[Dev] enforcing priviliges of web apps

Poussa, Sakari sakari.poussa at intel.com
Thu May 22 11:15:52 GMT 2014


Jose,

So you need a list of files the BP touches, right?

I don’t think we have that right now. But I’ll see what we can do.

Sakari

On 5/22/14, 11:26, "José Bollo" <jose.bollo at open.eurogiciel.org> wrote:

>Hi Sakari,
>
>Thank you for your clear answering that well explains the role of each
>of the 3 parts and the options on how to call Cynara.
>
>For further investigation on security integration of crosswalk within
>Tizen, there is some more need: we need an explanation on how files
>created, written or read(*) by BP in delegation of RP will deal with the
>Smack labels of files (extended attribute security.SMACK64).
>
>Best regards
>José Bollo
>
>(*) storage part of W3C
>https://developer.tizen.org/dev-guide/2.2.1/org.tizen.web.w3c.apireference
>/w3c_api.html
>
>
>
>On gio, 2014-05-22 at 07:53 +0000, Poussa, Sakari wrote:
>> All,
>> 
>> Let me try to clarify how the Crosswalk is planned to integrate into the
>> Tizen cynara system in order to do the API permission checks.
>> 
>> First we need context for the terms:
>> 
>> Shared Process Model: We have one shared Browser Process (BP) per user.
>> Each individual web application contains render process (RP) and
>>extension
>> process (EP). This is the high level summary and is adequate for this
>> discussion.
>> 
>> RP - Sandboxed. Runs blink and JS engine. Contains the W3C APIs. When
>>the
>> WebApp issues a W3C API (JS) call which requires access to platform API
>> (e.g. Geolocation) it does IPC to the BP.
>> 
>> BP - Not sandboxed. Knows all the details of RPs that are currently
>> running including the application id, smack label, user is, etc. When
>>the
>> RP talks to BP via IPC the BP can use the details of the RP to issue
>> cynara checks.
>> 
>> EP - No sandboxed. Contains the Tizen Device Web APIs and some
>> experimental W3C draft APIs.
>> 
>> So we have two cases. 1) Tizen Device APIs et al which are in the EP and
>> 2) W3C APIs which are in RP+BP, BP being the relevant part here.
>> 
>> The plan is to add the API permission checks in the following way:
>> 
>> Case 1: Tizen Device APIs et al
>> 
>> Since the EP is not sandboxed, it can talk use the libcynara directly or
>> talk to Service API layer, which then talks to cynara. The EP has all
>>the
>> information in hand to do so including the smack label, user id and
>> application id.
>> 
>> Case 2: W3 APIs
>> 
>> 
>> Since the RP is sandboxed it can¹t talk to cynara. Instead, the platform
>> API calls are delegated to BP. The BP can then talk to the required
>> services including the cynara. The BP has all the information about the
>>RP
>> (e.g. Web Application) to do so (see above the BP term description).
>> 
>> Hope this clarifies the case.
>> 
>> Sakari
>> 
>> _______________________________________________
>> Dev mailing list
>> Dev at lists.tizen.org
>> https://lists.tizen.org/listinfo/dev
>
>



More information about the Dev mailing list