Hi Jose, All, Thanks for the answer and points. Yes, I understand your points and agree with them. Having common installer will simplify the architecture here.
Keeping the privilege level extraction/verification will be also easier to prepare. We already have some code in crosswalk, that can be used here. It is thanks to Zhang, Xu U [[email protected]] :)! >>Hi Baptiste, >> >>I have implemented some features on Crosswalk installer, I think they may be >>useful for your reference. >>1. https://github.com/crosswalk-project/crosswalk/pull/2518. >>For this pull request, it implement the features below: >>* Parser Tizen privileges from config.xml of wgt >>* Register application’s permission to Cynara policy >>* Call security manager to set smack label for files in the widget >>I think you can use some code directly and send pull request in Tizen gerrit >> >>2. https://github.com/crosswalk-project/crosswalk/pull/2169 >>https://github.com/crosswalk-project/crosswalk/pull/2291 >>https://github.com/crosswalk-project/crosswalk/pull/2422 >>For these pull requests, they implemented features Tizen widget signature >>checking >> >>Best Regards >>Zhang Xu >> Thank you Zhang Xu for the info. >>HERE IS THE QUESTION: Is the computation of the privilege level based on >>the signature chain used only in installers? I do not know any other places, but I cannot be sure, that there none. Sorry. Best Regards, Pawel Sikorski -----Original Message----- From: José Bollo [mailto:[email protected]] Sent: Monday, November 24, 2014 5:25 PM To: Pawel Sikorski; Bumjin Im; Schaufler, Casey Cc: 'Baptiste Durand'; [email protected] Subject: Re: [Dev] App Installer WorkShop Status Hi all, hi Pawel, Le samedi 22 novembre 2014 à 13:54 +0100, Pawel Sikorski a écrit : <snip> > platform/core/security/key-manager <snip> > As for the extraction of signature levels (platform, public, partner), > originally, wrt-installer used a package used cert-svc repository, > module vcore. > > I will discuss this item more with Security Team and let you know the > output. <snip> Thank you for your investigation. I had no time to check today but will try tomorrow... maybe. However, I want to point out the fact that computing the privilege level is a very sensitive operation: it has to be fully trusted. IIRC, the security manager that currently is in charge of recording the privileges in Cynara's database is not checking the level of privileges. Then, any program with the correct privilege for using the security-manager features will be allowed to install an application with any privilege of any level. It is showing how setting a common code for installer is beneficial: all of its derived installer will gain a trusted common piece of code for computing the privilege level. This model is very simple and only needs that installers are trusted. It also requires that API's of security manager are filtered on specific privileges of high level. An other model would be to have a specific service to manage the privilege levels. But this way looks very impractical and should be considered only if the privilege level have to be checked in other places than installers. HERE IS THE QUESTION: Is the computation of the privilege level based on the signature chain used only in installers? I would like to insist on the importance of this aspect of the security. Best regards José Bollo _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
