Hi,
I'm currently working on integration of Cynara with D-Bus. Basically,
the idea is to extend D-Bus daemon policy language with <check ...
privilege="name_of_privilege" > tag.
It will allow external policy checkers to be part of D-Bus security
policy . The biggest advantage from service point of view is its ease of
integration with Cynara. After this work is finished services will be
able to simply declare which method calls or signals will be secured by
Cynara.
Current work is based on version 1.8.2, while the one currently used on
Tizen images is 1.6.12. Work regarding Cynara actually does not require
us to upgrade 1.8.x. In fact I've rebased patches locally on top of
tizen branch and they were applied almost cleanly and is also seems to
work. On the other hand it might be beneficial for us to use version
that is closer to the upstream. One interesting change that we might
make use of is security policy reload for established D-Bus connections.
Currently, user has to reconnect for the D-Bus policy change to take
effect. Please note that Cynara policy change will be detected anyway -
that will be handled transparently by Cynara client library. However
service upgrade might involve making changes to the D-Bus configuration
files and these changes won't be detected until reconnection (for
version 1.6.x).
What do you think about potential upgrade? Do you have any objections to
do it now? I believe best candidate would be 1.8.8. On 1 October version
1.9.0 has been released, but it might be too early to use this one.
Best regards,
--
Jacek Bukarewicz
Samsung R&D Institute Poland
Samsung Electronics
[email protected]
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
