On 14.4.2014 17:07, Lukasz Wojciechowski wrote:
I think apps cannot do anything they want with user data. Even native apps have access only to their private data. Every application with its data folders should be Smack labeled. Smack labels are added in installation process for all applications: web, native, etc. Different Smack labels for apps give us Smack level separation.
Well, this was also how I understood the original SMACK intention. But then someone said that there would be only three SMACK labels and that it wouldn't be possible to tell applications apart based on SMACK labels...
If applications can introduce their own SMACK labels to group their data, my cases should be fine.
One assumption for Smack is needed for this model to work: to assign separate Smack labels for the applications. I believe that there is a consensus to go that way.
OK, sounds good. So I can fetch peer creds and match those against data ACLs...
While different, the app labels would still logically belong to the User domain. This is probably very confusing, given the "3-domain policy" name, but a domain is defined as a set of labels.
OK, this was confusing me at least. I thought that there would be only three SMACK labels...
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
