[Dev] Our lessons learnt about tizen's security

José Bollo jobol at nonadev.net
Mon Sep 28 12:33:07 GMT 2015


Le lundi 28 septembre 2015 à 12:02 +0200, Patrick Ohly a écrit :
> On Mon, 2015-09-28 at 11:18 +0200, José Bollo wrote:
> > Thank you Tomasz for your kind and quick answer.
> > 
> > I'll introduce your remarks in a later version of the document.
> 
> I'd like to add that the D-Bus patches are also needed to separate
> applications from each other. Even if all system D-Bus services were
> patched to handle messages from arbitrary, untrusted peers, expecting
> the same from app developers probably wouldn't be wise.
> 
> But you are right in the document, it is a tradeoff.
> 

Hello Patrick,

I think that I understood what you wrote: native applications using
D-Bus shouldn't be able to exchange messages by default. Am I right?


So I think that in these case, D-Bus applies the policy based only on
Smack labels and rules. Security rules based on Smack exist in smack
compliant dbus implementation. Is it there the D-Bus patches you wrote
about?

But IIRC, this check is based only on D-Bus config files, not on smack's
kernel database. If I'm not wrong, it is a big missing point in the
document and have absolutely to be treated. Because in that case, what
should be the correct lesson? Might I write that a such feature was only
needed for Tizen 2 and that currently the kernel rules should apply in
all cases?

Because I am not sure to fully master the problem, I really wish some
feedback and advise.

Best regards
José Bollo








More information about the Dev mailing list