[Dev] Cynara

Lukasz Wojciechowski l.wojciechow at partner.samsung.com
Tue Apr 15 09:30:04 GMT 2014


W dniu 2014-04-15 01:47, Carsten Haitzler (The Rasterman) pisze:
> On Tue, 08 Apr 2014 20:57:37 +0200 Lukasz Wojciechowski
> <l.wojciechow at partner.samsung.com> said:
>
>> Services that are being used by applications need to control if the
>> caller has sufficient privileges to call each API. In Tizen 2.2.X this
>> level of access control was done using very detailed Smack policy on IPC
>> mechanisms. Since Tizen 3.0 is introducing compact 3-domain Smack
>> policy, there is a need for user-space mechanism that complements the
>> solution. This is a place for new module - Cynara.
>>
>> Details can be found at wiki page:
>> http://wiki.tizen.org/wiki/Security:Cynara
>>
>> Page is still being constructed, but is is high time to share and
>> probably start a discussion.
>> I will be glad to answer any questions about it.
>> I plan to publish roadmap for Cynara development and API draft this week.
> cynara_check ... where will the service daemon get the client string, and
> client_session string? if these are provided by the client... a client can just
> lie. why not just provide the PID of the client directly to cynara and it does
> the rest? (this also means you can change, in future, what parameters/info you
> use to categorize a client).
>
Construction is designed to be generic. That is why from Cynara point of 
view it can be anything.
However...
In Tizen 3.0 we would like to use:
* SMACK label of application process as client id
* UID as user
It is service responsibility to discover both of these parameters. We 
probably can provide some helper functions to extract these things out 
of different IPCs.
We've already started construction of wiki page that describes mechanism 
that can be used for application credentials extraction 
(https://wiki.tizen.org/wiki/Security:Cynara:ApplicationCredentials). We 
surely don't want to trust client, who is just waiting to lie to us.
Definition of client_session is also up to service. Service is the one 
that has access to resources, and it decides how to interpret Cynara's 
answer. If Cynara will answer - "ALLOW till end of session". Service 
must define what does session mean. For some services it may be 
connection made from client to service (when it's broken session is 
over), for others it may be pid of client. As long as PID is the same 
and application lives session doesn't change.
libCynara shall only compare this string with other session values. It 
won't interpret it anyway.

Best regards
Lukasz



More information about the Dev mailing list