[Dev] enforcing priviliges of web apps

Zhang, Xu U xu.u.zhang at intel.com
Thu May 15 08:33:49 GMT 2014



> -----Original Message-----
> From: Kis, Zoltan [mailto:zoltan.kis at intel.com]
> Sent: Wednesday, May 14, 2014 10:16 PM
> To: José Bollo
> Cc: Lukasz Wojciechowski; Zhang, Xu U; Ohly, Patrick; Huo, Halton; Santos,
> Thiago; dev at lists.tizen.org
> Subject: Re: [Dev] enforcing priviliges of web apps
> 
> On Wed, May 14, 2014 at 5:00 PM, José Bollo <jose.bollo at open.eurogiciel.org>
> wrote:
> > On mer, 2014-05-14 at 16:56 +0300, Kis, Zoltan wrote:
> >> On Wed, May 14, 2014 at 3:50 PM, Lukasz Wojciechowski
> >
> >> > If we follow such design all calls to services will be made by
> >> > browser process and not by application process. It means that
> >> > services won't be able to provide application granularity access
> >> > control because all calls will be made with SMACK label of browser.
> >> > It is a problem.
> >>
> >> Except if the browser / extension process become security enforcement
> >> points, doing the runtime checks.  Since they are different processes
> >> than the the one running the app, they could load a library
> >> implementing the runtime security checks and enforce permission. Of
> >> course then the platform becomes as secure as the browser... but
> >
> > The problem is with accesses to the file system and other "filesystem
> > named" objects: the Smack context will not be the one of the App. That
> > is what explained Rafal.
> >
> 
> In this model, the extension process could check the app identity, manifest,
> security policy, and won't allow access to file system or similar secured objects
> unless the app has permission for it.
> Similarly to the proposed security proxy.
[Zhang Xu ]  For outer-process, extension process has 1:1 map with render process, so it can get app identity and privilege information from DB which contracted during installation. And extension process can do permission check with Cynara. But for in-process extensions, the extension process is browser process which is shared by all apps in one user. I am thinking how to get app id and security context so that to call Cynara to check.   
> 
> Then, by another model, the extension process (one per app/instance), could
> inherit the app identity; then indeed security needs to be enforced at lower
> layers, but then the smack context will be of the app.
[Zhang Xu ] Yes. In per app/instance, the browser process can such security context to check with Cynary.
> 
> Did I misunderstand something? :)
> 
> Best regards,
> Zoltan


More information about the Dev mailing list