W dniu 2014-05-19 09:09, Zhang, Xu U pisze:
-----Original Message-----
From: Dev [mailto:[email protected]] On Behalf Of Lukasz
Wojciechowski
Sent: Thursday, May 15, 2014 8:48 PM
To: Kis, Zoltan; José Bollo
Cc: [email protected]
Subject: Re: [Dev] Understanding Cynara scope.
W dniu 2014-05-15 13:59, Kis, Zoltan pisze:
On Thu, May 15, 2014 at 2:51 PM, José Bollo
<[email protected]> wrote:
On gio, 2014-05-15 at 13:48 +0300, Kis, Zoltan wrote:
(snip)
Crosswalk is using separate processes (not threads) for
app/renderer, extension process and browser process. Security
involves the extension process for checks (unless it's done on lower
layers), and the browser process to present user dialog on permissions.
Zoltan, from my understanding, the user dialog is a separate
mechanism that is provided by components of Cynara. This is needed I
think for letting privilege managed at a single place with a single
visual in a trusted way.
So I don't imagine crosswalk being displaying the dialog.
Do you agree?
What is proposal of cynara developers?
In case of check that will need to popup some dialog for user - cynara will
launch such popup and return answer for check after user interaction with
popup.
Probably in most cases such popup won't be needed as result of check will be
ALLOW or DENY.
All these special policy types other than ALLOW or DENY will be defined in
plugins for cynara.
In currently being merged cynara-bootstrap version You won't find it.
In next stable version (first based on cynara daemon) planned for 1st half on
June You won't find it either.
However it is in scope of our tasks and will be done. I will update Cynara wiki
page when schedule will be more detailed.
So summing up:
Cynara will be responsible for launching popups if needed.
[Zhang Xu ] The popups should be happed on application's installation. Web and
native app should parser the manifest firstly, and pass the permissions to
Cynara library to pop up dialog, right?
I think You think about popups for accepting license and/or privileges
defined in manifest in installation process. This is a task for
installer. It happens before, You can use cynara as application is not
installed yet and cynara does not know anything about policy.
Cynara will take care (by using plugings) of displaying popups when it
comes to a privilege check for a policy defined as "ASK USER".
These are two different situations.
Best wishes
Lukasz
Best Wishes
Lukasz
Sakari promised to clarify on crosswalk related security issues, if he
gets some radio silence in order to be able to catch up. Let's wait
for that :).
Best regards,
Zoltan
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
