I am sorry that I have made a mistake on web API running process. It is should be: One is Tizen device APIs, which will run the extension process. The other is some W3C web APIs, which including Geolocation, media and so on will run in the browser process.
From: Zhang, Xu U Sent: Thursday, September 4, 2014 9:50 AM To: 'Whiteman, John L'; Oda, Terri; Lukasz Wojciechowski Cc: [email protected] Subject: RE: [Dev] [Cynara] Async admin API proposal John, Thanks for your reminder. Just as Lukasz understand, Crosswalk should add API permission check in the browser process. From the view of process running, Tizen web API can be categorized two kinds. One is Tizen device APIs, which will run the browser process. The other is some W3C web APIs, which including Geolocation, media and so on will run in the browser process. For applications using these W3C APIs, browser process should call Cynara client API to check whether application has privilege to access the resources. Peter and I are implementing W3C module’s embedder for Crosswalk and a security thread , which is a check point to call Cynara client API, in the browser process. I think synchronous APIs is enough for Crosswalk browser process. Thanks Zhang Xu From: Dev [mailto:[email protected]] On Behalf Of Whiteman, John L Sent: Thursday, September 4, 2014 5:41 AM To: Oda, Terri; Lukasz Wojciechowski Cc: [email protected]<mailto:[email protected]> Subject: Re: [Dev] [Cynara] Async admin API proposal Hi Xu & Sakari, Do you have input for this per Terri's comments below? Synchronous or asynchronous? This info is needed to complete this. Best Regards, John From: Dev [mailto:[email protected]] On Behalf Of Oda, Terri Sent: Wednesday, August 27, 2014 10:03 AM To: Lukasz Wojciechowski Cc: [email protected]<mailto:[email protected]> Subject: Re: [Dev] [Cynara] Async admin API proposal On Tue, Aug 26, 2014 at 10:03 PM, Lukasz Wojciechowski <[email protected]<mailto:[email protected]>> wrote: For installation and launching purposes crosswalk should use libsecurity-manager-client API instead of direct cynara API. SecurityManager is responsible for setting up cynara policy. It has API for installation and launching applications ready. but ... as far as I know, I think it will need also cynara client API in browser process in order to check if running applications have proper privileges to resources that are accessed by browser process. Check is needed, because a browser process will run an action in the name of application, so some system service (managing resource) will recognize crosswalk's browser process as client. It is crosswalk responsibility to check if application is allowed to access resource. Could You check if synchronous or asynchronous cynara API would fit better for that task in browser process ? To be honest, at this point I'm not sure I know enough about where the checks will need to go in the browser process to answer the question definitively. I've only looked through the installer code in any sort of depth. So perhaps it's better to ask someone who's more familiar with the internals of crosswalk: Xu & Sakari, do you know where in the browser code we'll need those checks? I know last time we talked, it looked most of the APIs were going through the extension process, which meant that they'd be running with an appropriate application label and the services themselves should enforce any policy set on Tizen. But I believe there will still some necessary checks in the browser process (which runs under a different label than the individual applications), I just don't know which APIs are being handled through the browser and where precisely use of those APIs is enforced. Terri
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
