summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRonan Le Martret <ronan.lemartret@iot.bzh>2017-07-28 12:29:28 +0200
committerJosé Bollo <jose.bollo@iot.bzh>2017-08-08 09:42:45 +0200
commitf08784c6e79208558f0caa6e770952879041aca2 (patch)
treede05c5165366e3eb8d2f6577420de3b42f81a6f7
parentd06b3d9f5bae5424bcada675eaece47b56eb9e3d (diff)
clean markdown documentation
Change-Id: I1b0a1628b42097c47a844aa0c8030d4534428421 Signed-off-by: Ronan Le Martret <ronan.lemartret@iot.bzh>
-rw-r--r--docs/0-introduction.md191
-rw-r--r--docs/1-afm-daemons.md322
-rw-r--r--docs/2-widgets.md3
-rw-r--r--docs/2.1-widgets.md64
-rw-r--r--docs/2.2-config.xml.md276
-rw-r--r--docs/3-permissions.md161
-rw-r--r--docs/4-quick-tutorial.md236
-rw-r--r--docs/5-frameworks.md22
-rw-r--r--docs/5.1-application-framework.md39
-rw-r--r--docs/5.2-security-framework.md18
10 files changed, 695 insertions, 637 deletions
diff --git a/docs/0-introduction.md b/docs/0-introduction.md
index bb89613..e78c091 100644
--- a/docs/0-introduction.md
+++ b/docs/0-introduction.md
@@ -1,18 +1,14 @@
-AGL framework overview
-======================
+# AGL framework overview
-Foreword
---------
+## Foreword
-This document describes what we intend to do. It may happen that our
-current implementation and the content of this document differ.
+This document describes what we intend to do.
+It may happen that our current implementation and the content of this document differ.
In case of differences, it is assumed that this document is right
and the implementation is wrong.
-
-Introduction
-------------
+## Introduction
During the first works in having the security model of Tizen
integrated in AGL (Automotive Grade Linux) distribution, it became
@@ -21,37 +17,47 @@ to integrate was huge.
Here is a minimal list of what was needed:
- - platform/appfw/app-installers
- - platform/core/security/cert-svc
- - platform/core/appfw/ail
- - platform/core/appfw/aul-1
- - platform/core/appfw/libslp-db-util
- - platform/core/appfw/pkgmgr-info
- - platform/core/appfw/slp-pkgmgr
+- platform/appfw/app-installers
+- platform/core/security/cert-svc
+- platform/core/appfw/ail
+- platform/core/appfw/aul-1
+- platform/core/appfw/libslp-db-util
+- platform/core/appfw/pkgmgr-info
+- platform/core/appfw/slp-pkgmgr
-But this list isn't complete because many dependencies are hidden.
+But this list isn't complete because many dependencies are hidden.
Those hidden dependencies are including some common libraries but also many
-tizen specific sub-components (iniparser, bundle, dlog, libtzplatform-config,
-db-util, vconf-buxton, ...).
+tizen specific sub-components:
+
+- iniparser
+- bundle
+- dlog,
+- libtzplatform-config
+- db-util
+- vconf-buxton
+- ...
-This is an issue because AGL is not expected to be Tizen. Taking it would
-either need to patch it for removing unwanted components or to take all
-of them.
+This is an issue because AGL is not expected to be Tizen.
+Taking it would either need to patch it for removing unwanted components or to take all of them.
However, a careful study of the core components of the security framework
of Tizen showed that their dependencies to Tizen are light (and since some
-of our work, there is no more dependency to tizen).
-Those components are **cynara**, **security-manager**, **D-Bus aware of cynara**.
+of our work, there is no more dependency to tizen).
+Those components are :
+
+- **cynara**
+- **security-manager**
+- **D-Bus aware of cynara**
Luckily, these core security components of Tizen are provided
-by [meta-intel-iot-security][meta-intel], a set of yocto layers.
+by [meta-intel-iot-security][meta-intel], a set of yocto layers.
These layers were created by Intel to isolate Tizen specific security
-components from the initial port of Tizen to Yocto.
+components from the initial port of Tizen to Yocto.
The 3 layers are providing components for:
- * Implementing Smack LSM
- * Implementing Integrity Measurement Architecture
- * Implementing Tizen Security Framework
+- Implementing Smack LSM
+- Implementing Integrity Measurement Architecture
+- Implementing Tizen Security Framework
The figure below shows the history of these layers.
@@ -66,26 +72,32 @@ from Tizen, we decided to refit it by developing a tiny set of
components that would implement the same behaviour but without all
the dependencies and with minor architectural improvements for AGL.
-These components are **afm-system-daemon** and **afm-user-daemon**.
+These components are :
+
+- **afm-system-daemon**
+- **afm-user-daemon**
+
They provides infrastructure for installing, uninstalling,
launching, terminating, pausing and resuming applications in
a multi user secure environment.
-A third component exists in the framework, the binder **afb-daemon**.
+A third component exists in the framework, the binder **afb-daemon**.
The binder provides the easiest way to provide secured API for
-any tier. Currently, the use of the binder is not absolutely mandatory.
+any tier.
+Currently, the use of the binder is not absolutely mandatory.
This documentation explains the framework created by IoT.bzh
-by rewriting the Tizen Application Framework. Be aware of the
-previous foreword.
+by rewriting the Tizen Application Framework.
+Be aware of the previous foreword.
<!-- pagebreak -->
-Overview
---------
+
+## Overview
The figure below shows the major components of the framework
and their interactions going through the following scenario:
-APPLICATION installs an other application and then launch it.
+
+- APPLICATION installs an other application and then launch it.
![AppFW-APP_install_sequences][AppFW-APP_install_sequences]{style width:70%}
@@ -93,115 +105,120 @@ Let follow the sequence of calls:
1. APPLICATION calls its **binder** to install the OTHER application.
-2. The binding **afm-main-binding** of the **binder** calls, through
+1. The binding **afm-main-binding** of the **binder** calls, through
**D-Bus** system, the system daemon to install the OTHER application.
-3. The system **D-Bus** checks wether APPLICATION has the permission
+1. The system **D-Bus** checks wether APPLICATION has the permission
or not to install applications by calling **CYNARA**.
-4. The system **D-Bus** transmits the request to **afm-system-daemon**.
+1. The system **D-Bus** transmits the request to **afm-system-daemon**.
**afm-system-daemon** checks the application to install, its
signatures and rights and install it.
-5. **afm-system-daemon** calls **SECURITY-MANAGER** for fulfilling
+1. **afm-system-daemon** calls **SECURITY-MANAGER** for fulfilling
security context of the installed application.
-6. **SECURITY-MANAGER** calls **CYNARA** to install initial permissions
+1. **SECURITY-MANAGER** calls **CYNARA** to install initial permissions
for the application.
-7. APPLICATION call its binder to start the nearly installed OTHER application.
+1. APPLICATION call its binder to start the nearly installed OTHER application.
-8. The binding **afm-main-binding** of the **binder** calls, through
+1. The binding **afm-main-binding** of the **binder** calls, through
**D-Bus** session, the user daemon to launch the OTHER application.
-9. The session **D-Bus** checks wether APPLICATION has the permission
+1. The session **D-Bus** checks wether APPLICATION has the permission
or not to start an application by calling **CYNARA**.
-10. The session **D-Bus** transmits the request to **afm-user-daemon**.
+1. The session **D-Bus** transmits the request to **afm-user-daemon**.
-11. **afm-user-daemon** checks wether APPLICATION has the permission
+1. **afm-user-daemon** checks wether APPLICATION has the permission
or not to start the OTHER application **CYNARA**.
-12. **afm-user-daemon** uses **SECURITY-MANAGER** features to set
+1. **afm-user-daemon** uses **SECURITY-MANAGER** features to set
the security context for the OTHER application.
-13. **afm-user-daemon** launches the OTHER application.
+1. **afm-user-daemon** launches the OTHER application.
-This scenario does not cover all the features of the frameworks.
+This scenario does not cover all the features of the frameworks.
Shortly because details will be revealed in the next chapters,
the components are:
-* ***SECURITY-MANAGER***: in charge of setting Smack contexts and rules,
+- ***SECURITY-MANAGER***: in charge of setting Smack contexts and rules,
of setting groups, and, of creating initial content of *CYNARA* rules
for applications.
-* ***CYNARA***: in charge of handling API access permissions by users and by
+- ***CYNARA***: in charge of handling API access permissions by users and by
applications.
-* ***D-Bus***: in charge of checking security of messaging. The usual D-Bus
+- ***D-Bus***: in charge of checking security of messaging. The usual D-Bus
security rules are enhanced by *CYNARA* checking rules.
-* ***afm-system-daemon***: in charge of installing and uninstalling applications.
+- ***afm-system-daemon***: in charge of installing and uninstalling applications.
-* ***afm-user-daemon***: in charge of listing applications, querying application details,
+- ***afm-user-daemon***: in charge of listing applications, querying application details,
starting, terminating, pausing, resuming applications and their instances
for a given user context.
-* ***afb-binder***: in charge of serving resources and features through an
+- ***afb-binder***: in charge of serving resources and features through an
HTTP interface.
-* ***afm-main-binding***: This binding allows applications to use the API
+- ***afm-main-binding***: This binding allows applications to use the API
of the AGL framework.
-
-Links between the "Security framework" and the "Application framework"
-----------------------------------------------------------------------
+## Links between the "Security framework" and the "Application framework"
The security framework refers to the security model used to ensure
security and to the tools that are provided for implementing that model.
The security model refers to how DAC (Discretionary Access Control),
MAC (Mandatory Access Control) and Capabilities are used by the system
-to ensure security and privacy. It also includes features of reporting
-using audit features and by managing logs and alerts.
+to ensure security and privacy.
+It also includes features of reporting using audit features and by managing
+logs and alerts.
The application framework manages the applications:
-installing, uninstalling, starting, pausing, listing ...
+
+- installing
+- uninstalling
+- starting
+- pausing
+- listing
+- ...
The application framework uses the security model/framework
to ensure the security and the privacy of the applications that
it manages.
The application framework must be compliant with the underlying
-security model/framework. But it should hide it to the applications.
-
+security model/framework.
+But it should hide it to the applications.
-The security framework
-----------------------
+## The security framework
-The implemented security model is the security model of Tizen 3.
+The implemented security model is the security model of Tizen 3.
This model is described [here][tizen-secu-3].
The security framework then comes from Tizen 3 but through
-the [meta-intel].
-It includes: **Security-Manager**, **Cynara**
-and **D-Bus** compliant to Cynara.
+the [meta-intel].
+It includes:
-Two patches are applied to the security-manager. The goal of these patches
-is to remove specific dependencies with Tizen packages that are not needed
-by AGL.
+- **Security-Manager**
+- **Cynara**
+- **D-Bus** compliant to Cynara.
+
+Two patches are applied to the security-manager.
+The goal of these patches is to remove specific dependencies with Tizen packages that are not needed by AGL.
None of these patches adds or removes any behaviour.
**In theory, the security framework/model is an implementation details
that should not impact the layers above the application framework**.
The security framework of Tizen provides "nice lad" a valuable component to
-scan log files and analyse auditing. This component is still in development.
-
+scan log files and analyse auditing.
+This component is still in development.
-The application framework
--------------------------
+## The application framework
The application framework on top of the security framework
provides the components to install and uninstall applications
@@ -213,18 +230,22 @@ the security framework to the applications.
For the reasons explained in introduction, we did not used the
application framework of Tizen as is but used an adaptation of it.
-The basis is kept identical: the applications are distributed
-in a digitally signed container that must match the specifications
-of widgets (web applications). This is described by the technical
-recommendations [widgets] and [widgets-digsig] of the W3 consortium.
+The basis is kept identical:
-This model allows the distribution of HTML, QML and binary applications.
+- The applications are distributed in a digitally signed container that must
+ match the specifications of widgets (web applications).
+
+This is described by the technical recommendations [widgets] and
+[widgets-digsig] of the W3 consortium.
+
+This model allows:
+
+- The distribution of HTML, QML and binary applications.
+- The management of signatures of the widget packages.
-The management of signatures of the widget packages.
This basis is not meant as being rigid and it can be extended in the
future to include for example incremental delivery.
-
[meta-intel]: https://github.com/01org/meta-intel-iot-security "A collection of layers providing security technologies"
[widgets]: http://www.w3.org/TR/widgets "Packaged Web Apps"
[widgets-digsig]: http://www.w3.org/TR/widgets-digsig "XML Digital Signatures for Widgets"
diff --git a/docs/1-afm-daemons.md b/docs/1-afm-daemons.md
index ec7307b..11781d5 100644
--- a/docs/1-afm-daemons.md
+++ b/docs/1-afm-daemons.md
@@ -1,25 +1,23 @@
-The application framework daemons
-=================================
+# The application framework daemons
-Foreword
---------
+## Foreword
This document describes application framework daemons
-FCS (Fully Conform to Specification) implementation is still under development.
+FCS (Fully Conform to Specification) implementation is still under development.
It may happen that current implementation somehow diverges with specifications.
-Introduction
-------------
+## Introduction
Daemons ***afm-user-daemon*** and ***afm-system-daemon*** handle applications
-life. Understand that they will manage operations like:
+life.
+Understand that they will manage operations like:
- - ***installation***
- - ***uninstallation***
- - ***running***
- - ***suspend***
- - ***inventory***
- - ...
+- ***installation***
+- ***uninstallation***
+- ***running***
+- ***suspend***
+- ***inventory***
+- ...
In addition, they ensure that operations use the security framework as needed
and that applications are executed in the correct context.
@@ -32,13 +30,13 @@ The figure below summarizes the situation of both **afm-system-daemon** and
![afm-daemons][afm-daemons]{style width:65%;}
-The D-Bus interface
--------------------
+## The D-Bus interface
### Overview of the dbus interface
The ***afm daemons*** takes theirs orders from the session instance
-of D-Bus. The use of D-Bus is great because it allows to implement
+of D-Bus.
+The use of D-Bus is great because it allows to implement
discovery and signaling.
The dbus session is by default addressed by environment
@@ -51,47 +49,52 @@ at the object of path ***/org/AGL/afm/[user|system]*** on the interface
***org.AGL.afm.[user|system]*** for the below detailed members for the
***afm-system-daemon***:
- - ***install***
- - ***uninstall***
+- ***install***
+- ***uninstall***
And for ***afm-user-daemon***:
- - ***runnables***
- - ***detail***
- - ***start***
- - ***once***
- - ***terminate***
- - ***pause***
- - ***resume***
- - ***runners***
- - ***state***
- - ***install***
- - ***uninstall***
-
-D-Bus is mainly used for signaling and discovery. Its optimized
-typed protocol is not used except for transmitting only one string
-in both directions.
+- ***runnables***
+- ***detail***
+- ***start***
+- ***once***
+- ***terminate***
+- ***pause***
+- ***resume***
+- ***runners***
+- ***state***
+- ***install***
+- ***uninstall***
+
+D-Bus is mainly used for signaling and discovery.
+Its optimized typed protocol is not used except for transmitting
+ only one string in both directions.
The client and the service are using JSON serialization to
-exchange data. Signature of any member of the D-Bus interface is
-***string -> string*** for ***JSON -> JSON***. This is the normal case, if there
-is an error, current implementation returns a dbus error that is a string.
+exchange data.
+Signature of any member of the D-Bus interface is
+***string -> string*** for ***JSON -> JSON***.
+This is the normal case, if there is an error, current implementation
+returns a dbus error that is a string.
Here are examples using *dbus-send*, here to install an application from a
widget file:
- dbus-send --session --print-reply \
- --dest=org.AGL.afm.system \
- /org/AGL/afm/system \
- org.AGL.afm.system.install 'string:"/tmp/appli.wgt"
-
+```bash
+dbus-send --session --print-reply \
+ --dest=org.AGL.afm.system \
+ /org/AGL/afm/system \
+ org.AGL.afm.system.install 'string:"/tmp/appli.wgt"
+```
And here, to query data on installed applications that can be run:
- dbus-send --session --print-reply \
- --dest=org.AGL.afm.user \
- /org/AGL/afm/user \
- org.AGL.afm.user.runnables string:true
+```bash
+dbus-send --session --print-reply \
+ --dest=org.AGL.afm.user \
+ /org/AGL/afm/user \
+ org.AGL.afm.user.runnables string:true
+```
### The protocol over D-Bus
@@ -101,11 +104,9 @@ are considered as self-explanatory.
The D-Bus interface is defined by:
- * **DESTINATION**: org.AGL.afm.[user|system]
-
- * **PATH**: /org/AGL/afm/[user|system]
-
- * **INTERFACE**: org.AGL.afm.[user|system]
+- **DESTINATION**: org.AGL.afm.[user|system]
+- **PATH**: /org/AGL/afm/[user|system]
+- **INTERFACE**: org.AGL.afm.[user|system]
#### Method org.AGL.afm.system.install
@@ -129,22 +130,28 @@ a flag to *force* reinstallation, and, optionally, a *root* directory.
Either just a string being the absolute path of the widget file:
- "/a/path/driving/to/the/widget"
+```bash
+"/a/path/driving/to/the/widget"
+```
Or an object:
- {
- "wgt": "/a/path/to/the/widget",
- "force": false,
- "root": "/a/path/to/the/root"
- }
+```json
+{
+ "wgt": "/a/path/to/the/widget",
+ "force": false,
+ "root": "/a/path/to/the/root"
+}
+```
"wgt" and "root" must be absolute paths.
**output**: An object with the field "added" being the string for
the id of the added application.
- {"added":"appli@x.y"}
+```json
+{"added":"appli@x.y"}
+```
---
@@ -152,7 +159,6 @@ the id of the added application.
**Description**: Uninstall an application from its id.
-
Note that this methods is a simple method accessor of
***org.AGL.afm.system.uninstall*** from ***afm-system-daemon***.
@@ -163,14 +169,18 @@ After the uninstallation and before returning to the sender,
Either a string:
- "appli@x.y"
+```bash
+"appli@x.y"
+```
Or an object:
- {
- "id": "appli@x.y",
- "root": "/a/path/to/the/root"
- }
+```json
+{
+ "id": "appli@x.y",
+ "root": "/a/path/to/the/root"
+}
+```
**output**: the value 'true'.
@@ -178,32 +188,37 @@ Or an object:
#### Method org.AGL.afm.user.detail
-
**Description**: Get details about an application from its id.
**Input**: the id of the application as below.
Either just a string:
- "appli@x.y"
+```bash
+"appli@x.y"
+```
Or an object having the field "id" of type string:
- {"id":"appli@x.y"}
+```json
+{"id":"appli@x.y"}
+```
**Output**: A JSON object describing the application containing
the fields described below.
- {
- "id": string, the application id (id@version)
- "version": string, the version of the application
- "width": integer, requested width of the application
- "height": integer, requested height of the application
- "name": string, the name of the application
- "description": string, the description of the application
- "shortname": string, the short name of the application
- "author": string, the author of the application
- }
+```json
+{
+ "id": string, the application id (id@version)
+ "version": string, the version of the application
+ "width": integer, requested width of the application
+ "height": integer, requested height of the application
+ "name": string, the name of the application
+ "description": string, the description of the application
+ "shortname": string, the short name of the application
+ "author": string, the author of the application
+}
+```
---
@@ -243,21 +258,27 @@ a flag to *force* reinstallation and/or a *root* directory.
Simple form a simple string containing the absolute widget path:
- "/a/path/driving/to/the/widget"
+```bash
+"/a/path/driving/to/the/widget"
+```
Or an object:
- {
- "wgt": "/a/path/to/the/widget",
- "force": false,
- "root": "/a/path/to/the/root"
- }
+```json
+{
+ "wgt": "/a/path/to/the/widget",
+ "force": false,
+ "root": "/a/path/to/the/root"
+}
+```
***wgt*** and ***root*** MUST be absolute paths.
**output**: An object containing field "added" to use as application ID.
- {"added":"appli@x.y"}
+```json
+{"added":"appli@x.y"}
+```
---
@@ -265,7 +286,6 @@ Or an object:
**Description**: Uninstall an application from its id.
-
Note that this methods is a simple accessor to
***org.AGL.afm.system.uninstall*** method from ***afm-system-daemon***.
@@ -277,14 +297,18 @@ application *root*.
Either a string:
- "appli@x.y"
+```bash
+"appli@x.y"
+```
Or an object:
- {
- "id": "appli@x.y",
- "root": "/a/path/to/the/root"
- }
+```json
+{
+ "id": "appli@x.y",
+ "root": "/a/path/to/the/root"
+}
+```
**output**: the value 'true'.
@@ -299,12 +323,16 @@ start *mode* as below.
Either just a string:
- "appli@x.y"
+```bash
+"appli@x.y"
+```
Or an object containing field "id" of type string and
optionally a field mode:
- {"id":"appli@x.y","mode":"local"}
+```json
+{"id":"appli@x.y","mode":"local"}
+```
The field "mode" is a string equal to either "local" or "remote".
@@ -322,11 +350,15 @@ The field "mode" is a string equal to either "local" or "remote".
Either just a string:
- "appli@x.y"
+```bash
+"appli@x.y"
+```
Or an object containing field "id" of type string.
- {"id":"appli@x.y"}
+```json
+{"id":"appli@x.y"}
+```
**output**: The *state* of the application retrieved or launched.
See *org.AGL.afm.user.state* to get a description of the returned
@@ -392,19 +424,25 @@ Use **org.AGL.afm.user.resume** instead.
**Input**: The *runid* (integer) of the running instance inspected.
-**output**: An object describing instance state. It contains:
-the runid (integer), the pids of the processes as an array starting
-with the group leader, the id of the running application (string),
-the state of the application (string either: "starting", "running", "paused").
+**output**: An object describing instance state.
+It contains:
+
+- the runid (integer)
+- the pids of the processes as an array starting
+- with the group leader
+- the id of the running application (string)
+- the state of the application (string either: "starting", "running", "paused").
Example of returned state:
+```json
{
"runid": 2,
"pids": [ 435, 436 ],
"state": "running",
"id": "appli@x.y"
}
+```
---
@@ -417,18 +455,18 @@ Example of returned state:
**output**: An array of states, one per running instance, as returned by
the method ***org.AGL.afm.user.state***.
-Starting **afm daemons**
-----------------------
+## Starting **afm daemons**
***afm-system-daemon*** and ***afm-user-daemon*** are launched as systemd
-services attached to system and user respectively. Normally, service files are
-locatedat */lib/systemd/system/afm-system-daemon.service* and
+services attached to system and user respectively.
+Normally, service files are locatedat */lib/systemd/system/afm-system-daemon.service* and
*/usr/lib/systemd/user/afm-user-daemon.service*.
### ***afm-system-daemon*** options
The options for launching **afm-system-daemon** are:
+```bash
-r
--root directory
@@ -456,11 +494,13 @@ The options for launching **afm-system-daemon** are:
--help
Prints a short help.
+```
### ***afm-user-daemon*** options
The options for launching **afm-user-daemon** are:
+```bash
-a
--application directory
@@ -511,9 +551,9 @@ The options for launching **afm-user-daemon** are:
--help
Prints a short help.
+```
-Tasks of **afm-user-daemon**
-----------------------------
+## Tasks of **afm-user-daemon**
### Maintaining list of applications
@@ -522,12 +562,13 @@ applications and load in memory a list of available applications
accessible by current user.
When **afm-system-daemon** installs or removes an application.
-On success it sends the signal *org.AGL.afm.system.changed*.
+On success it sends the signal *org.AGL.afm.system.changed*.
When receiving such a signal, **afm-user-daemon** rebuilds its
applications list.
**afm-user-daemon** provides the data it collects about
-applications to its clients. Clients may either request the full list
+applications to its clients.
+Clients may either request the full list
of available applications or a more specific information about a
given application.
@@ -538,8 +579,8 @@ Systemd builds a secure environment for the application
before starting it.
Once launched, running instances of application receive
-a runid that identify them. To make interface with systemd
-evident, the pid is the runid.
+a runid that identify them.
+To make interface with systemd evident, the pid is the runid.
### Managing instances of running applications
@@ -548,7 +589,8 @@ that it launched.
When owning the right permissions, a client can get the list
of running instances and details about a specific
-running instance. It can also terminate a given application.
+running instance.
+It can also terminate a given application.
### Installing and uninstalling applications
@@ -556,58 +598,50 @@ If the client own the right permissions,
**afm-user-daemon** delegates that task
to **afm-system-daemon**.
-Using ***afm-util***
---------------------
+## Using ***afm-util***
The command line tool ***afm-util*** uses dbus-send to send
-orders to **afm-user-daemon**. This small scripts allows to
-send command to ***afm-user-daemon*** either interactively
-at shell prompt or scriptically.
-
-The syntax is simple: it accept a command and when requires attached arguments.
-
-Here is the summary of ***afm-util***:
-
- - **afm-util runnables **:
-
- list the runnable widgets installed
+orders to **afm-user-daemon**.
+This small scripts allows to send command to ***afm-user-daemon*** either
+interactively at shell prompt or scriptically.
- - **afm-util install wgt **:
+The syntax is simple:
- install the wgt file
+- it accept a command and when requires attached arguments.
- - **afm-util uninstall id **:
-
- remove the installed widget of id
-
- - **afm-util detail id **:
-
- print detail about the installed widget of id
-
- - **afm-util runners **:
-
- list the running instance
+Here is the summary of ***afm-util***:
- - **afm-util start id **:
+- **afm-util runnables **:
+ list the runnable widgets installed
- start an instance of the widget of id
+- **afm-util install wgt **:
+ install the wgt file
- - **afm-util once id **:
+- **afm-util uninstall id **:
+ remove the installed widget of id
- run once an instance of the widget of id
+- **afm-util detail id **:
+ print detail about the installed widget of id
- - **afm-util terminate rid **:
+- **afm-util runners **:
+ list the running instance
- terminate the running instance rid
+- **afm-util start id **:
+ start an instance of the widget of id
- - **afm-util state rid **:
+- **afm-util once id **:
+ run once an instance of the widget of id
- get status of the running instance rid
+- **afm-util terminate rid **:
+ terminate the running instance rid
+- **afm-util state rid **:
+ get status of the running instance rid
Here is how to list applications using ***afm-util***:
+```bash
afm-util runnables
-
+```
[afm-daemons]: pictures/afm-daemons.svg
diff --git a/docs/2-widgets.md b/docs/2-widgets.md
index 24de661..2a7972e 100644
--- a/docs/2-widgets.md
+++ b/docs/2-widgets.md
@@ -1,5 +1,4 @@
-The widgets
-===========
+# The widgets
The widgets are described by the W3C's technical recommendations
[Packaged Web Apps (Widgets)](http://www.w3.org/TR/widgets) and [XML Digital Signatures for Widgets](http://www.w3.org/TR/widgets-digsig)
diff --git a/docs/2.1-widgets.md b/docs/2.1-widgets.md
index d1777c8..084ee98 100644
--- a/docs/2.1-widgets.md
+++ b/docs/2.1-widgets.md
@@ -1,7 +1,6 @@
-Tools for managing widgets
---------------------------
+# Tools for managing widgets
-This project includes tools for managing widgets.
+This project includes tools for managing widgets.
These tools are:
- ***wgtpkg-info***: command line tool to display
@@ -19,31 +18,29 @@ These tools are:
For all these commands, a tiny help is available with
options **-h** or **--help**.
-There is no tool for unpacking a widget. For doing such operation,
-you can use the command **unzip**.
+There is no tool for unpacking a widget.
+For doing such operation, you can use the command **unzip**.
To list the files of a widget:
```bash
-$ unzip -l WIDGET
+unzip -l WIDGET
```
To extract a widget in some directory:
```bash
-$ unzip WIDGET -d DIRECTORY
+unzip WIDGET -d DIRECTORY
```
-*Note that DIRECTORY will be created if needed*.
+*Note: that DIRECTORY will be created if needed*.
-Getting data about a widget file
----------------------------------
+## Getting data about a widget file
The command **wgtpkg-info** opens a widget file, reads its **config.xml**
file and displays its content in a human readable way.
-Signing and packing widget
---------------------------
+## Signing and packing widget
### Signing
@@ -57,13 +54,13 @@ There are two types of signature files: author and distributor.
Example 1: add an author signature
```bash
-$ wgtpkg-sign -a -k me.key.pem -c me.cert.pem DIRECTORY
+wgtpkg-sign -a -k me.key.pem -c me.cert.pem DIRECTORY
```
Example 2: add a distributor signature
```bash
-$ wgtpkg-sign -k authority.key.pem -c authority.cert.pem DIRECTORY
+wgtpkg-sign -k authority.key.pem -c authority.cert.pem DIRECTORY
```
### Packing
@@ -72,36 +69,36 @@ This operation can be done using the command **zip** but
we provide the tool **wgtpkg-pack** that may add checking.
Example:
+
```bash
-$ wgtpkg-pack DIRECTORY -o file.wgt
+wgtpkg-pack DIRECTORY -o file.wgt
```
-Writing a widget
-----------------
+
+## Writing a widget
### The steps for writing a widget
1. make your application
-
-2. create its configuration file **config.xml**
-
-3. sign it
-
-4. pack it
+1. create its configuration file **config.xml**
+1. sign it
+1. pack it
Fairly easy, no?
-Organization of directory of applications
------------------------------------------
+## Organization of directory of applications
### directory where are stored applications
-Applications can be installed in different places: the system itself, extension device.
+Applications can be installed in different places:
+
+- the system itself, extension device.
+
On a phone application are typically installed on the sd card.
This translates to:
- - /usr/applications: system wide applications
- - /opt/applications: removable applications
+- /usr/applications: system wide applications
+- /opt/applications: removable applications
From here those paths are referenced as: "APPDIR".
@@ -109,16 +106,17 @@ The main path for applications is: APPDIR/PKGID/VER.
Where:
- - APPDIR is as defined above
- - PKGID is a directory whose name is the package identifier
- - VER is the version of the package MAJOR.MINOR
+- APPDIR is as defined above
+- PKGID is a directory whose name is the package identifier
+- VER is the version of the package MAJOR.MINOR
-This organization has the advantage to allow several versions to leave together.
+This organization has the advantage to allow several versions
+to leave together.
This is needed for some good reasons (rolling back) and also for less good reasons (user habits).
### Identity of installed files
-All files are installed as user "afm" and group "afm".
+All files are installed as user "afm" and group "afm".
All files have rw(x) for user and r-(x) for group and others.
This allows every user to read every file.
diff --git a/docs/2.2-config.xml.md b/docs/2.2-config.xml.md
index c50567d..f6c88ab 100644
--- a/docs/2.2-config.xml.md
+++ b/docs/2.2-config.xml.md
@@ -1,12 +1,10 @@
-Configuration file - config.xml
-===============================
+# Configuration file - config.xml
The widgets are described by the W3C's technical recommendations
[Packaged Web Apps (Widgets)][widgets] and [XML Digital Signatures for Widgets][widgets-digsig]
that specifies the configuration file **config.xml**.
-Overview
---------
+## Overview
The file **config.xml** describes important data of the application
to the framework:
@@ -50,8 +48,7 @@ The most important items are:
- **<content src="..." type="..."\>**: this indicates the entry point and its type.
-Standard elements of "config.xml"
----------------------------------
+## Standard elements of "config.xml"
### The element widget
@@ -74,7 +71,7 @@ Values for *version* are any non empty string containing only latin letters,
arabic digits, and the three characters '.' (dot), '-' (dash) and
'\_' (underscore).
-Version values are dot separated fields MAJOR.MINOR.REVISION.
+Version values are dot separated fields MAJOR.MINOR.REVISION.
Such version would preferably follow guidelines of
[semantic versioning][semantic-version].
@@ -90,8 +87,7 @@ The content designed depends on its type. See below for the known types.
The element *icon* is mandatory (for version 2.x, blowfish) and must
be unique. It must designate an image file with its attribute *src*.
-AGL features
-------------
+## AGL features
The AGL framework uses the feature tag for specifying security and binding
requirement of the widget.
@@ -99,31 +95,34 @@ requirement of the widget.
Since the migration of the framework to leverage systemd power,
the features are of important use to:
- - declare more than just an application
- - declare the expected dependencies
- - declare the expected permissions
- - declare the exported apis
+- declare more than just an application
+- declare the expected dependencies
+- declare the expected permissions
+- declare the exported apis
The specification of [widgets][widgets] is intended to describe
-only one application. In the present case, we expect to describe
-more than just an application. For example, a publisher could
-provide a widget containing a service, an application for tuning
-that service, an application that leverage the service.
+only one application.
+In the present case, we expect to describe more than just an application.
+For example, a publisher could provide a widget containing a service,
+an application for tuning that service, an application that
+leverage the service.
Here, the term of service means a background application that
runs without IHM and whose public api can be accessed by other
applications.
So the features are used to describe each of the possible
-units of widgets. The "standard" unit in the
-meaning of [widgets][widgets] is called the "main" unit.
+units of widgets.
+The "standard" unit in the meaning of [widgets][widgets]
+is called the "main" unit.
-### feature name="urn:AGL:widget:required-api"
+### required-api: feature name="urn:AGL:widget:required-api"
List of the api required by the widget.
-Each required api must be explicited using a <param> entry.
+Each required api must be explicited using a `<param>` entry.
Example:
+
```xml
<feature name="urn:AGL:widget:required-api">
<param name="#target" value="main" />>
@@ -133,6 +132,7 @@ Example:
```
This will be *virtually* translated for mustaches to the JSON
+
```json
"required-api": [
{ "name": "gps", "value": "auto" },
@@ -140,56 +140,50 @@ This will be *virtually* translated for mustaches to the JSON
]
```
-#### param name="#target"
+#### required-api: param name="#target"
OPTIONAL
Declares the name of the unit requiring the listed apis.
-Only one instance of the param "#target" is allowed.
+Only one instance of the param "#target" is allowed.
When there is not instance of this param, it behave as if
the target main was specified.
-#### param name=[required api name]
+#### required-api: param name=[required api name]
The name is the name of the required API.
-The value describes how to connect to the required api.
+The value describes how to connect to the required api.
It is either:
- - local:
-
- The binding is a local shared object.
- In that case, the name is the relative path of the
- shared object to be loaded.
-
- - auto:
-
- The framework set automatically the kind of
- the connection to the API
+- local:
+ The binding is a local shared object.
+ In that case, the name is the relative path of the
+ shared object to be loaded.
- - ws:
+- auto:
+ The framework set automatically the kind of
+ the connection to the API
- The framework connect using internal websockets
+- ws:
+ The framework connect using internal websockets
- - dbus:
+- dbus:
+ The framework connect using internal dbus
- The framework connect using internal dbus
+- link:
+ The framework connect in memory by dynamically linking
- - link:
+- cloud: [PROPOSAL - NOT IMPLEMENTED]
+ The framework connect externally using websock.
+ In that case, the name includes data to access the service.
+ Example: `<param name="log:https://oic@agl.iot.bzh/cloud/log" value="cloud" />`
- The framework connect in memory by dynamically linking
-
- - cloud: [PROPOSAL - NOT IMPLEMENTED]
-
- The framework connect externally using websock.
- In that case, the name includes data to access the service.
- Example: `<param name="log:https://oic@agl.iot.bzh/cloud/log" value="cloud" />`
-
-### feature name="urn:AGL:widget:required-permission"
+### required-permission: feature name="urn:AGL:widget:required-permission"
List of the permissions required by the unit.
-Each required permission must be explicited using a <param> entry.
+Each required permission must be explicited using a `<param>` entry.
Example:
@@ -216,31 +210,32 @@ This will be *virtually* translated for mustaches to the JSON
}
```
-#### param name="#target"
+#### required-permission: param name="#target"
OPTIONAL
-Declares the name of the unit requiring the listed permissions.
-Only one instance of the param "#target" is allowed.
+Declares the name of the unit requiring the listed permissions.
+Only one instance of the param "#target" is allowed.
When there is not instance of this param, it behave as if
the target main was specified.
-#### param name=[required permission name]
+#### required-permission: param name=[required permission name]
The value is either:
- required: the permission is mandatorily needed except if the feature
-isn't required (required="false") and in that case it is optional.
+ isn't required (required="false") and in that case it is optional.
- optional: the permission is optional
-
-### feature name="urn:AGL:widget:provided-unit"
+### provided-unit: feature name="urn:AGL:widget:provided-unit"
This feature is made for declaring new units
-for the widget. Using this feature, a software publisher
+for the widget.
+Using this feature, a software publisher
can provide more than one application in the same widget.
Example:
+
```xml
<feature name="urn:AGL:widget:provided-unit">
<param name="#target" value="geoloc" />
@@ -251,6 +246,7 @@ Example:
```
This will be *virtually* translated for mustaches to the JSON
+
```json
{
"#target":"geoloc",
@@ -263,41 +259,40 @@ This will be *virtually* translated for mustaches to the JSON
}
```
-#### param name="#target"
+#### provided-unit: param name="#target"
REQUIRED
Declares the name of the unit. The default unit, the unit
-of the main of the widget, has the name "main". The value
-given here must be unique within the widget file. It will
-be used in other places of the widget config.xml file to
+of the main of the widget, has the name "main".
+The value given here must be unique within the widget file.
+It will be used in other places of the widget config.xml file to
designate the unit.
-Only one instance of the param "#target" is allowed.
+Only one instance of the param "#target" is allowed.
The value can't be "main".
-#### param name="content.type"
+#### provided-unit: param name="content.type"
REQUIRED
The mimetype of the provided unit.
-#### param name="content.src"
+#### provided-unit: param name="content.src"
-A path to the
+A path to the source
#### other parameters
The items that can be set for the main unit
can also be set using the params if needed.
- - description
- - name.content
- - name.short
- - ...
+- description
+- name.content
+- name.short
+- ...
-
-### feature name="urn:AGL:widget:provided-api"
+### provided-api: feature name="urn:AGL:widget:provided-api"
Use this feature for exporting one or more API of a unit
to other widgets of the platform.
@@ -329,78 +324,70 @@ This will be *virtually* translated for mustaches to the JSON
],
```
-#### param name="#target"
-
+#### provided-api: param name="#target"
OPTIONAL
-Declares the name of the unit exporting the listed apis.
-Only one instance of the param "#target" is allowed.
+Declares the name of the unit exporting the listed apis.
+Only one instance of the param "#target" is allowed.
When there is not instance of this param, it behave as if
the target main was specified.
-
-#### param name=[name of exported api]
+#### provided-api: param name=[name of exported api]
The name give the name of the api that is exported.
The value is one of the following values:
- - ws:
-
- export the api using UNIX websocket
-
- - dbus:
-
- export the API using dbus
+- ws:
+ export the api using UNIX websocket
- - auto:
+- dbus:
+ export the API using dbus
- export the api using the default method(s).
+- auto:
+ export the api using the default method(s).
-
-Known content types
--------------------
+## Known content types
The configuration file ***/etc/afm/afm-unit.conf*** defines
how to create systemd units for widgets.
Known types for the type of content are:
-- ***text/html***:
- HTML application,
- content.src designates the home page of the application
+- ***text/html***:
+ HTML application,
+ content.src designates the home page of the application
-- ***application/vnd.agl.native***
- AGL compatible native,
- content.src designates the relative path of the binary.
+- ***application/vnd.agl.native***
+ AGL compatible native,
+ content.src designates the relative path of the binary.
-- ***application/vnd.agl.service***:
- AGL service, content.src is not used.
+- ***application/vnd.agl.service***:
+ AGL service, content.src is not used.
-- ***application/x-executable***:
- Native application,
- content.src designates the relative path of the binary.
- For such application, only security setup is made.
+- ***application/x-executable***:
+ Native application,
+ content.src designates the relative path of the binary.
+ For such application, only security setup is made.
Adding more types is easy, it just need to edit the configuration
file ***afm-unit.conf***.
-### Older content type currently not supported at the moment.
+### Older content type currently not supported at the moment
This types were defined previously when the framework was not
-leveraging systemd. The transition to systemd let these types
-out at the moment.
+leveraging systemd.
+The transition to systemd let these types out at the moment.
- ***application/vnd.agl.url***
- ***text/vnd.qt.qml***, ***application/vnd.agl.qml***
- ***application/vnd.agl.qml.hybrid***
- ***application/vnd.agl.html.hybrid***
-
<!-- pagebreak -->
-The configuration file afm-unit.conf
-====================================
+
+## The configuration file afm-unit.conf
The integration of the framework with systemd
mainly consists of creating the systemd unit
@@ -410,9 +397,9 @@ of the installed widgets.
This configuration file named `afm-unit.conf` installed
on the system with the path `/etc/afm/afm-unit.conf`
describes how to generate all units from the *config.xml*
-configuration files of widgets. The description uses an extended
-version of the templating formalism of [mustache][]
-to describes all the units.
+configuration files of widgets.
+The description uses an extended version of the templating
+formalism of [mustache][] to describes all the units.
Let present how it works using the following diagram that
describes graphically the workflow of creating the unit
@@ -423,8 +410,8 @@ file of the widget `config.xml`:
In a first step, and because [mustache][] is intended
to work on JSON representations, the configuration file is
-translated to an internal JSON representation. This
-representation is shown along the examples of the documentation
+translated to an internal JSON representation.
+This representation is shown along the examples of the documentation
of the config files of widgets.
In a second step, the mustache template `afm-unit.conf`
@@ -432,49 +419,43 @@ is instantiated using the C library [mustach][] that follows
the rules of [mustache][mustache] and with all its available
extensions:
- - use of colon (:) for explicit substitution
- - test of values with = or =!
+- use of colon (:) for explicit substitution
+- test of values with = or =!
In a third step, the result of instantiating `afm-unit.conf`
-for the widget is split in units. To achieve that goal,
-the lines containing specific directives are searched.
-Any directive occupy one full line. The directives are:
-
- - %nl
-
- Produce an empty line at the end
-
- - %begin systemd-unit
- - %end systemd-unit
-
- Delimit the produced unit, its begin and its end
-
- - %systemd-unit user
- - %systemd-unit system
-
- Tells the kind of unit (user/system)
-
- - %systemd-unit service NAME
- - %systemd-unit socket NAME
-
- Gives the name and type (service or socket) of the unit.
- The extension is automatically computed from the type
- and must not be set in the name.
-
- - %systemd-unit wanted-by NAME
-
- Tells to install a link to the unit in the wants of NAME
+for the widget is split in units.
+To achieve that goal, the lines containing specific directives are searched.
+Any directive occupy one full line.
+The directives are:
+
+- %nl
+ Produce an empty line at the end
+- %begin systemd-unit
+- %end systemd-unit
+ Delimit the produced unit, its begin and its end
+- %systemd-unit user
+- %systemd-unit system
+ Tells the kind of unit (user/system)
+- %systemd-unit service NAME
+- %systemd-unit socket NAME
+ Gives the name and type (service or socket) of the unit.
+ The extension is automatically computed from the type
+ and must not be set in the name.
+- %systemd-unit wanted-by NAME
+ Tells to install a link to the unit in the wants of NAME
Then the computed units are then written to the filesystem
and inserted in systemd.
The generated unit files will contain variables for internal
-use of the framework. These variables are starting with `X-AFM-`.
+use of the framework.
+These variables are starting with `X-AFM-`.
The variables starting with `X-AFM-` but not with `X-AFM--` are
-the public variables. These variables will be returned by the
+the public variables.
+These variables will be returned by the
framework as the details of an application (see **afm-util detail ...**).
-Variables starting with `X-AFM--` are private to the framework.
+Variables starting with `X-AFM--` are private to the framework.
By example, the variable `X-AFM--http-port` is used to
record the allocated port for applications.
@@ -495,6 +476,3 @@ record the allocated port for applications.
[tizen-security]: https://wiki.tizen.org/wiki/Security "Tizen security home page"
[tizen-secu-3]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview "Tizen 3 security overview"
[semantic-version]: http://semver.org/ "Semantic versioning"
-
-
-
diff --git a/docs/3-permissions.md b/docs/3-permissions.md
index 480bfef..957478e 100644
--- a/docs/3-permissions.md
+++ b/docs/3-permissions.md
@@ -1,42 +1,47 @@
-The permissions
-===============
+# The permissions
-
-Permission's names
-------------------
+## Permission's names
The proposal here is to specify a naming scheme for permissions
-that allows the system to be as stateless as possible. The current
-specification includes in the naming of permissions either
+that allows the system to be as stateless as possible.
+The current specification includes in the naming of permissions either
the name of the bound binding when existing and the level of the
-permission itself. Doing this, there is no real need for the
+permission itself.
+Doing this, there is no real need for the
framework to keep installed permissions in a database.
The permission names are [URN][URN] of the form:
- urn:AGL:permission:<api>:<level>:<hierarchical-name>
+```bash
+ urn:AGL:permission:<api>:<level>:<hierarchical-name>
+```
-where "AGL" is the NID (the namespace identifier) dedicated to
-AGL (note: a RFC should be produced to standardize this name space).
+where "AGL" is the NID (the namespace identifier) dedicated to AGL.
+(note: a RFC should be produced to standardize this name space)
The permission names are made of NSS (the namespace specific string)
starting with "permission:" and followed by colon separated
-fields. The 2 first fields are `<api>` and `<level>` and the remaining
+fields.
+The 2 first fields are `<api>` and `<level>` and the remaining
fields are grouped to form the `<hierarchical-name>`.
- <api> ::= [ <pname> ]
+```bash
+ <api> ::= [ <pname> ]
- <pname> ::= 1*<pchars>
+ <pname> ::= 1*<pchars>
- <pchars> ::= <upper> | <lower> | <number> | <extra>
+ <pchars> ::= <upper> | <lower> | <number> | <extra>
- <extra> ::= "-" | "." | "_" | "@"
+ <extra> ::= "-" | "." | "_" | "@"
+```
The field `<api>` can be made of any valid character for NSS except
-the characters colon and star (:*). This field designates the api
-providing the permission. This scheme is used to deduce binding requirements
-from permission requirements. The field `<api>` can be the empty
-string when the permission is defined by the AGL system itself.
+the characters colon and star (:*).
+This field designates the api providing the permission.
+This scheme is used to deduce binding requirements
+from permission requirements.
+The field `<api>` can be the empty string when the permission
+is defined by the AGL system itself.
[PROPOSAL 1] The field `<api>` if starting with the character "@" represents
a transversal/cross permission not bound to any binding.
@@ -46,35 +51,35 @@ in addition to a permission not bound to any binding, represents a
permission that must be set at installation and that can not be
revoked later.
- <level> ::= 1*<lower>
+ <level> ::= 1*<lower>
-The field `<level>` is made only of letters in lower case.
+The field `<level>` is made only of letters in lower case.
The field `<level>` can only take some predefined values:
- - system
- - platform
- - partner
- - tiers
- - owner
- - public
+- system
+- platform
+- partner
+- tiers
+- owner
+- public
The field `<hierarchical-name>` is made of `<pname>` separated
by colons.
- <hierarchical-name> ::= <pname> 0*(":" <pname>)
+ <hierarchical-name> ::= <pname> 0*(":" <pname>)
The names at left are hierarchically grouping the
-names at right. This hierarchical behaviour is intended to
+names at right.
+This hierarchical behaviour is intended to
be used to request permissions using hierarchical grouping.
-
-Permission value
-----------------
+## Permission value
In some case, it could be worth to add a value to a permission.
Currently, the framework allows it for permissions linked to
-systemd. But this not currently used.
+systemd.
+But this not currently used.
Conversely, permissions linked to cynara can't carry data
except in their name.
@@ -82,61 +87,37 @@ except in their name.
Thus to have a simple and cleaner model, it is better to forbid
attachment of value to permission.
-
-Example of permissions
-----------------------
-
-Here is a list of some possible permissions. These
-permissions are available the 17th of March 2017.
-
- - urn:AGL:permission::platform:no-oom
-
- Set OOMScoreAdjust=-500 to keep the out-of-memory
- killer away.
-
- - urn:AGL:permission::partner:real-time
-
- Set IOSchedulingClass=realtime to give to the process
- realtime scheduling.
-
- Conversely, not having this permission set RestrictRealtime=on
- to forbid realtime features.
-
- - urn:AGL:permission::public:display
-
- Adds the group "display" to the list of supplementary groups
- of the process.
-
- - urn:AGL:permission::public:syscall:clock
-
- Without this permission SystemCallFilter=~@clock is set to
- forfid call to clock.
-
- - urn:AGL:permission::public:no-htdocs
-
- The http directory served is not "htdocs" but "."
-
- - urn:AGL:permission::public:applications:read
-
- Allows to read data of installed applications (and to
- access icons).
-
- - urn:AGL:permission::partner:service:no-ws
-
- Forbids services to provide its API through websocket.
-
- - urn:AGL:permission::partner:service:no-dbus
-
- Forbids services to provide its API through D-Bus.
-
- - urn:AGL:permission::system:run-by-default
-
- Starts automatically the application. Example: home-screen.
-
- - http://tizen.org/privilege/internal/dbus
-
- Permission to use D-Bus.
-
+## Example of permissions
+
+Here is a list of some possible permissions.
+These permissions are available the 17th of March 2017.
+
+- urn:AGL:permission::platform:no-oom
+ Set OOMScoreAdjust=-500 to keep the out-of-memory
+ killer away.
+- urn:AGL:permission::partner:real-time
+ Set IOSchedulingClass=realtime to give to the process
+ realtime scheduling.
+ Conversely, not having this permission set RestrictRealtime=on
+ to forbid realtime features.
+- urn:AGL:permission::public:display
+ Adds the group "display" to the list of supplementary groups
+ of the process.
+- urn:AGL:permission::public:syscall:clock
+ Without this permission SystemCallFilter=~@clock is set to
+ forfid call to clock.
+- urn:AGL:permission::public:no-htdocs
+ The http directory served is not "htdocs" but "."
+- urn:AGL:permission::public:applications:read
+ Allows to read data of installed applications (and to
+ access icons).
+- urn:AGL:permission::partner:service:no-ws
+ Forbids services to provide its API through websocket.
+- urn:AGL:permission::partner:service:no-dbus
+ Forbids services to provide its API through D-Bus.
+- urn:AGL:permission::system:run-by-default
+ Starts automatically the application. Example: home-screen.
+- <http://tizen.org/privilege/internal/dbus>
+ Permission to use D-Bus.
[URN]: https://tools.ietf.org/rfc/rfc2141.txt "RFC 2141: URN Syntax"
-
diff --git a/docs/4-quick-tutorial.md b/docs/4-quick-tutorial.md
index 2ed7cf9..6ab07b7 100644
--- a/docs/4-quick-tutorial.md
+++ b/docs/4-quick-tutorial.md
@@ -1,199 +1,263 @@
+# AGL Application Framework: A Quick Tutorial
-AGL Application Framework: A Quick Tutorial
-===========================================
+## Introduction
-Introduction
-------------
-This document proposes a quick tutorial to demonstrate the major functionalities of the AGL Application Framework. For more complete information, please refer to the inline documentation available in the main git repository:
+This document proposes a quick tutorial to demonstrate the major
+functionalities of the AGL Application Framework.
+For more complete information, please refer to the inline documentation
+available in the main git repository:
[https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-main]
[https://gerrit.automotivelinux.org/gerrit/#/admin/projects/src/app-framework-binder]
-
-For more information on AGL, please visit:
+For more information on AGL, please visit:
[https://www.automotivelinux.org/]
----------
-Sample applications
--------------------
-4 sample applications (.wgt files) are prebuilt and available at the following address:
+## Sample applications
+
+4 sample applications (.wgt files) are prebuilt and available at the following address:
[https://github.com/iotbzh/afm-widget-examples]
You can get them by cloning this git repository on your desktop (will be useful later in this tutorial):
-```
-$ git clone https://github.com/iotbzh/afm-widget-examples
+```bash
+git clone https://github.com/iotbzh/afm-widget-examples
```
-Using the CLI tool
-------------------
+## Using the CLI tool
### Setup Environment
+
Connect your AGL target board to the network and copy some sample widgets on it through SSH (set BOARDIP with your board IP address) :
-```
-$ cd afm-widget-examples
-$ BOARDIP=1.2.3.4
-$ scp *.wgt root@$BOARDIP:~/
+```bash
+cd afm-widget-examples
+BOARDIP=1.2.3.4
+scp *.wgt root@$BOARDIP:~/
```
Connect through SSH on the target board and check for Application Framework daemons:
- $ ssh root@$BOARDIP
- root@porter:~# ps -ef|grep bin/afm
- afm 409 1 0 13:00 ? 00:00:00 /usr/bin/afm-system-daemon
- root 505 499 0 13:01 ? 00:00:00 /usr/bin/afm-user-daemon
- root 596 550 0 13:22 pts/0 00:00:00 grep afm
+```bash
+$ ssh root@$BOARDIP
+root@porter:~# ps -ef|grep bin/afm
+afm 409 1 0 13:00 ? 00:00:00 /usr/bin/afm-system-daemon
+root 505 499 0 13:01 ? 00:00:00 /usr/bin/afm-user-daemon
+root 596 550 0 13:22 pts/0 00:00:00 grep afm
+```
We can see that there are two daemons running:
-* **afm-system-daemon** runs with a system user 'afm' and is responsible for installing/uninstalling packages
-* **afm-user-daemon** runs as a user daemon (currently as root because it's the only real user on the target board) and is responsible for the whole life cycle of the applications running inside the user session.
-The application framework has a tool running on the Command Line Interface (CLI). Using the **afm-util** command, you can install, uninstall, list, run, pause ... applications.
+* **afm-system-daemon** runs with a system user 'afm' and is responsible for
+ installing/uninstalling packages
+* **afm-user-daemon** runs as a user daemon (currently as root because it's the
+ only real user on the target board) and is responsible for the whole life
+ cycle of the applications running inside the user session.
+
+The application framework has a tool running on the
+Command Line Interface (CLI).
+Using the **afm-util** command, you can install, uninstall, list, run, pause ... applications.
To begin, run '**afm-util help**' to get a quick help on commands:
- root@porter:~# afm-util help
- usage: afm-util command [arg]
+```bash
+root@porter:~# afm-util help
+usage: afm-util command [arg]
+```
- The commands are:
+The commands are:
- list
- runnables list the runnable widgets installed
+```bash
+list
+runnables list the runnable widgets installed
- add wgt
- install wgt install the wgt file
+add wgt
+install wgt install the wgt file
- remove id
- uninstall id remove the installed widget of id
+remove id
+uninstall id remove the installed widget of id
- info id
- detail id print detail about the installed widget of id
+info id
+detail id print detail about the installed widget of id
- ps
- runners list the running instance
+ps
+runners list the running instance
- run id
- start id start an instance of the widget of id
+run id
+start id start an instance of the widget of id
- kill rid
- terminate rid terminate the running instance rid
+kill rid
+terminate rid terminate the running instance rid
- status rid
- state rid get status of the running instance rid
+status rid
+state rid get status of the running instance rid
+```
### Install an application
You can then install your first application:
- root@porter:~# afm-util install /home/root/annex.wgt
- { "added": "webapps-annex@0.0" }
+```bash
+root@porter:~# afm-util install /home/root/annex.wgt
+{ "added": "webapps-annex@0.0" }
+```
Let's install a second application:
- root@porter:~# afm-util install /home/root/memory-match.wgt
- { "added": "webapps-memory-match@1.1" }
+```bash
+root@porter:~# afm-util install /home/root/memory-match.wgt
+{ "added": "webapps-memory-match@1.1" }
+```
Note that usually, **afm-util** will return a **JSON result**, which is the common format for messages returned by the Application Framework daemons.
### List installed applications
+
You can then list all installed applications:
- root@porter:~# afm-util list
- [ { "id": "webapps-annex@0.0", "version": "0.0.10", "width": 0, "height": 0, "name": "Annex", "description": "Reversi\/Othello", "shortname": "", "author": "Todd Brandt <todd.e.brandt@intel.com>" },
- { "id": "webapps-memory-match@1.1", "version": "1.1.7", "width": 0, "height": 0, "name": "MemoryMatch", "description": "Memory match", "shortname": "", "author": "Todd Brandt <todd.e.brandt@intel.com>" } ]
+```bash
+root@porter:~# afm-util list
+[ { "id": "webapps-annex@0.0", "version": "0.0.10", "width": 0, "height": 0, "name": "Annex", "description": "Reversi\/Othello", "shortname": "", "author": "Todd Brandt <todd.e.brandt@intel.com>" },
+{ "id": "webapps-memory-match@1.1", "version": "1.1.7", "width": 0, "height": 0, "name": "MemoryMatch", "description": "Memory match", "shortname": "", "author": "Todd Brandt <todd.e.brandt@intel.com>" } ]
+```
Here, we can see the two previously installed applications.
### Get information about an application
+
Let's get some details about the first application:
- root@porter:~# afm-util info webapps-annex@0.0
- { "id": "webapps-annex@0.0", "version": "0.0.10", "width": 0, "height": 0, "name": "Annex", "description": "Reversi\/Othello", "shortname": "", "author": "Todd Brandt <todd.e.brandt@intel.com>" }
+```bash
+root@porter:~# afm-util info webapps-annex@0.0
+{ "id": "webapps-annex@0.0", "version": "0.0.10", "width": 0, "height": 0, "name": "Annex", "description": "Reversi\/Othello", "shortname": "", "author": "Todd Brandt <todd.e.brandt@intel.com>" }
+```
-Note that AGL applications are mostly handled by afm-util through their IDs. In our example, the application ID is 'webapps-annex@0.0'.
+Note: that AGL applications are mostly handled by afm-util through their IDs.
+In our example, the application ID is 'webapps-annex@0.0'.
### Start application
+
Let's start the first application Annex:
- root@porter:~# afm-util start webapps-annex@0.0
- 1
+```bash
+root@porter:~# afm-util start webapps-annex@0.0
+1
+```
As the application is a HTML5 game, you should then get a webview running with QML on the board display.
### Security Context
-The application has been started in the user session, with a dedicated security context, enforced by SMACK. To illustrate this, we can take a look at the running processes and their respective SMACK labels:
- root@porter:~# ps -efZ |grep webapps-annex | grep -v grep
- User::App::webapps-annex root 716 491 0 13:19 ? 00:00:00 /usr/bin/afb-daemon --mode=local --readyfd=8 --alias=/icons /usr/share/afm/icons --port=12348 --rootdir=/usr/share/afm/applications/webapps-annex/0.0 --token=7D6D2F16 --sessiondir=/home/root/app-data/webapps-annex/.afb-daemon
- User::App::webapps-annex root 717 491 0 13:19 ? 00:00:00 /usr/bin/qt5/qmlscene http://localhost:12348/index.html?token=7D6D2F16 /usr/bin/web-runtime-webkit.qml
+The application has been started in the user session, with a dedicated security context, enforced by SMACK.
+To illustrate this, we can take a look at the running processes and their respective SMACK labels:
+
+```bash
+root@porter:~# ps -efZ |grep webapps-annex | grep -v grep
+User::App::webapps-annex root 716 491 0 13:19 ? 00:00:00 /usr/bin/afb-daemon --mode=local --readyfd=8 --alias=/icons /usr/share/afm/icons --port=12348 --rootdir=/usr/share/afm/applications/webapps-annex/0.0 --token=7D6D2F16 --sessiondir=/home/root/app-data/webapps-annex/.afb-daemon
+User::App::webapps-annex root 717 491 0 13:19 ? 00:00:00 /usr/bin/qt5/qmlscene http://localhost:12348/index.html?token=7D6D2F16 /usr/bin/web-runtime-webkit.qml
+```
In the previous result, we see that the application is composed of two processes:
+
* the application binder (afb-daemon)
* the application UI (qmlscene ...)
-While most system processes run with the label 'System', we see that the application runs with a specific SMACK label 'User::App::webapps-annex': this label is used to force the application to follow a Mandatory Access Control (MAC) scheme. This means that those processes run in their own security context, isolated from the rest of the system (and other applications). Global security rules can then be applied to restrict access to all other user or system resources.
+While most system processes run with the label 'System', we see that the
+application runs with a specific SMACK label 'User::App::webapps-annex': this
+label is used to force the application to follow
+a Mandatory Access Control (MAC) scheme.
+This means that those processes run in their own security context,
+isolated from the rest of the system (and other applications).
+Global security rules can then be applied to restrict access
+to all other user or system resources.
### Check running applications
+
To check for running applications, just run:
- root@porter:~# afm-util ps
- [ { "runid": 1, "state": "running", "id": "webapps-annex@0.0" } ]
+```bash
+root@porter:~# afm-util ps
+[ { "runid": 1, "state": "running", "id": "webapps-annex@0.0" } ]
+```
-The 'runid' is the application instance ID and is used as an argument for the subcommands controlling the application runtime state (kill/pause/resume/status)
+The 'runid' is the application instance ID and is used as an argument for the
+subcommands controlling the application runtime state (kill/pause/resume/status)
### Uninstall application
+
To uninstall an application, simply use its ID:
- root@porter:~# afm-util uninstall webapps-annex@0.0
- true
+```bash
+root@porter:~# afm-util uninstall webapps-annex@0.0
+true
+```
Then list the installed apps to confirm the removal:
- root@porter:~# afm-util list
- [ { "id": "webapps-memory-match@1.1", "version": "1.1.7", "width": 0, "height": 0, "name": "MemoryMatch", "description": "Memory match", "shortname": "", "author": "Todd Brandt <todd.e.brandt@intel.com>" } ]
+```bash
+root@porter:~# afm-util list
+[ { "id": "webapps-memory-match@1.1", "version": "1.1.7", "width": 0, "height": 0, "name": "MemoryMatch", "description": "Memory match", "shortname": "", "author": "Todd Brandt <todd.e.brandt@intel.com>" } ]
+```
-afm-client: a sample HTML5 'Homescreen'
----------------------------------------
+## afm-client: a sample HTML5 'Homescreen'
**afm-client** is a HTML5 UI that allows to install/uninstall applications as well as starting/pausing them as already demonstrated with afm-util.
-The HTML5 UI is accessible remotely through this URL:
-http://[board_ip]:1234/opa?token=132456789
+The HTML5 UI is accessible remotely through this URL:
+<http://[board_ip]:1234/opa?token=132456789>
### Installing an application
-By clicking on the '**Upload**' button on the right, you can send an application package (WGT file) and install it. Select for example the file '**rabbit.wgt**' that was cloned initially from the git repository afm-widget-examples.
+By clicking on the '**Upload**' button on the right,
+you can send an application package (WGT file) and install it.
+Select for example the file '**rabbit.wgt**' that was cloned initially
+ from the git repository afm-widget-examples.
-Then a popup requester ask for a confirmation: 'Upload Application rabbit.wgt ?'. Click on the '**Install**' button.
+Then a popup requester ask for a confirmation:
+'Upload Application rabbit.wgt ?'. Click on the '**Install**' button.
-You should then see some changes in the toolbar: a new icon appeared, representing the freshly installed application.
+You should then see some changes in the toolbar:
+a new icon appeared, representing the freshly installed application.
### Running an application
-In the toolbar, click on the button representing the Rabbit application. You'll get a popup asking to:
+
+In the toolbar, click on the button representing the Rabbit application.
+You'll get a popup asking to:
+
* start the application
* or get some info about it
* or uninstall it
-Click on the 'start' item: the application starts and should be visible as a webview on the target board display. Note that at this point, we could also run the application remotely, that is in the same browser as the Homescreen app. By default, the application framework is configured to run applications 'locally' on the board display.
+Click on the 'start' item: the application starts and should be visible
+ as a webview on the target board display.
+Note that at this point, we could also run the application remotely,
+that is in the same browser as the Homescreen app.
+By default, the application framework is configured
+to run applications 'locally' on the board display.
### Uninstalling an application
-From the same popup menu, you can select 'uninstall' to remove the application from the system. As a consequence, the application icon should disappear from the toolbar.
+From the same popup menu, you can select 'uninstall'
+to remove the application from the system.
+As a consequence, the application icon should disappear from the toolbar.
-afb-client: a template for Angular Applications
------------------------------------------------
+## afb-client: a template for Angular Applications
-Another package '**afb-client**' is also available for testing.
-This is a sample HTML5 application demonstrating various basic capabilities of the Binder daemon. It can be used by developers as a template to start writing real AGL Applications.
+Another package '**afb-client**' is also available for testing.
+This is a sample HTML5 application demonstrating various basic
+capabilities of the Binder daemon.
+It can be used by developers as a template to start writing real AGL Applications.
This application is not available as WGT file yet and it should be started manually without any specific security context:
- root@porter:~# /usr/bin/afb-daemon --port=1235 --token='' --sessiondir=/home/root/.afm-daemon --rootdir=/usr/share/agl/afb-client --alias=/icons:/usr/share/afm/icons
+```bash
+root@porter:~# /usr/bin/afb-daemon --port=1235 --token='' --sessiondir=/home/root/.afm-daemon --rootdir=/usr/share/agl/afb-client --alias=/icons:/usr/share/afm/icons
+```
-Then you can access it from a browser:
-http://[board_ip]:1235/opa/?token=132456789
+Then you can access it from a browser:
+<http://[board_ip]:1235/opa/?token=132456789>
afb-client is a simple application to demonstrate the built-in capabilities of the binder daemon (handling sessions and security tokens, testing POSTs uploads...) and was used during the application framework development to validate the proposed features.
diff --git a/docs/5-frameworks.md b/docs/5-frameworks.md
index fb73ff2..6170421 100644
--- a/docs/5-frameworks.md
+++ b/docs/5-frameworks.md
@@ -1,15 +1,12 @@
-Application framework
-=====================
+# Application framework
-Foreword
---------
+## Foreword
-This document describes application framework fundamentals.
-FCS (Fully Conform to Specification) implementation is still under development.
+This document describes application framework fundamentals.
+FCS (Fully Conform to Specification) implementation is still under development.
It may happen that current implementation somehow diverges with specifications.
-Overview
---------
+## Overview
The application framework on top of the security framework
provides components to install and uninstall applications
@@ -23,12 +20,15 @@ application framework directly, but to rework a new framework inspired from Tize
fundamentals remain identical: the applications are distributed
in a digitally signed container that should match widget specifications
-normalized by the W3C. This is described by the technical
-recommendations [Packaged Web Apps (Widgets)](http://www.w3.org/TR/widgets) and [XML Digital Signatures for Widgets](http://www.w3.org/TR/widgets-digsig) of the W3 consortium.
+normalized by the W3C.
+This is described by the technical recommendations
+[Packaged Web Apps (Widgets)](http://www.w3.org/TR/widgets) and
+[XML Digital Signatures for Widgets](http://www.w3.org/TR/widgets-digsig)
+ of the W3 consortium.
As today this model allows the distribution of HTML, QML and binary applications
but it could be extended to any other class of applications.
-The management of widget package signatures.
+The management of widget package signatures.
Current model is only an initial step, it might be extended in the
future to include new feature (ie: incremental delivery).
diff --git a/docs/5.1-application-framework.md b/docs/5.1-application-framework.md
index 942ff9c..71044d2 100644
--- a/docs/5.1-application-framework.md
+++ b/docs/5.1-application-framework.md
@@ -1,41 +1,36 @@
-Comparison to other frameworks
-------------------------------
+# Comparison to other frameworks
- - Tizen framework
+- Tizen framework
+- xdg-app
+- ostro
- - xdg-app
-
- - ostro
-
-### Organization of directory of applications ###
+## Organization of directory of applications
The main path for applications are: APPDIR/PKGID/VER.
Where:
- - APPDIR is as defined above
- - PKGID is a directory whose name is the package identifier
- - VER is the version of the package MAJOR.MINOR
+- APPDIR is as defined above
+- PKGID is a directory whose name is the package identifier
+- VER is the version of the package MAJOR.MINOR
-The advantage of such an organization is to allow several versions to live together.
+The advantage of such an organization is to allow several versions to live together.
This is required for multiple reasons (ie: roll back) and to comply with developers habits.
-#### Identity of installed files ####
+### Identity of installed files
-All the files are installed as user "userapp" and group "userapp".
+All the files are installed as user "userapp" and group "userapp".
All files have rw(x) for user and r-(x) for group and others.
This allows any user to read files.
+### Labeling the directories of applications
-#### Labeling the directories of applications ####
-
-
-### Organization of data ###
+## Organization of data
The data of a user are contain within its directory and are labeled using the application labels
-### Setting Smack rules for the application ###
+## Setting Smack rules for the application
For Tizen, the following rules are set by the security manager for each application.
@@ -58,9 +53,9 @@ For Tizen, the following rules are set by the security manager for each applicat
Here, ~PKG~ is the identifier of the package and ~APP~ is the identifier of the application.
-### What user can run an application? ###
+## What user can run an application`?`
-Not all user are able to run all applications.
+Not all user are able to run all applications.
How to manage that?
[meta-intel]: https://github.com/01org/meta-intel-iot-security "A collection of layers providing security technologies"
@@ -77,5 +72,3 @@ How to manage that?
[app-manifest]: http://www.w3.org/TR/appmanifest "Web App Manifest"
[tizen-security]: https://wiki.tizen.org/wiki/Security "Tizen security home page"
[tizen-secu-3]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview "Tizen 3 security overview"
-
-
diff --git a/docs/5.2-security-framework.md b/docs/5.2-security-framework.md
index 45f1851..c1fff24 100644
--- a/docs/5.2-security-framework.md
+++ b/docs/5.2-security-framework.md
@@ -1,11 +1,8 @@
-
-The security framework
-======================
+# The security framework
NOT STARTED !!!!!!
-Setting Smack rules for the application
----------------------------------------
+## Setting Smack rules for the application
For Tizen, the following rules are set by the security manager for each application.
@@ -28,14 +25,11 @@ For Tizen, the following rules are set by the security manager for each applicat
Here, ~PKG~ is the identifier of the package and ~APP~ is the identifier of the application.
-What user can run an application?
----------------------------------------
+## What user can run an application`?`
-Not all user are able to run all applications.
+Not all user are able to run all applications.
How to manage that?
-
-
[meta-intel]: https://github.com/01org/meta-intel-iot-security "A collection of layers providing security technologies"
[widgets]: http://www.w3.org/TR/widgets "Packaged Web Apps"
[widgets-digsig]: http://www.w3.org/TR/widgets-digsig "XML Digital Signatures for Widgets"
@@ -50,7 +44,3 @@ How to manage that?
[app-manifest]: http://www.w3.org/TR/appmanifest "Web App Manifest"
[tizen-security]: https://wiki.tizen.org/wiki/Security "Tizen security home page"
[tizen-secu-3]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview "Tizen 3 security overview"
-
-
-
-