> -----Original Message----- > From: Dev [mailto:[email protected]] On Behalf Of José Bollo > Sent: Tuesday, November 18, 2014 7:57 AM > To: [email protected] > Subject: [Dev] transferring files from and to a service > > Hi all, > > Some global service are offering API with > filenames (as string) arguments that will > be used by the service for reading or > writing the given file.
I think you may have identified the problem right there. APIs that deal with files by path name need to be aware of the possible restrictions on accessing those files. > When the service runs under its own > identity, its own uid (for example: > wifi, bluetooth, display, ...), > the files can't be accessed! Right, which is the way it's supposed to work. If services want to share information they have to set the mode bits on the files properly. Please provide some examples of the paths involved. > To solve that problem there are some solutions: > 1 - run the service as root > 2 - run the service with capabilities (for example > CAP_DAC_OVERWRITE and CAP_MAC_ADMIN) > 3 - change the API to use opened file descriptors > that can be passed through UDS or DBUS > 4 - the service calls an other service that is > in charge of managing this kind of file access > 5 - use some temporarily storage that is accessibles > by both the service and its client but no other > process. You are working too hard. Set the mode bits correctly and you're done. > From this short list, (1) is simple but do you want > that any service run as root?, not me, (2) is better > but it has to be on each service (so it is not a > general solution) and may be dangerous, (3) this solution > needs to change the API and also I'm not 100% sure that > it can work in any cases, (4) and (5) are maybe the same > because keeping the storage private may require the help of > a specialized piece of code and ensuring consistency of > files against potential concurrent accesses may requires > to copy the files. > > We were thinking that the security-manager could be of > some help here. It could offer an API to copy a file > from a user area to the service area and to move (or > copy) a file from the service area to the user area. > > Please let that new discussion go on... feedbacks welcome! > > Best regards > José > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
