[Dev] Finished the multi-user BT phase1 source code and the related test report

Patrick Ohly patrick.ohly at intel.com
Fri Oct 17 09:04:01 GMT 2014


On Fri, 2014-10-17 at 10:42 +0200, Baptiste Durand wrote:

> Sure All access of platform service should be made trhougth CAPI. (So
> by using framework ONLY)

I don't think using CAPI was mandatory in the past, and I don't remember
any communication that it is mandatory now. It used to be okay to call
Bluez directly and several components do it, so those components will
have to be changed once using the Bluetooth CAPI becomes mandatory.

I'm intentionally not calling out these components here. Coming up with
a complete list is part of the preparations for enforcing access through
the CAPI.

> DBUS service can be protected by Cynara . So direct access to bluez
> can be disallowed easily.
> 
> 
> We have also smack label protection in dbus interface that we can use
> in this case , to allow only bt-service process (Framework processus)
> to use the bluez dbus interfaces.

I know how I would do it. My question was more "does the Bluetooth team
know and will they do it?"

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.





More information about the Dev mailing list