[Dev] Cynara

Patrick Ohly patrick.ohly at intel.com
Thu Apr 10 19:41:25 GMT 2014


On Thu, 2014-04-10 at 19:15 +0000, Schaufler, Casey wrote:
> > On Thu, 2014-04-10 at 16:06 +0000, Schaufler, Casey wrote:
> > If Tizen is going to treat system apps (for example: the Lemolo dialer in IVI)
> > like third-party apps from an app store, then that concern gets addressed
> > sufficiently well. If not, then I think we should reconsider that approach.
> 
> No. Third party apps from the app store are going to be isolated.
> That is one thing everyone agrees on. That's the whole reason that
> we need Cynara, so that the abstract "privileges" these apps are required
> to be allowed can be managed.

I still wonder whether we can apply the same concepts and mechanisms for
app store apps also to system apps. Let's ignore that for now, though.

However, your comment triggered one more thought about Cynara: even if
access control is targeted at app store apps, system apps must also pass
them. A service can't tell the two apart easily and will call Cynara for
all processes which request controlled operation. If Cynara wants to
treat certain processes in a special way, that should be a Cynara
internal implementation detail, not something that services need to do.
Agreed?

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.





More information about the Dev mailing list