Kevron,
in Tizen 3 API protection will managed by enforcing the respect of the
manifest which is not anymore enforced by Smack label by opposition of
what was done in Tizen 2.2.
The final implementation is in discussion as we speak and will be based
on Cynara and a service enforcement at OS level.
So the requirement to be in system domain should not stay once that this
change will be implemented.
Dominig ar Foll
Senior Software Architect
Open Source Technology Centre
Intel SSG
Le 13/05/2014 18:07, Rees, Kevron a écrit :
On Tue, May 13, 2014 at 2:09 AM, Counihan, Tom <[email protected]> wrote:
Here - https://wiki.tizen.org/wiki/Security:SmackThreeDomainModel defines “A
new peer domain should be created to protect a set of resources from the
domain it would run in otherwise. The new peer domain will not have more
access than the domain it would naturaly run in”
Following I read “The Automotive Message Broker (AMB) domain provides a set
of services for the In Vehicle Infotainment (IVI) profile. The AMB domain is
a peer domain of the System domain.’
Can someone point me to the reasoning behind this decision?
AMB needs to be able to create SMACK labels that restrict access to
specific AMB APIs. For example, we do not want all applications to be
able to SET the driver seat position. So AMB has it's own domain
where it can define smack labels to protect vehicle data like the
driver seat position.
If you just join the system domain, or the user domain, you get all or
nothing. You can't create labels on a domain you don't own therefore
you can't fine-tune access.
Why for example would I do this and not create a “PIM Peer Domain” or a
“Connectivity Peer Domain”.
If PIM has a need to protect individual APIs using smack labels, then
yes, it would create a new domain as well.
I’d like to understand the logic for triggering the creation of this Peer
Domain.
Note: that in the cyanara-world, some of these assumptions change.
AMB will probably not use smack directly to do API-level protection
and use cyanara internally instead. The justification for AMB having
its own domain may not be relevant in this world.
-Kevron
INTEL
Automotive Solutions Division (ASD)
Intel Shannon,
Brookvale Plaza,
East Park,
Shannon,
Co. Clare,
Ireland
Tel : +353 61 477718
--------------------------------------------------------------
Intel Shannon Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
Business address: Dromore House, East Park, Shannon, Co. Clare
This e-mail and any attachments may contain confidential material for the
sole use of the intended recipient(s). Any review or distribution by others
is strictly prohibited. If you are not the intended recipient, please
contact the sender and delete all copies.
_______________________________________________
IVI mailing list
[email protected]
https://lists.tizen.org/listinfo/ivi
_______________________________________________
IVI mailing list
[email protected]
https://lists.tizen.org/listinfo/ivi
_______________________________________________
IVI mailing list
[email protected]
https://lists.tizen.org/listinfo/ivi
