Also for test purposes I created python bindings for Cynara (admin and
client API) to easily set up policies and to invalidate policy when
required.
It's not production quality but it works for me. If anyone is interested
I can publish it on Cynara sandbox.
That sounds useful. Without actual Cynara configs, all one could test is
that illegal access gets denied. Examples for setting those up would
also be useful.
I've put my implementation on sandbox/jacekbe/cynara-python branch in
the cynara repo (git://review.tizen.org/platform/core/security/cynara).
To set given policy you can write in python shell:
from cynara import *
a = CynaraAdmin()
a.set_policy('', 'app_label', '5002', 'privilege', 0xffff, '')
Parameters are:
bucket - empty string for default (and I believe that's enough for testing)
client - application label
user - string that identifies user (in Tizen it's uid converted to string)
privilege -
result - policy check result
0 - deny
0xffff - allow,
-1 - remove policy
result_extra - extra result data - not needed in our case AFAIK so I
always used empty string
Cynara db has currently very simple format. Policies are saved in a text
file - each policy in a separate line. Above command will result in
additional line in /var/cynara/db/_ file:
app_label;5002;privilege;0xFFFF;
Putting such line manually and restarting Cynara service should do the
trick as well.
Best regards,
--
Jacek Bukarewicz
Samsung R&D Institute Poland
Samsung Electronics
[email protected]
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
