diff options
author | Jan-Simon Möller <jsmoeller@linuxfoundation.org> | 2022-01-26 12:25:31 +0100 |
---|---|---|
committer | Jan-Simon Moeller <jsmoeller@linuxfoundation.org> | 2022-02-02 11:50:02 +0000 |
commit | 8160b5cdc8547277f3f31ee1e41524754d5d987d (patch) | |
tree | 6ebbcfa9802c82de6b552733ef53d411247e1cdd /docs/3_Developer_Guides/1_Application_Framework/5_Permissions.md | |
parent | 835363f430c5dee0b53b7c415572cdfdcc02ad18 (diff) |
Update to documentation before Marlinmarlin_12.92.0marlin/12.92.012.92.0
This is mostly a cleanup before the Magic Marlin Release.
We do have the Application Framework chapter rewrite pending.
Bug-AGL: SPEC-4236
Signed-off-by: Jan-Simon Möller <jsmoeller@linuxfoundation.org>
Change-Id: I7e1f39667b4db417497b1d0c84065c173fa18439
Reviewed-on: https://gerrit.automotivelinux.org/gerrit/c/AGL/documentation/+/27097
Diffstat (limited to 'docs/3_Developer_Guides/1_Application_Framework/5_Permissions.md')
-rw-r--r-- | docs/3_Developer_Guides/1_Application_Framework/5_Permissions.md | 131 |
1 files changed, 0 insertions, 131 deletions
diff --git a/docs/3_Developer_Guides/1_Application_Framework/5_Permissions.md b/docs/3_Developer_Guides/1_Application_Framework/5_Permissions.md deleted file mode 100644 index 8b149c0..0000000 --- a/docs/3_Developer_Guides/1_Application_Framework/5_Permissions.md +++ /dev/null @@ -1,131 +0,0 @@ ---- -title: Permissions ---- - -## Permission's names - -The proposal here is to specify a naming scheme for permissions -that allows the system to be as stateless as possible. -The current specification includes in the naming of permissions either -the name of the bound binding when existing and the level of the -permission itself. -Doing this, there is no real need for the -framework to keep installed permissions in a database. - -The permission names are [URN][URN] of the form: - -```bash - urn:AGL:permission:<api>:<level>:<hierarchical-name> -``` - -where "AGL" is the NID (the namespace identifier) dedicated to AGL. -(note: a RFC should be produced to standardize this name space) - -The permission names are made of NSS (the namespace specific string) -starting with "permission:" and followed by colon separated -fields. -The 2 first fields are `<api>` and `<level>` and the remaining -fields are grouped to form the `<hierarchical-name>`. - -```bash - <api> ::= [ <pname> ] - - <pname> ::= 1*<pchars> - - <pchars> ::= <upper> | <lower> | <number> | <extra> - - <extra> ::= "-" | "." | "_" | "@" -``` - -The field `<api>` can be made of any valid character for NSS except -the characters colon and star (:*). -This field designates the api providing the permission. -This scheme is used to deduce binding requirements -from permission requirements. -The field `<api>` can be the empty string when the permission -is defined by the AGL system itself. - -[PROPOSAL 1] The field `<api>` if starting with the character "@" represents -a transversal/cross permission not bound to any binding. - -[PROPOSAL 2]The field `<api>` if starting with the 2 characters "@@" -in addition to a permission not bound to any binding, represents a -permission that must be set at installation and that can not be -revoked later. - - <level> ::= 1*<lower> - -The field `<level>` is made only of letters in lower case. -The field `<level>` can only take some predefined values: - -- system -- platform -- partner -- tiers -- owner -- public - -The field `<hierarchical-name>` is made of `<pname>` separated -by colons. - - <hierarchical-name> ::= <pname> 0*(":" <pname>) - -The names at left are hierarchically grouping the -names at right. -This hierarchical behaviour is intended to -be used to request permissions using hierarchical grouping. - -## Permission value - -In some case, it could be worth to add a value to a permission. - -Currently, the framework allows it for permissions linked to -systemd. -But this not currently used. - -Conversely, permissions linked to cynara can't carry data -except in their name. - -Thus to have a simple and cleaner model, it is better to forbid -attachment of value to permission. - -## Example of permissions - -Here is a list of some possible permissions. -These permissions are available the 21th of May 2019. - -- urn:AGL:permission::platform:no-oom - Set OOMScoreAdjust=-500 to keep the out-of-memory - killer away. -- urn:AGL:permission::partner:real-time - Set IOSchedulingClass=realtime to give to the process - realtime scheduling. - Conversely, not having this permission set RestrictRealtime=on - to forbid realtime features. -- urn:AGL:permission::public:display - Adds the group "display" to the list of supplementary groups - of the process. -- urn:AGL:permission::public:syscall:clock - Without this permission SystemCallFilter=~@clock is set to - forfid call to clock. -- urn:AGL:permission::public:no-htdocs - The http directory served is not "htdocs" but "." -- urn:AGL:permission::public:applications:read - Allows to read data of installed applications (and to - access icons). -- urn:AGL:permission::partner:service:no-ws - Forbids services to provide its API through websocket. -- urn:AGL:permission::partner:service:no-dbus - Forbids services to provide its API through D-Bus. -- urn:AGL:permission::system:run-by-default - Starts automatically the application. Example: home-screen. -- urn:AGL:permission::partner:scope-platform - Install the service at the scope of the platform. -- urn:AGL:permission::system:capability:keep-all - Keep all capabilities for the service. Note that implementing - that permission is not mandatory or can be adapted for the given - system. -- <http://tizen.org/privilege/internal/dbus> - Permission to use D-Bus. - -[URN]: https://tools.ietf.org/rfc/rfc2141.txt "RFC 2141: URN Syntax" |