W dniu 2014-04-10 23:38, Schaufler, Casey pisze:
-----Original Message-----
From: Patrick Ohly [mailto:[email protected]]
Sent: Thursday, April 10, 2014 12:41 PM
To: Schaufler, Casey
Cc: José Bollo; [email protected]; Lukasz Wojciechowski
Subject: Re: [Dev] Cynara
On Thu, 2014-04-10 at 19:15 +0000, Schaufler, Casey wrote:
On Thu, 2014-04-10 at 16:06 +0000, Schaufler, Casey wrote:
If Tizen is going to treat system apps (for example: the Lemolo
dialer in IVI) like third-party apps from an app store, then that
concern gets addressed sufficiently well. If not, then I think we should
reconsider that approach.
No. Third party apps from the app store are going to be isolated.
That is one thing everyone agrees on. That's the whole reason that we
need Cynara, so that the abstract "privileges" these apps are required
to be allowed can be managed.
I still wonder whether we can apply the same concepts and mechanisms for
app store apps also to system apps. Let's ignore that for now, though.
Of course we can. The biggest problem is that it would require changing
programs that we're getting from the community, and we don't generally
want to change them (for a number of reasons) if we can avoid it.
However, your comment triggered one more thought about Cynara: even if
access control is targeted at app store apps, system apps must also pass
them.
Yes. When a system process (Running in the System domain, let's say)
requests a service Cynara will have to report that that is allowed. That’s
a matter of granting System the required privileges. All a matter of
configuration.
A service can't tell the two apart easily and will call Cynara for all
processes which request controlled operation. If Cynara wants to treat
certain processes in a special way, that should be a Cynara internal
implementation detail, not something that services need to do.
The service need only call Cynara with the information about the client.
If we break up the System domain (will happen, but not today) there
will need to be more Cynara rules. Note that Cynara will have the UID
and Smack label of the client, so there is opportunity to differentiate
between services within the Smack System domain. There is ongoing
debate regarding what system services will run with unique UIDs and
which should be grouped.
Agreed?
More or less. Cynara won't have to do anything special. It just needs
to be configured to allow clients in the System domain to have the
privileges they need. We could hard code it, but that would be silly.
Agreed. Nothing is going to be hard coded. It is a matter of proper
rules definition.
Best regards
Lukasz
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although I am an
employee of Intel, the statements I make here in no way represent Intel's
position on the issue, nor am I authorized to speak on behalf of Intel on this
matter.
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
