[Dev] enforcing priviliges of web apps
jose.bollo at open.eurogiciel.org
Wed May 14 14:00:30 GMT 2014
On mer, 2014-05-14 at 16:56 +0300, Kis, Zoltan wrote:
> On Wed, May 14, 2014 at 3:50 PM, Lukasz Wojciechowski
> > If we follow such design all calls to services will be made by browser
> > process and not by application process. It means that services won't be able
> > to provide application granularity access control because all calls will be
> > made with SMACK label of browser.
> > It is a problem.
> Except if the browser / extension process become security enforcement
> points, doing the runtime checks. Since they are different processes
> than the the one running the app, they could load a library
> implementing the runtime security checks and enforce permission. Of
> course then the platform becomes as secure as the browser... but
The problem is with accesses to the file system and other "filesystem
named" objects: the Smack context will not be the one of the App. That
is what explained Rafal.
> Chromium security is rather high.
Maybe... Until the next hole...
> Best regards,
More information about the Dev