[Dev] Simplifying access to a privilege manager using a virtual filesystem

Łukasz Stelmach l.stelmach at samsung.com
Mon Apr 28 08:30:31 GMT 2014


It was <2014-04-25 pią 18:11>, when Lukasz Wojciechowski wrote:
> Date: Thu, 24 Apr 2014 11:49:33 +0200
> From: José Bollo <jobol at nonadev.net>
> Message-ID: <1398332973.4522.48.camel at intel06.vannes>
>>
>> I finalized the proof of concept called 'keyzen' that you will find on
>> github https://github.com/jobol/keyzen
>>
>> The advantages of using a filesystem to manage the privileges to access
>> the API are:
>> - it's fast

I don't expect much from FUSE performancewise.

>> - it could be linked tightly to LSM smack

If done in kernel which.

>> - it benefits of accesses control (DAC/MAC) and file namespace

I am afraid that the concept of privileges poorly maps to DAC/MAC
models.

>> Traditionally, this type of access is done with a library using a socket
>> or an IPC wich is more difficult to integrate with DAC/MAC, cannot be
>> isolated with a file namespace and requires special binding for each
>> langage.
>>
>> It will allow to implement the tizen privileges defined at
>> https://www.tizen.org/fr/privilege/ and can be adapted to cynara's
>> concepts of application-id / user-id.
>>
>> I propose to simplify the access to cynara by using that model. Each
>> service, that are needing knowledge of specific privileges, will query
>> the filesystem. In case of user confirmation, the filesystem will
>> trigger a special request through a special file.
>>
[...]
> Keyzen seems to be a good and fast solution, but I don't know if it
> fits Tizen requirements.
>
> Let me point some concerns:
>
> 1. multiuser
> Keeping policies as files and protecting it with Smack won't solve
> multiuser problem as we cannot constraint access to same file /
> directory with Smack for different users.
> There are two ways of doing it:
> a) we can do it with DAC - just imagine amount of groups that need to
> be created and managed for maintain security

Please remember that you do not need to "create" groups actually to use
them. Groups are just integers and you can use all integers available
for the system as group ids. What you refer to as "creating groups" is
adding mappings between names and numbers in some database
(e.g. /etc/groups). Do you need such mappings?

[...]

>
> 2. containers
> One of Tizen 3.0 requirements is allowing to run applications in
> separate containers. It won't be possible to provide access to
> filesystem between host and containers. Here again some service
> providing secure IPC interface is needed.

Why would bind-mounts not work?

-- 
Łukasz Stelmach
Samsung R&D Institute Poland
Samsung Electronics
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 489 bytes
Desc: not available
URL: <http://lists.tizen.org/pipermail/dev/attachments/20140428/02aef27a/attachment.sig>


More information about the Dev mailing list