[Dev] enforcing priviliges of web apps
jussi.laako at linux.intel.com
Wed May 14 14:41:43 GMT 2014
On 14.5.2014 17:06, Patrick Ohly wrote:
> With Cynara, that would imply first checking with the application
> context retrieved securely (as defined in the Cynara Wiki), and then
> checking once more with the application context provided by the caller.
I think Cynara should also separate system context and application
context like we did. Thus first check for example if caller process
"crosswalk" (runtime) is allowed to access the interface and then check
if the application context (running inside the runtime) provided by the
runtime is allowed to access.
This way if necessary you can revoke entire crosswalk's access to
interface regardless of the application it is running.
> The problem remains that the current D-Bus mechanism does not allow
> passing this extra information.
We just included appctx as part of our dbus API.
More information about the Dev