[Dev] Cynara + DBUS

Patrick Ohly patrick.ohly at intel.com
Wed Apr 16 20:21:41 GMT 2014


On Wed, 2014-04-16 at 20:06 +0000, Schaufler, Casey wrote:
> > -----Original Message-----
> > From: Patrick Ohly [mailto:patrick.ohly at intel.com]
> > Sent: Wednesday, April 16, 2014 9:45 AM
> > To: Schaufler, Casey
> > Cc: José Bollo; Lukasz Wojciechowski; dev at lists.tizen.org
> > Subject: Re: [Dev] Cynara + DBUS
> > 
> > On Wed, 2014-04-16 at 15:30 +0000, Schaufler, Casey wrote:
> > > > > Good question. Applications will need mutual write access with
> > > > > dbus to talk to it. Yes, this introduces additional Smack rules.
> > > >
> > > > So in other words, full access to anything that is on the session D-Bus,
> > > > including all other apps. Anything talking on the session D-Bus will
> > > > have to be prepared to get potentially malicious messages.
> > >
> > > No, that's not what I said, I don't think. It's one thing to talk to
> > > dbus, it's another to talk to services using dbus.
> > 
> > So there will be a D-Bus configuration which controls who is allowed to
> > talk to whom? Unprivileged apps only get very selective access to some
> > services and not to other apps or services which are not prepared to do
> > Cynara checks?
> 
> The option to configure dbus based on Smack label is available.
> I suppose that someone cleverer than I am might be able to
> start with the application manifest and create dbus rules for some
> cases.

Do we have documentation for that somewhere? I know that we had D-Bus
patches for SMACK, I just don't know what of that is in Tizen and where
up-to-date documentation is.

> The general rule remains that programs providing privileged services
> have to be changed to use Cynara. dbus is not a magic wand.

True, but it may be more reliable and safer in some cases to update the
D-Bus configuration instead of patching the source of the service. For
example, if EDS was considered a system component that third-party apps
are never meant to use, then doing a privilege check in one place (the
message routing in dbus-daemon) instead of multiple places (each method
handler in EDS) would be a lot easier.

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.





More information about the Dev mailing list