blob: 3b62cb764b5a29b2833ad23d9c4bdb92bdab9f2e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
<html>
<head>
<link rel="stylesheet" type="text/css" href="doc.css">
<meta charset="UTF-8">
</head>
<body>
<a name="Application.framework"></a>
<h1>Application framework</h1>
<pre><code>version: 1
Date: 15 March 2016
Author: José Bollo
</code></pre>
<a name="Foreword"></a>
<h2>Foreword</h2>
<p>This document describes what we intend to do. It may happen that our
current implementation and the content of this document differ.</p>
<p>In case of differences, it is assumed that this document is right
and the implementation is wrong.</p>
<a name="Overview"></a>
<h2>Overview</h2>
<p>The application framework on top of the security framework
provides the components to install and uninstall applications
and to run it in a secured environment.</p>
<p>The goal is to manage applications and to hide the details of
the security framework to the applications.</p>
<p>For the reasons explained in introduction, we did not used the
application framework of Tizen as is but used an adaptation of it.</p>
<p>The basis is kept identical: the applications are distributed
in a digitally signed container that must match the specifications
of widgets (web applications). This is described by the technical
recomendations <a href="http://www.w3.org/TR/widgets" title="Packaged Web Apps">widgets</a> and <a href="http://www.w3.org/TR/widgets-digsig" title="XML Digital Signatures for Widgets">widgets-digsig</a> of the W3 consortium.</p>
<p>This model allows the distribution of HTML, QML and binary applications.</p>
<p>The management of signatures of the widget packages
This basis is not meant as being rigid and it can be extended in the
futur to include for example incremental delivery.</p>
<a name="Comparison.to.other.frameworks"></a>
<h2>Comparison to other frameworks</h2>
<a name="Tizen.framework"></a>
<h3>Tizen framework</h3>
<a name="xdg-app"></a>
<h3>xdg-app</h3>
<a name="ostro"></a>
<h3>ostro</h3>
<a name="Organisation.of.directory.of.applications"></a>
<h1>Organisation of directory of applications</h1>
<p>The main path for applivcations are: APPDIR/PKGID/VER.</p>
<p>Where:</p>
<ul>
<li>APPDIR is as defined above</li>
<li>PKGID is a directory whose name is the package identifier</li>
<li>VER is the version of the package MAJOR.MINOR</li>
</ul>
<p>This organisation has the advantage to allow several versions to leave together.
This is needed for some good reasons (rolling back) and also for less good reasons (user habits).</p>
<a name="Identity.of.installed.files"></a>
<h2>Identity of installed files</h2>
<p>All the files are installed as the user “userapp” and group “userapp”.
All files have rw(x) for user and r-(x) for group and others.</p>
<p>This allows any user to read the files.</p>
<a name="Labelling.the.directories.of.applications"></a>
<h2>Labelling the directories of applications</h2>
<a name="Organisation.of.data"></a>
<h1>Organisation of data</h1>
<p>The data of a user are in its directory and are labelled using the labels of the application</p>
<a name="Setting.Smack.rules.for.the.application"></a>
<h1>Setting Smack rules for the application</h1>
<p>For Tizen, the following rules are set by the security manager for each application.</p>
<pre><code>System ~APP~ rwx
System ~PKG~ rwxat
System ~PKG~::RO rwxat
~APP~ System wx
~APP~ System::Shared rxl
~APP~ System::Run rwxat
~APP~ System::Log rwxa
~APP~ _ l
User ~APP~ rwx
User ~PKG~ rwxat
User ~PKG~::RO rwxat
~APP~ User wx
~APP~ User::Home rxl
~APP~ User::App::Shared rwxat
~APP~ ~PKG~ rwxat
~APP~ ~PKG~::RO rxl
</code></pre>
<p>Here, ~PKG~ is the identifier of the package and ~APP~ is the identifier of the application.</p>
<a name="What.user.can.run.an.application."></a>
<h1>What user can run an application?</h1>
<p>Not all user are able to run all applications.
How to manage that?</p>
</body>
</html>
|