[Dev] Access control design for user applications
r.krypa at samsung.com
Tue Apr 15 16:47:24 GMT 2014
On 2014-04-15 18:33, Rafał Krypa wrote:
> There are some additional ideas and proposed extensions to the above model, but I'd like to write about them separately.
*App to app IPC*
Direct comunication between applications might be necessary. Tizen 2 API specification includes DataControl API, which does just that. It used to be implemented with shared memory segments, but this requiredSmack rules between application labels. Similar functionality can be achieved with UDSwithout
need for such rules:
- Applications canconnect by UDS using a proxy service to establish connection.
- Proxy rungs with "System" label,with write access permitted from application to System and back.
- If application_1 wants to talk to application_2, it sends appropriate request to proxy. Proxy verifies in policy if the connection is allowed.
- Proxy itself connects to application_2 via UDS and gets socket fd.
- Proxy sends this socket fd to application_1 using SCM_RIGHTS mechanism
- application_1 receives socket fd and uses it to talk to application_2 directly
This can be also implemented analogously with socketpair() call in the proxy and sending one fd to application_1 and the other fd to application_2.
More information about the Dev