Crosswalk:Security Meeting Report/2014-10-10

From Tizen Wiki
Jump to: navigation, search
Summary
  • Terri and Casey have a F2F meeting with Samsung security team. Tizen IVI will be released by the end of the year.
  • We need summarize a list of features and related dependency.
Open
  • Certificate revoke and update will be maintained by Samsung store. There is no certification verification online. For application signature verification, we have to check certificate chain provided by tizen.org.
  • Push PR#2397 into Crosswalk release 10.
Test Plan State Assigner Comments
W3C API security module implementation in Tizen 40% Peter and

Xu Zhang

(10/10)

  • investigate check privilege level based on certificate finger print

(9/26)

  • Begin to implement feature to check privilege level for the application; Prepare test case for Cynara on Tizen platform

(9/17)

(9/12)

(9/5)

  • Send patch on Geolocation and test case to Terri, so that Terri can use it to integrate Canary code.
  • Crosswalk Installer inserts permissions to Cynara polices DB
  • Crosswalk launcher sets SMACK label for extension/render/browser process
20% Terri

(10/10)

  • Installer needs to read the permissions from the manifest and register with cynara via security-manager;
  • Browser process needs to enforce for 4 more privileges, currently has check for geolocation (not yet upstream)
  • Launcher - needs to set the smack label on render process, currently patch available for extension process (not yet merged)

(9/26)

  • build issue has been resolved;
  • Prepare presentation for F2F meeting with Samsung security team.

(9/17)

  • Terri change to another machine build Crosswalk, but the build issue is still block the work.

(9/12)

  • A build issue on Crosswalk blocks Terri to integrate Cynara and security-manager code.