[Dev] Cynara

Lukasz Wojciechowski l.wojciechow at partner.samsung.com
Mon Apr 14 13:58:54 GMT 2014


W dniu 2014-04-10 23:38, Schaufler, Casey pisze:
>> -----Original Message-----
>> From: Patrick Ohly [mailto:patrick.ohly at intel.com]
>> Sent: Thursday, April 10, 2014 12:41 PM
>> To: Schaufler, Casey
>> Cc: José Bollo; dev at lists.tizen.org; Lukasz Wojciechowski
>> Subject: Re: [Dev] Cynara
>>
>> On Thu, 2014-04-10 at 19:15 +0000, Schaufler, Casey wrote:
>>>> On Thu, 2014-04-10 at 16:06 +0000, Schaufler, Casey wrote:
>>>> If Tizen is going to treat system apps (for example: the Lemolo
>>>> dialer in IVI) like third-party apps from an app store, then that
>>>> concern gets addressed sufficiently well. If not, then I think we should
>> reconsider that approach.
>>> No. Third party apps from the app store are going to be isolated.
>>> That is one thing everyone agrees on. That's the whole reason that we
>>> need Cynara, so that the abstract "privileges" these apps are required
>>> to be allowed can be managed.
>> I still wonder whether we can apply the same concepts and mechanisms for
>> app store apps also to system apps. Let's ignore that for now, though.
> Of course we can. The biggest problem is that it would require changing
> programs that we're getting from the community, and we don't generally
> want to change them (for a number of reasons) if we can avoid it.
>
>> However, your comment triggered one more thought about Cynara: even if
>> access control is targeted at app store apps, system apps must also pass
>> them.
> Yes. When a system process (Running in the System domain, let's say)
> requests a service Cynara will have to report that that is allowed. That’s
> a matter of granting System the required privileges. All a matter of
> configuration.
>
>> A service can't tell the two apart easily and will call Cynara for all
>> processes which request controlled operation. If Cynara wants to treat
>> certain processes in a special way, that should be a Cynara internal
>> implementation detail, not something that services need to do.
> The service need only call Cynara with the information about the client.
> If we break up the System domain (will happen, but not today) there
> will need to be more Cynara rules. Note that Cynara will have the UID
> and Smack label of the client, so there is opportunity to differentiate
> between services within the Smack System domain. There is ongoing
> debate regarding what system services will run with unique UIDs and
> which should be grouped.
>
>> Agreed?
> More or less. Cynara won't have to do anything special. It just needs
> to be configured to allow clients in the System domain to have the
> privileges they need. We could hard code it, but that would be silly.
Agreed. Nothing is going to be hard coded. It is a matter of proper 
rules definition.
Best regards
Lukasz
>> --
>> Best Regards, Patrick Ohly
>>
>> The content of this message is my personal opinion only and although I am an
>> employee of Intel, the statements I make here in no way represent Intel's
>> position on the issue, nor am I authorized to speak on behalf of Intel on this
>> matter.
>>
>>



More information about the Dev mailing list