[Dev] enforcing priviliges of web apps

Patrick Ohly patrick.ohly at intel.com
Thu May 15 10:08:31 GMT 2014

On Thu, 2014-05-15 at 08:55 +0000, Zhang, Xu U wrote:
> > -----Original Message-----
> > From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Patrick Ohly
> > Sent: Wednesday, May 14, 2014 11:02 PM
> > To: Jussi Laako
> > Cc: dev at lists.tizen.org
> > Subject: Re: [Dev] enforcing priviliges of web apps
> > 
> > On Wed, 2014-05-14 at 17:41 +0300, Jussi Laako wrote:
> > > On 14.5.2014 17:06, Patrick Ohly wrote:
> > > > The problem remains that the current D-Bus mechanism does not allow
> > > > passing this extra information.
> > >
> > > We just included appctx as part of our dbus API.
> > 
> > That works because you have full control over the D-Bus API. It does not work
> > when trying to add access control to an existing API, because it would break
> > the API for apps already using it.
> > 
> > At the moment, the patched dbus-daemon will tell clients when (and only
> > when) they ask what the application context of a certain peer is (via
> > GetConnectionSmackContext). This information is not part of the message
> > itself. I don't know how extensible the on-the-wire D-Bus message format is.
> > Perhaps it would be possible to extend the header such that the extra
> > information can be added without affecting parsing by D-Bus clients which are
> > not aware of this extension.
> > 
> > This does not address the file access issues pointed out by Rafał, which IMHO
> > is the bigger issue.
> > 
> > My feeling at the moment is that several interested bystanders (me
> > included) speculate about how Crosswalk could be secured, but do we have the
> > actual decision makers and implementers involved, too? Who owns security of
> > the web runtime?
> [Zhang Xu ] Patrick, Bai (who has left Intel) and I have designed
> crosswalk API permission control. The doc is here
> https://docs.google.com/a/intel.com/document/d/137u_gxmNaIFwVzaCkCFBJyveIdZxuAydWOkMI8oWgD0/edit
> and the implementation is done. I am informed that all web device APIs
> implementation should use Cynara’s service API directly. So the design
> will be dropped from web runtime side. 
> I will implement crosswalk runtime security issues.

So just to confirm the part that is relevant for developers of system
services: when they implement a privilege check using Cynara (as they
have to, because there might be native apps talking to them), then they
will see a Crosswalk process that Cynara grants access for?

Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.

More information about the Dev mailing list