Re: [Dev] Cynara

Tue, 15 Apr 2014 02:30:23 -0700 


W dniu 2014-04-15 01:47, Carsten Haitzler (The Rasterman) pisze:

On Tue, 08 Apr 2014 20:57:37 +0200 Lukasz Wojciechowski
<l.wojciec...@partner.samsung.com> said:


Services that are being used by applications need to control if the
caller has sufficient privileges to call each API. In Tizen 2.2.X this
level of access control was done using very detailed Smack policy on IPC
mechanisms. Since Tizen 3.0 is introducing compact 3-domain Smack
policy, there is a need for user-space mechanism that complements the
solution. This is a place for new module - Cynara.

Details can be found at wiki page:
http://wiki.tizen.org/wiki/Security:Cynara

Page is still being constructed, but is is high time to share and
probably start a discussion.
I will be glad to answer any questions about it.
I plan to publish roadmap for Cynara development and API draft this week.

cynara_check ... where will the service daemon get the client string, and
client_session string? if these are provided by the client... a client can just
lie. why not just provide the PID of the client directly to cynara and it does
the rest? (this also means you can change, in future, what parameters/info you
use to categorize a client).
Construction is designed to be generic. That is why from Cynara point of view it can be anything. 
However...
In Tizen 3.0 we would like to use:
* SMACK label of application process as client id
* UID as user
It is service responsibility to discover both of these parameters. We probably can provide some helper functions to extract these things out of different IPCs. We've already started construction of wiki page that describes mechanism that can be used for application credentials extraction (https://wiki.tizen.org/wiki/Security:Cynara:ApplicationCredentials). We surely don't want to trust client, who is just waiting to lie to us. Definition of client_session is also up to service. Service is the one that has access to resources, and it decides how to interpret Cynara's answer. If Cynara will answer - "ALLOW till end of session". Service must define what does session mean. For some services it may be connection made from client to service (when it's broken session is over), for others it may be pid of client. As long as PID is the same and application lives session doesn't change. libCynara shall only compare this string with other session values. It won't interpret it anyway. 

Best regards
Lukasz

_______________________________________________
Dev mailing list
Dev@lists.tizen.org
https://lists.tizen.org/listinfo/dev

Reply via email to