DR-003-ARCH-ACL-Concept: Generic Format for Access Control List#3058
DR-003-ARCH-ACL-Concept: Generic Format for Access Control List#3058christianbe9 wants to merge 12 commits into
Conversation
Introducing a common format for an Access Control List (Crypto, SOME/IP, IPC and further potential usecases), such that it is only required to use one common parser, one common format for reviews and also one common "ACL Manager" aka editor for ACLs and also compiler for the ACL into a binary format. Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>�
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
Signed-off-by: Christian Becker <christian.becker.ext@qorix.ai>
|
The created documentation from the pull request is available at: docu-html |
|
A few generic questions :
|
| { | ||
| "uids": | ||
| { | ||
| "101":{"rights": ["write"],"name": "oem.app.1","version": [],"criticality": "ASIL-B","specifics": {}}, |
There was a problem hiding this comment.
Would like to understand significance of criticality in the current context.
How does it influence ACL configuration.
There was a problem hiding this comment.
As we do an ACL my question is: should we include criticality in the config as well to do a cross check/ensure such that there is no mixture "by accident" of criticality due to wrong configuration or something; i.e. can a ASIL application and QM application both interact via one IPC which should not be the case afaik. So this is not a security thing, question is if we also should use this for safety purpose or not.
| "enum": [ | ||
| "read", | ||
| "write", | ||
| "monitor" |
There was a problem hiding this comment.
Idea behind monitor is (I'm not sure how valid) is only related to IPC, for SOME/IP and crypto its same as read, for IPC the idea is to have only read permission to data and control plane, so that a montoring application cannot interfere with the normal behaviour, however that means you could have partial reads from control plane, therefore control plane might be monitored but not so sure how good of an idea it is. Concrete example was for a Intrusion detection, health monitoring, etc.; e.g. you could check if somebody is blocking in the control pane for too long
There was a problem hiding this comment.
I would move that to another schema file which is module specific
|
Co-authored-by: Guruprasad Bhat <30743494+GuruprasadBhatL@users.noreply.github.com> Signed-off-by: christianbe9 <christianb_ext@qorix.ai>
Co-authored-by: Guruprasad Bhat <30743494+GuruprasadBhatL@users.noreply.github.com> Signed-off-by: christianbe9 <christianb_ext@qorix.ai>
Hi,
|
Yes, that was bad wording by me; so ACL would be input to Crypto Daemon (in a setup where you have a mw:crypto for the application which handles the IPC to the Deaemon using LoLa and a Daemon which actually handles the jobs). The crypto lib itself will be part of the application, so it will not include the ACL check (as application would check itself then). |
|
Original Question : How is relationship established between ACL config and config of individual features like Crypto/LoLa. Response : Follow up question : How is ACL format enforced in config of SomeIP/Crypto ? is is there a way for SOMEIP/Crypto config to inherit (enforce interface schema ) from ACL JSON schema ? if this is clarified, I have no further questions. |
From my side fine, makes sense, we can define it such that all ACLs must inerhit this ACL JSON schema included here. And then if some component needs something in addition we update the main ACL JSON schema such that it always remains central. |
|
|
||
| "services": | ||
| { | ||
| "111": |
| "enum": [ | ||
| "read", | ||
| "write", | ||
| "monitor" |
There was a problem hiding this comment.
I would move that to another schema file which is module specific
| Proposed json format & properties (example): | ||
|
|
||
|
|
||
| ```json |
There was a problem hiding this comment.
Can we move the example to the bottom and first start with the schema
|
|
||
| Consequences | ||
| ------------ | ||
| To prevent each component from implementing compeletley own mechanism for persmission enforcement; the decision should be an alignment on a common ACL format, so that all components can use: |
| @@ -0,0 +1,553 @@ | |||
| # DR-009-ACL-Concept: Common ACL format for all components | |||
There was a problem hiding this comment.
I think we also need stakeholder requirements later on
| "$ref": "#/$defs/specificValue" | ||
| } | ||
| }, | ||
| "specificValue": { |
There was a problem hiding this comment.
I think it would make sense to define specific schema and handler of the extension
Introducing a common format for an Access Control List (Crypto, SOME/IP,
IPC and further potential usecases), such that it is
only required to use one common parser, one common format for reviews
and also one common "ACL Manager" aka editor for ACLs and also compiler
for the ACL into a binary format.