In bootstrap version of cynara that is already merged on tizen.org,
privilege checking and installation processes do work.
To install application properly usage of libsecurity-manager-client API
is needed.
We have provided a patch for wrt-installer
https://review.tizen.org/gerrit/#/c/20457/ (already review and verified,
but not merged yet - we are waiting for maintainers move). If
wrt-installer with that patch is used an installed application will
inject proper policy for privileges defined in manifest.
This policy can be later checked with libcynara-client.
The only thing You have to remember about is that currently all
applications are labeled with SMACK label "User" - so defining access to
some privilege shall grant permission for all applications with that
label and uninstallation process won't take away rights (as there still
may be some applications that needs that permission).
Situation should normalize when all applications will receive different
smack labels (based on package id of an application).
I think this is enough for testing libcynara-client usage for now. I
don't plan to launch any special test procedures in nearest future.
best wishes
Lukasz
W dniu 2014-05-19 14:02, Patrick Ohly pisze:
On Mon, 2014-05-19 at 13:39 +0200, Lukasz Wojciechowski wrote:
cynara provides two libraries:
* libcynara-client - accessible for everybody - just for checking privileges
* libcynara-admin - accessible only for privileged processes (probably
only for SecurityManager - but it is a topic to discuss) - for managing
policies
Is there (or will there be) a way to set up a test environment where
Cynara's policy database is populated with some policies and a process
(ideally a bash shell) runs with reduced privileges?
That will be needed by service developers to check that their Cynara
calls are working as expected.
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
