[Dev] enforcing priviliges of web apps

Kis, Zoltan zoltan.kis at intel.com
Wed May 14 14:16:17 GMT 2014


On Wed, May 14, 2014 at 5:00 PM, José Bollo
<jose.bollo at open.eurogiciel.org> wrote:
> On mer, 2014-05-14 at 16:56 +0300, Kis, Zoltan wrote:
>> On Wed, May 14, 2014 at 3:50 PM, Lukasz Wojciechowski
>
>> > If we follow such design all calls to services will be made by browser
>> > process and not by application process. It means that services won't be able
>> > to provide application granularity access control because all calls will be
>> > made with SMACK label of browser.
>> > It is a problem.
>>
>> Except if the browser / extension process become security enforcement
>> points, doing the runtime checks.  Since they are different processes
>> than the the one running the app, they could load a library
>> implementing the runtime security checks and enforce permission. Of
>> course then the platform becomes as secure as the browser... but
>
> The problem is with accesses to the file system and other "filesystem
> named" objects: the Smack context will not be the one of the App. That
> is what explained Rafal.
>

In this model, the extension process could check the app identity,
manifest, security policy, and won't allow access to file system or
similar secured objects unless the app has permission for it.
Similarly to the proposed security proxy.

Then, by another model, the extension process (one per app/instance),
could inherit the app identity; then indeed security needs to be
enforced at lower layers, but then the smack context will be of the
app.

Did I misunderstand something? :)

Best regards,
Zoltan


More information about the Dev mailing list