[Dev] Tizen 3.0 Core privilege list

Patrick Ohly patrick.ohly at intel.com
Thu Oct 30 11:59:41 GMT 2014


On Thu, 2014-10-30 at 12:12 +0100, Tomasz Swierczek wrote:
> Hi Patrick,
> 
> 
> can't we just make proper DBus policy with existing tools so that we
> have user bus where we have ONLY these services that can be used by
> applications and system bus where we have things that apps should not
> call, dedicated for inter-service communication?

I don't think so. The recent discussion around Wayland surfaces and
Murphy led to the conclusion that any process showing anything on the
screen must be a proper app, which implies having its own Smack label.
So even privileged apps which are allowed to do everything must go
through some kind of privilege checking for system APIs.

Having different mechanisms for it (Cynara for normal apps, something
else for privileged apps) doesn't look right to me.

> I'd like to add this topic to our next F2F meeting agenda. One reason
> for this is because I'd like such decision to be fully discussed with
> everybody on our security teams, and second - the implementation you
> proposed, with hardcoding parts of policy, is what I'd personally
> object :-) 

Note that additional privileges is one aspect. I think we need those.
How to implement them is a different, secondary topic. It can also be
done via normal rules. I don't care that much about that. Just make sure
that Cynara never fails and locks down the entire system ;-}

-- 
Best Regards, Patrick Ohly

The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.





More information about the Dev mailing list