Le 04/11/2014 11:02, Rafał Krypa a écrit :
On 2014-11-04 09:25, Zhang, Xu U wrote:
Hi Rafal,
I have forwarded your email to Crosswalk mail list. Misha , who is key
contributor for Crosswalk reply here:
https://lists.crosswalk-project.org/pipermail/crosswalk-dev/2014-October/002165.html
I have a question on setting SMACK label for gpu process. GPU process is shared
by all render process in the same user just as browser process. What SMACK
label should be set for GPU process? What API should we call?
Hi Xu,
Let me summarize the whole picture including the GPU process and the Zygote
process and how I think they security configuration should be handled:
*Browser process*
Will be launched by "systemd --user". Runs with label "User" and with privilege
(capabilities for setting Smack labels). You don't have to call anything to change it's security
settings, with one exception (described below at Zygote process).
We need to NOT start the browser process immediately at user login
because Crosswalk launch is heavy and will take time and resources. We
should start Crosswalk when needed by launching it via the native
launching on demand.
*GPU process
*Spawned from the browser process. Runs with label "User" and inherits the
privilege from the browser process. Since it doesn't need the privilege, it should call
security_manager_drop_process_privileges() function.
I guess (I might be wrong) that the GPU process is the one that will
create the surface. If my assumption is correct, as we need to track the
correspondance between located surface and AppID (for resource
management enforcement), the GPU process will have to track that
correspondence and report it to Weston, for unification between native
and HTLM5 App. I would like to know what is your view on that requirement.
Dominig ar Foll
Senior Software Architect
Open Source Technology Centre
Intel SSG
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
