Re: [Dev] 3rd party so library installation feature

Wed, 16 Oct 2013 18:05:08 -0700 

> >There is some problem with current security model. As you know the code
> from shared library is executed with an app privileges and app labels.
> >This means that app developer will be *responsible* for actions done by
> all the libraries which he will use. This leads us that all the shared
> libraries should be quite secure.
> > How would you like to solve this issue? Will libraries have their own
> manifests? What they will declare there? Apps will get additionally all
> the permissions of the library? How would you like to test them in store?
> 
> For the basic system libraries I suppose we assume that we can trust
> them and they have been verified not to be malicious. For the third
> party libraries, they would come with 3rd party packages and will be
> installed into some ac domain (for rpm packages, it is rpm security
> plugin that would do labelling of all data from the package including
> libraries). After this, in order to load the library to your binary, you
> need to have Smack read permission to the library label (setup in the
> previous step). So you can't just arbitrary load any library that you
> have found on the filesystem, but loading will be only possible if your
> process either runs in the same ac domain or has an explicit rule
> allowing read access to library domain.  Here is your basic protection.
> For some advanced cases, we might even consider using smack mmap
> attribute that can further restrict loading of a shared library.

For more security, smack can be applied to tpk(Tizen native package), wgt(Tizen 
web package) like rpm package as you mentioned.
With the privilege declaration, the so libraries can be labeled and be placed 
in some ac domain.
But if the so libraries are labeled by "_" and located in {app 
root}/shared/res/(common shared directory), does it have many security 
vulnerable points?

In case that applications include 'so' libraries in their own private 
directories, app developers are also responsible for the action done by 
libraries.

-- 
Dongeup Ham
Tizen Package Management and Installer
Samsung Electronics
[email protected]





_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev

Reply via email to