On Thu, 2014-05-15 at 14:38 +0000, Schaufler, Casey wrote: > > -----Original Message----- > > From: Dev [mailto:[email protected]] On Behalf Of Kis, Zoltan > > Sent: Thursday, May 15, 2014 3:45 AM > > To: Rafał Krypa > > Cc: [email protected] > > Subject: Re: [Dev] enforcing priviliges of web apps > > > > On Thu, May 15, 2014 at 1:27 PM, Rafał Krypa <[email protected]> > > wrote:
> > Very nice, thanks! That leaves either A, B1(a), or B2 as options, the main > > issue being to patch dbus-daemon for supporting Cynara and hence allowing > > direct access from native apps and crosswalk extensions. What is your take > > on this? > > It is already possible to configure dbus to control access based > on Smack labels. There should be no need to change dbus. There > will need to be dbus configuration written for those services. Such a configuration is static: access is either allowed or denied. With Cynara, one could (at least in theory) grant access temporarily and/or after asking the user. The problem for a hypothetical, patched dbus-daemon calling Cynara will be to identify the session. Probably it will not have enough understanding of the D-Bus interfaces that it is asked to protect to provide a meaningful identifier. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
