On Fri, 2015-08-21 at 13:25 +0200, Aleksander Zdyb wrote: > As for Security Manager, there is indeed more than half of dozen buckets > used: > ADMIN MANIFESTS USER_TYPE_ADMIN USER_TYPE_GUEST and more. > It's been designed this way, so it's easier to maintain them and faster to > get matching rules. But this is Tizen 3.0 specific. Other > implementations can > use buckets concept in any other way (see example above) or don't use it > at all.
One more question about this. When I use security-manager-policy-reload to create the Cynara DB, it'll create these user profile buckets with: # Import user-type policies find "$POLICY_PATH" -name "usertype-*.profile" | while read file do ... # Link the bucket to ADMIN bucket cyad --set-policy --client="*" --user="*" --privilege="*" --type=BUCKET \ --bucket="$bucket" --metadata="ADMIN" This creates a BUCKET rule in, for example, USER_TYPE_ADMIN: *;*;*;0xFFFE;ADMIN Isn't that the wrong way around? Buckets are linked as follows: "" (the unnamed bucket) -> MAIN -> MANIFESTS Nothing links to USER_TYPE_ADMIN, so ADMIN is also not reached. Does that look right? Then what is the purpose of these usertype profiles? How do they get activated in Cynara? -- Best Regards, Patrick Ohly The content of this message is my personal opinion only and although I am an employee of Intel, the statements I make here in no way represent Intel's position on the issue, nor am I authorized to speak on behalf of Intel on this matter. _______________________________________________ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev