[Dev] Gumd and security-manager integration
r.krypa at samsung.com
Tue Oct 7 10:47:07 GMT 2014
I am responsible for a Tizen component for handling configuration of security mechanisms, called security-manager. It is supposed to handle application and user privileges by proper setting of Smack, Cynara and DAC configuration. It's aim is to provide abstract functions to application framework,
hiding security logic inside.
Recently we have started integration of security-manager with gumd. There are few actions that must be taken when user is created or removed. For example, user removal should be followed by removing Cynara policy for that user. Several approaches for this were considered. Security-manager can listen
for dbus broadcasts from gumd, but there is a possibility of missing them (e.g. during unexpected system power off). It seems that proposal for hook support in gumd failed, so we cannot rely on this either.
I have an idea for doing it better that I'd like to discuss: provide user management API in security-manager and let security-manager call gumd. This is consistent with the general concept for security-manager and would add just one more security mechanism for it to handle. Then all Tizen logic for
user management could be implemented there, keeping gumd generic and free of Tizen-specific hacks. Consistency of user configuration would be easy to handle.
What do you think about it? Please share your comments.
More information about the Dev