Hi All,
Last week Intel and Samsung security teams had a workshop in Warsaw. We'd
like to share our agreements/ideas with all of you via this mailing list.
For each task/activity, I'm adding contact point (not necessarily the person
working on the task directly but linked to it).
1. We want to document all Tizen security model in one place
a. A wiki page on tizen.org
b. Contact point(s): Casey Schaufler (owner/creator) & Tomasz Swierczek
(reviewer)
2. We'd want to add security checks in compositors (X/Weston) to
ensure access control to screen and/or input devices per each user
a. Details will be investigated by security team members to propose a
dedicated solution for X and for Wayland later
i. X
server-based Common image of Tizen 3.0 is planned, team in France is working
on re-introducing this configuration
b. We plan to use Cynara for access control
c. Contact point(s): John Whiteman (Intel/IVI) & Tomasz Swierczek
(X-based image as soon as its ready)
3. SAPI idea is not the way we'd like to go now
a. We decided to experiment with DBus and Cynara access checks in DBus
daemon as first step
b. Most services use DBus and UDS-based services don't usually
interface the applications; UDS-based services are few and mostly our own
code we're already tampering with
c. Contact points(s): Patrick Ohly (Intel, DBus modification) & Lukasz
Wojciechowski (Cynara dev.)
4. We continue to work with Cynara/Security Manager integration into
crosswalk
a. First step will be to identify places where Cynara should be
(Browser Process) and implement them with one "virtual" privilege for all
API calls
i. This
will test implementation, probably uncovering some problems that would need
to be resolved with crosswalk architecture
b. Once we finalize the list of privileges for native (EFL apps) APIs
for Tizen (contact point: Bumjin Im), crosswalk team will prepare an API <->
privilege mapping for its build scripts to properly handle creation of Tizen
web app manifests
i.
Contact points: Casey Schaufler + Terri Oda (Intel Security) & Tomasz
Swierczek + Rafal Krypa (Samsung Security/Cynara dev.)
5. We all express concerns over what officially supported Tizen API
is, especially with crosswalk implementing W3C API drafts that are different
that Tizen API already supported in 2.X; this specification problem should
be addressed by TSG or/and architects
a. Example:
https://developer.tizen.org/dev-guide/2.2.1/org.tizen.web.device.apireferenc
e/tizen/filesystem.html, Xwalk supports W3C drafts that are little bit
different: http://dev.w3.org/2006/webapi/FileAPI/
b. We'd want to make sure all privileged API calls are secured with
Cynara and Tizen 3.0 should have it specified what the privileged API really
is
c. Since extension process of crosswalk does native calls to rest of
platform, we'd want to treat is as a native app in terms of security
i. This
means it may be hard to implement a host-based internet access security
policy for each web application (since user also must be taken into account,
not only the Smack label of application - if we want to treat "Internet"
resource just as any other one)
d. No contact point, this needs to be addressed on higher level
probably
6. We agreed that we will develop launcher that will be responsible
for native applications
a. We decided that for now we will try to perform standard exec()
after setting up proper security context
b. Contact point: Jose Bollo
Best Regards,
cid:[email protected]
Tomasz Świerczek
Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 95 59
Cell +48 503 135 021
<mailto:[email protected]> [email protected]
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
