[Dev] Which Com are used to implement services required by WebAPI. - MessagePort
amarnath.valluri at linux.intel.com
Fri May 16 07:12:51 GMT 2014
On 05/15/2014 07:01 PM, Rafał Krypa wrote:
> On 2014-05-15 10:19, Amarnath Valluri wrote:
>> On 05/15/2014 10:27 AM, Patrick Ohly wrote:
>>> On Thu, 2014-05-15 at 10:09 +0300, Amarnath Valluri wrote:
>>>> Hi Domining,
>>>> MessagePort WebAPI on Tizen IVI is not using '
>>>> platform/core/appfw/message-port', instead it uses :
>>>> platfrom/ivi/message-port, which is peer-to-peer DBus based
>>> Out of curiosity, and because it is relevant for the security
>>> discussion: can you describe the data flow from Web App through
>>> Crosswalk to a native app listening on a message port? In particular,
>>> which Crosswalk process is contacting the native side, which Smack
>>> does it have, and where is D-Bus involved in this?
>> The backend messageport daemon works just as a proxy between two
>> All Tizen applications which required to exchange data via
>> MessagePort will open a connection with the daemon.
>> It treats both Native and Web applications same.
>> In crosswalk the xwalk extension process requests(via peer-to-peer
>> dbus socket) the 'messageportd'
>> on behalf of web app to send message-data to peer(running)
>> application. Then the messageport daemon
>> finds the right 'client' based on the requested 'app-id', and signals
>> the app with the message data.
> Does messageport implement any kind of policy, deciding which
> application is able to contact which?
> If there is, it should probably switch to use Cynaraas a source of
> policy.If there isn't such thing, I'd like to suggest a discussion
> about needs and possible ways for implementing it.
Currently, Messageport daemon is not doing any policy check/decisions
except for trusted message ports, which are only accessed by
applications signed with same certificate. Other than this it merely
acts as a proxy, where any application can use this service to exchange
messages. And I think the messageport daemon has not enough information
to do such validation, I assume its handled by applications which
publish the services using this messageport service.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev