[Dev] Understanding Cynara scope.
casey.schaufler at intel.com
Tue May 13 22:22:05 GMT 2014
From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Counihan, Tom
Sent: Tuesday, May 13, 2014 2:36 AM
To: dev at lists.tizen.org
Subject: [Dev] Understanding Cynara scope.
Reading all the extensive traffic on the topic, I come away with a vision of the Cynara scope.
I would like to ask the question to get it validated.
Is Cynara's exclusive goal to service 'downloadable' Web applications from an 'app store'?
That is certainly the primary goal. It's the driving force behind Cynara, but is not the only goal. Cynara is a mechanism that allows a system service providing a "privileged" resource to determine if the process requesting access to the resource should be allowed the access. It works just as well for installed applications as it does for downloaded applications so long as the Smack label the application runs with and the privileges associated with the application are known to Cynara.
The question is not the sort of application, but the sort of resource. We're protecting abstract application level resources that are provided by services. So long as there is a reliable identifier (Smack label) that can be used for the decision we're not much concerned with how the requester came into being.
The application downloader will populate Cynara data it will use to make the decision. That does not mean there can be no other mechanism for providing that data.
I'm inferring this from statements like
"The application, we'll call it A, is downloaded and installed at the user's request"
"In my current understanding, Cynara is targeted at web apps which run inside a controlled environment already (the web runtime) and can only access the host through these services"
"That's the whole reason that we need Cynara, so that the abstract "privileges" these apps are required to be allowed can be managed."
"> I still wonder whether we can apply the same concepts and mechanisms
> for app store apps also to system apps. Let's ignore that for now, though.
Of course we can. The biggest problem is that it would require changing programs that we're getting from the community, and we don't generally want to change them (for a number of reasons) if we can avoid it.."
As you can see I am attempting to decipher conversation that leads me to a perspective on what is in/out of Cynara scope in the absence of an explicit statement describing this.
What I am missing is an express statement as to what Cynara is focused on servicing and what it is not.
I ventured over to Jira - https://bugs.tizen.org/jira/browse/PTF-198 - and get this "Services that are being used by applications need to control if the caller has sufficient privileges to call each API.", which is reaffirmed in the Cynara wiki. The terminology "application" in this context is ambiguous - it could mean exclusively downloadable we apps, or also additionally mean what Patrick calls "System Apps".
If I understand the Smack Three Domain model, it identifies a "User domain is comprised of the services that interact directly with the person using the Tizen system and the data those services maintain".
If I apply my understanding to the terminology on the Cynara thread, I could infer that the project is exclusively focused on servicing Downloadable web applications that use this user domain - correct?
Can someone help me here?
Automotive Solutions Division (ASD)
Tel : +353 61 477718
Intel Shannon Limited
Registered in Ireland
Registered Office: Collinstown Industrial Park, Leixlip, County Kildare
Registered Number: 308263
Business address: Dromore House, East Park, Shannon, Co. Clare
This e-mail and any attachments may contain confidential material for the sole use of the intended recipient(s). Any review or distribution by others is strictly prohibited. If you are not the intended recipient, please contact the sender and delete all copies.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev