W dniu 2015-05-06 o 11:17, Gu, Chao Jie pisze:
Hi all,
It is great project for privilege control by Cynara in Tizen,
however, there are some issues which confused me now. We have spent
some time investigating how to enable Cynara security policy, this
email maybe will cover some technical details in Cynara. I am not sure
that which Samsung guys are very familar with Cynara API in details.
However, we will be very appreciated that if whoever can help in the
tizen-mailist because it could let us more clear about how to
integrate Cynara API into other new package which need security check.
All I concern and investigation about Cynara is from the Cynara
definition in
https://wiki.tizen.org/wiki/Security/Tizen_3.0_security_porting_guide
and example of platform/core/connectivity/bluetooth-frwk/bt-service.
Hi,
I maintain cynara. All informations should be found on wiki page. I'm
sorry that it's not up to date. I'm going to update API pages today.
My team is currently supervising integration of cynara into services. So
please add me on review of any patches integrating cynara. It will be
also good to synchronize our efforts. There is a JIRA task binding all
tasks to make Tizen services conformant to 3.0 security architecture. I
believe we can synchronize our work with this tool.
https://bugs.tizen.org/jira/browse/TC-2420
I'll answer your questions below.
So I summarize two APIs question one by one as below:
1.int cynara_initialize(
cynara **pp_cynara
const cynara_configuration *p_conf)
The first question is about cynara_initialize function. As we all
know, parameter pp_cynara would be used in cynara_check to Check
privilege if client (application or process) running as some user has
access to a service or not. However, we couldn’t find the
cynara_configuration definition. The link
https://wiki.tizen.org/wiki/Security:Cynara:API:client#cynara_configuration
statement about cynara_configuration is: Structure representing cynara
client configuration. Not yet defined.
And we also find in bt-service that cynara_configuration *conf is NULL.
So we have to be clear about this parameter when we used it, we can
think that cynara_configuration has not been defined now. And we use
cynara_initialize function in other package just to put NULL to it
like bt-service did, right ?
I've updated the wiki page. Configuration is used so far only for
setting capacity of cache built-in client library.
There are two ways to use configuration:
* simple way - pass NULL as configuration. It will use default
parameters. Up to 10000 answers from cynara will be cached.
* cynara_configuration can be created with
cynara_configuration_create(), then You can set size of cache with
cynara_configuration_set_cache_size(). After passing configuration to
cynara_initialize() don't forget to release it with
cynara_configuration_destroy().
2.int cynara_check(
cynara *p_cynara,
const char *client,
const char *client_session,
const char *user,
const char *privilege)
For cynara *p_cynara parameter, there is no doubt that we will use
cyrana_initialize to get p_cynara
For const *client and const char*user parameters, these two parameter
is output from Functions cynara_creds_dbus_get_client() and
cynara_creds_socket_get_client() , we find in bt-service example to
use CLIENT_METHOD_SMACK and USER_METHOD_UID as input to get const char
*client and const char*user parametersby
cynara_creds_dbus_get_client() or
cynara_creds_socket_get_client()function. Can we use these two Marco
parameter as input in other package? Because bt-service is based on
Tizen OS, so is the Macro definition either conform to other OS
security or only compatible with Tizen OS?
Well this is Tizen dev-list and if we are talking about Tizen - access
control of cynara is based on Smack label as identifier of client and
stringified uid as identifier of user. On Tizen system it is safe to use
CLIENT_METHOD_SMACK and USER_METHOD_UID or even better
CLIENT_METHOD_DEFAULT and USER_METHOD_DEFAULT. I haven't heard anything
about security concepts of other OS using cynara.
For client_session parameter, it should be application launch
identifier. However, in the bt-service example ,we can see
client_session is NULL as input. So is this make sense ? can we do the
same in other package ?
Passing NULL as client_session will result in receiving
CYNARA_API_INVALID_PARAM. bt-service don't pass NULL, but an empty string:
char *client_session = "";
It's up to service if it has a concept of session. If service want to
differ between e.g different client's life cycles or connections it can
use client_session, if not passing an empty string is OK.
Session does matter only in case of session related policy types. It
does not affect in any way simple ALLOW/DENY policies.
Example of such session related policy can be ASK_USER policy, which
will affect in showing a pop-up window to a user, where user can chooses
e.g. allow but for a session.
For privilege parameter, this privilege string should be core
privilege list in the system just like Tizen such as the list in
https://wiki.tizen.org/wiki/Security:Tizen_3.0_Core_Privileges . My
question is who will be in charge of this part work in Tizen security?
For this part work, what can package developer do for this security
privilege definition and enabling?
As it was discussed on one of F2F meetings of Intel and Samsung Security
Teams - Samsung is responsible for maintaining list of core privileges
on Tizen 3.0.
However adding or changing this list must be well argumented. People
responsible are: Jooseong Lee (jooseong.lee AT samsung.com) and Bumjin
Im (bj.im AT samsung.com).
Above is all my question about Cynara API used in bt-service example,
If we are clear about these, It will greatly help us to enable Cynara
in security check.
Best Regards
Chaojie Gu
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
Best regards
Lukasz Wojciechowski
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
