[Dev] testing cynara

Lukasz Wojciechowski l.wojciechow at partner.samsung.com
Tue May 20 13:57:06 GMT 2014


In bootstrap version of cynara that is already merged on tizen.org, 
privilege checking and installation processes do work.

To install application properly usage of libsecurity-manager-client API 
is needed.
We have provided a patch for wrt-installer 
https://review.tizen.org/gerrit/#/c/20457/ (already review and verified, 
but not merged yet - we are waiting for maintainers move). If 
wrt-installer with that patch is used an installed application will 
inject proper policy for privileges defined in manifest.

This policy can be later checked with libcynara-client.

The only thing You have to remember about is that currently all 
applications are labeled with SMACK label "User" - so defining access to 
some privilege shall grant permission for all applications with that 
label and uninstallation process won't take away rights (as there still 
may be some applications that needs that permission).
Situation should normalize when all applications will receive different 
smack labels (based on package id of an application).

I think this is enough for testing libcynara-client usage for now. I 
don't plan to launch any special test procedures in nearest future.

best wishes
Lukasz

W dniu 2014-05-19 14:02, Patrick Ohly pisze:
> On Mon, 2014-05-19 at 13:39 +0200, Lukasz Wojciechowski wrote:
>> cynara provides two libraries:
>> * libcynara-client - accessible for everybody - just for checking privileges
>> * libcynara-admin - accessible only for privileged processes (probably
>> only for SecurityManager - but it is a topic to discuss) - for managing
>> policies
> Is there (or will there be) a way to set up a test environment where
> Cynara's policy database is populated with some policies and a process
> (ideally a bash shell) runs with reduced privileges?
>
> That will be needed by service developers to check that their Cynara
> calls are working as expected.
>



More information about the Dev mailing list