériquement</span> <span class="hps">par un</span> <span class="hps">marché</span> <span class="hps">autorisé</span><span>.</span></span></td>
</tr>
<tr>
<td><span class="short_text" id="result_box" lang="fr"><span class="hps">Web</span> <span class="atn hps">(</span><span>tout le reste</span><span>)</span></span><span id="result_box" lang="fr"><span class="hps">applique</span></span></td>
<td>Non fiable</td>
<td><span id="result_box" lang="fr"><span class="hps">Contenu Web</span> <span class="hps">régulier</span><span>.</span> <span class="hps">Comprend les</span> <span class="hps">applications installées</span> <span class="atn hps">(</span><span>stockées sur le</span> <span class="hps">téléphone mobile</span><span>)</span> <span class="hps">et</span> <span class="hps">des applications</span> <span class="hps">hébergées</span> <span class="atn hps">(</span><span>stockées à distance</span><span>,</span> <span class="hps">avec seulement</span> <span class="hps">une application</span> <span class="hps">manifeste</span> <span class="hps">stockée sur le</span> <span class="hps">téléphone mobile</span><span>)</span><span>.</span> <span class="hps">Le manifeste</span> <span class="hps">pour les applications</span> <span class="hps">hébergées</span> <span class="hps">peut être obtenu</span> <span class="hps">grâce à un</span> <span class="hps">marché</span><span>.</span></span></td>
</tr>
</tbody>
</table>
<p><span id="result_box" lang="fr"><span class="hps">Le niveau de confiance</span> <span class="hps">d'une application</span> <span class="hps">détermine</span><span>,</span> <span class="hps">en partie,</span> <span class="hps">sa capacité à</span> <span class="hps">accéder aux fonctionnalités</span> <span class="hps">de</span> <span class="hps">téléphone mobile</span><span>.</span></span></p>
<ul>
<li><span lang="fr"><span class="hps">Les applications</span> <span class="hps">certifiées ont</span> <span class="hps">des autorisations à</span> <span class="hps">la plupart des</span> opérations de APIs Web<span>.</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">Les applications</span> <span class="hps">privilégiées</span> <span class="hps">ont</span> <span class="hps">des autorisations à un</span> <span class="hps">sous-ensemble des </span><span class="hps">opérations des API</span>s <span class="hps">Web</span><span class="hps"> qui sont accessibles aux</span> <span class="hps">applications</span> <span class="hps">certifiées</span><span>.</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">Les applications</span> <span class="hps">non fiables</span> <span class="hps">ont</span> <span class="hps">des autorisations à un</span> <span class="hps">sous-ensemble des</span> <span class="hps">opérations des API</span> <span class="hps">Web</span> <span class="hps">accessibles aux</span> <span class="hps">applications</span> <span class="hps">privilégiées -</span> <span class="hps">seules les</span> <span class="hps">API</span> <span class="hps">Web qui contiennent des</span> <span class="hps">mesures d'atténuation</span> <span class="hps">de sécurité</span> <span class="hps">suffisantes pour</span> <span class="hps">être</span> <span class="hps">exposées à du contenu</span> <span class="hps">Web</span> <span class="hps">non sécurisé</span><span>.</span></span></li>
</ul>
<p><span id="result_box" lang="fr"><span class="hps">Certaines opérations,</span> <span class="hps">telles que</span> <span class="hps">l'accès au réseau</span><span>,</span> <span class="hps">sont supposées être</span> <span class="hps">une</span> <span class="hps">autorisation</span> <span class="hps">implicite pour</span> <span class="hps">toutes les applications</span><span>.</span> <span class="hps">En général</span><span>, plus </span><span class="hps">l'opération</span> est sensible <span class="atn hps">(</span><span>par exemple,</span> <span class="hps">composer un</span> <span class="hps">numéro de téléphone</span> <span class="hps">ou accéder à</span> <span class="hps">la liste de contacts</span><span>)</span><span>,</span> plus <span class="hps">le niveau de confiance</span> <span class="hps">de</span> <span class="hps">l'application</span> <span class="hps">nécessaire</span> <span class="hps">pour l'exécuter est élevé.</span></span></p>
<div class="note">
<p><span id="result_box" lang="fr"><span class="hps">Remarque</span><span>:</span> <span class="hps">pour plus d'informations</span> <span class="hps">sur les</span> <span class="hps">API disponibles</span> <span class="hps">et leurs</span> <span class="hps">niveaux d'autorisation</span><span>,</span> <span class="hps">consulter</span> </span><a href="https://developer.mozilla.org/fr/Apps/Build/App_permissions">App permissions</a>.</p>
</div>
<h4 id="Principe_de_la_Moindre_partie_de_Permissions">Principe de la Moindre partie de Permissions</h4>
<p><span id="result_box" lang="fr"><span class="hps">Pour</span> <span class="hps">les applications Web</span><span>,</span> <span class="hps">le framework de sécurité</span> <span class="hps">de Firefox</span> <span class="hps">OS</span> <span class="hps">suit le principe</span> <span class="hps">des moindres</span> <span class="hps">autorisations</span><span>:</span> <span class="hps">commencer</span> <span class="hps">avec les autorisations</span> <span class="hps">minimales absolues</span><span>,</span> <span class="hps">puis accorder</span> <span class="hps">sélectivement</span> <span class="hps">des privilèges supplémentaires</span> <span class="hps">que</span> <span class="hps">lorsque cela est nécessaire</span> <span class="hps">et raisonnable</span><span>.</span> <span class="hps">Par défaut</span><span>,</span> <span class="hps">une application</span> <span class="hps">commence</span> <span class="hps">avec de très faibles</span> <span class="hps">autorisations</span><span>,</span> <span class="hps">ce qui est comparable</span> <span class="hps">au contenu</span> <span class="hps">Web</span> <span class="hps">non sécurisé</span><span>.</span> <span class="hps">Si l'application</span> <span class="hps">effectue des appels</span> <span class="hps">API</span> <span class="hps">Web qui</span> <span class="hps">nécessitent des autorisations</span> <span class="hps">supplémentaires</span><span>,</span> <span class="hps">il doit</span> <span class="hps">énumérer</span> <span class="hps">ces autorisations</span> <span class="hps">supplémentaires</span> <span class="hps">dans son</span> <span class="atn hps">manifeste (</span><span>décrit plus loin dans</span> <span class="hps">ce document</span><span>)</span><span>.</span> <span class="hps">Gecko</span> <span class="hps">envisagera d'accorder</span> <span class="hps">l'accès</span> <span class="hps">de l'API Web</span> <span class="hps">à une application</span> <span class="hps">que si les</span> <span class="hps">privilèges applicables</span> <span class="hps">sont priés</span> <span class="hps">explicitement</span> <span class="hps">dans son</span> <span class="hps">manifeste.</span> <span class="hps">Gecko</span> <span class="hps">accordera l'autorisation</span> <span class="hps">demandée uniquement si</span> <span class="hps">le type de l'application </span><span class="hps">Web</span> <span class="atn hps">(</span><span>certifiée</span><span>,</span> <span class="hps">confiance</span><span>,</span> <span class="hps">ou</span> <span class="hps">Web</span><span>)</span> <span class="hps">est</span> <span class="hps">suffisamment qualifié</span> <span class="hps">pour l'accès</span><span>.</span></span></p>
<h4 id="Processus_d'Examen_pour_Applications_Privilégiés_dans_le_Marché">Processus d'Examen pour Applications Privilégiés dans le Marché</h4>
<p>Pour qu'une application devienne privilégée, le fournisseur de l'application doit la soumettre pour examen sur le Marketplace<span lang="fr"><span class="alt-edited">. Le Marketplace soumet l'application dans un processus de révision du code rigoureux: vérification de son authenticité et de l'intégrité, veiller à ce que les autorisations demandées sont utilisées aux fins indiquées (dans la justification de l'autorisation), vérifier que l'utilisation des autorisations implicites est appropriée, et de valider que toutes les interfaces entre le contenu de l'application privilégiée et contenu externe non privilégié ont les mesures d'atténuation appropriées pour prévenir des attaques d'élévation de privilèges. Le Marketplace a la responsabilité de veiller à ce que l'application web ne se comportera pas malicieusement avec les autorisations qu'il est accordée.</span></span></p>
<p>Après q'une application est passé cet examen, elle est approuvée pour utilisation, le manifeste de l'application est signé numériquement par le Marketplace, et il est disponible pour les utilisateurs mobiles. La signature garantit que, si la boutique en ligne a été en quelque sorte piratée, le pirate ne pouvait pas sortir avec l'installation de contenu arbitraire ou du code malveillant sur les téléphones des utilisateurs. En raison de ce processus de vérification, Firefox OS donne des applications privilégiées obtenues à partir du Marketplace un plus haut degré de confiance tous les jours que de contenu Web.</p>
<p> </p>
<div class="note">
<p><strong>Remarque</strong>: pour en savoir plus à propos de <a href="https://marketplace.firefox.com/">Marketplace</a>, y compris le marché de Firefox, aller à la zone du <a href="/fr/docs/Mozilla/Marketplace">Marketplace</a>.</p>
</div>
<p> </p>
<h3 id="Applications_empaquetées_et_hébergées"><span class="short_text" id="result_box" lang="fr"><span class="alt-edited">Applications empaquetées et hébergées</span></span></h3>
<p><span id="result_box" lang="fr"><span class="alt-edited">Les applications pour Firefox OS peuvent être soit empaquetées (stockées sur le téléphone mobile) ou hébergées (stockées sur un serveur web distant, avec juste un manifeste stocké sur le téléphone mobile). Il ya quelques différences dans la façon dont la sécurité est gérée pour chaque. Néanmoins, les applications empaquetées et hébergées sont toutes deux soumises à l'application sandboxing, qui est décrite plus loin dans ce document.</span></span></p>
<div class="note">
<p><strong>Note</strong>: <span id="result_box" lang="fr"><span class="hps">Vous pouvez</span> <span class="hps">en savoir plus sur</span> <span class="hps">les applications</span> <span class="hps">hébergées</span> <span class="hps">et </span><span class="alt-edited">empaquetées</span></span><span lang="fr"> <span class="hps">à </span></span><a href="/fr/Marketplace/Options/Self_publishing">Auto-publication d'application</a></p>
</div>
<h4 id="Applications_empaquetées"><span class="short_text" id="result_box" lang="fr"><span class="hps">Applications</span> empaquetées</span></h4>
<p><span id="result_box" lang="fr"><span class="alt-edited">Une application empaquetée se compose d'un fichier ZIP contenant des ressources d'application (HTML5, CSS, Javascript, images, médias), ainsi que d'un manifeste qui fournit une liste explicite des actifs et leurs valeurs de hachage correspondant. Applications certifiées et privilégiées doivent être empaquetées parce que le manifeste de l'application doit être signé numériquement. Quand un utilisateur obtient une application incluse dans le paquet, le fichier ZIP téléchargé sur le téléphone mobile, et le manifeste est lu à partir d'un emplacement connu à l'intérieur du fichier ZIP. Pendant le processus d'installation, les actifs d'applications sont dignes de confiance et restent stockés localement dans le paquet. </span><span>Toutes les</span> <span>autorisations explicites</span> <span>sont demandées</span> <span>lors de l'exécution</span><span>,</span> <span>montrant à l'utilisateur</span> <span>les intentions</span> <span>d'utilisation des données</span> <span>de l'</span><span>application</span><span>,</span> <span>et sont persistées par</span> <span>défaut</span><span>.</span></span></p>
<p><span id="result_box" lang="fr"><span class="alt-edited">Pour faire référence à des ressources d'applications dans une application empaquetée, l'URL commence par app: en utilisant le format suivant:</span></span></p>
<p><code>app://<em>identifier</em>/<em>path_within_zipfile</em>/file.html</code></p>
<p><span id="result_box" lang="fr"><span class="alt-edited">où app:// représente le point de montage du fichier ZIP, et l'identifiant est un UUID qui est généré lorsque l'application est installée sur le téléphone mobile. Ce mécanisme garantit que les ressources appelées avec app:URL contenues dans le fichier ZIP. Le chemin au sein d'une app: est relative, donc des liens relatifs à des ressources dans le fichier ZIP sont autorisés.</span></span></p>
<p>Alors que les applications empaquetées sont principalement destinées à être utilisées pour les applications certifiées ou privilégiées, les applications web régulières peuvent aussi être empaquetées. <span id="result_box" lang="fr"><span>Cependant, elles</span> <span>ne gagnent pas</span> <span>d'augmentation</span> <span>de l'accès</span> <span>en confiance ou</span> <span>autorisations</span> <span>simplement parce qu'elles</span> <span>sont </span></span>empaquetées<span lang="fr"><span>.</span></span></p>
<h4 id="Applications_hébergées"><span class="short_text" id="result_box" lang="fr"><span class="hps">Applications hébergées</span></span></h4>
<p><span id="result_box" lang="fr"><span class="alt-edited">Les applications hébergées sont situées sur un serveur Web et chargées via HTTP. Seulement le manifeste de l'application est stocké sur le téléphone mobile. Tout le reste est stocké à distance. Certaines APIs sont disponibles uniquement aux applications privilégiées et certifiées, ce qui nécessite que l'application soit empaquetée en raison des exigences de signature. Par conséquent, une application hébergée n'aura pas accès à l'une des API Web qui nécessitent un statut d'application privilégiée ou certifiée.</span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">Du point de</span> <span class="hps">vue de la sécurité</span><span>,</span> <span class="hps">des applications</span> <span class="hps">hébergées</span> <span class="hps">fonctionnent très</span> <span class="hps">bien</span> <span class="hps">comme des sites Web</span> <span class="hps">normaux</span><span>.</span> <span class="hps">Une application</span> <span class="hps">hébergée est</span> <span class="hps">chargé</span>e <span class="hps">en invoquant un</span> <span class="hps">codage en dur</span><span>,</span> <span class="hps">URL</span> <span class="hps">pleinement qualifiée</span> <span class="hps">qui pointe vers</span> <span class="hps">la page</span> <span class="hps">de démarrage dans</span> <span class="hps">le répertoire racine</span> <span class="hps">de l'application</span> <span class="hps">sur le serveur</span> <span class="hps">Web</span><span>.</span> <span class="hps">Une fois</span> <span class="hps">une application</span> <span class="hps">hébergée est</span> <span class="hps">chargée</span><span>,</span> <span class="hps">le </span><span class="hps">téléphone mobile pointe</span> <span class="hps">vers des pages</span> <span class="hps">en utilisant les mêmes</span> <span class="hps">URL qui</span> <span class="hps">sont utilisées lors de</span> <span class="hps">la navigation sur le</span> <span class="hps">site web</span><span>.</span></span></p>
<h3 id="Manifeste_d'une_Application">Manifeste d'une Application</h3>
<p>Le manifeste d'une application Open Web contient des informations dont le navigateur Web a besoin pour interagir avec une application. Un manifeste est un fichier JSON avec (au moins) un nom et une description pour l'application. Pour plus de détails, reportez-vous à <a href="/fr/Apps/FAQs/About_app_manifests">FAQs about app manifests</a>.</p>
<h4 id="Exemple_de_Manifeste">Exemple de Manifeste</h4>
<p><span id="result_box" lang="fr"><span class="hps">Les lignes de code</span> <span class="hps">suivantes montrent un exemple</span> <span class="hps">de manifeste</span> <span class="hps">avec les réglages</span> <span class="hps">de base</span> <span class="hps">seulement</span><span>:</span></span></p>
<pre class="brush:text">{
"name": "My App",
"description": "My elevator pitch goes here",
"launch_path": "/",
"icons": {
"128": "/img/icon-128.png"
},
"developer": {
"name": "Your name or organization",
"url": "http://your-homepage-here.org"
},
"default_locale": "en"
}</pre>
<h3 id="Paramètres_de_sécurité_dans_le_Manifeste_de_l'Application"><span class="short_text" id="result_box" lang="fr"><span class="hps">Paramètres de sécurité</span> <span class="hps">dans le Manifeste de l'Application</span></span></h3>
<p><span id="result_box" lang="fr"><span class="hps">Le manifeste</span> <span class="hps">peut</span> <span class="hps">également contenir d'autres</span> <span class="hps">paramètres</span><span>, y compris</span> <span class="hps">les</span> <span class="hps">paramètres de sécurité suivants</span><span>:</span></span></p>
<p> </p>
<table>
<thead>
<tr>
<th style="width: 152px;">
<p>Champs</p>
</th>
<th style="width: 479px;">
<p>Description</p>
</th>
</tr>
</thead>
<tbody>
<tr>
<td style="width: 152px;">
<p>permissions</p>
</td>
<td style="width: 479px;">
<p><span id="result_box" lang="fr"><span class="atn hps">Permissions requises par l'</span><span>application</span><span>.</span> <span class="hps">Une application</span> <span class="hps">doit</span> <span class="hps">énumérer toutes les</span> <span class="hps">API</span> <span class="hps">Web</span> <span class="hps">qu'elle entend utiliser</span> <span class="hps">qui nécessite</span> <span class="hps">l'autorisation</span> <span class="hps">de l'utilisateur</span><span>.</span> <span class="hps">La plupart des</span> <span class="hps">autorisations</span> <span class="hps">ont du sens</span> <span class="hps">pour les applications</span> <span class="hps">privilégiées</span> <span class="hps">ou</span> <span class="hps">des applications</span> <span class="hps">certifiées</span><span>,</span> <span class="hps">mais pas</span> <span class="hps">pour les applications</span> <span class="hps">hébergées</span><span>.</span> <span class="hps">Propriétés</span> <span class="hps">par</span> <span class="hps">API</span><span>:</span></span></p>
<ul>
<li><span id="result_box" lang="fr"><strong><span class="hps">Description</span></strong><span>:</span> <span class="hps">Une</span> <span class="hps">chaîne spécifiant</span> <span class="hps">l'intention derrière</span> la demande <span class="hps">d'utilisation</span> <span class="hps">de cette API</span><span>.</span> <span class="hps">Requis</span></span></li>
<li><span id="result_box" lang="fr"><strong><span class="hps">Accès</span></strong></span><span lang="fr"><span>:</span> <span class="hps">Une</span> <span class="hps">chaîne spécifiant le</span> <span class="hps">type d'accès requis</span> <span class="hps">pour l'autorisation</span><span>.</span> <span class="hps">Les autorisations</span> <span class="hps">implicites</span> <span class="hps">sont accordées</span> <span class="hps">lors de l'installation</span><span>.</span> <span class="hps">Requis pour</span> <span class="hps">seulement quelques</span> <span class="hps">API</span><span>.</span> <span class="hps">Les valeurs acceptées</span><span>: </span></span><strong>read</strong>, <strong>readwrite</strong>, <strong>readcreate</strong>, et <strong>createonly</strong>.</li>
</ul>
</td>
</tr>
<tr>
<td style="width: 152px;">
<p>installs_allowed_from</p>
</td>
<td style="width: 479px;">
<p><span id="result_box" lang="fr"><span class="hps">L'origine</span> <span class="hps">de l'application</span><span>;</span> <span class="hps">peut</span> <span class="hps">être au singulier</span> <span class="hps">ou un tableau</span> <span class="hps">des origines</span> <span class="atn hps">(</span></span>scheme+unique hostname<span lang="fr"><span>)</span> <span class="hps">qui sont autorisés</span> <span class="hps">à déclencher</span> <span class="hps">l'installation</span> <span class="hps">de cette application</span><span>.</span> <span class="hps">Permet aux fournisseurs</span> <span class="hps">d'applications</span> <span class="hps">de restreindre</span> <span class="hps">les installations</span> <span class="hps">à partir de seulement</span> l'autorisation du Marketplace</span> (<a href="https://marketplace.firefox.com/">https://marketplace.firefox.com/</a>).</p>
</td>
</tr>
<tr>
<td style="width: 152px;">
<p>csp</p>
</td>
<td style="width: 479px;">
<p>Content Security Policy<span lang="fr"> <span class="atn hps">(</span><span>CSP</span><span>)</span><span>.</span> <span class="hps">Appliquée à toutes les</span> <span class="hps">pages chargées</span> <span class="hps">dans l'application</span><span>.</span> <span class="hps">Utilisé pour</span> <span class="hps">durcir</span> <span class="hps">l'application</span> <span class="hps">contre les</span> <span class="hps">bugs qui pourraient</span> <span class="hps">permettre à un attaquant</span> <span class="hps">d'injecter du code</span> <span class="hps">dans l'application</span><span>.</span> <span class="hps">Si</span> <span class="hps">non spécifié</span><span>,</span> <span class="hps">les applications</span> <span class="hps">privilégiées</span> <span class="hps">et certifiées</span> <span class="hps">ont</span> des réglages système <span class="hps">par défaut</span><span>.</span> <span class="hps">Syntaxe:</span></span><br>
<a href="https://developer.mozilla.org/en-US/docs/Apps/Manifest#csp">https://developer.mozilla.org/en-US/docs/Apps/Manifest#csp</a></p>
<p><em><span id="result_box" lang="fr"><span class="hps">Notez que cette</span> <span class="hps">directive</span> <span class="hps">ne peut</span> <span class="hps">augmenter le</span> <span class="hps">CSP</span> <span class="hps">appliqué</span><span>.</span> <span class="hps">Vous ne pouvez pas</span> <span class="hps">l'utiliser</span><span>, par exemple</span><span>,</span> <span class="hps">de réduire le</span> <span class="hps">CSP</span> <span class="hps">appliqué à un</span>e application <span class="hps">privilégiée</span><span>.</span></span></em></p>
</td>
</tr>
<tr>
<td style="width: 152px;">
<p>type</p>
</td>
<td style="width: 479px;">
<p><span id="result_box" lang="fr"><span class="hps">Type d'application</span> </span>(web, privilegiée, or certifiée)<span lang="fr"><span>.</span></span></p>
</td>
</tr>
</tbody>
</table>
<p> </p>
<p><span id="result_box" lang="fr"><span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">exige que</span> <span class="hps">le manifest</span>e soit<span class="hps"> servi</span> <span class="hps">avec un</span> <span class="hps">type mime</span> <span class="atn hps">spécifique (</span><code><span class="atn">application / x-</span><span>web-app</span><span class="atn">-</span><span>manifeste</span> <span class="hps">+</span> <span class="hps">JSON</span></code><span>) et</span> <span class="hps">à partir du même</span> <span class="hps">nom d'hôte</span> <span class="hps">pleinement qualifié</span> <span class="hps">(origine</span><span>)</span> <span class="hps">à partir de laquelle</span> <span class="hps">l'application</span> <span class="hps">est servie</span><span>.</span> <span class="hps">Cette restriction</span> <span class="hps">est assouplie</span> <span class="hps">lorsque l'application</span> <span class="atn hps">manifeste (</span><span>et donc</span> <span class="hps">l'application</span> <span class="hps">manifeste)</span> <span class="hps">est</span> <span class="hps">de la même origine</span> <span class="hps">avec la page</span> <span class="hps">qui a demandé</span> <span class="hps">l'application</span> <span class="hps">à installer.</span> <span class="hps">Ce mécanisme</span> <span class="hps">est utilisé pour</span> <span class="hps">assurer qu'il est</span> <span class="hps">impossible de</span> <span class="hps">tromper un</span> <span class="hps">site Web en</span> <span class="hps">accueillant un</span> <span class="hps">manifeste d'application</span><span>.</span></span></p>
<p> </p>
<h3 id="Exécution_sandbox"><span class="short_text" id="result_box" lang="fr"><span>Exécution</span> <span>sandbox</span></span></h3>
<p> </p>
<p><span id="result_box" lang="fr"><span class="hps">Cette section décrit</span> <span class="hps">l'application</span> <span class="hps">et l'exécution </span></span>sandboxes.</p>
<h4 id="Application_Sandbox">Application Sandbox</h4>
<p><span id="result_box" lang="fr"><span class="hps">Le framework</span> <span class="hps">de sécurité</span> <span class="hps">de Firefox</span> <span class="hps">OS</span> <span class="hps">utilise</span> <span class="hps">sandboxing</span> <span class="hps">comme</span> <span class="hps">une stratégie de défense</span> <span class="hps">en profondeur</span> <span class="hps">pour atténuer les risques</span> <span class="hps">et protéger le</span> <span class="hps">téléphone mobile</span><span>,</span> <span class="hps">la plate-forme</span><span>,</span> <span class="hps">et les données</span><span>.</span> <span class="hps">Sandboxing</span> <span class="hps">est</span> <span class="hps">une façon de mettre</span> <span class="hps">les frontières et les</span> <span class="hps">restrictions</span> <span class="hps">autour d'une</span> <span class="hps">application</span> <span class="hps">en cours d'exécution</span><span>.</span> <span class="hps">Chaque</span> <span class="hps">application</span> <span class="hps">fonctionne</span> <span class="hps">dans son propre espace</span> <span class="hps">de travail</span> <span class="hps">et a</span> <span class="hps">uniquement accès aux</span> <span class="hps">API Web</span> <span class="hps">et</span> <span class="hps">les données dont elle</span><span class="hps"> a</span> <span class="hps">l'accès</span><span>, ainsi que</span> <span class="hps">les ressources associées à</span> <span class="hps">cet espace</span> <span class="hps">de travail</span> <span class="hps">(bases de données</span> <span class="hps">IndexedDB</span><span>, biscuits,</span> <span class="hps">stockage</span><span> en mode déconnecté,</span> <span class="hps">et ainsi de suite</span><span>)</span><span>.</span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">La figure suivante</span> <span class="hps">donne un aperçu de</span> <span class="hps">ce modèle de sécurité</span><span>.</span></span></p>
<p> </p>
<p> </p>
<p><img alt="" src="https://mdn.mozillademos.org/files/5025/sandbox.png"></p>
<p> </p>
<p><span id="result_box" lang="fr"><span class="hps">En isolant</span> <span class="hps">chaque application</span><span>,</span> <span class="hps">son impact</span> <span class="hps">est contenue dans</span> <span class="hps">son propre espace</span> <span class="hps">de travail</span> <span class="hps">et </span><span class="hps">ne peut pas</span> <span class="hps">interférer avec</span> <span class="hps">quoi que ce soit</span> <span class="hps">(comme d'autres</span> <span class="hps">applications</span> <span class="hps">ou</span> <span class="hps">leurs données</span><span>) en dehors</span> <span class="hps">de cet espace</span> <span class="hps">de travail</span><span>.</span></span></p>
<h4 id="Execution_Sandbox">Execution Sandbox</h4>
<p><span id="result_box" lang="fr"><span class="hps">B2G</span> <span class="atn hps">(</span><span>Gecko</span><span>)</span> <span class="hps">s'exécute dans un processus</span> <span class="hps">de</span> <span class="hps">système</span> <span class="hps">hautement</span> <span class="hps">privilégiée</span> <span class="hps">qui a accès à</span> <span class="hps">des fonctionnalités matérielles</span> <span class="hps">dans le téléphone mobile</span><span>.</span> <span class="hps">A l'exécution,</span> <span class="hps">chaque application</span> <span class="hps">fonctionne à l'intérieur</span> <span class="hps">d'un environnement</span> <span class="hps">d'exécution qui</span> <span class="hps">est un processus enfant du</span> <span class="hps">processus </span><span class="hps">système</span> <span class="hps">de</span> <span class="hps">B2G</span><span class="hps">.</span> <span class="hps">Chaque</span> <span class="hps">processus enfant</span> <span class="hps">a</span> <span class="hps">un ensemble restreint de</span> <span class="hps">privilège</span> <span class="hps">OS</span> <span class="hps">-</span> <span class="hps">par exemple,</span> <span class="hps">un processus enfant</span> <span class="hps">ne peut pas lire</span> <span class="hps">ou écrire des fichiers</span> <span class="hps">arbitraires</span> <span class="hps">sur le système de</span> <span class="hps">fichiers directement</span><span>.</span> <span class="hps">Un accès privilégié</span> <span class="hps">est fourni</span> <span class="hps">via des API</span> <span class="hps">Web, qui</span> <span class="hps">sont médiées</span> <span class="hps">par le processus</span> <span class="hps">B2G</span> <span class="hps">mère</span><span>.</span> <span class="hps">Le parent</span> <span class="hps">s'assure que</span><span>,</span> <span class="hps">quand un</span> <span class="hps">processus enfant</span> <span class="hps">demande une</span> <span class="hps">API</span> <span class="hps">privilégiée</span><span>, il</span> <span class="hps">dispose de l'autorisation</span> <span class="hps">nécessaire pour</span> <span class="hps">effectuer cette action</span><span>.</span></span></p>
<p><span id="result_box" lang="fr"><span class="alt-edited">Les applications communiquent uniquement avec le processus de base B2G, pas avec d'autres processus ou applications. Les applications ne fonctionnent pas indépendamment de B2G, ne peuvent ouvrir des applications de l'autre. La seule «communication» entre les applications est indirecte (par exemple, quand une application établit une alarme système et une autre application déclenche une notification du système à la suite de celui-ci), et est médiée par le processus B2G.</span></span></p>
<h4 id="Hardware_Access_Only_via_the_Web_API">Hardware Access Only via the Web API</h4>
<p> </p>
<p><span id="result_box" lang="fr"><span class="hps">Les applications Web</span> <span class="hps">ont un seul</span> <span class="hps">point d'entrée</span> <span class="hps">pour accéder aux fonctionnalités</span> <span class="hps">de téléphonie mobile</span><span>:</span> <span class="hps">les</span> <span class="hps">API Web de Firefox</span> <span class="hps">OS</span><span class="hps">, qui</span> <span class="hps">sont mises en œuvre</span> <span class="hps">dans Gecko</span><span>.</span> <span class="hps">Gecko</span> <span class="hps">fournit</span> <span class="hps">la seule</span> <span class="hps">porte d'entrée de</span> <span class="hps">l'appareil mobile</span> <span class="hps">et les services</span> <span class="hps">sous-jacents</span><span>.</span> <span class="atn hps">La seule façon d'</span><span>accéder à la fonctionnalité</span> <span class="hps">matérielle du périphérique</span> <span class="hps">est de faire un</span> <span class="hps">appel d'API</span> <span class="hps">Web</span><span>.</span> <span class="hps">Il n'y a aucune</span> <span class="hps">API</span> <span class="hps">"native"</span> <span class="hps">et</span> <span class="hps">il n'y a pas</span> <span class="atn hps">d'autres façons (</span><span class="atn">pas de «</span><span>portes</span> <span class="hps">arrière</span><span>s"</span><span>) pour contourner</span> <span class="hps">ce mécanisme</span> <span class="hps">et d'interagir</span> <span class="hps">directement avec le matériel</span> <span class="hps">ou</span> <span class="hps">pénétrer dans</span> <span class="hps">la couche</span> <span class="hps">logicielle</span> <span class="hps">de bas niveau</span><span>.</span></span></p>
<p> </p>
<h2 id="Infrastructure_de_sécurité"><span class="short_text" id="result_box" lang="fr"><span class="hps">Infrastructure de sécurité</span></span></h2>
<p><span id="result_box" lang="fr"><span class="hps">La figure suivante montre</span> <span class="hps">les</span> <span class="hps">composantes du framework</span> <span class="hps">de sécurité</span> <span class="hps">de Firefox</span> <span class="hps">OS</span><span>:</span></span></p>
<p><img alt="" src="https://mdn.mozillademos.org/files/5027/securityframework.png" style="height: 591px; width: 979px;"></p>
<ul>
<li><span id="result_box" lang="fr"><strong><span class="hps">Permission</span> <span class="hps">Manager</span><span>:</span></strong> <span class="hps">la passerelle</span> <span class="hps">à l'accès aux</span> <span class="hps">fonctionnalités de</span> <span class="hps">l'API Web</span><span>,</span> <span class="hps">qui est le seul</span> <span class="hps">accès au</span> <span class="hps">matériel sous-jacent</span><span>.</span></span></li>
<li><span id="result_box" lang="fr"><strong><span class="hps">Access Control List</span><span>:</span></strong> <span class="hps">Matrice</span> <span class="hps">des rôles et des</span> <span class="hps">autorisations requises pour</span> <span class="hps">accéder à la fonctionnalité</span> <span class="hps">de l'API Web</span><span>.</span></span></li>
<li><strong>Credential Validation</strong>: <span lang="fr"><span class="hps">l'authentification</span> <span class="hps">des</span> <span class="hps">applications</span> <span class="hps">/</span> <span class="hps">utilisateurs</span><span>.</span></span></li>
<li><strong>Permissions Store</strong><span lang="fr"><span class="hps">:</span> <span class="hps">Ensemble de</span> <span class="hps">privilèges requis</span> <span class="hps">pour accéder aux fonctionnalités</span> <span class="hps">de l'API Web</span><span>.</span></span></li>
</ul>
<h3 id="Gestion_des_autorisations_et_mise_en_application"><span class="short_text" id="result_box" lang="fr"><span class="hps">Gestion</span> <span class="hps">des autorisations</span> <span class="hps">et mise en application</span></span></h3>
<p><span id="result_box" lang="fr"><span class="hps">La sécurité</span> <span class="hps">de Firefox</span> <span class="hps">OS</span> <span class="hps">est conçue pour</span> <span class="hps">vérifier et</span> <span class="hps">appliquer les</span> <span class="hps">autorisations accordées à</span> <span class="hps">des applications web</span><span>.</span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">Le système</span> <span class="hps">accorde une</span> <span class="hps">autorisation</span> <span class="hps">particulière à</span> <span class="hps">une application</span> <span class="hps">que si le contenu</span> <span class="hps">lui demande</span><span>,</span> <span class="hps">et seulement si elle</span> <span class="hps">a les</span> <span class="hps">autorisations appropriées</span> <span class="hps">demandées</span> <span class="hps">dans le manifeste</span> <span class="hps">de l'application.</span> <span class="hps">Certaines autorisations</span> <span class="hps">exigent</span> <span class="hps">en outre</span> <span class="hps">l'autorisation de</span> <span class="hps">l'utilisateur</span><span>,</span> <span class="hps">qui est</span> <span class="hps">invité à accorder</span> <span class="hps">l'autorisation</span> <span class="atn hps">(</span><span>comme dans le cas</span> <span class="hps">d'une application</span> <span class="hps">demandant l'accès à</span> <span class="hps">l'emplacement actuel de</span> <span class="hps">l'utilisateur</span><span>)</span><span>.</span> <span class="hps">Ce framework</span> <span class="hps">app</span><span>-centrique</span> <span class="hps">fournit</span> <span class="hps">un contrôle plus granulaire</span> <span class="hps">sur les autorisations</span> <span class="hps">que les approches</span> <span class="hps">de rôle</span> <span class="hps">centré</span> <span class="hps">traditionnelles</span> <span class="atn hps">(</span><span>dont les rôles</span> <span class="hps">individuels</span> <span class="hps">sont</span> <span class="hps">affectés chacun</span> <span class="hps">un ensemble d'autorisations</span><span>)</span><span>.</span></span></p>
<p><span id="result_box" lang="fr"><span class="hps">Une API</span> <span class="hps">Web</span> <span class="hps">a</span> <span class="hps">donné</span> <span class="hps">un ensemble d'actions</span> <span class="hps">et d'écouteurs</span><span>.</span> <span class="hps">Chaque</span> <span class="hps">API</span> <span class="hps">Web</span> <span class="hps">a un niveau</span> <span class="hps">d'autorisation requis</span><span>.</span> <span class="hps">Chaque fois</span> <span class="hps">une API</span> <span class="hps">Web</span> <span class="hps">est appelé</span><span>,</span> <span class="hps">Gecko</span> <span class="hps">vérifie</span> <span class="hps">les exigences</span> <span class="atn hps">d'autorisation (</span><span>rôle</span> <span class="hps">de consultation</span><span>)</span> <span class="hps">basées sur</span><span>:</span></span></p>
<ul>
<li><span id="result_box" lang="fr"><span class="hps">Permissions associées pour </span><span class="hps">appeler</span> <span class="hps">l'application</span> <span class="hps">(comme spécifié dans</span> <span class="hps">le manifeste et</span> <span class="hps">basé sur le type</span> <span class="atn hps">d'</span><span>application</span><span>.</span><span>)</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">Autorisations requises pour exécuter</span> <span class="hps">l'opération demandée</span> <span class="atn hps">(</span><span class="hps">appel API</span><span> Web.</span><span>)</span></span></li>
</ul>
<p><span id="result_box" lang="fr"><span class="hps">Si</span> <span class="hps">la demande</span> <span class="hps">ne satisfait pas aux</span> <span class="hps">critères</span> <span class="hps">d'autorisation</span><span>,</span> alors <span class="hps">Gecko</span> <span class="hps">rejette la demande</span><span>.</span> <span class="hps">Par exemple</span><span>,</span> <span class="hps">des applications</span> <span class="hps">non approuvées</span> <span class="hps">ne peuvent pas exécuter</span> <span class="hps">des</span> <span class="hps">API Web</span> <span class="hps">qui sont réservées pour</span> <span class="hps">des applications</span> <span class="hps">de confiance</span><span>.</span></span></p>
<h3 id="Inviter_les_utilisateurs_pour_Permissions"><span class="short_text" id="result_box" lang="fr"><span class="hps">Inviter les utilisateurs</span> <span class="hps">pour</span> <span class="hps">Permissions</span></span></h3>
<p><span id="result_box" lang="fr"><span class="hps">En</span> <span class="hps">plus des autorisations</span> <span class="hps">qui sont implicitement</span> <span class="hps">associées aux</span> <span class="hps">applications web</span><span>,</span> <span class="hps">certaines</span> <span class="hps">opérations nécessitent</span> <span class="hps">l'autorisation</span> <span class="hps">explicite de l'utilisateur</span> <span class="hps">avant de pouvoir être</span> <span class="hps">exécutées</span> <span class="atn hps">(</span><span>par exemple,</span> <span class="atn hps">"l'application web </span><span>peut avoir accès</span> à <span class="hps">votre appareil photo</span><span>?</span><span>"</span><span>)</span><span>.</span> <span class="hps">Pour ces opérations</span><span>,</span> <span class="hps">les applications web</span> <span class="hps">sont tenues de</span> <span class="hps">spécifier</span><span>,</span> <span class="hps">dans leur</span> <span class="hps">manifeste,</span> <span class="hps">leur justification</span> <span class="hps">pour exiger</span> <span class="hps">cette autorisation</span><span>.</span> <span class="hps">Cette intention</span> <span class="hps">d'utilisation des données</span> <span class="hps">informe les utilisateurs</span> <span class="hps">sur ce que</span> <span class="hps">l'application Web</span> <span class="hps">a l'intention de</span> <span class="hps">faire avec</span> <span class="hps">ces données</span> <span class="hps">si l'autorisation est</span> <span class="hps">accordée,</span> <span class="hps">ainsi que tout</span> <span class="hps">risque impliqué</span><span>.</span> <span class="hps">Cela permet</span> <span class="hps">aux utilisateurs de</span> <span class="hps">prendre des décisions éclairées</span> <span class="hps">et de</span> <span class="hps">garder le contrôle sur</span> <span class="hps">leurs données</span><span>.</span></span></p>
<h3 id="Processus_de_mise_à_jour_sécurisé_d'une_Application"><span class="short_text" id="result_box" lang="fr"><span class="hps">Processus</span> <span class="hps">de mise à jour sécurisé</span> <span class="hps">d'une Application</span></span></h3>
<p> </p>
<p><img alt="" src="https://mdn.mozillademos.org/files/5029/updateprocess.png" style="height: 102px; width: 979px;"></p>
<p><span id="result_box" lang="fr"><span class="alt-edited">Pour les mises à niveau d'applications et des correctifs à une application privilégiée, les fournisseurs d'applications soumettent l'archive mis à jour pour l'autorisation du Marketplace, où elle est examinée et, si elle est approuvée, signée et mise à la disposition des utilisateurs. Sur les appareils OS Firefox, une application utilitaire de une mise à jour vérifie périodiquement des mises à jour de l'application. Si une mise à jour est disponible, l'utilisateur est alors interroger s'ils veulent l'installer. Avant qu'une mise à jour soit installée sur l'appareil mobile, le paquet est vérifié:</span></span></p>
<ul>
<li><span id="result_box" lang="fr"><span class="hps">Origine de la mise à jour</span> <span class="atn hps">(</span><span>vérifier</span> <span class="hps">le protocole</span> <span class="hps">de</span> <span class="hps">localisation de la source</span><span>:</span> <span class="hps">domaine</span><span>:</span> <span class="hps">port de</span> <span class="hps">la mise à jour</span> <span class="hps">et manifeste</span><span>)</span></span></li>
<li>Intégrité du fichier (SHA-256 <span class="short_text" id="result_box" lang="fr"><span class="alt-edited">vérification du hachage</span></span>)</li>
<li><span id="result_box" lang="fr"><span class="hps">Signature</span> <span class="atn hps">de code (</span><span>certificat de vérification</span> <span class="hps">contre une</span> <span class="hps">racine de confiance</span><span>)</span></span></li>
</ul>
<p>Des contrôles rigoureux sont mises en place pour veiller à ce que la mise à jour soit appliquée correctement sur le téléphone mobile. Le package de mise à jour complète doit être téléchargé dans un emplacement spécifique et sécurisé avant le début du processus de mise à jour. L'installation ne remplace pas les données des utilisateurs.</p>
<div class="note">
<p><strong>Note</strong>: <span id="result_box" lang="fr"><span class="hps">Pour plus d'informations</span> <span class="hps">sur les</span> <span class="hps">mises à jour</span> <span class="hps">d'applications</span><span>, lisez</span> </span><a href="/en-US/Apps/Developing/Updating_apps">Updating apps</a><span lang="fr"><span>.</span></span></p>
</div>
<h2 id="Securité_de_l'appareil_(Hardware)"><span class="short_text" id="result_box" lang="fr"><span class="hps">Securité de l'appareil </span><span class="atn hps">(</span><span>Hardware</span><span>)</span></span></h2>
<p><span id="result_box" lang="fr"><span class="hps">Les mécanismes de sécurité</span> <span class="hps">pour le matériel</span> <span class="hps">de l'appareil mobile</span> <span class="hps">sont généralement</span> <span class="hps">traitées par</span> <span class="atn hps">l'</span><span>OEM</span><span>.</span> <span class="hps">Par exemple</span><span>,</span> <span class="hps">un OEM</span> <span class="hps">peut</span> <span class="hps">offrir</span> une <span class="hps">SIM</span> <span class="atn hps">(</span><span>Subscriber Identity Module</span><span>)</span> <span class="hps">serrures à carte</span><span>, avec</span> <span class="hps">PUK (PIN</span> <span class="hps">Unlock Key</span><span>)</span> <span class="hps">codes</span> <span class="hps">pour débloquer</span> <span class="hps">les cartes SIM</span> <span class="hps">qui sont devenus</span> <span class="hps">verrouillé</span> <span class="hps">les entrées suivantes</span> <span class="hps">de</span> <span class="hps">code PIN erroné</span><span>.</span> <span class="hps">Contactez votre</span> <span class="hps">OEM</span> <span class="hps">pour plus de détails</span><span>.</span> <span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">ne</span> <span class="hps">permettent</span> <span class="hps">aux utilisateurs de configurer</span> <span class="hps">des codes d'accès</span> <span class="hps">et les écrans</span> <span class="hps">de délai d'attente</span><span>, qui sont décrits</span> <span class="hps">dans la section suivante</span><span>.</span></span></p>
<h2 id="Sécurité_des_données"><span class="short_text" id="result_box" lang="fr"><span class="hps">Sécurité des données</span></span></h2>
<p><span id="result_box" lang="fr"><span class="hps">Les utilisateurs peuvent</span> <span class="hps">stocker des données personnelles</span> <span class="hps">sur leur</span> <span class="hps">téléphone qu'ils</span> <span class="hps">veulent garder</span> <span class="hps">privées, y compris</span> <span class="hps">les contacts, les</span> <span class="hps">informations financières</span> <span class="atn hps">(</span><span>bancaires</span> <span class="hps">et</span> <span class="hps">les détails de cartes de crédit</span><span class="hps">)</span><span>,</span> <span class="hps">les mots de passe</span><span>, des calendriers,</span> <span class="hps">et ainsi de suite</span><span>.</span> <span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">est</span> <span class="hps">conçu pour protéger contre</span> <span class="hps">les applications malveillantes</span> <span class="hps">qui peuvent voler</span><span>,</span> <span class="hps">exploiter</span><span>,</span> <span class="hps">ou de détruire</span> <span class="hps">des données sensibles</span><span>.</span></span></p>
<h3 id="Code_d'accès_et_Ecran_de_temporisation"><span class="short_text" id="result_box" lang="fr"><span class="hps">Code d'accès et</span> </span>Ecran de temporisation</h3>
<p><span id="result_box" lang="fr"><span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">permet</span> <span class="hps">aux utilisateurs de définir</span> <span class="hps">un code d'accès</span> <span class="hps">à leur</span> <span class="hps">téléphone mobile afin</span> <span class="hps">que</span> <span class="hps">ceux qui fournissent</span> <span class="hps">le code d'accès</span> puissent <span class="hps">utiliser le téléphone</span><span>.</span> <span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">fournit</span> <span class="hps">également un écran</span> <span class="hps">de temporisation</span> <span class="hps">qui est affiché</span> <span class="hps">après une période d'inactivité</span></span><span lang="fr"> <span class="hps">configurable depuis le</span> <span class="hps">téléphone</span> <span class="hps">,</span> <span class="hps">nécessitant une authentification</span> <span class="hps">de</span> <span class="hps">mot de passe</span> <span class="hps">avant de reprendre</span> <span class="hps">l'utilisation</span> <span class="hps">du téléphone</span><span>.</span></span></p>
<h3 id="Données_sandbox"><span class="short_text" id="result_box" lang="fr"><span class="hps">Données </span></span><span class="short_text" lang="fr"><span class="hps">sandbox</span></span></h3>
<p><span id="result_box" lang="fr"><span class="hps">Comme décrit précédemment,</span> <span class="hps">les applications sont</span> <span class="hps">sandbox</span> <span class="hps">à l'exécution.</span> <span class="hps">Cela empêche</span> <span class="hps">les applications</span> <span class="hps">d'accéder aux données</span> <span class="hps">qui appartient</span> <span class="hps">à d'autres</span> <span class="hps">applications</span> <span class="hps">à moins</span> <span class="hps">que les données</span> soient<span class="hps"> explicitement</span> <span class="hps">partagé</span><span>es,</span> <span class="hps">et</span> que <span class="hps">l'application</span> <span class="hps">dispose des autorisations suffisantes</span> <span class="hps">pour y accéder.</span></span></p>
<h3 id="Données_sérialisées"><span class="short_text" id="result_box" lang="fr"><span class="hps">Données</span> <span class="hps">sérialisées</span></span></h3>
<p><span id="result_box" lang="fr"><span class="hps">Les applications Web</span> <span class="hps">n'ont pas</span> un accès direct <span class="hps">en lecture</span> <span class="hps">et </span><span class="hps">écriture</span> <span class="hps">au système</span> <span class="hps">de fichiers</span><span>.</span> <span class="hps">Au lieu de cela</span><span>,</span> <span class="hps">tous les</span> <span class="hps">accès au stockage</span> <span class="hps">se produisent uniquement</span> <span class="hps">via les API</span> <span class="hps">Web</span><span>.</span> <span class="hps">Les API Web</span> <span class="hps">lisent à partir</span><span>,</span> <span class="hps">et écrivent sur</span><span>, le stockage</span> <span class="hps">via une</span> <span class="hps">base de données SQLite</span> <span class="hps">intermédiaire.</span> <span class="hps">Il n'y a pas</span> <span class="hps">d'accès</span> <span class="hps">E / S</span> <span class="hps">directe</span><span>.</span> <span class="hps">Chaque</span> <span class="hps">application</span> <span class="hps">possède son propre</span> stockage<span class="hps"> de données</span><span>,</span> <span class="hps">qui est</span> <span class="hps">sérialisé</span> <span class="hps">sur le disque</span> <span class="hps">par la</span> <span class="hps">base de données</span><span>.</span></span></p>
<p> </p>
<h3 id="Destruction_de_données"><span class="short_text" id="result_box" lang="fr"><span class="hps">Destruction de données</span></span></h3>
<p><span id="result_box" lang="fr"><span class="hps">Quand un</span> <span class="hps">utilisateur désinstalle</span> <span class="hps">une application</span><span>,</span> <span class="hps">toutes les</span> <span class="hps">données (cookies</span><span>,</span> <span class="hps">localStorage</span><span>,</span> <span class="hps">IndexedDB</span><span>, etc.</span><span>)</span> <span class="hps">associées à cette application</span> sont<span class="hps"> supprimé</span><span>es.</span></span></p>
<h3 id="Privacy">Privacy</h3>
<p><span id="result_box" lang="fr"><span class="hps">Mozilla</span> <span class="hps">est engagé à protéger</span> <span class="hps">la vie privée</span> <span class="hps">de l'utilisateur</span> <span class="hps">et les données utilisateur</span> <span class="hps">en fonction de ses</span> <span class="hps">principes de confidentialité</span> </span>(<a href="https://www.mozilla.org/privacy/">https://www.mozilla.org/privacy/</a>)<span lang="fr"><span>,</span> <span class="hps">qui découlent</span> <span class="hps">du Manifeste</span> <span class="hps">Mozilla</span> </span>(<a href="https://www.mozilla.org/about/manifesto.html">https://www.mozilla.org/about/manifesto.html</a>)<span lang="fr"><span>.</span> <span class="hps">La politique de confidentialité</span> <span class="hps">Mozilla Firefox</span> <span class="hps">décrit comment</span> <span class="hps">Mozilla</span> <span class="hps">collecte et utilise</span> <span class="hps">des informations</span> <span class="hps">sur les utilisateurs du</span> <span class="hps">navigateur Web</span> <span class="hps">Mozilla Firefox</span><span>, y compris</span> <span class="hps">ce que</span> <span class="hps">Firefox</span> <span class="hps">envoie</span> <span class="hps">aux sites Web</span><span>,</span> <span class="hps">ce que</span> <span class="hps">Mozilla</span> <span class="hps">fait</span> <span class="hps">pour sécuriser les données</span><span>, les pratiques</span> <span class="hps">de données</span> <span class="hps">de Mozilla</span><span>,</span> <span class="hps">et ainsi de suite</span><span>.</span> <span class="hps">Pour plus d'informations</span><span>,</span> <span class="hps">voir</span><span>:</span></span></p>
<ul>
<li><a href="http://www.mozilla.org/en-US/legal/privacy/firefox.html">http://www.mozilla.org/en-US/legal/privacy/firefox.html</a></li>
<li><a href="https://blog.mozilla.org/privacy/">https://blog.mozilla.org/privacy/</a></li>
<li><a href="http://support.mozilla.org/en-US/kb/privacy-and-security-settings-firefox-os-phones">http://support.mozilla.org/en-US/kb/privacy-and-security-settings-firefox-os-phones</a></li>
</ul>
<p><span id="result_box" lang="fr"><span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">met en œuvre</span> <span class="hps">ces</span> <span class="hps">principes</span> <span class="hps">en mettant</span> <span class="hps">le contrôle des</span> <span class="hps">données de l'utilisateur</span> <span class="hps">dans les</span> <span class="hps">mains de l'utilisateur</span><span>,</span> <span class="hps">qui</span> <span class="hps">doit décider</span> <span class="hps">où cette information</span> <span class="hps">est personnelle va</span><span>.</span> <span class="hps">Firefox</span> <span class="hps">OS</span> <span class="hps">offre les fonctionnalités suivantes</span><span>:</span></span></p>
<ul>
<li><span class="short_text" id="result_box" lang="fr"><span class="hps">option Ne pas suivre</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">possibilité de désactiver</span> <span class="hps">les cookies</span> <span class="hps">du navigateur Firefox</span></span></li>
<li><span id="result_box" lang="fr"><span class="hps">possibilité de supprimer</span> <span class="hps">l'historique de navigation</span> <span class="hps">Firefox</span> <span class="hps">OS</span></span></li>
</ul>
|
