On Wed, 2014-11-26 at 14:48 +0100, Jacek Bukarewicz wrote: > Hi, > > Recently D-Bus version 1.8.2 has landed in the common image. Also, new > Cynara version supporting asynchronous API has been released, so I > believe it's time to push Cynara integration patches to the tizen branch > - now they are put in my sandbox. There are 40 commits for Cynara-DBus > daemon integration and 4 commits for "GetConnectionCredentials" method > smack support. Number of patches is pretty big so I'll squash them into > several bigger ones before sending to review (unless you think it's not > required).
Squashing sounds right. > I also prepared a wiki page on Cynara/D-Bus integration: > https://wiki.tizen.org/wiki/Security:Cynara:DBus_integration The example explicitly has a <deny send_destination="com.example.service"/>. I think this should not be necessary. Instead we need a default bus config that prevents communication by default, unless a service-specific configuration explicitly allows certain kinds of messages again. That's because we don't want D-Bus services without a suitable config available to unprivileged apps. You wanted to work on such a default config? Have you made progress on that? It should be part of the initial integration of these patches. If we follow the approach that I outlined in my last mail on that topic, the default configuration would not prevent anything that User and System processes currently do, so it shouldn't introduce any regressions even without any D-Bus service extended with new config rules. -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
