bluetooth: Update security related text from specification.

content/common/bluetooth/bluetooth_messages.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // Messages for Web Bluetooth API.
 // Multiply-included message file, hence no include guard.
 
 // Web Bluetooth Security
 // The security mechanisms of Bluetooth are described in the specification:
 // https://webbluetoothcg.github.io/web-bluetooth
@@ skipping 15 matching lines @@
 // website. It is possible to construct a class of devices for which each
 // individual device sends the same Bluetooth-level identifying information. UAs
 // are not required to attempt to detect this sort of forgery and may let a user
 // pair this pseudo-device with a website.
 //
 // To help ensure that only the entity the user approved for access actually has
 // access, this specification requires that only authenticated environments can
 // access Bluetooth devices (requestDevice).
 // """
 //
-// From: Device Discovery:
+// From: Per-origin Bluetooth device properties:
 // """
-// The UA must maintain an allowed devices list for each origin, storing a set
-// of Bluetooth devices the origin is allowed to access. For each device in the
-// allowed devices list for an origin, the UA must maintain an allowed services
-// list consisting of UUIDs for GATT Primary Services the origin is allowed to
-// access on the device. The UA may remove devices from the allowed devices list
-// at any time based on signals from the user. For example, if the user chooses
-// not to remember access, the UA might remove a device when the tab that was
-// granted access to it is closed. Or the UA might provide a revocation UI that
-// allows the user to explicitly remove a device even while a tab is actively
-// using that device. If a device is removed from this list while a Promise is
-// pending to do something with the device, it must be treated the same as if
-// the device moved out of Bluetooth range.
+// For each origin, the UA must maintain an allowed devices map, whose keys are
+// the Bluetooth devices the origin is allowed to access, and whose values are
+// pairs of a DOMString device id and an allowed services list consisting of
+// UUIDs for GATT Primary Services the origin is allowed to access on the
+// device.
+//
+// The UA may remove devices from the allowed devices map at any time based on
+// signals from the user. This needs a definition involving removing
+// BluetoothDevice instances from device instance maps and clearing out their
+// [[representedDevice]] fields. For example, if the user chooses not to
+// remember access, the UA might remove a device when the tab that was granted
+// access to it is closed. Or the UA might provide a revocation UI that allows
+// the user to explicitly remove a device even while a tab is actively using
+// that device. If a device is removed from this list while a Promise is pending
+// to do something with the device, it must be treated the same as if the device
+// moved out of Bluetooth range.
 // """
 //
 // From: Device Discovery: requestDevice
 // http://webbluetoothcg.github.io/web-bluetooth/#device-discovery
 // """
 // Display a prompt to the user requesting that the user specify some devices
 // from the result of the scan. The UA should show the user the human-readable
 // name of each device. If this name is not available because the UA's Bluetooth
 // system doesn't support privacy-enabled scans, the UA should allow the user to
 // indicate interest and then perform a privacy-disabled scan to retrieve the
@@ skipping 68 matching lines @@
 //   The Bluetooth feature, and the BluetoothDispatcherHost are behind
 //   the --enable-experimental-web-platform-features flag.
 IPC_MESSAGE_CONTROL2(BluetoothHostMsg_RequestDevice,
                      int /* thread_id */,
                      int /* request_id */)
 
 // Configures the mock data set in the browser used while under test.
 // TODO(scheib): Disable testing in non-test executables. crbug.com/436284.
 IPC_MESSAGE_CONTROL1(BluetoothHostMsg_SetBluetoothMockDataSetForTesting,
                      std::string /* name */)