[Dev] Understanding Cynara scope.

Schaufler, Casey casey.schaufler at intel.com
Tue May 13 21:44:24 GMT 2014


> -----Original Message-----
> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Patrick Ohly
> Sent: Tuesday, May 13, 2014 5:39 AM
> To: Rafał Krypa
> Cc: dev at lists.tizen.org
> Subject: Re: [Dev] Understanding Cynara scope.
> 
> On Tue, 2014-05-13 at 14:11 +0200, Rafał Krypa wrote:
> > On 2014-05-13 11:36, Counihan, Tom wrote:
> > >
> > > Hi Folks,
> > >
> > >
> > >
> > > Reading all the extensive traffic on the topic, I come away with a vision of
> the Cynara scope.
> > >
> > > I would like to ask the question to get it validated.
> > >
> > >
> > >
> > > Is Cynara’s exclusive goal to service ‘downloadable’ Web applications
> from an ‘app store’?
> > >
> >
> > Let me try to answer that question.
> > The main purpose for Cynara is to implement user space access control
> > between downloadable applications and built-in services. We are
> > considering both web applications and native applications (OSP, or
> > potentially other native app framwork).
> 
> What are your thoughts on Crosswalk in this context (see the "enforcing
> priviliges of web apps" discussion)?
> 
> Your assumption seems to be that each application has its own Unix process;
> at least that's how the methods described under "gather required info"
> sections for D-Bus work. Correct?
> 
> As identified in the other mail thread, Crosswalk itself is not a simple native
> application. Instead it is a system component which hosts multiple other
> downloadable web applications.
> 
> Do you envision Crosswalk calling Cynara to check app privileges?

The Smack label of the task executing the application code
(be it a plugin, separate executable or some other mechanism)
must be set to the label assigned to that application. Once this
is accomplished the services that use Cynara to make application
access checks have the information they need to do so. Crosswalk
need only set the process Smack label before invoking the
application. Crosswalk might need to ask Cynara if it is appropriate
to invoke an application (e.g. if a privilege is required to run during
daylight hours) at all, but I don't believe we have any application
privileges of that sort.

So no, I don't see Crosswalk using Cynara unless Crosswalk
is providing "privileged" services. If Crosswalk is providing
privileged services (which seems unreasonable, but is possible)
it will have to do its part in enforcement. If it is proxying it
will have to either do the enforcement or pass along the
application's credential (Smack label and possibly uid)
information.

It should be pretty simple.

> --
> Best Regards, Patrick Ohly
> 
> The content of this message is my personal opinion only and although I am an
> employee of Intel, the statements I make here in no way represent Intel's
> position on the issue, nor am I authorized to speak on behalf of Intel on this
> matter.
> 
> 
> 
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev


More information about the Dev mailing list