> -----Original Message----- > From: Lukasz Wojciechowski [mailto:[email protected]] > Sent: Tuesday, May 20, 2014 9:57 PM > To: Ohly, Patrick > Cc: Zhang, Xu U; Kis, Zoltan; José Bollo; [email protected] > Subject: Re: testing cynara > > In bootstrap version of cynara that is already merged on tizen.org, privilege > checking and installation processes do work. [Zhang Xu ] where can I get bootstrap version from tizen.org? Could you please provide a link? > > To install application properly usage of libsecurity-manager-client API is > needed. > We have provided a patch for wrt-installer > https://review.tizen.org/gerrit/#/c/20457/ (already review and verified, but > not > merged yet - we are waiting for maintainers move). If wrt-installer with that > patch is used an installed application will inject proper policy for > privileges > defined in manifest. [Zhang Xu ] From https://wiki.tizen.org/wiki/Security:Cynara#libCynaraAdmin, it seems installer should call libCynaraAdmin to add polices such as permissions. What's relationship between libCynaraAdmin and libsecurity-manager-client? Is there a guide for how to insert/update/remove policy? So that crosswalk installer can take use of to install permissions? > > This policy can be later checked with libcynara-client. > > The only thing You have to remember about is that currently all applications > are > labeled with SMACK label "User" - so defining access to some privilege shall > grant permission for all applications with that label and uninstallation > process > won't take away rights (as there still may be some applications that needs > that > permission). > Situation should normalize when all applications will receive different smack > labels (based on package id of an application). > > I think this is enough for testing libcynara-client usage for now. I don't > plan to > launch any special test procedures in nearest future. > > best wishes > Lukasz > > W dniu 2014-05-19 14:02, Patrick Ohly pisze: > > On Mon, 2014-05-19 at 13:39 +0200, Lukasz Wojciechowski wrote: > >> cynara provides two libraries: > >> * libcynara-client - accessible for everybody - just for checking > >> privileges > >> * libcynara-admin - accessible only for privileged processes > >> (probably only for SecurityManager - but it is a topic to discuss) - > >> for managing policies > > Is there (or will there be) a way to set up a test environment where > > Cynara's policy database is populated with some policies and a process > > (ideally a bash shell) runs with reduced privileges? > > > > That will be needed by service developers to check that their Cynara > > calls are working as expected. > >
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
