On Thu, Mar 15, 2012 at 9:14 PM, David Chan <[email protected]> wrote: > I broke this out into its own heading > https://wiki.mozilla.org/Apps/Security#Centralized_permissions_manager
i'm reading this section... it's very hard to understand the concept being proposed. even the purpose of the proposed "Centralised permissions manager" is hard for me to grok, for which i apologise. it's particularly confusing for me because i understand how SE/Linux works. SE/Linux is fundamentally implemented at kernel level. any significant system call, be it a file/socket operation such as read, write, open, ioctl or other such as fork, exec, mmap etc., all of these aren't just "allowed", they're audited and controlled... by the *kernel*. for proper security - for proper enforcement of permissions - it *has* to be implemented at the kernel level. it just does. you simply can't have security implemented in userspace: you've a snowball in hell's chance of calling it "security". so from that perspective, proposing the existence of a "centralised permissions manager" is a misnomer. it's the kernel, and that's the end of the matter. (sorry, but it is. even android implemented their security system kernel-side). so i believe you _mayyy_ be referring to a system which helps users to interact with granting or denying access to certain features and information. parts of the description _may_ be referring to a system which helps the developers to *create* the sets of permissions that will end up being associated with the app. it is very hard to tell, and i get completely lost when reading the bit about "uri signatures". i must be missing something, for which i apologise. l. _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
