[Dev] Simplifying access to a privilege manager using a virtual filesystem

José Bollo jobol at nonadev.net
Thu Apr 24 09:49:33 GMT 2014


Hi all,

I finalized the proof of concept called 'keyzen' that you will find on
github https://github.com/jobol/keyzen

The advantages of using a filesystem to manage the privileges to access
the API are:
- it's fast
- it could be linked tightly to LSM smack
- it benefits of accesses control (DAC/MAC) and file namespace
- there no real need of a library (all languages)
- supports synchronous and asynchronous queries
- no socket
- no kernel change

Traditionally, this type of access is done with a library using a socket
or an IPC wich is more difficult to integrate with DAC/MAC, cannot be
isolated with a file namespace and requires special binding for each
langage.

It will allow to implement the tizen privileges defined at
https://www.tizen.org/fr/privilege/ and can be adapted to cynara's
concepts of application-id / user-id.

I propose to simplify the access to cynara by using that model. Each
service, that are needing knowledge of specific privileges, will query
the filesystem. In case of user confirmation, the filesystem will
trigger a special request through a special file.

The special filesystem is currently implemented using FUSE.

For blocking request, the overhead is minimised: only the level 2
function 'access' is needed.

To prove that my proposition is viable, I implemented a secure launcher
using it: https://github.com/jobol/smaunch. That launcher
using extended security attributes set the authorized privileges and use
it to configure Smack rules and the file namespace.

Using Smaunch, I found that the launch time of the process (either
native or HTML5) is about 6.6ms:
- launch of smaunch: 2.6 ms
- reading DB: 0.6 ms
- finding mount points (keyzen-fs and smackfs): 0.4 ms
- setting permission (FUSE): 1.2 ms
- setting smack and isolating file namespace: 1.8 ms

Your feedback is welcome

Best regards
José Bollo





More information about the Dev mailing list