[Dev] Integration of state management in Weston Wayland.

Schaufler, Casey casey.schaufler at intel.com
Tue Oct 7 13:44:17 GMT 2014


> -----Original Message-----
> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Dominig ar Foll
> (Intel OTC)
> Sent: Tuesday, October 07, 2014 5:33 AM
> To: dev at lists.tizen.org
> Subject: [Dev] Integration of state management in Weston Wayland.
> 
> Hello;
> 
> I would like to bring an architecture topic to the forefront of our
> community.
> 
> In IVI profile there is a strong desire to subcontract the control of
> state change for application to a resource manager (by default Murphy).
> That type of control can be applied to any resource such as the sound
> and graphic.
> In order to deliver the later, Murphy must be able to retrieve the AppID
> associated to a surface.
> 
> Obviously, we would like to create a solution which works for HTML5 and
> Native Apps.
> 
> For native App the model is quite simple in the sense that the App
> requesting the surface to Weston/Wayland is identifiable by it's AppID
> (which equals its Smack label).
> 
> the case of HTML5 is far more "interesting" as shows the bug TC-1691.
> the surface request comes from the Browser process which is common to
> all HTML Apps for a given user.

The browser process is a security enforcing component
of the system already. It will have all the information
required. The browser process can make the security check. 

> In that case the Browser process needs to store the AppID of the
> requesting App, pushes it to Weston/Wayland (the preferred mechanism
> still needs to be defined).

This is also possible. In the browser process:

	Fetch the Smack label for the App (details left as an exercise)
	Set the SMACK64IPOUT attribute on the socket to Weston to that
	Send the request

I would suggest that having the browser process do the check
is likely to be simpler, perform better and be easier to debug.

> Depending of the selected model, Weston/Wayland may need to check that
> the requesting App has the privilege to act as a proxy for a third party
> before accepting the request (what would be the case of Crosswalk
> rendering process).

Does the App have the Proxy privilege? I don't see an issue here.
How is this special?

 
> Then Weston/Wayland would need to implement a secured and trusted
> interface to provide the information to Murphy and accept enforcement in
> return.

OK, sounds like we need a diagram of who I talking to whom.
If it turns out to be what I think it is, we may have to raise Murphy's
awareness of security attributes.

> Your view and idea to solve that issue are welcome.
> 
> Regards
> 
> --
> Dominig ar Foll
> Senior Software Architect
> Open Source Technology Centre
> Intel SSG
> 
> _______________________________________________
> Dev mailing list
> Dev at lists.tizen.org
> https://lists.tizen.org/listinfo/dev


More information about the Dev mailing list