[Dev] enforcing priviliges of web apps

Poussa, Sakari sakari.poussa at intel.com
Thu May 22 07:53:03 GMT 2014


All,

Let me try to clarify how the Crosswalk is planned to integrate into the
Tizen cynara system in order to do the API permission checks.

First we need context for the terms:

Shared Process Model: We have one shared Browser Process (BP) per user.
Each individual web application contains render process (RP) and extension
process (EP). This is the high level summary and is adequate for this
discussion.

RP - Sandboxed. Runs blink and JS engine. Contains the W3C APIs. When the
WebApp issues a W3C API (JS) call which requires access to platform API
(e.g. Geolocation) it does IPC to the BP.

BP - Not sandboxed. Knows all the details of RPs that are currently
running including the application id, smack label, user is, etc. When the
RP talks to BP via IPC the BP can use the details of the RP to issue
cynara checks.

EP - No sandboxed. Contains the Tizen Device Web APIs and some
experimental W3C draft APIs.

So we have two cases. 1) Tizen Device APIs et al which are in the EP and
2) W3C APIs which are in RP+BP, BP being the relevant part here.

The plan is to add the API permission checks in the following way:

Case 1: Tizen Device APIs et al

Since the EP is not sandboxed, it can talk use the libcynara directly or
talk to Service API layer, which then talks to cynara. The EP has all the
information in hand to do so including the smack label, user id and
application id.

Case 2: W3 APIs


Since the RP is sandboxed it can¹t talk to cynara. Instead, the platform
API calls are delegated to BP. The BP can then talk to the required
services including the cynara. The BP has all the information about the RP
(e.g. Web Application) to do so (see above the BP term description).

Hope this clarifies the case.

Sakari



More information about the Dev mailing list