doc/application-framework.html


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149

<html>
<head>
  <link rel="stylesheet" type="text/css" href="doc.css">
  <meta charset="UTF-8">
</head>
<body>
<a name="Application.framework"></a>
<h1>Application framework</h1>

<pre><code>version: 1
Date:    30 mai 2016
Author:  José Bollo
</code></pre>

<p><ul>
 <li><a href="#Application.framework">Application framework</a>
 <ul>
  <li><a href="#Foreword">Foreword</a></li>
  <li><a href="#Overview">Overview</a></li>
  <li><a href="#Comparison.to.other.frameworks">Comparison to other frameworks</a>
  <ul>
   <li><a href="#Tizen.framework">Tizen framework</a></li>
   <li><a href="#xdg-app">xdg-app</a></li>
   <li><a href="#ostro">ostro</a>
</li>
  </ul>
  </li>
 </ul>
 </li>
 <li><a href="#organization.of.directory.of.applications">organization of directory of applications</a>
 <ul>
  <li><a href="#Identity.of.installed.files">Identity of installed files</a></li>
  <li><a href="#labeling.the.directories.of.applications">labeling the directories of applications</a></li>
 </ul>
 </li>
 <li><a href="#organization.of.data">organization of data</a></li>
 <li><a href="#Setting.Smack.rules.for.the.application">Setting Smack rules for the application</a></li>
 <li><a href="#What.user.can.run.an.application.">What user can run an application?</a></li>
</ul></p>

<a name="Foreword"></a>
<h2>Foreword</h2>

<p>This document describes application framework fundamentals.
FCF (Fully Conform to Specification) implementation is still under development.
It may happen that current implementation somehow diverges with specifications.</p>

<a name="Overview"></a>
<h2>Overview</h2>

<p>The application framework on top of the security framework
provides components to install and uninstall applications
as well as to run them in a secured environment.</p>

<p>The goal of the framework is to manage applications and hide security details
to applications.</p>

<p>For the reasons explained in introduction, it was choose not to reuse Tizen
application framework directly, but to rework a new framework inspired from Tizen.</p>

<p>fundamentals remain identical: the applications are distributed
in a digitally signed container that should match widget specifications
normalized by the W3C. This is described by the technical
recommendations <a href="http://www.w3.org/TR/widgets" title="Packaged Web Apps">widgets</a> and <a href="http://www.w3.org/TR/widgets-digsig" title="XML Digital Signatures for Widgets">widgets-digsig</a> of the W3 consortium.</p>

<p>As today this model allows the distribution of HTML, QML and binary applications
but it could be extended to any other class of applications.</p>

<p>The management of widget package signatures.
Current model is only an initial step, it might be extended in the
future to include new feature (ie: incremental delivery).</p>

<a name="Comparison.to.other.frameworks"></a>
<h2>Comparison to other frameworks</h2>

<a name="Tizen.framework"></a>
<h3>Tizen framework</h3>

<a name="xdg-app"></a>
<h3>xdg-app</h3>

<a name="ostro"></a>
<h3>ostro</h3>

<a name="organization.of.directory.of.applications"></a>
<h1>organization of directory of applications</h1>

<p>The main path for applications are: APPDIR/PKGID/VER.</p>

<p>Where:</p>

<ul>
<li>APPDIR is as defined above</li>
<li>PKGID is a directory whose name is the package identifier</li>
<li>VER is the version of the package MAJOR.MINOR</li>
</ul>


<p>The advantage of such an organization is to allow several versions to live together.
This is required for multiple reasons (ie: roll back) and to comply with developers habits.</p>

<a name="Identity.of.installed.files"></a>
<h2>Identity of installed files</h2>

<p>All the files are installed as user &ldquo;userapp&rdquo; and group &ldquo;userapp&rdquo;.
All files have rw(x) for user and r-(x) for group and others.</p>

<p>This allows any user to read files.</p>

<a name="labeling.the.directories.of.applications"></a>
<h2>labeling the directories of applications</h2>

<a name="organization.of.data"></a>
<h1>organization of data</h1>

<p>The data of a user are contain within its directory and are labeled using the application labels</p>

<a name="Setting.Smack.rules.for.the.application"></a>
<h1>Setting Smack rules for the application</h1>

<p>For Tizen, the following rules are set by the security manager for each application.</p>

<pre><code>System ~APP~             rwx
System ~PKG~             rwxat
System ~PKG~::RO         rwxat
~APP~  System            wx
~APP~  System::Shared    rxl
~APP~  System::Run       rwxat
~APP~  System::Log       rwxa
~APP~  _                 l
User   ~APP~             rwx
User   ~PKG~             rwxat
User   ~PKG~::RO         rwxat
~APP~  User              wx
~APP~  User::Home        rxl
~APP~  User::App::Shared rwxat
~APP~  ~PKG~             rwxat
~APP~  ~PKG~::RO         rxl
</code></pre>

<p>Here, ~PKG~ is the identifier of the package and ~APP~ is the identifier of the application.</p>

<a name="What.user.can.run.an.application."></a>
<h1>What user can run an application?</h1>

<p>Not all user are able to run all applications.
How to manage that?</p>
</body>
</html>