On 13.5.2014 11:30, Patrick Ohly wrote:
Crosswalk cannot just call a method "do_something(x,y,z)" where x/y/z are parameters of this method on the system side. Instead Crosswalk must also pass some kind of app ID.
To address this in SSO, we added concept of two layer security context to the ACL implementation.
For SSO, each security context item is a pair of two items. "System context" which in case of Smack-enabled system is caller's Smack-label and in case of traditional Linux system is caller's executable binary path. And "application context" which is provided by the caller as auxiliary information and usually identifies for example the script being executed.
System context part of the ACL is always enforced first, and if the system context check passes, then application context is enforced.
This way, even if caller would lie about the application context, it cannot expand it's privileges outside of it's system context scope which is independently implemented from the caller.
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
