DR-003-ARCH-ACL-Concept: Generic Format for Access Control List#3058
DR-003-ARCH-ACL-Concept: Generic Format for Access Control List#3058christianbe9 wants to merge 12 commits into
Conversation
Introducing a common format for an Access Control List (Crypto, SOME/IP, IPC and further potential usecases), such that it is only required to use one common parser, one common format for reviews and also one common "ACL Manager" aka editor for ACLs and also compiler for the ACL into a binary format. Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>�
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
|
The created documentation from the pull request is available at: docu-html |
|
A few generic questions :
|
| { | ||
| "uids": | ||
| { | ||
| "101":{"rights": ["write"],"name": "oem.app.1","version": [],"criticality": "ASIL-B","specifics": {}}, |
There was a problem hiding this comment.
Would like to understand significance of criticality in the current context.
How does it influence ACL configuration.
There was a problem hiding this comment.
As we do an ACL my question is: should we include criticality in the config as well to do a cross check/ensure such that there is no mixture "by accident" of criticality due to wrong configuration or something; i.e. can a ASIL application and QM application both interact via one IPC which should not be the case afaik. So this is not a security thing, question is if we also should use this for safety purpose or not.
| "enum": [ | ||
| "read", | ||
| "write", | ||
| "monitor" |
There was a problem hiding this comment.
Idea behind monitor is (I'm not sure how valid) is only related to IPC, for SOME/IP and crypto its same as read, for IPC the idea is to have only read permission to data and control plane, so that a montoring application cannot interfere with the normal behaviour, however that means you could have partial reads from control plane, therefore control plane might be monitored but not so sure how good of an idea it is. Concrete example was for a Intrusion detection, health monitoring, etc.; e.g. you could check if somebody is blocking in the control pane for too long
|
Co-authored-by: Guruprasad Bhat <30743494+GuruprasadBhatL@users.noreply.github.com> Signed-off-by: christianbe9 <christianb_ext@qorix.ai>
Co-authored-by: Guruprasad Bhat <30743494+GuruprasadBhatL@users.noreply.github.com> Signed-off-by: christianbe9 <christianb_ext@qorix.ai>
Hi,
|
Yes, that was bad wording by me; so ACL would be input to Crypto Daemon (in a setup where you have a mw:crypto for the application which handles the IPC to the Deaemon using LoLa and a Daemon which actually handles the jobs). The crypto lib itself will be part of the application, so it will not include the ACL check (as application would check itself then). |
|
Original Question : How is relationship established between ACL config and config of individual features like Crypto/LoLa. Response : Follow up question : How is ACL format enforced in config of SomeIP/Crypto ? is is there a way for SOMEIP/Crypto config to inherit (enforce interface schema ) from ACL JSON schema ? if this is clarified, I have no further questions. |
From my side fine, makes sense, we can define it such that all ACLs must inerhit this ACL JSON schema included here. And then if some component needs something in addition we update the main ACL JSON schema such that it always remains central. |
Introducing a common format for an Access Control List (Crypto, SOME/IP,
IPC and further potential usecases), such that it is
only required to use one common parser, one common format for reviews
and also one common "ACL Manager" aka editor for ACLs and also compiler
for the ACL into a binary format.