[Dev] Tizen 3.0 Core privilege list
jose.bollo at open.eurogiciel.org
Thu Oct 30 12:19:12 GMT 2014
Le jeudi 30 octobre 2014 à 13:02 +0100, Patrick Ohly a écrit :
> On Thu, 2014-10-30 at 12:49 +0100, Patrick Ohly wrote:
> > On Thu, 2014-10-30 at 12:37 +0100, José Bollo wrote:
> > > Le jeudi 30 octobre 2014 à 11:05 +0100, Patrick Ohly a écrit :
> > > > Without this special privilege, each user service would have to
> > > > implement the Smack check itself instead of using the unified privilege
> > > > checking code paths and instance (= Cynara), or we need to revive the
> > > > non-upstream, and otherwise obsolete Smack label checking and rules in
> > > > dbus-daemon.
> > >
> > > I'm surprised to discover that the policy of checking Smack labels is
> > > removed. I though that it remained concurrently.
> > Reread the older mail threads. It has come up and the consensus was that
> > checking via Cynara supersedes the older patches. We just need to figure
> > out all details, like what how to protect services that don't have a
> > suitable privilege.
> It just occurred to me that the system apps with a UI that I mentioned
> in my other email will not run with Smack label "User" or "System", so
> the older Smack based D-Bus access control will not work for them unless
> we also resurrect the entire "compile Smack rules based on manifest"
> machinery from Tizen 2.x. That is currently gone in 3.x, right?
Yes, I think so, it is gone. But what does it change? A label is a
label, you still can enumerate it (not practical, I know...;).
More information about the Dev