> -----Original Message----- > From: Patrick Ohly [mailto:[email protected]] > Sent: Thursday, April 10, 2014 12:41 PM > To: Schaufler, Casey > Cc: José Bollo; [email protected]; Lukasz Wojciechowski > Subject: Re: [Dev] Cynara > > On Thu, 2014-04-10 at 19:15 +0000, Schaufler, Casey wrote: > > > On Thu, 2014-04-10 at 16:06 +0000, Schaufler, Casey wrote: > > > If Tizen is going to treat system apps (for example: the Lemolo > > > dialer in IVI) like third-party apps from an app store, then that > > > concern gets addressed sufficiently well. If not, then I think we should > reconsider that approach. > > > > No. Third party apps from the app store are going to be isolated. > > That is one thing everyone agrees on. That's the whole reason that we > > need Cynara, so that the abstract "privileges" these apps are required > > to be allowed can be managed. > > I still wonder whether we can apply the same concepts and mechanisms for > app store apps also to system apps. Let's ignore that for now, though.
Of course we can. The biggest problem is that it would require changing programs that we're getting from the community, and we don't generally want to change them (for a number of reasons) if we can avoid it. > However, your comment triggered one more thought about Cynara: even if > access control is targeted at app store apps, system apps must also pass > them. Yes. When a system process (Running in the System domain, let's say) requests a service Cynara will have to report that that is allowed. That’s a matter of granting System the required privileges. All a matter of configuration. > A service can't tell the two apart easily and will call Cynara for all > processes which request controlled operation. If Cynara wants to treat > certain processes in a special way, that should be a Cynara internal > implementation detail, not something that services need to do. The service need only call Cynara with the information about the client. If we break up the System domain (will happen, but not today) there will need to be more Cynara rules. Note that Cynara will have the UID and Smack label of the client, so there is opportunity to differentiate between services within the Smack System domain. There is ongoing debate regarding what system services will run with unique UIDs and which should be grouped. > Agreed? More or less. Cynara won't have to do anything special. It just needs to be configured to allow clients in the System domain to have the privileges they need. We could hard code it, but that would be silly. > > -- > Best Regards, Patrick Ohly > > The content of this message is my personal opinion only and although I am an > employee of Intel, the statements I make here in no way represent Intel's > position on the issue, nor am I authorized to speak on behalf of Intel on this > matter. > > _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
