[Dev] enforcing priviliges of web apps

Jussi Laako jussi.laako at linux.intel.com
Wed May 14 13:51:20 GMT 2014

On 13.5.2014 11:30, Patrick Ohly wrote:
> Crosswalk cannot just call a method "do_something(x,y,z)" where x/y/z
> are parameters of this method on the system side. Instead Crosswalk must
> also pass some kind of app ID.

To address this in SSO, we added concept of two layer security context 
to the ACL implementation.

For SSO, each security context item is a pair of two items. "System 
context" which in case of Smack-enabled system is caller's Smack-label 
and in case of traditional Linux system is caller's executable binary 
path. And "application context" which is provided by the caller as 
auxiliary information and usually identifies for example the script 
being executed.

System context part of the ACL is always enforced first, and if the 
system context check passes, then application context is enforced.

This way, even if caller would lie about the application context, it 
cannot expand it's privileges outside of it's system context scope which 
is independently implemented from the caller.

More information about the Dev mailing list