> -----Original Message----- > From: Patrick Ohly [mailto:[email protected]] > Sent: Wednesday, April 16, 2014 1:22 PM > To: Schaufler, Casey > Cc: José Bollo; Lukasz Wojciechowski; [email protected] > Subject: Re: [Dev] Cynara + DBUS > > On Wed, 2014-04-16 at 20:06 +0000, Schaufler, Casey wrote: > > > -----Original Message----- > > > From: Patrick Ohly [mailto:[email protected]] > > > Sent: Wednesday, April 16, 2014 9:45 AM > > > To: Schaufler, Casey > > > Cc: José Bollo; Lukasz Wojciechowski; [email protected] > > > Subject: Re: [Dev] Cynara + DBUS > > > > > > On Wed, 2014-04-16 at 15:30 +0000, Schaufler, Casey wrote: > > > > > > Good question. Applications will need mutual write access with > > > > > > dbus to talk to it. Yes, this introduces additional Smack rules. > > > > > > > > > > So in other words, full access to anything that is on the > > > > > session D-Bus, including all other apps. Anything talking on the > > > > > session D-Bus will have to be prepared to get potentially malicious > messages. > > > > > > > > No, that's not what I said, I don't think. It's one thing to talk > > > > to dbus, it's another to talk to services using dbus. > > > > > > So there will be a D-Bus configuration which controls who is allowed > > > to talk to whom? Unprivileged apps only get very selective access to > > > some services and not to other apps or services which are not > > > prepared to do Cynara checks? > > > > The option to configure dbus based on Smack label is available. > > I suppose that someone cleverer than I am might be able to start with > > the application manifest and create dbus rules for some cases. > > Do we have documentation for that somewhere? I know that we had D-Bus > patches for SMACK, I just don't know what of that is in Tizen and where up- > to-date documentation is.
We need to provide better documentation on configuring Smack in dbus. I confess to not having it at my fingertips. > > The general rule remains that programs providing privileged services > > have to be changed to use Cynara. dbus is not a magic wand. > > True, but it may be more reliable and safer in some cases to update the D- > Bus configuration instead of patching the source of the service. For example, > if EDS was considered a system component that third-party apps are never > meant to use, then doing a privilege check in one place (the message routing > in dbus-daemon) instead of multiple places (each method handler in EDS) > would be a lot easier. I am perfectly happy to use whatever mechanism is most appropriate. > > -- > Best Regards, Patrick Ohly > > The content of this message is my personal opinion only and although I am an > employee of Intel, the statements I make here in no way represent Intel's > position on the issue, nor am I authorized to speak on behalf of Intel on this > matter. > > _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
