On Fri, 2014-05-16 at 11:00 +0300, Jussi Laako wrote: > On 16.5.2014 9:58, José Bollo wrote: > > I share your analysis. It isn't pragmatic to expect that dbus will guess > > the session id. > > It can provide PID, or other info about the dbus connection, but it > could also generate other types of identifiers for the bus connection.
This is also my thinking: the application session identifier is something separate from the pid or service-specific identifiers, and therefore must be attached to processes and transferred via IPC mechanisms just like pid and Smack label are already. > What is the session id used for anyway? It's used to grant access temporarily. The Cynara Wiki page has more information about that: https://wiki.tizen.org/wiki/Security:Cynara#Policies > The access rule should be simple, application requests access for > privilege X (provided by service in it's manifest and granted for > application by it's manifest) and the privilege is either granted or not. > > If it is anything more complex, then you are just over complicating the > picture. I don't have a strong opinion about whether this feature is useful or not. I'm merely pointing out that it's part of the current Cynara design and (IMHO) will be a bit problematic to implement reliably the way it is designed at the moment. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
