Le jeudi 30 octobre 2014 à 13:02 +0100, Patrick Ohly a écrit : > On Thu, 2014-10-30 at 12:49 +0100, Patrick Ohly wrote: > > On Thu, 2014-10-30 at 12:37 +0100, José Bollo wrote: > > > Le jeudi 30 octobre 2014 à 11:05 +0100, Patrick Ohly a écrit : > > > > Without this special privilege, each user service would have to > > > > implement the Smack check itself instead of using the unified privilege > > > > checking code paths and instance (= Cynara), or we need to revive the > > > > non-upstream, and otherwise obsolete Smack label checking and rules in > > > > dbus-daemon. > > > > > > I'm surprised to discover that the policy of checking Smack labels is > > > removed. I though that it remained concurrently. > > > > Reread the older mail threads. It has come up and the consensus was that > > checking via Cynara supersedes the older patches. We just need to figure > > out all details, like what how to protect services that don't have a > > suitable privilege. > > It just occurred to me that the system apps with a UI that I mentioned > in my other email will not run with Smack label "User" or "System", so > the older Smack based D-Bus access control will not work for them unless > we also resurrect the entire "compile Smack rules based on manifest" > machinery from Tizen 2.x. That is currently gone in 3.x, right? >
Yes, I think so, it is gone. But what does it change? A label is a label, you still can enumerate it (not practical, I know...;). BR José _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
