Re: [Crosswalk-dev] Intent to Implement API Permission Control

[Ming, Bai]

Yes, there are XWALK-88, XWALK-89, XWALK-113 for this feature

- Ming, Bai

On 11/26/2013 04:44 PM, Balestrieri, Francesco wrote:

Hi,

is there a feature or task to track this? Also, I assume it's targeted for Crosswalk 3 but please confirm.

Regards,


Francesco

*From:*Crosswalk-dev [mailto:crosswalk-dev-boun...@lists.crosswalk-project.org] *On Behalf Of *Ming, Bai

*Sent:* Wednesday, November 20, 2013 9:06 AM
*To:* crosswalk-dev@lists.crosswalk-project.org
*Subject:* [Crosswalk-dev] Intent to Implement API Permission Control

*_Description_*

We would like to add a mechanism in Crosswalk to control API permissions for both Crosswalk .xpk packages and Tizen legacy .wgt packages. For crosswalk packages, permissions needed by an application will be declared in its manifest, and for Tizen widgets they are stored in config.xml according to the widget specification.

As a part of Crosswalk security framework, we would like to follow these documents in our implementation.

The overall crosswalk security design, including API permission control and SMACK

https://docs.google.com/a/intel.com/document/d/1Exj9ewu74mxl96YodnHAbxGikR3m8v4UgwE3w7FyIMg/edit#heading=h.erysmcq819ya <https://docs.google.com/a/intel.com/document/d/1Exj9ewu74mxl96YodnHAbxGikR3m8v4UgwE3w7FyIMg/edit%23heading=h.erysmcq819ya>

The detailed use case and design of API permission control

https://docs.google.com/a/intel.com/document/d/137u_gxmNaIFwVzaCkCFBJyveIdZxuAydWOkMI8oWgD0/edit# <https://docs.google.com/a/intel.com/document/d/137u_gxmNaIFwVzaCkCFBJyveIdZxuAydWOkMI8oWgD0/edit%23>

API Permission Map

https://docs.google.com/a/intel.com/spreadsheet/ccc?key=0AmfuGardsG7gdGg1a0YxVVVNbEtKLTEzck9XMGYyRWc#gid=0 <https://docs.google.com/a/intel.com/spreadsheet/ccc?key=0AmfuGardsG7gdGg1a0YxVVVNbEtKLTEzck9XMGYyRWc%23gid=0>

*_Contacts_*

*Ming, Bai *from Shanghai and *Zhang, Xu *from Beijing.

*__*

*_Affected Components_*

*- *A new security server will be added as a sub module under 'application/'

- Mechanism to transfer permission request among extension process, runtime process and render process.

- Mechanism to control and store the application permission in persistent storage.

- A mapping between Javascript API and corresponding permissions.

- UI elements for asking user for the permission requests.

*__*

*_Implementation Details_*

*- *A new security server will be added and placed under application service which is the central place for controlling the application's life cycle. The security server will handle permission requests from either extension process and respond with the correct permission information.

- The permission handling mechanism is sort of complicated, detailed description could be found in this doc

https://docs.google.com/a/intel.com/document/d/1TfU_oZo6P2Ff24w5RjRhYfPTJae5EzRWiXtdtxz0yBo/edit#heading=h.90d6fevrbp2d- - The application's permission information will be stored in a database which can only be accessed by the runtime process.

*__*

_______________________________________________
Crosswalk-dev mailing list
Crosswalk-dev@lists.crosswalk-project.org
https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-dev