[Dev] enforcing priviliges of web apps

José Bollo jose.bollo at open.eurogiciel.org
Thu May 22 08:26:40 GMT 2014


Hi Sakari,

Thank you for your clear answering that well explains the role of each
of the 3 parts and the options on how to call Cynara.

For further investigation on security integration of crosswalk within
Tizen, there is some more need: we need an explanation on how files
created, written or read(*) by BP in delegation of RP will deal with the
Smack labels of files (extended attribute security.SMACK64).

Best regards
José Bollo

(*) storage part of W3C
https://developer.tizen.org/dev-guide/2.2.1/org.tizen.web.w3c.apireference/w3c_api.html



On gio, 2014-05-22 at 07:53 +0000, Poussa, Sakari wrote:
> All,
> 
> Let me try to clarify how the Crosswalk is planned to integrate into the
> Tizen cynara system in order to do the API permission checks.
> 
> First we need context for the terms:
> 
> Shared Process Model: We have one shared Browser Process (BP) per user.
> Each individual web application contains render process (RP) and extension
> process (EP). This is the high level summary and is adequate for this
> discussion.
> 
> RP - Sandboxed. Runs blink and JS engine. Contains the W3C APIs. When the
> WebApp issues a W3C API (JS) call which requires access to platform API
> (e.g. Geolocation) it does IPC to the BP.
> 
> BP - Not sandboxed. Knows all the details of RPs that are currently
> running including the application id, smack label, user is, etc. When the
> RP talks to BP via IPC the BP can use the details of the RP to issue
> cynara checks.
> 
> EP - No sandboxed. Contains the Tizen Device Web APIs and some
> experimental W3C draft APIs.
> 
> So we have two cases. 1) Tizen Device APIs et al which are in the EP and
> 2) W3C APIs which are in RP+BP, BP being the relevant part here.
> 
> The plan is to add the API permission checks in the following way:
> 
> Case 1: Tizen Device APIs et al
> 
> Since the EP is not sandboxed, it can talk use the libcynara directly or
> talk to Service API layer, which then talks to cynara. The EP has all the
> information in hand to do so including the smack label, user id and
> application id.
> 
> Case 2: W3 APIs
> 
> 
> Since the RP is sandboxed it can¹t talk to cynara. Instead, the platform
> API calls are delegated to BP. The BP can then talk to the required
> services including the cynara. The BP has all the information about the RP
> (e.g. Web Application) to do so (see above the BP term description).
> 
> Hope this clarifies the case.
> 
> Sakari
> 
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev




More information about the Dev mailing list