W dniu 2014-05-19 12:04, Zhang, Xu U pisze:
-----Original Message-----
From: Lukasz Wojciechowski [mailto:[email protected]]
Sent: Monday, May 19, 2014 5:29 PM
To: Zhang, Xu U; Kis, Zoltan; José Bollo
Cc: [email protected]
Subject: Re: [Dev] Understanding Cynara scope.
W dniu 2014-05-19 09:09, Zhang, Xu U pisze:
-----Original Message-----
From: Dev [mailto:[email protected]] On Behalf Of Lukasz
Wojciechowski
Sent: Thursday, May 15, 2014 8:48 PM
To: Kis, Zoltan; José Bollo
Cc: [email protected]
Subject: Re: [Dev] Understanding Cynara scope.
W dniu 2014-05-15 13:59, Kis, Zoltan pisze:
On Thu, May 15, 2014 at 2:51 PM, José Bollo
<[email protected]> wrote:
On gio, 2014-05-15 at 13:48 +0300, Kis, Zoltan wrote:
(snip)
Crosswalk is using separate processes (not threads) for
app/renderer, extension process and browser process. Security
involves the extension process for checks (unless it's done on
lower layers), and the browser process to present user dialog on
permissions.
Zoltan, from my understanding, the user dialog is a separate
mechanism that is provided by components of Cynara. This is needed
I think for letting privilege managed at a single place with a
single visual in a trusted way.
So I don't imagine crosswalk being displaying the dialog.
Do you agree?
What is proposal of cynara developers?
In case of check that will need to popup some dialog for user -
cynara will launch such popup and return answer for check after user
interaction with popup.
Probably in most cases such popup won't be needed as result of check
will be ALLOW or DENY.
All these special policy types other than ALLOW or DENY will be
defined in plugins for cynara.
In currently being merged cynara-bootstrap version You won't find it.
In next stable version (first based on cynara daemon) planned for 1st
half on June You won't find it either.
However it is in scope of our tasks and will be done. I will update
Cynara wiki page when schedule will be more detailed.
So summing up:
Cynara will be responsible for launching popups if needed.
[Zhang Xu ] The popups should be happed on application's installation. Web
and native app should parser the manifest firstly, and pass the permissions to
Cynara library to pop up dialog, right?
I think You think about popups for accepting license and/or privileges defined
in
manifest in installation process. This is a task for installer. It happens
before,
You can use cynara as application is not installed yet and cynara does not know
anything about policy.
[Zhang Xu ] One question is about the permissions database. Permission database
should be set up during installing apps. The DB also need update when
1. application is updated or renewed
2. user decides to grant/deny access in one session. Permission DB should be updated from "ASK
USER" to "ALLOW" or "DENY".
Permission DB should be accessed by installer and services. Should Cynary
library provide interface to manage DB?
cynara provides two libraries:
* libcynara-client - accessible for everybody - just for checking privileges
* libcynara-admin - accessible only for privileged processes (probably
only for SecurityManager - but it is a topic to discuss) - for managing
policies
Cynara will take care (by using plugings) of displaying popups when it comes to
a privilege check for a policy defined as "ASK USER".
[Zhang Xu ] When the first privilege check comes, Cynara need pop up a dialog
Yes - if there is a policy defined such way that it needs to ask user -
cynara will show such popup
These are two different situations.
[Zhang Xu ] Yes, you are right.
Best wishes
Lukasz
Best Wishes
Lukasz
Sakari promised to clarify on crosswalk related security issues, if
he gets some radio silence in order to be able to catch up. Let's
wait for that :).
Best regards,
Zoltan
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
