[Dev] Tizen 3.0 Core privilege list

Zhang, Xu U xu.u.zhang at intel.com
Thu Oct 30 08:44:38 GMT 2014


Bumjin,

Thanks for the explanations. Because privilege items will impact on what module APIs should be checked in Crosswalk runtime, I want to make clear whether logic for these items are needed in Crosswalk. If fullscreen and unlimitedstorage privileges make no sense, Crosswalk needn't add extra code for these modules checking. 

By the way, I can't see why fullscreen matters security reason.

Thanks    
Zhang Xu
> -----Original Message-----
> From: Bumjin Im [mailto:bj.im at samsung.com]
> Sent: Thursday, October 30, 2014 4:24 PM
> To: Zhang, Xu U; dev at lists.tizen.org
> Cc: Tomasz Swierczek
> Subject: Re: Re: [Dev] Tizen 3.0 Core privilege list
> 
> Hi,
> 
> mediacapture is equivalent to http://tizen.org/privilege/recorder. The name is
> somewhat different, but they behave same.
> unlimitedstorage doesn't make sense to native perspective because the
> privilege allows to create a file which can be bigger than some
> pre-defined(maybe 5MB?) size. In native, you can create and write files with
> open(), and write().
> For fullscreen, it applies the same sense as unlimitedstorage. We only manages
> window priority, but don't care about size of the window. If this does matter for
> any security reason, we may add fullscreen privilege for next revision.
> 
> Bumjin
> 
> ------- Original Message -------
> Sender : Zhang, Xu U<xu.u.zhang at intel.com> Date : 2014-10-29 16:04
> (GMT+09:00) Title : Re: [Dev] Tizen 3.0 Core privilege list
> 
> Tomasz,
> 
> Thanks for summarize Tizen 3.0 core privilege list.  I noticed there are some
> different between the list
> https://wiki.tizen.org/wiki/Security:Tizen_3.0_Core_Privileges and compliance
> spec. (Because there is no compliance spec for Tizen 3.0, I refer Tizen 2.2.1
> spec
> https://source.tizen.org/sites/default/files/page/tizen-2.2.1-compliance-specifi
> cation-for-mobile-profile-v1.0.pdf).
> In Tizen compliance, the privileges are composed of 3 parts:
> 1.       W3C/HTML5 API related Privileges
> 2.       Supplementary API related Privileges
> 3.       Tizen Web Device API related Privileges
> I can't find below privileges from core list:
> l  http://tizen.org/privilege/mediacapture (W3C/HTML5 API related Privileges)
> l  http://tizen.org/privilege/unlimitedstorage (W3C/HTML5 API related
> Privileges) l  http://tizen.org/privilege/fullscreen (Supplementary API related
> Privileges)
> 
> What do you think of above privileges? Are they missed or skipped in Tizen 3.0?
> 
> Thanks
> Zhang Xu
> From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Tomasz
> Swierczek
> Sent: Wednesday, October 29, 2014 12:38 AM
> To: dev at lists.tizen.org
> Subject: [Dev] Tizen 3.0 Core privilege list
> 
> Hi All,
> 
> As part of our work on privilege-based access control model with Cynara in
> Tizen 3.0, we've gathered Tizen 3.0 Core privileges in one place:
> https://wiki.tizen.org/wiki/Security:Tizen_3.0_Core_Privileges
> 
> On last F2F security workshop in Vannes Intel and Samsung teams decided that
> this is the privileges set we will start our work with when implementing
> security checks. These privileges will be used to check application's access to
> any of Tizen OS services/functionalities. This is the list of privileges that Security
> Manager will expect to get from application installers and this is the set of
> privileges that Cynara will be asked for.
> 
> Aside from the list itself, I've added comments on what exactly these
> privileges mean to the system and how/by who should be used. The list is not
> strictly closed, it is rather an effort to document what we will use later (within
> a month I guess) when configuring Tizen access control mechanisms.
> 
> Best Regards,
> 
> 
> 
> Tomasz ?wierczek
> Samsung R&D Institute Poland
> Samsung Electronics
> Office +48 22 377 95 59
> Cell +48 503 135 021
> t.swierczek at samsung.com


More information about the Dev mailing list