[Dev] [Cynara] Async admin API proposal

Whiteman, John L john.l.whiteman at intel.com
Wed Sep 3 21:41:19 GMT 2014


Hi Xu & Sakari,



Do you have input for this per Terri's comments below?  Synchronous or 
asynchronous?  This info is needed to complete this.



Best Regards,



John



From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Oda, Terri
Sent: Wednesday, August 27, 2014 10:03 AM
To: Lukasz Wojciechowski
Cc: dev at lists.tizen.org
Subject: Re: [Dev] [Cynara] Async admin API proposal







On Tue, Aug 26, 2014 at 10:03 PM, Lukasz Wojciechowski 
<l.wojciechow at partner.samsung.com> wrote:


For installation and launching purposes crosswalk should use 
libsecurity-manager-client API instead of direct cynara API.
SecurityManager is responsible for setting up cynara policy. It has API for 
installation and launching applications ready.

but ...
as far as I know, I think it will need also cynara client API in browser 
process in order to check if running applications have proper privileges to 
resources that are accessed by browser process.
Check is needed, because a browser process will run an action in the name of 
application, so some system service (managing resource) will recognize 
crosswalk's browser process as client.
It is crosswalk responsibility to check if application is allowed to access 
resource.

Could You check if synchronous or asynchronous cynara API would fit better for 
that task in browser process ?



To be honest, at this point I'm not sure I know enough about where the checks 
will need to go in the browser process to answer the question definitively. 
I've only looked through the installer code in any sort of depth.



So perhaps it's better to ask someone who's more familiar with the internals 
of crosswalk: Xu & Sakari, do you know where in the browser code we'll need 
those checks?  I know last time we talked, it looked most of the APIs were 
going through the extension process, which meant that they'd be running with 
an appropriate application label and the services themselves should enforce 
any policy set on Tizen.  But I believe there will still some necessary checks 
in the browser process (which runs under a different label than the individual 
applications), I just don't know which APIs are being handled through the 
browser and where precisely use of those APIs is enforced.



 Terri







-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20140903/aa4b1ed6/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6664 bytes
Desc: not available
URL: <http://lists.tizen.org/pipermail/dev/attachments/20140903/aa4b1ed6/attachment-0001.p7s>


More information about the Dev mailing list