On Fri, 2015-08-21 at 13:25 +0200, Aleksander Zdyb wrote:
> As for Security Manager, there is indeed more than half of dozen buckets
> used:
> ADMIN MANIFESTS USER_TYPE_ADMIN USER_TYPE_GUEST and more.
> It's been designed this way, so it's easier to maintain them and faster to
> get matching rules. But this is Tizen 3.0 specific. Other
> implementations can
> use buckets concept in any other way (see example above) or don't use it
> at all.
One more question about this.
When I use security-manager-policy-reload to create the Cynara DB, it'll
create these user profile buckets with:
# Import user-type policies
find "$POLICY_PATH" -name "usertype-*.profile" |
while read file
do
...
# Link the bucket to ADMIN bucket
cyad --set-policy --client="*" --user="*" --privilege="*" --type=BUCKET \
--bucket="$bucket" --metadata="ADMIN"
This creates a BUCKET rule in, for example, USER_TYPE_ADMIN:
*;*;*;0xFFFE;ADMIN
Isn't that the wrong way around? Buckets are linked as follows:
"" (the unnamed bucket) -> MAIN -> MANIFESTS
Nothing links to USER_TYPE_ADMIN, so ADMIN is also not reached.
Does that look right? Then what is the purpose of these usertype
profiles? How do they get activated in Cynara?
--
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.
_______________________________________________
Dev mailing list
Dev@lists.tizen.org
https://lists.tizen.org/listinfo/dev
