On Tue, 2014-06-17 at 09:19 +0000, Zhang, Xu U wrote: > > > -----Original Message----- > > From: Patrick Ohly [mailto:[email protected]] > > Sent: Tuesday, June 17, 2014 5:13 PM > > To: Zhang, Xu U > > Cc: Tomasz Swierczek; Schaufler, Casey; Kis, Zoltan; [email protected]; > > He, Xinchao; [email protected] > > Subject: Re: [Dev] The SAPI proposal > > > > On Tue, 2014-06-17 at 08:59 +0000, Zhang, Xu U wrote: > > > The general flow for Tizen API case is as below: > > > (1) When Tizen device JS API such as Bluetooth.read() is called, render > > process will send IPC to extension process firstly. > > > (2) When extension process receives the message, extension process > > > will call SAPI > > > > ... or some other system services. I suggest to describe the extension > > process > > as "calling the system" instead of "calling SAPI", because for the security > > architecture of Crosswalk it is irrelevant how the system exposes services, > > as > > long as it does securely. > > > > It is relevant for actually writing the extension code, of course. Right > > now, > > extensions cannot call SAPI (does not exist yet) while they can call > > existing > > services. This takes us from architecture considerations into the realm of > > the > > more practical "how do we actually get work done"; not sure whether we want > > to go there. > > > [Zhang Xu ] Yes, you are right. For Tizen crosswalk extension, > currently extension process call system APIs directly. So we need add > a check before calling system APIs to make sure extension process has > the permission to access.
No, I think it is better to treat the extension process as an untrusted part of the app (because then we can load untrusted native extensions into it) and rely on the system to enforce privilege checks. If we can't achieve that second part, then making the extension process a trusted component and relying on Crosswalk to do all checking is plan B. This puts an additional burden on the Crosswalk team, though, and is only an intermediate step to the final system architecture. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
