Description We would like to add a mechanism in Crosswalk to control API permissions for both Crosswalk .xpk packages and Tizen legacy .wgt packages. For crosswalk packages, permissions needed by an application will be declared in its manifest, and for Tizen widgets they are stored in config.xml according to the widget specification. As a part of Crosswalk security framework, we would like to follow these documents in our implementation.
The overall crosswalk security design, including API permission control and SMACK https://docs.google.com/a/intel.com/document/d/1Exj9ewu74mxl96YodnHAbxGikR3m8v4UgwE3w7FyIMg/edit#heading=h.erysmcq819ya<https://docs.google.com/a/intel.com/document/d/1Exj9ewu74mxl96YodnHAbxGikR3m8v4UgwE3w7FyIMg/edit%23heading=h.erysmcq819ya> The detailed use case and design of API permission control https://docs.google.com/a/intel.com/document/d/137u_gxmNaIFwVzaCkCFBJyveIdZxuAydWOkMI8oWgD0/edit#<https://docs.google.com/a/intel.com/document/d/137u_gxmNaIFwVzaCkCFBJyveIdZxuAydWOkMI8oWgD0/edit%23> API Permission Map https://docs.google.com/a/intel.com/spreadsheet/ccc?key=0AmfuGardsG7gdGg1a0YxVVVNbEtKLTEzck9XMGYyRWc#gid=0<https://docs.google.com/a/intel.com/spreadsheet/ccc?key=0AmfuGardsG7gdGg1a0YxVVVNbEtKLTEzck9XMGYyRWc%23gid=0> Contacts Ming, Bai from Shanghai and Zhang, Xu from Beijing. Affected Components - A new security server will be added as a sub module under 'application/' - Mechanism to transfer permission request among extension process, runtime process and render process. - Mechanism to control and store the application permission in persistent storage. - A mapping between Javascript API and corresponding permissions. - UI elements for asking user for the permission requests. Implementation Details - A new security server will be added and placed under application service which is the central place for controlling the application's life cycle. The security server will handle permission requests from either extension process and respond with the correct permission information. - The permission handling mechanism is sort of complicated, detailed description could be found in this doc https://docs.google.com/a/intel.com/document/d/1TfU_oZo6P2Ff24w5RjRhYfPTJae5EzRWiXtdtxz0yBo/edit#heading=h.90d6fevrbp2d- - The application's permission information will be stored in a database which can only be accessed by the runtime process.
_______________________________________________ Crosswalk-dev mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev
