It was <2013-11-04 pon 17:23>, when Schaufler, Casey wrote:
> -----Original Message-----
> From: Karol Lewandowski [mailto:[email protected]]
> Sent: Monday, November 04, 2013 6:53 AM
>> On 10/31/2013 05:56 PM, Schaufler, Casey wrote:
>>> -----Original Message-----
>>> From: [email protected]
>>> [mailto:[email protected]] On Behalf Of Jacek Janczyk
>>> Sent: Thursday, October 31, 2013 4:26 AM
>>>>
>>>> Dears,
>>>>
>>>> Here, at Samsung, we are experimenting with product specific DBus
>>>> extension to use kdbus (kernel module) as a transport layer instead
>>>> of Unix sockets.
>>>>
>>>> Currently the scope is limited to enable applications using either
>>>> libdbus or glib (libgio) to work on top of kdbus bus without
>>>> noticing any difference.
>>>>
>>>> More one can find in a brief arch description attached to modified
>>>> dbus sources (see doc-kdbus directory). In the same place there is
>>>> also a current development status. We will add there also our todo
>>>> list.
>>>
>>> What is your plan regarding supporting Smack? If you do not support
>>> Smack controls in kdbus it can not be used in Tizen.
>>>
>>> Really. That's a day one requirement.
>> 
>> By default kdbus provides us with rather different security model compared to
>> what we had before (with modified dbus-daemon).  Namely, when client app
>> connects to bus it can request kdbus to attach security context[1][2] of 
>> source
>> application to each message it delivers[3].
>> 
>> This moves the need to check permissions from entity that does the routing
>> (previously dbus-daemon, now kdbus) to client application itself (effectively
>> binding libraries).
>
> You can't count on every application that uses (k)dbus to enforce
> system security policy. That's why we put the controls into dbus. Look
> at UDS. The kernel enforces LSM policy there. Look at IP, the kernel
> enforces LSM policy there, too. If kdbus does not enforce policy in
> the kernel we can't use it in Tizen.
>
> And you can't say that enforcement happens in libraries. Libraries are
> just wads of code that are part of the application. They can be easily
> circumvented.

Yet, libwrap is still quite popular. Polkit is the same.

My 0,02€.

>>  [1] https://github.com/gregkh/kdbus/blob/master/kdbus.h#L235
>>  [2] https://github.com/gregkh/kdbus/blob/master/connection.c#L850
>>  [3] https://github.com/gregkh/kdbus/blob/master/message.c#L614

-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics

Attachment: pgpF1iEKT58r9.pgp
Description: PGP signature

_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev

Reply via email to