[Dev] enforcing priviliges of web apps
jussi.laako at linux.intel.com
Wed May 14 13:51:20 GMT 2014
On 13.5.2014 11:30, Patrick Ohly wrote:
> Crosswalk cannot just call a method "do_something(x,y,z)" where x/y/z
> are parameters of this method on the system side. Instead Crosswalk must
> also pass some kind of app ID.
To address this in SSO, we added concept of two layer security context
to the ACL implementation.
For SSO, each security context item is a pair of two items. "System
context" which in case of Smack-enabled system is caller's Smack-label
and in case of traditional Linux system is caller's executable binary
path. And "application context" which is provided by the caller as
auxiliary information and usually identifies for example the script
System context part of the ACL is always enforced first, and if the
system context check passes, then application context is enforced.
This way, even if caller would lie about the application context, it
cannot expand it's privileges outside of it's system context scope which
is independently implemented from the caller.
More information about the Dev