RDK Resources
[*RDK Preferred*]
Code Management Facility
RDK Forums
[RDK Conferences]
RDK Support
Archives
Papers & Presentations Archive
Page History
...
Details on Security Permissions
The Thunder security permissions or ACL are defined under /etc/thunder_acl.json. Sample permissions are shown below as an example. "assign" contains a list of urls for which different roles are assigned.
"roles" define each of the roles which specify the ACL
...
permissions or rules for plugins to either "blocked" or "allowed". if there is a "default" rule set (to "allowed" or "blocked"), then subsequent rules listed under that role are exceptions to the default rule. For instance the comcast role in the sample acl below has blocked access to all plugins except Messenger.
There is also support to control access to specific APIs in a particular plugin. For development and testing purposes /etc/thunder_acl.json file can be copied to /opt/thunder_acl.json and edited. This is allowed only on VBN builds.
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
"assign": [
{
"url": "*://localhost",
"role": "local"
},
{
"url": "*://localhost:*",
"role": "local"
},
{
"url": "*://127.0.0.1",
"role": "local"
},
{
"url": "*://127.0.0.1:*",
"role": "local"
},
{
"url": "*://[::1]",
"role": "local"
},
{
"url": "*://[::1]:*",
"role": "local"
},
{
"url": "*://[0:0:0:0:0:0:0:1]",
"role": "local"
},
{
"url": "*://[0:0:0:0:0:0:0:1]:*",
"role": "local"
},
{
"url": "file://*",
"role": "local"
},
{
"url": "*://*.comcast.com",
"role": "comcast"
},
{
"url": "*://metrological.com",
"role": "metrological"
},
{
"url": "*",
"role": "default"
}
],
"roles": {
"default" : {
"default" : "blocked"
},
"local" : {
"default" : "allowed"
},
"metrological": {
"default": "blocked",
"DeviceInfo": {
"default": "allowed",
"methods": [ "register", "unregister" ]
},
"JSONRPCPlugin": {
"default": "blocked",
"methods": [ "time", "status" ]
}
},
"comcast": {
"default": "blocked",
"Messenger": {
"default": "allowed"
}
}
}
}
|
...
Overview
Community Forums
Content Tools
Tasks