[Dev] Integration of state management in Weston Wayland.

Schaufler, Casey casey.schaufler at intel.com
Tue Oct 7 14:15:38 GMT 2014


> -----Original Message-----
> From: Dominig ar Foll (Intel OTC) [mailto:dominig.arfoll at fridu.net]
> Sent: Tuesday, October 07, 2014 6:56 AM
> To: Schaufler, Casey; dev at lists.tizen.org
> Subject: Re: [Dev] Integration of state management in Weston Wayland.
> 
> 
> > The browser process is a security enforcing component
> > of the system already. It will have all the information
> > required. The browser process can make the security check.


> This is not a security check but rather to pass extra information to
> Weston/Wayland, for the later to report it to Murphy.

My point was that if the browser process has all the information
it can make the check. If it doesn't, of course it can't and the
information needs to be passed on.

> >
> >> In that case the Browser process needs to store the AppID of the
> >> requesting App, pushes it to Weston/Wayland (the preferred mechanism
> >> still needs to be defined).
> > This is also possible. In the browser process:
> >
> > 	Fetch the Smack label for the App (details left as an exercise)
> > 	Set the SMACK64IPOUT attribute on the socket to Weston to that
> > 	Send the request
> >
> > I would suggest that having the browser process do the check
> > is likely to be simpler, perform better and be easier to debug.
> Yes such a model would be nice and "simple" as Crosswalk woudl behave
> like any other Apps.

Hang on. Crosswalk *is not an App*. Crosswalk is a system service that
provides the runtime services for Apps. Let us use the term "App" to
mean the untrusted programs that run at the user's behest. We have
different expectations about Apps than we do about system services.

> >
> >> Depending of the selected model, Weston/Wayland may need to check
> that
> >> the requesting App has the privilege to act as a proxy for a third party
> >> before accepting the request (what would be the case of Crosswalk
> >> rendering process).
> > Does the App have the Proxy privilege? I don't see an issue here.
> > How is this special?

> Issue is not open a hole where any application has a way to make a
> request under an other AppID.
> We can trust Crosswalk but not any other native App.

Native Apps (user programs, not system services) are prevented
from acting as proxies for other Apps by Smack. (We'll ignore the
case of multiple Apps from the same package, shall we?)
If we're talking about system services instead of Apps, we're
talking about a different problem.

> >
> >
> >> Then Weston/Wayland would need to implement a secured and trusted
> >> interface to provide the information to Murphy and accept enforcement
> in
> >> return.
> > OK, sounds like we need a diagram of who I talking to whom.
> > If it turns out to be what I think it is, we may have to raise Murphy's
> > awareness of security attributes.
> Yes.
> 
> 
> Dominig


More information about the Dev mailing list