summaryrefslogtreecommitdiffstats
path: root/doc/afm-system-daemon.md
diff options
context:
space:
mode:
Diffstat (limited to 'doc/afm-system-daemon.md')
-rw-r--r--doc/afm-system-daemon.md91
1 files changed, 91 insertions, 0 deletions
diff --git a/doc/afm-system-daemon.md b/doc/afm-system-daemon.md
new file mode 100644
index 0000000..980f634
--- /dev/null
+++ b/doc/afm-system-daemon.md
@@ -0,0 +1,91 @@
+
+The afm-system-daemon
+=====================
+
+ version: 1
+ Date: 14 March 2016
+ Author: José Bollo
+
+
+Organisation of directory of applications
+=========================================
+
+The main path for applivcations are: APPDIR/PKGID/VER.
+
+Where:
+
+ - APPDIR is as defined above
+ - PKGID is a directory whose name is the package identifier
+ - VER is the version of the package MAJOR.MINOR
+
+This organisation has the advantage to allow several versions to leave together.
+This is needed for some good reasons (rolling back) and also for less good reasons (user habits).
+
+Identity of installed files
+---------------------------
+
+All the files are installed as the user "userapp" and group "userapp".
+All files have rw(x) for user and r-(x) for group and others.
+
+This allows any user to read the files.
+
+
+Labelling the directories of applications
+-----------------------------------------
+
+
+Organisation of data
+====================
+
+The data of a user are in its directory and are labelled using the labels of the application
+
+Setting Smack rules for the application
+=======================================
+
+For Tizen, the following rules are set by the security manager for each application.
+
+ System ~APP~ rwx
+ System ~PKG~ rwxat
+ System ~PKG~::RO rwxat
+ ~APP~ System wx
+ ~APP~ System::Shared rxl
+ ~APP~ System::Run rwxat
+ ~APP~ System::Log rwxa
+ ~APP~ _ l
+ User ~APP~ rwx
+ User ~PKG~ rwxat
+ User ~PKG~::RO rwxat
+ ~APP~ User wx
+ ~APP~ User::Home rxl
+ ~APP~ User::App::Shared rwxat
+ ~APP~ ~PKG~ rwxat
+ ~APP~ ~PKG~::RO rxl
+
+Here, ~PKG~ is the identifier of the package and ~APP~ is the identifier of the application.
+
+What user can run an application?
+=================================
+
+Not all user are able to run all applications.
+How to manage that?
+
+
+
+
+[meta-intel]: https://github.com/01org/meta-intel-iot-security "A collection of layers providing security technologies"
+[widgets]: http://www.w3.org/TR/widgets "Packaged Web Apps"
+[widgets-digsig]: http://www.w3.org/TR/widgets-digsig "XML Digital Signatures for Widgets"
+[libxml2]: http://xmlsoft.org/html/index.html "libxml2"
+[openssl]: https://www.openssl.org "OpenSSL"
+[xmlsec]: https://www.aleksey.com/xmlsec "XMLSec"
+[json-c]: https://github.com/json-c/json-c "JSON-c"
+[d-bus]: http://www.freedesktop.org/wiki/Software/dbus "D-Bus"
+[libzip]: http://www.nih.at/libzip "libzip"
+[cmake]: https://cmake.org "CMake"
+[security-manager]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Security_Manager "Security-Manager"
+[app-manifest]: http://www.w3.org/TR/appmanifest "Web App Manifest"
+[tizen-security]: https://wiki.tizen.org/wiki/Security "Tizen security home page"
+[tizen-secu-3]: https://wiki.tizen.org/wiki/Security/Tizen_3.X_Overview "Tizen 3 security overview"
+
+
+