[Dev] enforcing priviliges of web apps
sakari.poussa at intel.com
Thu May 22 11:15:52 GMT 2014
So you need a list of files the BP touches, right?
I don’t think we have that right now. But I’ll see what we can do.
On 5/22/14, 11:26, "José Bollo" <jose.bollo at open.eurogiciel.org> wrote:
>Thank you for your clear answering that well explains the role of each
>of the 3 parts and the options on how to call Cynara.
>For further investigation on security integration of crosswalk within
>Tizen, there is some more need: we need an explanation on how files
>created, written or read(*) by BP in delegation of RP will deal with the
>Smack labels of files (extended attribute security.SMACK64).
>(*) storage part of W3C
>On gio, 2014-05-22 at 07:53 +0000, Poussa, Sakari wrote:
>> Let me try to clarify how the Crosswalk is planned to integrate into the
>> Tizen cynara system in order to do the API permission checks.
>> First we need context for the terms:
>> Shared Process Model: We have one shared Browser Process (BP) per user.
>> Each individual web application contains render process (RP) and
>> process (EP). This is the high level summary and is adequate for this
>> RP - Sandboxed. Runs blink and JS engine. Contains the W3C APIs. When
>> WebApp issues a W3C API (JS) call which requires access to platform API
>> (e.g. Geolocation) it does IPC to the BP.
>> BP - Not sandboxed. Knows all the details of RPs that are currently
>> running including the application id, smack label, user is, etc. When
>> RP talks to BP via IPC the BP can use the details of the RP to issue
>> cynara checks.
>> EP - No sandboxed. Contains the Tizen Device Web APIs and some
>> experimental W3C draft APIs.
>> So we have two cases. 1) Tizen Device APIs et al which are in the EP and
>> 2) W3C APIs which are in RP+BP, BP being the relevant part here.
>> The plan is to add the API permission checks in the following way:
>> Case 1: Tizen Device APIs et al
>> Since the EP is not sandboxed, it can talk use the libcynara directly or
>> talk to Service API layer, which then talks to cynara. The EP has all
>> information in hand to do so including the smack label, user id and
>> application id.
>> Case 2: W3 APIs
>> Since the RP is sandboxed it can¹t talk to cynara. Instead, the platform
>> API calls are delegated to BP. The BP can then talk to the required
>> services including the cynara. The BP has all the information about the
>> (e.g. Web Application) to do so (see above the BP term description).
>> Hope this clarifies the case.
>> Dev mailing list
>> Dev at lists.tizen.org
More information about the Dev