Hi, I have investigated current Crosswalk behavior with respect to multi-user and I think that we may have some incompatibilitieswithplatform security design. It seems that web applications are now installed per user. I found application data installed into ~/.config/xwalk-service/applications/$APP_ID and aplication information stored in ~/.application. Using xwalkctl I was able to install the same application for multiple users. The app was assigned the same application and package id for user.
This is something slightly different than I heard before and expected. And I think it forces us to revisit Smack label assignment for applications. With applications installed locally in user home, it is unfeasible to base Smack label only on package id. This would lead to multiple users having applications with the same label. Those applications could have entirely different set of permissions(e.g. different versions of the same app or id collision for two unrelated applications). If application management is to be done entirely per-user, a different Smack labeling will be required. One obvious solution would be to build Smack label from package id AND user identifier. Down side of this would be multiplication of Smack labels in the system and proportional growth of policy size.
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
