On 11/13/2014 05:53 PM, Patrick Ohly wrote:
While I agree that it's probably not hard to add, I'd prefer to keep the
number of changes to D-Bus small. My proposal was to use the <check
privilige="http://tizen.org/privilege/user"/> with a matching Cynara
rule. That way we leverage existing functionality and only have to add
configuration instead of more code and different configuration.
This could also work. Nice thing about Cynara policy is that it accepts
wildcards so it would be sufficient to add such rules into the Cynara db
to allow trusted services access privileged resources:
System;*;*;0xFFFF;
User;*;*;0xFFFF;
I don't think we need more fine-grained control over what trusted
services can do at the moment. Trusted services would need same
privileges as applications which I believe is fine and won't cause any
problems.
Resources accessible only by trusted services could be protected by some
special privilege(s) that could not be granted to applications
(http://tizen.org/privilege/user like you suggested or some another).
Best regards,
--
Jacek Bukarewicz
Samsung R&D Institute Poland
Samsung Electronics
[email protected]
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
