On Mon, 2014-04-14 at 15:09 +0200, Lukasz Wojciechowski wrote: > I have an impression that discussion went some wrong place. Is this > thread still about Cynara?
The display server aspect is going a bit far, but I still think that it is relevant for assessing Cynara to understand how the rest of the problem is going to get addressed (or not addressed). It was not said clearly at the beginning which apps will be denied access via Cynara, and how said apps will be prevented from accessing data handled by the service. In my current understanding, Cynara is targeted at web apps which run inside a controlled environment already (the web runtime) and can only access the host through these services. That Cynara checks will also be applied for native system apps is a side effect that we won't take advantage of at the moment, because these apps can already do anything they want to the users data anyway. Note that I am thinking of the PIM data case here where service and app both run using the user's uid; it may be different for more privileged and/or special services. Is that correct? -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
