On Thu, Jun 10, 2010 at 4:55 PM, Shaz <[email protected]> wrote: >> Task can hold tokens named 'Calendar' and 'Phonebook' for >> accessing these interfaces. Or, we can drop this even >> lower by saying Calendar::function and everything else is >> not granted for. > > This is where dbus comes in ... right?
Well we do DBUS and plain sockets for starters. > And now I am loosing what LSM and rbac does here :) Credential assignment and such mostly. >> > Do you maintain the rights on the client platform? >> >> Policy enforcement is done by the server being accessed. >> Credential assignment happens per-task basis and during >> exec. > > Got it. You mean session of active resource is given the credential > accordingly. How can you handle client side and server side service mashups > with this theme? What's the issue with it? We have quite flexible token setup that allows pretty much anything to be labeled. Moreover, our needs are quite simple in this sense, we're not really trying to compete with selinux kitchen sink. -- // Janne _______________________________________________ MeeGo-dev mailing list [email protected] http://lists.meego.com/listinfo/meego-dev
