Hi all,
Some global service are offering API with
filenames (as string) arguments that will
be used by the service for reading or
writing the given file.
When the service runs under its own
identity, its own uid (for example:
wifi, bluetooth, display, ...),
the files can't be accessed!
To solve that problem there are some solutions:
1 - run the service as root
2 - run the service with capabilities (for example
CAP_DAC_OVERWRITE and CAP_MAC_ADMIN)
3 - change the API to use opened file descriptors
that can be passed through UDS or DBUS
4 - the service calls an other service that is
in charge of managing this kind of file access
5 - use some temporarily storage that is accessibles
by both the service and its client but no other
process.
From this short list, (1) is simple but do you want
that any service run as root?, not me, (2) is better
but it has to be on each service (so it is not a
general solution) and may be dangerous, (3) this solution
needs to change the API and also I'm not 100% sure that
it can work in any cases, (4) and (5) are maybe the same
because keeping the storage private may require the help of
a specialized piece of code and ensuring consistency of
files against potential concurrent accesses may requires
to copy the files.
We were thinking that the security-manager could be of
some help here. It could offer an API to copy a file
from a user area to the service area and to move (or
copy) a file from the service area to the user area.
Please let that new discussion go on... feedbacks welcome!
Best regards
José
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
