Le jeudi 20 novembre 2014 à 10:12 +0100, Tomasz Swierczek a écrit : > Okay, so if this is the usecase, then we need to have, like I mentioned, the > mv_chmod_chown() API in security-server PLUS some way of authorizing this > action (ie. guard it with http://tizen.org/privilege/system like it was > proposed or some other, more precise privilege, allowed only for > system-level things).
Hi all, Tomasz, you wrote mv_chmod_chown but it should be copy_remove_move_create_chmod_chown_chsmack. I agreed that the use of this interface have to be authorized. Using privilege is good. A more precise privilege that http://tizen.org/privilege/system would be better but there is a compromise to found to not increase the count of privileges. However, I'm thinking that the chosen privilege should be of level partner. Using the security manager is great because it doesn't add a new daemon. I'm guessing that it will not be the last feature added to it. Best regards José Bollo > > > @Rafal, Casey, others - what is your opinion? > > > BRs, > > > > Tomasz Świerczek > Samsung R&D Institute Poland > Samsung Electronics > Office +48 22 377 95 59 > Cell +48 503 135 021 > [email protected] > > > -----Original Message----- > From: Dev [mailto:[email protected]] On Behalf Of Corentin > Lecouvey > Sent: Thursday, November 20, 2014 10:06 AM > To: [email protected] > Subject: Re: [Dev] transferring files from and to a service > > Hi Tomasz, > > Good to hear that security-manager has so much power. > > When receiving a file over bluetooth, it will be received in a > "bluetooth" user folder as obexd will be run as "bluetooth". > The point then is to move the received file to the targeted user > download folder with the user ownership and permissions. > We will need the security-manager help to do that. > > > > > +1. > > > > Security-Manager already has "power" to re-label files, so > chmod/chown/mv/DAC_OVERRIDE will not be any extension to its (already high) > capabilities. > > > > In the tandem <Security-Manager (SM), Bluetooth service (BT), The app > (APP)> probably Bluetooth would want to create file on its own to be able to > fill its contents quickly. Questions to be answered: > > > > 1) when the file needs to be shown to the application? > The file can be shown after the file has been transferred in the user > download folder. > > > 2) (follow-up) where should it be initially created: some BT-private > directory where BT can fill its contents and then move+chmod+chown OR > already the original destination (known & accessible to APP)) > I think the easiest way is the first proposal: receive the file in > "bluetooth" user provate directory and then move thanks to > security-manager to the right user directory. > > > 3) or, do we want to let SM expose API that manages files somehow and then > mv/chmod/chown it? If yes, this means using custom SM API in Bluetooth for > even bigger extent than just simple move_and_chmod_and_chown() call. > I think if SM offers a move_and_chmod_and_chown() API, it could be > sufficient but I may wrong. > > Thanks and regards, > Corentin > > > > > > BRs, > > > > Tomasz > > > > _______________________________________________ > > Dev mailing list > > [email protected] > > https://lists.tizen.org/listinfo/dev > > > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
