On Tue, 2013-08-06 at 10:10 +0000, Kanavin, Alexander wrote:
> Is that extra complexity really useful?
Access control is a security requirement of Tizen IVI.
I get that. But I was running on a normal Linux desktop, where access
control via executable path doesn't really gain much in terms of
security, does it?
> Can I relax access and allow a set of apps sharing the identity?
> noticed a "security context" parameter in the API. Currently I am
> passing NULL there.
Yes you can. Each identity includes an access control list of
executable paths that are allowed to use it (the creator of the
identity is added there by default). When you create and store an
identity, add all the executables that will use it to the ACL (the
creator of the identity can also update the list later). On Tizen,
SMACK labels are used instead.
For my own reference:
Best Regards, Patrick Ohly
The content of this message is my personal opinion only and although
I am an employee of Intel, the statements I make here in no way
represent Intel's position on the issue, nor am I authorized to speak
on behalf of Intel on this matter.