On Thu, 2014-10-30 at 12:12 +0100, Tomasz Swierczek wrote: > Hi Patrick, > > > can't we just make proper DBus policy with existing tools so that we > have user bus where we have ONLY these services that can be used by > applications and system bus where we have things that apps should not > call, dedicated for inter-service communication?
I don't think so. The recent discussion around Wayland surfaces and Murphy led to the conclusion that any process showing anything on the screen must be a proper app, which implies having its own Smack label. So even privileged apps which are allowed to do everything must go through some kind of privilege checking for system APIs. Having different mechanisms for it (Cynara for normal apps, something else for privileged apps) doesn't look right to me. > I'd like to add this topic to our next F2F meeting agenda. One reason > for this is because I'd like such decision to be fully discussed with > everybody on our security teams, and second - the implementation you > proposed, with hardcoding parts of policy, is what I'd personally > object :-) Note that additional privileges is one aspect. I think we need those. How to implement them is a different, secondary topic. It can also be done via normal rules. I don't care that much about that. Just make sure that Cynara never fails and locks down the entire system ;-} -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
