[Dev] Understanding Cynara scope.

Zhang, Xu U xu.u.zhang at intel.com
Mon May 19 10:04:52 GMT 2014



> -----Original Message-----
> From: Lukasz Wojciechowski [mailto:l.wojciechow at partner.samsung.com]
> Sent: Monday, May 19, 2014 5:29 PM
> To: Zhang, Xu U; Kis, Zoltan; José Bollo
> Cc: dev at lists.tizen.org
> Subject: Re: [Dev] Understanding Cynara scope.
> 
> 
> W dniu 2014-05-19 09:09, Zhang, Xu U pisze:
> >
> >> -----Original Message-----
> >> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Lukasz
> >> Wojciechowski
> >> Sent: Thursday, May 15, 2014 8:48 PM
> >> To: Kis, Zoltan; José Bollo
> >> Cc: dev at lists.tizen.org
> >> Subject: Re: [Dev] Understanding Cynara scope.
> >>
> >>
> >> W dniu 2014-05-15 13:59, Kis, Zoltan pisze:
> >>> On Thu, May 15, 2014 at 2:51 PM, José Bollo
> >>> <jose.bollo at open.eurogiciel.org> wrote:
> >>>> On gio, 2014-05-15 at 13:48 +0300, Kis, Zoltan wrote:
> >>>> (snip)
> >>>>
> >>>>> Crosswalk is using separate processes (not threads) for
> >>>>> app/renderer, extension process and browser process. Security
> >>>>> involves the extension process for checks (unless it's done on
> >>>>> lower layers), and the browser process to present user dialog on
> permissions.
> >>>> Zoltan, from my understanding, the user dialog is a separate
> >>>> mechanism that is provided by components of Cynara. This is needed
> >>>> I think for letting privilege managed at a single place with a
> >>>> single visual in a trusted way.
> >>>>
> >>>> So I don't imagine crosswalk being displaying the dialog.
> >>>>
> >>>> Do you agree?
> >>>>
> >>>> What is proposal of cynara developers?
> >> In case of check that will need to popup some dialog for user -
> >> cynara will launch such popup and return answer for check after user
> >> interaction with popup.
> >> Probably in most cases such popup won't be needed as result of check
> >> will be ALLOW or DENY.
> >> All these special policy types other than ALLOW or DENY will be
> >> defined in plugins for cynara.
> >> In currently being merged cynara-bootstrap version You won't find it.
> >> In next stable version (first based on cynara daemon) planned for 1st
> >> half on June You won't find it either.
> >> However it is in scope of our tasks and will be done. I will update
> >> Cynara wiki page when schedule will be more detailed.
> >>
> >> So summing up:
> >> Cynara will be responsible for launching popups if needed.
> > [Zhang Xu ] The popups should be happed on application's installation. Web
> and native app should parser the manifest firstly, and pass the permissions to
> Cynara library to pop up dialog, right?
> I think You think about popups for accepting license and/or privileges defined in
> manifest in installation process. This is a task for installer. It happens before,
> You can use cynara as application is not installed yet and cynara does not know
> anything about policy.
[Zhang Xu ] One question is about the permissions database. Permission database should be set up during installing apps. The DB also need update when 
1. application is updated or renewed
2. user decides to grant/deny access in one session. Permission DB should be updated from "ASK USER" to "ALLOW" or "DENY".
Permission DB should be accessed by installer and services. Should Cynary library provide interface to manage DB?   
> 
> Cynara will take care (by using plugings) of displaying popups when it comes to
> a privilege check for a policy defined as "ASK USER".
> 
[Zhang Xu ] When the first privilege check comes, Cynara need pop up a dialog 
> These are two different situations.
[Zhang Xu ] Yes, you are right. 
> Best wishes
>   Lukasz
> >> Best Wishes
> >> Lukasz
> >>
> >>> Sakari promised to clarify on crosswalk related security issues, if
> >>> he gets some radio silence in order to be able to catch up. Let's
> >>> wait for that :).
> >>>
> >>> Best regards,
> >>> Zoltan
> >>> _______________________________________________
> >>> Dev mailing list
> >>> Dev at lists.tizen.org
> >>> https://lists.tizen.org/listinfo/dev
> >> _______________________________________________
> >> Dev mailing list
> >> Dev at lists.tizen.org
> >> https://lists.tizen.org/listinfo/dev



More information about the Dev mailing list