> > > I'm still concerned about the changes required to Bluetooth > > > to utilize the facility, but that's probably easier than a full blown > > > security analysis of Bluetooth running as root.
> > We are in Sync but we need a solution :-) > The first step is to define what facilities need to be > provided. You might even propose the APIs Bluetooth > would like to have. Tomasz's team can't anticipate what > you want to do. You have to tell the security manager > developers what you'd like provided. +1. Security-Manager already has "power" to re-label files, so chmod/chown/mv/DAC_OVERRIDE will not be any extension to its (already high) capabilities. In the tandem <Security-Manager (SM), Bluetooth service (BT), The app (APP)> probably Bluetooth would want to create file on its own to be able to fill its contents quickly. Questions to be answered: 1) when the file needs to be shown to the application? 2) (follow-up) where should it be initially created: some BT-private directory where BT can fill its contents and then move+chmod+chown OR already the original destination (known & accessible to APP)) 3) or, do we want to let SM expose API that manages files somehow and then mv/chmod/chown it? If yes, this means using custom SM API in Bluetooth for even bigger extent than just simple move_and_chmod_and_chown() call. BRs, Tomasz _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
