summaryrefslogtreecommitdiffstats
path: root/docs/application-framework.md
diff options
context:
space:
mode:
authorJosé Bollo <jose.bollo@iot.bzh>2016-10-26 18:24:13 +0200
committerJosé Bollo <jose.bollo@iot.bzh>2016-10-28 15:35:02 +0200
commit4a1409460a7c0a5d26fe10b5f84368b3cb8b8b5a (patch)
tree2ebad5e0b1eca2729c2eda6c1fe029d8e1baef13 /docs/application-framework.md
parent27bb304eee3485c73e1be677fbc820591bacc2f9 (diff)
doc: switch to mkdocs
Signed-off-by: José Bollo <jose.bollo@iot.bzh>
Diffstat (limited to 'docs/application-framework.md')
-rw-r--r--docs/application-framework.md125
1 files changed, 125 insertions, 0 deletions
diff --git a/docs/application-framework.md b/docs/application-framework.md
new file mode 100644
index 0000000..0ebcdb7
--- /dev/null
+++ b/docs/application-framework.md
@@ -0,0 +1,125 @@
+
+Application framework
+=====================
+
+Foreword
+--------
+
+This document describes application framework fundamentals.
+FCF (Fully Conform to Specification) implementation is still under development.
+It may happen that current implementation somehow diverges with specifications.
+
+Overview
+--------
+
+The application framework on top of the security framework
+provides components to install and uninstall applications
+as well as to run them in a secured environment.
+
+The goal of the framework is to manage applications and hide security details
+to applications.
+
+For the reasons explained in introduction, it was choose not to reuse Tizen
+application framework directly, but to rework a new framework inspired from Tizen.
+
+fundamentals remain identical: the applications are distributed
+in a digitally signed container that should match widget specifications
+normalized by the W3C. This is described by the technical
+recommendations [widgets] and [widgets-digsig] of the W3 consortium.
+
+As today this model allows the distribution of HTML, QML and binary applications
+but it could be extended to any other class of applications.
+
+The management of widget package signatures.
+Current model is only an initial step, it might be extended in the
+future to include new feature (ie: incremental delivery).
+
+
+Comparison to other frameworks
+------------------------------
+
+### Tizen framework
+
+### xdg-app
+
+### ostro
+
+organization of directory of applications
+=========================================
+
+The main path for applications are: APPDIR/PKGID/VER.
+
+Where:
+
+ - APPDIR is as defined above
+ - PKGID is a directory whose name is the package identifier
+ - VER is the version of the package MAJOR.MINOR
+
+The advantage of such an organization is to allow several versions to live together.
+This is required for multiple reasons (ie: roll back) and to comply with developers habits.
+
+Identity of installed files
+---------------------------
+
+All the files are installed as user "userapp" and group "userapp".
+All files have rw(x) for user and r-(x) for group and others.
+
+This allows any user to read files.
+
+
+labeling the directories of applications
+-----------------------------------------
+
+
+organization of data
+====================
+
+The data of a user are contain within its directory and are labeled using the application labels
+
+Setting Smack rules for the application
+=======================================
+
+For Tizen, the following rules are set by the security manager for each application.
+
+ System ~APP~ rwx
+ System ~PKG~ rwxat
+ System ~PKG~::RO rwxat
+ ~APP~ System wx
+ ~APP~ System::Shared rxl
+ ~APP~ System::Run rwxat
+ ~APP~ System::Log rwxa
+ ~APP~ _ l
+ User ~APP~ rwx
+ User ~PKG~ rwxat
+ User ~PKG~::RO rwxat
+ ~APP~ User wx
+ ~APP~ User::Home rxl
+ ~APP~ User::App::Shared rwxat
+ ~APP~ ~PKG~ rwxat
+ ~APP~ ~PKG~::RO rxl
+
+Here, ~PKG~ is the identifier of the package and ~APP~ is the identifier of the application.
+
+What user can run an application?
+=================================
+
+Not all user are able to run all applications.
+How to manage that?
+
+
+[meta-intel]: https://github.com/01org/meta-intel-iot-security "A collection of layers providing security technologies"
+[widgets]: http://www.w3.org/TR/widgets "Packaged Web Apps"
+[widgets-digsig]: http://www.w3.org/TR/widgets-digsig "XML Digital Signatures for Widgets"
+[libxml2]: http://xmlsoft.org/html/index.html "libxml2"
+[openssl]: https://www.openssl.org "OpenSSL"
+[xmlsec]: https://www.aleksey.com/xmlsec "XMLSec"
+[json-c]: https://github.com/json-c/json-c "JSON-c"
+[d-bus]: http://www.freedesktop.org/wiki/Software/dbus "D-Bus"
+[libzip]: http://www.nih.at/libzip "libzip"
+[cmake]: https://cmake.org "CMake"
+[security-manager]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Security_Manager "Security-Manager"
+[app-manifest]: http://www.w3.org/TR/appmanifest "Web App Manifest"
+[tizen-security]: https://wiki.tizen.org/wiki/Security "Tizen security home page"
+[tizen-secu-3]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview "Tizen 3 security overview"
+
+