On Tue, May 13, 2014 at 2:09 AM, Counihan, Tom <[email protected]> wrote: > Here - https://wiki.tizen.org/wiki/Security:SmackThreeDomainModel defines “A > new peer domain should be created to protect a set of resources from the > domain it would run in otherwise. The new peer domain will not have more > access than the domain it would naturaly run in” > > > > Following I read “The Automotive Message Broker (AMB) domain provides a set > of services for the In Vehicle Infotainment (IVI) profile. The AMB domain is > a peer domain of the System domain.’ > > > > Can someone point me to the reasoning behind this decision? >
AMB needs to be able to create SMACK labels that restrict access to specific AMB APIs. For example, we do not want all applications to be able to SET the driver seat position. So AMB has it's own domain where it can define smack labels to protect vehicle data like the driver seat position. If you just join the system domain, or the user domain, you get all or nothing. You can't create labels on a domain you don't own therefore you can't fine-tune access. > Why for example would I do this and not create a “PIM Peer Domain” or a > “Connectivity Peer Domain”. > If PIM has a need to protect individual APIs using smack labels, then yes, it would create a new domain as well. > I’d like to understand the logic for triggering the creation of this Peer > Domain. > > Note: that in the cyanara-world, some of these assumptions change. AMB will probably not use smack directly to do API-level protection and use cyanara internally instead. The justification for AMB having its own domain may not be relevant in this world. -Kevron > > INTEL > > Automotive Solutions Division (ASD) > > > > Intel Shannon, > > Brookvale Plaza, > > East Park, > > Shannon, > > Co. Clare, > > Ireland > > > > Tel : +353 61 477718 > > > > -------------------------------------------------------------- > Intel Shannon Limited > Registered in Ireland > Registered Office: Collinstown Industrial Park, Leixlip, County Kildare > Registered Number: 308263 > Business address: Dromore House, East Park, Shannon, Co. Clare > > This e-mail and any attachments may contain confidential material for the > sole use of the intended recipient(s). Any review or distribution by others > is strictly prohibited. If you are not the intended recipient, please > contact the sender and delete all copies. > > > _______________________________________________ > IVI mailing list > [email protected] > https://lists.tizen.org/listinfo/ivi > _______________________________________________ IVI mailing list [email protected] https://lists.tizen.org/listinfo/ivi
