[Dev] SMACK, Cynara: How does the Three Domain Model reduce complexity?

Oliver Schmidt oliver.schmidt at jollamobile.com
Mon Jan 22 10:23:13 UTC 2018


Hi,

I'm currently diving in to Cynara, SMACK and their usage in Tizen. According to the wiki pages, because of the high complexity of SMACK policies in Tizen2 you invented the Three Domain Model for Tizen3 to reduce complexity.

But I still don't see how this model can reduce complexity:

Apps for example get assigned to the "User" domain, that means they get assigned a SMACK label of the form "User::App::AppID" which is also used by Cynara for identifying permission requests from this app. [1]

But as SMACK labels don't have any hierarchy and labels just being ASCII strings in a flat namespace, isn't it necessary to create new policy rules for exactly this new label, too? So how do the 3 domains reduce the complexity and needed amount of policy rules?

Am I just misunderstanding something?

BR
Oliver Schmidt

[1] https://wiki.tizen.org/Security/Overview
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.tizen.org/pipermail/dev/attachments/20180122/d11ceff0/attachment.sig>


More information about the Dev mailing list