[Dev] Smack questions

Schaufler, Casey casey.schaufler at intel.com
Thu Sep 26 23:54:37 GMT 2013


The primary difference is going to be when the dbus policy gets installed. If you put it in the manifest it get install when the package gets installed with RPM. If you write the policy directly you have to add it to the dbus configuration yourself.


From: Rees, Kevron [mailto:kevron.m.rees at intel.com]
Sent: Thursday, September 26, 2013 3:34 PM
To: Schaufler, Casey
Cc: Dev at lists.tizen.org
Subject: Re: [Dev] Smack questions

What is the difference, if any of protecting a DBus object via DBus policy[1] rather than in a SMACK manifest[2]?

[1]

<policy smack="AMB::machinegun" >

  <allow send_destination="org.automotive.message.broker"

      send_interface="org.freedesktop.DBus.Properties"

      send_path="/org/automotive/uncategorized/MachineGunTurretStatus"

      send_member="Set" />
</policy>

[2]
<assign>
    <dbus name="org.automotive.message.broker" own="AMB" bus="system">
      <node name="/org/automotive/uncategorized/MachineGunTurretStatus">
        <interface name="org.freedesktop.DBus.Properties">
          <method name="Set" >
            <annotation name="com.tizen.smack" value="AMB::machinegun" />
          </method>
        </interface>
      </node>
    </dbus>
  </assign>


On Wed, Sep 25, 2013 at 6:01 PM, Schaufler, Casey <casey.schaufler at intel.com<mailto:casey.schaufler at intel.com>> wrote:

I am the upstream maintainer for the Smack Linux Security Module. If you have questions about Smack don't hesitate to ask, especially in the context of Tizen.

Thank you.


_______________________________________________
Dev mailing list
Dev at lists.tizen.org<mailto:Dev at lists.tizen.org>
https://lists.tizen.org/listinfo/dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20130926/e2c2ba04/attachment-0001.html>


More information about the Dev mailing list