[Dev] testing cynara
l.wojciechow at partner.samsung.com
Tue May 20 13:57:06 GMT 2014
In bootstrap version of cynara that is already merged on tizen.org,
privilege checking and installation processes do work.
To install application properly usage of libsecurity-manager-client API
We have provided a patch for wrt-installer
https://review.tizen.org/gerrit/#/c/20457/ (already review and verified,
but not merged yet - we are waiting for maintainers move). If
wrt-installer with that patch is used an installed application will
inject proper policy for privileges defined in manifest.
This policy can be later checked with libcynara-client.
The only thing You have to remember about is that currently all
applications are labeled with SMACK label "User" - so defining access to
some privilege shall grant permission for all applications with that
label and uninstallation process won't take away rights (as there still
may be some applications that needs that permission).
Situation should normalize when all applications will receive different
smack labels (based on package id of an application).
I think this is enough for testing libcynara-client usage for now. I
don't plan to launch any special test procedures in nearest future.
W dniu 2014-05-19 14:02, Patrick Ohly pisze:
> On Mon, 2014-05-19 at 13:39 +0200, Lukasz Wojciechowski wrote:
>> cynara provides two libraries:
>> * libcynara-client - accessible for everybody - just for checking privileges
>> * libcynara-admin - accessible only for privileged processes (probably
>> only for SecurityManager - but it is a topic to discuss) - for managing
> Is there (or will there be) a way to set up a test environment where
> Cynara's policy database is populated with some policies and a process
> (ideally a bash shell) runs with reduced privileges?
> That will be needed by service developers to check that their Cynara
> calls are working as expected.
More information about the Dev