[Dev] Tizen 3.0 Core privilege list

Patrick Ohly patrick.ohly at intel.com
Thu Oct 30 11:49:44 GMT 2014

On Thu, 2014-10-30 at 12:37 +0100, José Bollo wrote:
> Le jeudi 30 octobre 2014 à 11:05 +0100, Patrick Ohly a écrit :
> > Without this special privilege, each user service would have to
> > implement the Smack check itself instead of using the unified privilege
> > checking code paths and instance (= Cynara), or we need to revive the
> > non-upstream, and otherwise obsolete Smack label checking and rules in
> > dbus-daemon.
> I'm surprised to discover that the policy of checking Smack labels is
> removed. I though that it remained concurrently.

Reread the older mail threads. It has come up and the consensus was that
checking via Cynara supersedes the older patches. We just need to figure
out all details, like what how to protect services that don't have a
suitable privilege.

> I should recheck what is done for SELinux. But maybe you know the
> answer.

SELinux has static policy checking in upstream D-Bus. It's a different
approach than the dynamic checking done with Cynara.

Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.

More information about the Dev mailing list