On mer, 2014-05-14 at 16:56 +0300, Kis, Zoltan wrote: > On Wed, May 14, 2014 at 3:50 PM, Lukasz Wojciechowski
(snip) > > If we follow such design all calls to services will be made by browser > > process and not by application process. It means that services won't be able > > to provide application granularity access control because all calls will be > > made with SMACK label of browser. > > It is a problem. > > Except if the browser / extension process become security enforcement > points, doing the runtime checks. Since they are different processes > than the the one running the app, they could load a library > implementing the runtime security checks and enforce permission. Of > course then the platform becomes as secure as the browser... but The problem is with accesses to the file system and other "filesystem named" objects: the Smack context will not be the one of the App. That is what explained Rafal. > Chromium security is rather high. Maybe... Until the next hole... Best regards José > > Best regards, > Zoltan _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
