On 05/15/2014 07:01 PM, Rafał Krypa wrote:
On 2014-05-15 10:19, Amarnath Valluri wrote:
On 05/15/2014 10:27 AM, Patrick Ohly wrote:
On Thu, 2014-05-15 at 10:09 +0300, Amarnath Valluri wrote:
Hi Domining,
MessagePort WebAPI on Tizen IVI is not using '
platform/core/appfw/message-port', instead it uses :
platfrom/ivi/message-port, which is peer-to-peer DBus based
implementation.
Out of curiosity, and because it is relevant for the security
discussion: can you describe the data flow from Web App through
Crosswalk to a native app listening on a message port? In particular,
which Crosswalk process is contacting the native side, which Smack
label
does it have, and where is D-Bus involved in this?
The backend messageport daemon works just as a proxy between two
applications.
All Tizen applications which required to exchange data via
MessagePort will open a connection with the daemon.
It treats both Native and Web applications same.
In crosswalk the xwalk extension process requests(via peer-to-peer
dbus socket) the 'messageportd'
on behalf of web app to send message-data to peer(running)
application. Then the messageport daemon
finds the right 'client' based on the requested 'app-id', and signals
the app with the message data.
Does messageport implement any kind of policy, deciding which
application is able to contact which?
If there is, it should probably switch to use Cynaraas a source of
policy.If there isn't such thing, I'd like to suggest a discussion
about needs and possible ways for implementing it.
Currently, Messageport daemon is not doing any policy check/decisions
except for trusted message ports, which are only accessed by
applications signed with same certificate. Other than this it merely
acts as a proxy, where any application can use this service to exchange
messages. And I think the messageport daemon has not enough information
to do such validation, I assume its handled by applications which
publish the services using this messageport service.
- Amarnath
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
