[Dev] enforcing priviliges of web apps (was: Re: New Tizen Bluetooth Framwork (NTB) wiki page)

Patrick Ohly patrick.ohly at intel.com
Tue May 13 09:16:18 GMT 2014


On Tue, 2014-05-13 at 10:49 +0200, José Bollo wrote:
> On mar, 2014-05-13 at 10:30 +0200, Patrick Ohly wrote:
> > I understand and agree that the system needs to enforce privileges. But
> > if all Web apps run in the same Crosswalk process, doesn't that force
> > Crosswalk to become a trusted part of the system?
> 
> Hi,
> 
> The process model of Crosswalk is more complicated: IIRC, for one
> application, 2 processes are launched. The launcher (aul, aul-ng) will
> take care to set good ids and context to these processes.

So Crosswalk will not be "having a single Web process for all App"?

They key question is: will a service contacted by Crosswalk via D-Bus be
able to identify which app it is servicing?

> > It can't delegate the enforcement to the rest of the system, because
> > that rest will just see one process making various requests, without
> > being able to tell on behalf of which app that request was made.
> > 
> > Cynara as discussed so far on this list does not cover this.
> 
> right but is it needed?

That depends on who is expected to do the enforcement (D-Bus services or
some proxy) and whether we need to accommodate for a single process
hosting multiple apps.

> (*) Are native apps to be supported? The answer seems to depend on the
> people you are asking. For me the answer is yes because it is harder to
> secure.

I agree, there doesn't seem to be a consensus here. Not only is it
uncertain whether it is needed, it is also unclear which APIs need to be
available to native apps.

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.





More information about the Dev mailing list