W dniu 2014-09-04 03:49, Zhang, Xu U pisze:
John,
Thanks for your reminder.
Just as Lukasz understand, Crosswalk should add API permission check
in the browser process. From the view of process running, Tizen web
API can be categorized two kinds. One is Tizen device APIs, which will
run the browser process. The other is some W3C web APIs, which
including Geolocation, media and so on will run in the browser
process. For applications using these W3C APIs, browser process should
call Cynara client API to check whether application has privilege to
access the resources. Peter and I are implementing W3C module’s
embedder for Crosswalk and a security thread , which is a check point
to call Cynara client API, in the browser process.
I think synchronous APIs is enough for Crosswalk browser process.
Thank You for your answer. We were waiting for that.
BR
Lukasz
Thanks
Zhang Xu
*From:*Dev [mailto:[email protected]] *On Behalf Of
*Whiteman, John L
*Sent:* Thursday, September 4, 2014 5:41 AM
*To:* Oda, Terri; Lukasz Wojciechowski
*Cc:* [email protected]
*Subject:* Re: [Dev] [Cynara] Async admin API proposal
Hi Xu & Sakari,
Do you have input for this per Terri's comments below? Synchronous or
asynchronous? This info is needed to complete this.
Best Regards,
John
*From:*Dev [mailto:[email protected]] *On Behalf Of *Oda, Terri
*Sent:* Wednesday, August 27, 2014 10:03 AM
*To:* Lukasz Wojciechowski
*Cc:* [email protected] <mailto:[email protected]>
*Subject:* Re: [Dev] [Cynara] Async admin API proposal
On Tue, Aug 26, 2014 at 10:03 PM, Lukasz Wojciechowski
<[email protected]
<mailto:[email protected]>> wrote:
For installation and launching purposes crosswalk should use
libsecurity-manager-client API instead of direct cynara API.
SecurityManager is responsible for setting up cynara policy. It has
API for installation and launching applications ready.
but ...
as far as I know, I think it will need also cynara client API in
browser process in order to check if running applications have proper
privileges to resources that are accessed by browser process.
Check is needed, because a browser process will run an action in the
name of application, so some system service (managing resource) will
recognize crosswalk's browser process as client.
It is crosswalk responsibility to check if application is allowed to
access resource.
Could You check if synchronous or asynchronous cynara API would fit
better for that task in browser process ?
To be honest, at this point I'm not sure I know enough about where the
checks will need to go in the browser process to answer the question
definitively. I've only looked through the installer code in any sort
of depth.
So perhaps it's better to ask someone who's more familiar with the
internals of crosswalk: Xu & Sakari, do you know where in the browser
code we'll need those checks? I know last time we talked, it looked
most of the APIs were going through the extension process, which meant
that they'd be running with an appropriate application label and the
services themselves should enforce any policy set on Tizen. But I
believe there will still some necessary checks in the browser process
(which runs under a different label than the individual applications),
I just don't know which APIs are being handled through the browser and
where precisely use of those APIs is enforced.
Terri
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
