Hi Jose! It is planned to be in security-manager (Rafal is working on it). We don't want to put this into Cynara to keep Cynara clean from Tizen-specific things. Security-Manager will contain APIs needed for proper setup of process contest before application launch (incl. calculating proper string of characters for Smack label - this is already there).
As for the DB - currently we have the smack-privilage-config repository that keeps mapping between smack rules and privileges. Obviously, as we all know, we won't use Smack configuration like this, but I believe we should have similar repository for group-to-privilege mapping and keep list of GIDs for each privilege there. Maybe we could even keep it in security-manager, although this is rather a matter of configuration, not code, so probably separate repository is better idea. @Rafal - when can we expect needed APIs to be implemented? BRs, Tomasz Świerczek Samsung R&D Institute Poland Samsung Electronics Office +48 22 377 95 59 Cell +48 503 135 021 [email protected] -----Original Message----- From: Dev [mailto:[email protected]] On Behalf Of José Bollo Sent: Wednesday, August 27, 2014 3:17 PM To: [email protected] Subject: Re: [Dev] Tizen security workshop - summary On lun, 2014-07-14 at 13:06 +0200, Tomasz Swierczek wrote: > 6. We agreed that we will develop launcher that will be > responsible for native applications > > a. We decided that for now we will try to perform standard exec() > after setting up proper security context > > b. Contact point: Jose Bollo Hi all, I just worked on the topic these last 2 days. The main problem currently is to add supplementary groups needed for some privileges (the typical example being video IIRC). To achieve the work, i first want to iterate with you on few items. I'm finding that there is a need to have a kind of database mapping privileges to groups that have to be added to the process. Is there any plan about such knowledge DB? Do you expect it to be sqlite? Should it be queried using client/server or directly? After having put the groups directly, I'm now considering that it would be better to ask for Cynara. This will be slower but will let the system decide to grant or not the accesses after user confirmation if needed. Do you agree? Then what about an integration of the topic into cynara client API? Just an idea because it seems changing too much things while the job can be done in an other way. I'm also asking me if other clients (tizen-extension-crosswalk for example) will need to add groups dynamically? Best regards José _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
