[Dev] Cynara + DBUS

Schaufler, Casey casey.schaufler at intel.com
Wed Apr 16 20:38:40 GMT 2014


> -----Original Message-----
> From: Patrick Ohly [mailto:patrick.ohly at intel.com]
> Sent: Wednesday, April 16, 2014 1:22 PM
> To: Schaufler, Casey
> Cc: José Bollo; Lukasz Wojciechowski; dev at lists.tizen.org
> Subject: Re: [Dev] Cynara + DBUS
> 
> On Wed, 2014-04-16 at 20:06 +0000, Schaufler, Casey wrote:
> > > -----Original Message-----
> > > From: Patrick Ohly [mailto:patrick.ohly at intel.com]
> > > Sent: Wednesday, April 16, 2014 9:45 AM
> > > To: Schaufler, Casey
> > > Cc: José Bollo; Lukasz Wojciechowski; dev at lists.tizen.org
> > > Subject: Re: [Dev] Cynara + DBUS
> > >
> > > On Wed, 2014-04-16 at 15:30 +0000, Schaufler, Casey wrote:
> > > > > > Good question. Applications will need mutual write access with
> > > > > > dbus to talk to it. Yes, this introduces additional Smack rules.
> > > > >
> > > > > So in other words, full access to anything that is on the
> > > > > session D-Bus, including all other apps. Anything talking on the
> > > > > session D-Bus will have to be prepared to get potentially malicious
> messages.
> > > >
> > > > No, that's not what I said, I don't think. It's one thing to talk
> > > > to dbus, it's another to talk to services using dbus.
> > >
> > > So there will be a D-Bus configuration which controls who is allowed
> > > to talk to whom? Unprivileged apps only get very selective access to
> > > some services and not to other apps or services which are not
> > > prepared to do Cynara checks?
> >
> > The option to configure dbus based on Smack label is available.
> > I suppose that someone cleverer than I am might be able to start with
> > the application manifest and create dbus rules for some cases.
> 
> Do we have documentation for that somewhere? I know that we had D-Bus
> patches for SMACK, I just don't know what of that is in Tizen and where up-
> to-date documentation is.

We need to provide better documentation on configuring
Smack in dbus. I confess to not having it at my fingertips.

 
> > The general rule remains that programs providing privileged services
> > have to be changed to use Cynara. dbus is not a magic wand.
> 
> True, but it may be more reliable and safer in some cases to update the D-
> Bus configuration instead of patching the source of the service. For example,
> if EDS was considered a system component that third-party apps are never
> meant to use, then doing a privilege check in one place (the message routing
> in dbus-daemon) instead of multiple places (each method handler in EDS)
> would be a lot easier.

I am perfectly happy to use whatever mechanism is most appropriate.

> 
> --
> Best Regards, Patrick Ohly
> 
> The content of this message is my personal opinion only and although I am an
> employee of Intel, the statements I make here in no way represent Intel's
> position on the issue, nor am I authorized to speak on behalf of Intel on this
> matter.
> 
> 



More information about the Dev mailing list