[Dev] [Cynara] Async admin API proposal

Lukasz Wojciechowski l.wojciechow at partner.samsung.com
Thu Sep 4 05:26:05 GMT 2014

W dniu 2014-09-04 03:49, Zhang, Xu U pisze:
> John,
> Thanks for your reminder.
> Just as Lukasz understand, Crosswalk should add API permission check 
> in the browser process.  From the view of  process running, Tizen web 
> API can be categorized two kinds. One is Tizen device APIs, which will 
> run the browser process.  The other is some W3C web APIs, which 
>  including Geolocation, media and so on will  run  in the browser 
> process. For applications using these W3C APIs, browser process should 
> call Cynara client API to check whether application has privilege to 
> access the resources.  Peter and I are implementing W3C module’s 
> embedder for Crosswalk and a security thread ,  which is a check point 
> to call Cynara client API,  in the browser process.
> I think synchronous APIs is enough for Crosswalk browser process.
Thank You for your answer. We were waiting for that.
> Thanks
> Zhang Xu
> *From:*Dev [mailto:dev-bounces at lists.tizen.org] *On Behalf Of 
> *Whiteman, John L
> *Sent:* Thursday, September 4, 2014 5:41 AM
> *To:* Oda, Terri; Lukasz Wojciechowski
> *Cc:* dev at lists.tizen.org
> *Subject:* Re: [Dev] [Cynara] Async admin API proposal
> Hi Xu & Sakari,
> Do you have input for this per Terri's comments below?  Synchronous or 
> asynchronous?  This info is needed to complete this.
> Best Regards,
> John
> *From:*Dev [mailto:dev-bounces at lists.tizen.org] *On Behalf Of *Oda, Terri
> *Sent:* Wednesday, August 27, 2014 10:03 AM
> *To:* Lukasz Wojciechowski
> *Cc:* dev at lists.tizen.org <mailto:dev at lists.tizen.org>
> *Subject:* Re: [Dev] [Cynara] Async admin API proposal
> On Tue, Aug 26, 2014 at 10:03 PM, Lukasz Wojciechowski 
> <l.wojciechow at partner.samsung.com 
> <mailto:l.wojciechow at partner.samsung.com>> wrote:
> For installation and launching purposes crosswalk should use 
> libsecurity-manager-client API instead of direct cynara API.
> SecurityManager is responsible for setting up cynara policy. It has 
> API for installation and launching applications ready.
> but ...
> as far as I know, I think it will need also cynara client API in 
> browser process in order to check if running applications have proper 
> privileges to resources that are accessed by browser process.
> Check is needed, because a browser process will run an action in the 
> name of application, so some system service (managing resource) will 
> recognize crosswalk's browser process as client.
> It is crosswalk responsibility to check if application is allowed to 
> access resource.
> Could You check if synchronous or asynchronous cynara API would fit 
> better for that task in browser process ?
> To be honest, at this point I'm not sure I know enough about where the 
> checks will need to go in the browser process to answer the question 
> definitively.  I've only looked through the installer code in any sort 
> of depth.
> So perhaps it's better to ask someone who's more familiar with the 
> internals of crosswalk: Xu & Sakari, do you know where in the browser 
> code we'll need those checks?  I know last time we talked, it looked 
> most of the APIs were going through the extension process, which meant 
> that they'd be running with an appropriate application label and the 
> services themselves should enforce any policy set on Tizen.  But I 
> believe there will still some necessary checks in the browser process 
> (which runs under a different label than the individual applications), 
> I just don't know which APIs are being handled through the browser and 
> where precisely use of those APIs is enforced.
>  Terri

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20140904/8b3d5030/attachment.html>

More information about the Dev mailing list