summaryrefslogtreecommitdiffstats
path: root/docs/5.1-application-framework.md
diff options
context:
space:
mode:
authorSebastien Douheret <sebastien.douheret@iot.bzh>2017-06-19 16:52:06 +0200
committerSebastien Douheret <sebastien.douheret@iot.bzh>2017-06-19 18:13:44 +0200
commitd1b49a7d26bf344d9f00ae12144cbcc7d930b08b (patch)
tree58d5276d2b6097e535fe90f447f336b72c4c12e3 /docs/5.1-application-framework.md
parenta07557a06366d5c5ed6e62cd91beb48ae478de1a (diff)
Re-order doc chapters
Change-Id: I44cf2054fa06816480e26fc19b45c6f8a464a708 Signed-off-by: Sebastien Douheret <sebastien.douheret@iot.bzh>
Diffstat (limited to 'docs/5.1-application-framework.md')
-rw-r--r--docs/5.1-application-framework.md118
1 files changed, 118 insertions, 0 deletions
diff --git a/docs/5.1-application-framework.md b/docs/5.1-application-framework.md
new file mode 100644
index 0000000..0b9750d
--- /dev/null
+++ b/docs/5.1-application-framework.md
@@ -0,0 +1,118 @@
+
+Application framework
+=====================
+
+Foreword
+--------
+
+This document describes application framework fundamentals.
+FCS (Fully Conform to Specification) implementation is still under development.
+It may happen that current implementation somehow diverges with specifications.
+
+Overview
+--------
+
+The application framework on top of the security framework
+provides components to install and uninstall applications
+as well as to run them in a secured environment.
+
+The goal of the framework is to manage applications and hide security details
+to applications.
+
+For the reasons explained in introduction, it was choose not to reuse Tizen
+application framework directly, but to rework a new framework inspired from Tizen.
+
+fundamentals remain identical: the applications are distributed
+in a digitally signed container that should match widget specifications
+normalized by the W3C. This is described by the technical
+recommendations [widgets] and [widgets-digsig] of the W3 consortium.
+
+As today this model allows the distribution of HTML, QML and binary applications
+but it could be extended to any other class of applications.
+
+The management of widget package signatures.
+Current model is only an initial step, it might be extended in the
+future to include new feature (ie: incremental delivery).
+
+
+Comparison to other frameworks
+------------------------------
+
+ - Tizen framework
+
+ - xdg-app
+
+ - ostro
+
+### Organization of directory of applications ###
+
+The main path for applications are: APPDIR/PKGID/VER.
+
+Where:
+
+ - APPDIR is as defined above
+ - PKGID is a directory whose name is the package identifier
+ - VER is the version of the package MAJOR.MINOR
+
+The advantage of such an organization is to allow several versions to live together.
+This is required for multiple reasons (ie: roll back) and to comply with developers habits.
+
+#### Identity of installed files ####
+
+All the files are installed as user "userapp" and group "userapp".
+All files have rw(x) for user and r-(x) for group and others.
+
+This allows any user to read files.
+
+
+#### Labeling the directories of applications ####
+
+
+### Organization of data ###
+
+The data of a user are contain within its directory and are labeled using the application labels
+
+### Setting Smack rules for the application ###
+
+For Tizen, the following rules are set by the security manager for each application.
+
+ System ~APP~ rwx
+ System ~PKG~ rwxat
+ System ~PKG~::RO rwxat
+ ~APP~ System wx
+ ~APP~ System::Shared rxl
+ ~APP~ System::Run rwxat
+ ~APP~ System::Log rwxa
+ ~APP~ _ l
+ User ~APP~ rwx
+ User ~PKG~ rwxat
+ User ~PKG~::RO rwxat
+ ~APP~ User wx
+ ~APP~ User::Home rxl
+ ~APP~ User::App::Shared rwxat
+ ~APP~ ~PKG~ rwxat
+ ~APP~ ~PKG~::RO rxl
+
+Here, ~PKG~ is the identifier of the package and ~APP~ is the identifier of the application.
+
+### What user can run an application? ###
+
+Not all user are able to run all applications.
+How to manage that?
+
+[meta-intel]: https://github.com/01org/meta-intel-iot-security "A collection of layers providing security technologies"
+[widgets]: http://www.w3.org/TR/widgets "Packaged Web Apps"
+[widgets-digsig]: http://www.w3.org/TR/widgets-digsig "XML Digital Signatures for Widgets"
+[libxml2]: http://xmlsoft.org/html/index.html "libxml2"
+[openssl]: https://www.openssl.org "OpenSSL"
+[xmlsec]: https://www.aleksey.com/xmlsec "XMLSec"
+[json-c]: https://github.com/json-c/json-c "JSON-c"
+[d-bus]: http://www.freedesktop.org/wiki/Software/dbus "D-Bus"
+[libzip]: http://www.nih.at/libzip "libzip"
+[cmake]: https://cmake.org "CMake"
+[security-manager]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Security_Manager "Security-Manager"
+[app-manifest]: http://www.w3.org/TR/appmanifest "Web App Manifest"
+[tizen-security]: https://wiki.tizen.org/wiki/Security "Tizen security home page"
+[tizen-secu-3]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview "Tizen 3 security overview"
+
+