summaryrefslogtreecommitdiffstats
path: root/sec-blueprint/06-application-security.md
diff options
context:
space:
mode:
Diffstat (limited to 'sec-blueprint/06-application-security.md')
-rw-r--r--sec-blueprint/06-application-security.md67
1 files changed, 0 insertions, 67 deletions
diff --git a/sec-blueprint/06-application-security.md b/sec-blueprint/06-application-security.md
deleted file mode 100644
index 44a4622..0000000
--- a/sec-blueprint/06-application-security.md
+++ /dev/null
@@ -1,67 +0,0 @@
----
-
-title : Application Security
-date : 2017-07-07
-categories: architecture, automotive
-tags: architecture, automotive, linux
-layout: techdoc
-
----
-
-**Table of Content**
-
-1. TOC
-{:toc}
-
-This section describes how the Automotive Grade Linux (AGL) platform
-applies some of the previously described security concepts to
-implement application security
-
-# Application Definition
-The term of Application (App) has a very wide definition in AGL.
-Almost anything which is not in the core Operating System (OS) is an Application.
-Applications can be included in the base software package (image) or
-can be added at run-time.
-
-# Application Installation
-Applications are installed under the control of the Application Framework (AppFw).
-Applications can be delivered and installed with the base image using a
-special offline-mode provided by the Application Framework. Apps can also be installed
-at runtime.
-
-**Note** In early release, default Apps are installed on the image at first boot.
-
-# Application Containment
-Application containment is achieved using the following protections:
-
-* **Linux Native protection**
- * Mandatory Access Control (SMACK)
-* **AGL Platform protections**
- * Origin Tracking and Validation
- * Application Privilege Management and Enforcement via Cynara
- * Authenticated Transport via D-Bus
-
-## Mandatory Access Control
-Mandatory Access Control (MAC) is a protection provided
-by the Linux kernel that requires a Linux Security Module (LSM).
-AGL uses an LSM called Simplified Mandatory Access Control Kernel (SMACK).
-This protection requires writing SMACK *labels* to the extended attributes of the file
-and then writing a policy to define the behavior of each label.
-The kernel controls access based on these labels
-and this policy.
-For more details on SMACK scheme in AGL, please refer to the
-security platform security document in the security blueprint.
-
-## Origin Tracking and Validation
-Currently, AGL applications are tracked and verified at installation
-time by the application and security framework using SMACK labels.
-For more details, please refer to the application framework documentation.
-
-## Privilege Management and Enforcement
-Application priveleges are managed by Cynara and the security manager
-in the application framework.
-For more details, please refer to the application framework documentation.
-
-## Autenticated Message Transport
-Currently AGL uses the D-Bus interface for transport, using the security
-inherent in this interface.
highlight .no { color: #003366; font-weight: bold } /* Name.Constant */ .highlight .nd { color: #555555 } /* Name.Decorator */ .highlight .ne { color: #bb0066; font-weight: bold } /* Name.Exception */ .highlight .nf { color: #0066bb; font-weight: bold } /* Name.Function */ .highlight .nl { color: #336699; font-style: italic } /* Name.Label */ .highlight .nn { color: #bb0066; font-weight: bold } /* Name.Namespace */ .highlight .py { color: #336699; font-weight: bold } /* Name.Property */ .highlight .nt { color: #bb0066; font-weight: bold } /* Name.Tag */ .highlight .nv { color: #336699 } /* Name.Variable */ .highlight .ow { color: #008800 } /* Operator.Word */ .highlight .w { color: #bbbbbb } /* Text.Whitespace */ .highlight .mb { color: #0000DD; font-weight: bold } /* Literal.Number.Bin */ .highlight .mf { color: #0000DD; font-weight: bold } /* Literal.Number.Float */ .highlight .mh { color: #0000DD; font-weight: bold } /* Literal.Number.Hex */ .highlight .mi { color: #0000DD; font-weight: bold } /* Literal.Number.Integer */ .highlight .mo { color: #0000DD; font-weight: bold } /* Literal.Number.Oct */ .highlight .sa { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Affix */ .highlight .sb { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Backtick */ .highlight .sc { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Char */ .highlight .dl { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Delimiter */ .highlight .sd { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Doc */ .highlight .s2 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Double */ .highlight .se { color: #0044dd; background-color: #fff0f0 } /* Literal.String.Escape */ .highlight .sh { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Heredoc */ .highlight .si { color: #3333bb; background-color: #fff0f0 } /* Literal.String.Interpol */ .highlight .sx { color: #22bb22; background-color: #f0fff0 } /* Literal.String.Other */ .highlight .sr { color: #008800; background-color: #fff0ff } /* Literal.String.Regex */ .highlight .s1 { color: #dd2200; background-color: #fff0f0 } /* Literal.String.Single */ .highlight .ss { color: #aa6600; background-color: #fff0f0 } /* Literal.String.Symbol */ .highlight .bp { color: #003388 } /* Name.Builtin.Pseudo */ .highlight .fm { color: #0066bb; font-weight: bold } /* Name.Function.Magic */ .highlight .vc { color: #336699 } /* Name.Variable.Class */ .highlight .vg { color: #dd7700 } /* Name.Variable.Global */ .highlight .vi { color: #3333bb } /* Name.Variable.Instance */ .highlight .vm { color: #336699 } /* Name.Variable.Magic */ .highlight .il { color: #0000DD; font-weight: bold } /* Literal.Number.Integer.Long */ } 
require ${@bb.utils.contains('AGL_FEATURES', 'agldemo', 'qtwebkit_agldemo.inc', '', d)}