2014-06-20 14:47 GMT+02:00 Rafał Krypa <[email protected]>: > Hi, > > I have investigated current Crosswalk behavior with respect to multi-user > and I think that we may have some incompatibilities with platform > security design. > It seems that web applications are now installed per user. I found > application data installed into ~/.config/xwalk-service/applications/$APP_ID > and aplication information stored in ~/.application. Using xwalkctl I was > able to install the same application for multiple users. The app was > assigned the same application and package id for user. > > This is something slightly different than I heard before and expected. And > I think it forces us to revisit Smack label assignment for applications. > With applications installed locally in user home, it is unfeasible to > base Smack label only on package id. This would lead to multiple users > having applications with the same label. Those applications could have > entirely different set of permissions (e.g. different versions of the > same app or id collision for two unrelated applications). If application > management is to be done entirely per-user, a different Smack labeling will > be required. > > One obvious solution would be to build Smack label from package id AND > user identifier. Down side of this would be multiplication of Smack > labels in the system and proportional growth of policy size. > > _______________________________________________ > Dev mailing list > [email protected] > https://lists.tizen.org/listinfo/dev > >
-- Baptiste DURAND Eurogiciel Vannes/FR
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
