[Dev] Understanding Cynara scope.

Lukasz Wojciechowski l.wojciechow at partner.samsung.com
Mon May 19 11:39:31 GMT 2014


W dniu 2014-05-19 12:04, Zhang, Xu U pisze:
>
>> -----Original Message-----
>> From: Lukasz Wojciechowski [mailto:l.wojciechow at partner.samsung.com]
>> Sent: Monday, May 19, 2014 5:29 PM
>> To: Zhang, Xu U; Kis, Zoltan; José Bollo
>> Cc: dev at lists.tizen.org
>> Subject: Re: [Dev] Understanding Cynara scope.
>>
>>
>> W dniu 2014-05-19 09:09, Zhang, Xu U pisze:
>>>> -----Original Message-----
>>>> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Lukasz
>>>> Wojciechowski
>>>> Sent: Thursday, May 15, 2014 8:48 PM
>>>> To: Kis, Zoltan; José Bollo
>>>> Cc: dev at lists.tizen.org
>>>> Subject: Re: [Dev] Understanding Cynara scope.
>>>>
>>>>
>>>> W dniu 2014-05-15 13:59, Kis, Zoltan pisze:
>>>>> On Thu, May 15, 2014 at 2:51 PM, José Bollo
>>>>> <jose.bollo at open.eurogiciel.org> wrote:
>>>>>> On gio, 2014-05-15 at 13:48 +0300, Kis, Zoltan wrote:
>>>>>> (snip)
>>>>>>
>>>>>>> Crosswalk is using separate processes (not threads) for
>>>>>>> app/renderer, extension process and browser process. Security
>>>>>>> involves the extension process for checks (unless it's done on
>>>>>>> lower layers), and the browser process to present user dialog on
>> permissions.
>>>>>> Zoltan, from my understanding, the user dialog is a separate
>>>>>> mechanism that is provided by components of Cynara. This is needed
>>>>>> I think for letting privilege managed at a single place with a
>>>>>> single visual in a trusted way.
>>>>>>
>>>>>> So I don't imagine crosswalk being displaying the dialog.
>>>>>>
>>>>>> Do you agree?
>>>>>>
>>>>>> What is proposal of cynara developers?
>>>> In case of check that will need to popup some dialog for user -
>>>> cynara will launch such popup and return answer for check after user
>>>> interaction with popup.
>>>> Probably in most cases such popup won't be needed as result of check
>>>> will be ALLOW or DENY.
>>>> All these special policy types other than ALLOW or DENY will be
>>>> defined in plugins for cynara.
>>>> In currently being merged cynara-bootstrap version You won't find it.
>>>> In next stable version (first based on cynara daemon) planned for 1st
>>>> half on June You won't find it either.
>>>> However it is in scope of our tasks and will be done. I will update
>>>> Cynara wiki page when schedule will be more detailed.
>>>>
>>>> So summing up:
>>>> Cynara will be responsible for launching popups if needed.
>>> [Zhang Xu ] The popups should be happed on application's installation. Web
>> and native app should parser the manifest firstly, and pass the permissions to
>> Cynara library to pop up dialog, right?
>> I think You think about popups for accepting license and/or privileges defined in
>> manifest in installation process. This is a task for installer. It happens before,
>> You can use cynara as application is not installed yet and cynara does not know
>> anything about policy.
> [Zhang Xu ] One question is about the permissions database. Permission database should be set up during installing apps. The DB also need update when
> 1. application is updated or renewed
> 2. user decides to grant/deny access in one session. Permission DB should be updated from "ASK USER" to "ALLOW" or "DENY".
> Permission DB should be accessed by installer and services. Should Cynary library provide interface to manage DB?
cynara provides two libraries:
* libcynara-client - accessible for everybody - just for checking privileges
* libcynara-admin - accessible only for privileged processes (probably 
only for SecurityManager - but it is a topic to discuss) - for managing 
policies

>> Cynara will take care (by using plugings) of displaying popups when it comes to
>> a privilege check for a policy defined as "ASK USER".
>>
> [Zhang Xu ] When the first privilege check comes, Cynara need pop up a dialog
Yes - if there is a policy defined such way that it needs to ask user - 
cynara will show such popup
>> These are two different situations.
> [Zhang Xu ] Yes, you are right.
>> Best wishes
>>    Lukasz
>>>> Best Wishes
>>>> Lukasz
>>>>
>>>>> Sakari promised to clarify on crosswalk related security issues, if
>>>>> he gets some radio silence in order to be able to catch up. Let's
>>>>> wait for that :).
>>>>>
>>>>> Best regards,
>>>>> Zoltan
>>>>> _______________________________________________
>>>>> Dev mailing list
>>>>> Dev at lists.tizen.org
>>>>> https://lists.tizen.org/listinfo/dev
>>>> _______________________________________________
>>>> Dev mailing list
>>>> Dev at lists.tizen.org
>>>> https://lists.tizen.org/listinfo/dev



More information about the Dev mailing list