[Dev] [Cynara] Async admin API proposal

Oda, Terri terri.oda at intel.com
Wed Aug 27 17:03:27 GMT 2014


On Tue, Aug 26, 2014 at 10:03 PM, Lukasz Wojciechowski <
l.wojciechow at partner.samsung.com> wrote:

>
> For installation and launching purposes crosswalk should use
> libsecurity-manager-client API instead of direct cynara API.
> SecurityManager is responsible for setting up cynara policy. It has API
> for installation and launching applications ready.
>
> but ...
> as far as I know, I think it will need also cynara client API in browser
> process in order to check if running applications have proper privileges to
> resources that are accessed by browser process.
> Check is needed, because a browser process will run an action in the name
> of application, so some system service (managing resource) will recognize
> crosswalk's browser process as client.
> It is crosswalk responsibility to check if application is allowed to
> access resource.
>
> Could You check if synchronous or asynchronous cynara API would fit better
> for that task in browser process ?
>

To be honest, at this point I'm not sure I know enough about where the
checks will need to go in the browser process to answer the question
definitively.  I've only looked through the installer code in any sort of
depth.

So perhaps it's better to ask someone who's more familiar with the
internals of crosswalk: Xu & Sakari, do you know where in the browser code
we'll need those checks?  I know last time we talked, it looked most of the
APIs were going through the extension process, which meant that they'd be
running with an appropriate application label and the services themselves
should enforce any policy set on Tizen.  But I believe there will still
some necessary checks in the browser process (which runs under a different
label than the individual applications), I just don't know which APIs are
being handled through the browser and where precisely use of those APIs is
enforced.

 Terri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20140827/c52fb568/attachment.html>


More information about the Dev mailing list