[Dev] Understanding Cynara scope.

Schaufler, Casey casey.schaufler at intel.com
Wed May 14 15:16:56 GMT 2014


> -----Original Message-----
> From: Patrick Ohly [mailto:patrick.ohly at intel.com]
> Sent: Wednesday, May 14, 2014 12:24 AM
> To: Schaufler, Casey
> Cc: Rafał Krypa; dev at lists.tizen.org; Oda, Terri
> Subject: Re: [Dev] Understanding Cynara scope.
> 
> On Tue, 2014-05-13 at 21:44 +0000, Schaufler, Casey wrote:
> > The Smack label of the task executing the application code
> > (be it a plugin, separate executable or some other mechanism)
> > must be set to the label assigned to that application. Once this
> > is accomplished the services that use Cynara to make application
> > access checks have the information they need to do so. Crosswalk
> > need only set the process Smack label before invoking the
> > application.
> 
> This assumes that Crosswalk runs a separate process for each
> application, doesn't it? That assumption has pretty much been shown to
> not hold.

You can't seriously be suggesting that TwitterBirds and
BankOfElbonia run in the same thread at the same time.
Thread reuse is acceptable so long as the environment
is appropriately reset between applications. (I personally
find the practice abhorrent. We have fork() and exec()
for good reasons.) 

> > So no, I don't see Crosswalk using Cynara unless Crosswalk
> > is providing "privileged" services. If Crosswalk is providing
> > privileged services (which seems unreasonable, but is possible)
> > it will have to do its part in enforcement. If it is proxying it
> > will have to either do the enforcement or pass along the
> > application's credential (Smack label and possibly uid)
> > information.
> >
> > It should be pretty simple.
> 
> Then how can Crosswalk pass along the application's credentials to a
> D-Bus service such that the D-Bus service can a) receive them and b)
> trust the information?

That is going to depend on what sits between BankOfElbonia
and the dbus socket. The thread BankOfElbonia is going to run
in will run with the application's Smack label. This is not negotiable.
If that thread accesses the dbus socket the credentials are
readily available. If there is an intermediary thread the
intermediary must either mascaraed as the application
(run with the same Smack label and UID as the application)
or do the privilege checking itself, and have access to the dbus
interface.


> Can someone explain the details and come up with the necessary software
> patches? Perhaps it's simple technically, but if no-one can do that for
> other reasons (perhaps because he or she has no time), then it is a hard
> problem for the project.

I'm sorry, but there is more going on here than we're
going to fix on a mailing list. We need to sit down with the
code and figure out what you have done. The questions
you are asking are scaring me a little. I understand that
Crosswalk is a sophisticated system in its own right. There
is no way to address some of what you're asking without
understanding what you're trying to accomplish.

> 
> --
> Best Regards, Patrick Ohly
> 
> The content of this message is my personal opinion only and although
> I am an employee of Intel, the statements I make here in no way
> represent Intel's position on the issue, nor am I authorized to speak
> on behalf of Intel on this matter.
> 
> 



More information about the Dev mailing list