<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix">On 2014-05-13 14:29, Patrick Ohly
      wrote:<br>
    </div>
    <blockquote
      cite="mid:1399984180.1992.154.camel@pohly-mobl1.fritz.box"
      type="cite">
      <pre wrap="">On Tue, 2014-05-13 at 11:13 +0000, Counihan, Tom wrote:
</pre>
      <blockquote type="cite">
        <pre wrap="">Sorry Baptiste – I probably need more coffee over here…..

 

So, is the browser process a singleton. Only one exists to service
many apps invoking W3C Interfaces?

And for every application that invokes Tizen HTML5 APIs it has 2
dedicated process (extension & render).

 

Using an example, if I have 2 web applications:

App 1:

                Invokes W3CFile API
<a class="moz-txt-link-freetext" href="http://www.w3.org/TR/2011/WD-FileAPI-20111020/">http://www.w3.org/TR/2011/WD-FileAPI-20111020/</a>

                Invokes: Tizen Bluetooth API;
<a class="moz-txt-link-freetext" href="https://developer.tizen.org/dev-guide/2.2.0/org.tizen.web.device.apireference/tizen/bluetooth.html">https://developer.tizen.org/dev-guide/2.2.0/org.tizen.web.device.apireference/tizen/bluetooth.html</a>

 

App 2:

                Invokes W3C Battery Status API
-http://www.w3.org/TR/2012/CR-battery-status-20120508

                Invokes NFC -
<a class="moz-txt-link-freetext" href="https://developer.tizen.org/dev-guide/2.2.0/org.tizen.web.device.apireference/tizen/nfc.html">https://developer.tizen.org/dev-guide/2.2.0/org.tizen.web.device.apireference/tizen/nfc.html</a>

 

I will end up with a total count of 1 browser process and 4 other
processes (2x extension & renderer) = 5 processes?

 

Is this correct?
</pre>
      </blockquote>
      <pre wrap="">
And to extend the question, which process will be the one talking to the
rest of the system services?

It has been said that the Crosswalk extension process will be used to
implement Tizen specific APIs, but what about these W3C APIs? Will
system requests required to implement those come from the single,
one-per-user Crosswalk process that gets shared by different web apps?
</pre>
    </blockquote>
    <font face="Arial"><br>
      <font face="Arial">If Crosswalk <font face="Arial">archit<font
            face="Arial">ecture</font></font> is like that, with single
        per-user process </font>accessing sensitive resources, th<font
        face="Arial">en we </font>have a pr<font face="Arial">oblem.<br>
        <font face="Arial">In <font face="Arial">all recent <font
              face="Arial">discussions about <font face="Arial">application
                seuc<font face="Arial">urity and policy <font
                    face="Arial">enforcement it was assumed <font
                      face="Arial">that different applications <font
                        face="Arial">run in different processes<font
                          face="Arial">. Furthermore, thos<font
                            face="Arial">e processes were supposed to
                            have <font face="Arial">different Smack
                              labels to isolate them from another and to
                              provide unforgeable application identi<font
                                face="Arial">ty. If <font face="Arial"><font
                                    face="Arial">C</font>rossw<font
                                    face="Arial">alk<font face="Arial">
                                      is built on different <font
                                        face="Arial">principles, then
                                        IMHO it's a clash of subsystem
                                        architectures.</font></font></font></font></font></font></font></font></font></font></font></font></font></font></font></font><br>
        <font face="Arial">In Tizen 2 (at lea<font face="Arial">st in
            mobile profile)<font face="Arial"> WRT was built with
              separate web processes per application<font face="Arial">.
                <font face="Arial">And we didn't trust WRT enough to let
                  it enforce <font face="Arial">the policy, so Smack
                    was used with per-app labels <font face="Arial">for
                      enforcement.</font></font></font></font></font></font></font><br>
        <font face="Arial"><br>
          <font face="Arial">Some <font face="Arial">quick thoughts
              about </font></font>consequences of <font face="Arial">single,
            per-user web process:<br>
            <font face="Arial">- <font face="Arial">T</font>he web
              process, being sin<font face="Arial">gle, wil<font
                  face="Arial">l run<font face="Arial"> with a single
                    Smack label for a<font face="Arial">ll application<font
                        face="Arial">s.<br>
                        <font face="Arial">- <font face="Arial">L</font>ocally
                          created files will be also crea<font
                            face="Arial">ted with that Smack label, <font
                              face="Arial">no <font face="Arial">separation
                                of <font face="Arial">application data
                                  is possible at this level. Crosswalk
                                  will <font face="Arial">have t<font
                                      face="Arial">o make sure tha<font
                                        face="Arial">t apps open only
                                        permitted files.</font></font></font><br>
                                  <font face="Arial">- Crosswalk will be
                                    the entity enforcing application
                                    policy. It can use Cynara as a polic<font
                                      face="Arial">y source, but the
                                      actual enforcement will happen in
                                      the <font face="Arial">process
                                        running applications itself.</font></font></font><br>
                                  <font face="Arial">- <font
                                      face="Arial">If an application
                                      somehow manages to exploit
                                      Crosswalk and run arbitrary code
                                      in it's web process, it will get
                                      access to all sensitive resources</font></font>
                                  of <font face="Arial">it's user.</font>
                                  There is nothing that Sma<font
                                    face="Arial">ck could do to prevent
                                    that.</font><br>
                                  <font face="Arial">- I imagine that
                                    Crosswalk could permit two
                                    applications to interfere <font
                                      face="Arial">with e<font
                                        face="Arial">ach other, not <font
                                          face="Arial">necessarily</font>
                                        in a desired way. I think of
                                        situations like in desktop
                                        browsers, wh<font face="Arial">en
                                          malicious web site can <font
                                            face="Arial">exploit the
                                            browser and get data from
                                            another web page, opened in
                                            second tab.</font></font></font></font></font><br>
                                  <br>
                                  <font face="Arial">I am not an
                                    architect, It would be <font
                                      face="Arial">good to hear some
                                      opinions <font face="Arial">fro<font
                                          face="Arial">m appropriate
                                          decisive people.<font
                                            face="Arial"> <font
                                              face="Arial">May<font
                                                face="Arial">be we jus<font
                                                  face="Arial">t</font>
                                                have to adapt <font
                                                  face="Arial">freshly</font>
                                                designed Cynara <font
                                                  face="Arial">and it's
                                                  surround<font
                                                    face="Arial">ings to
                                                    a requirement that
                                                    we didn't know about
                                                    so far.</font></font></font></font></font></font></font></font></font><br>
                                </font></font></font></font></font></font></font></font></font></font></font></font></font></font>
    </font>
    <div style="bottom: auto; left: 112px; right: auto; top: 89px;
      display: none;" class="translator-theme-default"
      id="translator-floating-panel"> </div>
  </body>
</html>