/* * Copyright (C) 2016 "IoT.bzh" * Author Fulup Ar Foll * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, something express or implied. * See the License for the specific language governing permissions and * limitations under the License. * * Reference: * Json load using json_unpack https://jansson.readthedocs.io/en/2.9/apiref.html#parsing-and-validating-values */ #define _GNU_SOURCE #include #include #include "ctl-config.h" int PluginGetCB (AFB_ApiT apiHandle, CtlActionT *action , json_object *callbackJ) { const char *plugin=NULL, *function=NULL; json_object *argsJ; int idx; if (!ctlPlugins) { AFB_ApiError(apiHandle, "PluginGetCB plugin section missing cannot call '%s'", json_object_get_string(callbackJ)); return 1; } int err = wrap_json_unpack(callbackJ, "{ss,ss,s?o!}", "plugin", &plugin, "function", &function, "args", &argsJ); if (err) { AFB_ApiError(apiHandle, "PluginGet missing plugin|function|[args] in %s", json_object_get_string(callbackJ)); return 1; } for (idx=0; ctlPlugins[idx].uid != NULL; idx++) { if (!strcasecmp (ctlPlugins[idx].uid, plugin)) break; } if (!ctlPlugins[idx].uid) { AFB_ApiError(apiHandle, "PluginGetCB no plugin with uid=%s", plugin); return 1; } action->exec.cb.funcname = function; action->exec.cb.callback = dlsym(ctlPlugins[idx].dlHandle, function); action->exec.cb.plugin= &ctlPlugins[idx]; if (!action->exec.cb.callback) { AFB_ApiError(apiHandle, "PluginGetCB no plugin=%s no function=%s", plugin, function); return 1; } return 0; } // Wrapper to Lua2c plugin command add context and delegate to LuaWrapper static int DispatchOneL2c(void* luaState, char *funcname, Lua2cFunctionT callback) { #ifndef CONTROL_SUPPORT_LUA fprintf(stderr, "CTL-ONE-L2C: LUA support not selected (cf:CONTROL_SUPPORT_LUA) in config.cmake"); return 1; #else int err=Lua2cWrapper(luaState, funcname, callback); return err; #endif } static int PluginLoadCOne(AFB_ApiT apiHandle, const char *pluginpath, json_object *lua2csJ, const char *lua2c_prefix, void * handle, CtlPluginT *ctlPlugin) { void *dlHandle = dlopen(pluginpath, RTLD_NOW); if (!dlHandle) { AFB_ApiError(apiHandle, "CTL-PLUGIN-LOADONE Fail to load pluginpath=%s err= %s", pluginpath, dlerror()); return -1; } CtlPluginMagicT *ctlPluginMagic = (CtlPluginMagicT*) dlsym(dlHandle, "CtlPluginMagic"); if (!ctlPluginMagic || ctlPluginMagic->magic != CTL_PLUGIN_MAGIC) { AFB_ApiError(apiHandle, "CTL-PLUGIN-LOADONE symbol'CtlPluginMagic' missing or != CTL_PLUGIN_MAGIC plugin=%s", pluginpath); return -1; } else { AFB_ApiNotice(apiHandle, "CTL-PLUGIN-LOADONE %s successfully registered", ctlPluginMagic->uid); } // store dlopen handle to enable onload action at exec time ctlPlugin->dlHandle = dlHandle; #ifndef AFB_BINDING_PREV3 // Jose hack to make verbosity visible from sharelib with API-V2 struct afb_binding_data_v2 *afbHidenData = dlsym(dlHandle, "afbBindingV2data"); if (afbHidenData) *afbHidenData = afbBindingV2data; #endif // Push lua2cWrapper @ into plugin Lua2cWrapperT *lua2cInPlug = dlsym(dlHandle, "Lua2cWrap"); #ifndef CONTROL_SUPPORT_LUA if (lua2cInPlug) *lua2cInPlug = NULL; #else // Lua2cWrapper is part of binder and not expose to dynamic link if (lua2csJ && lua2cInPlug) { *lua2cInPlug = (Lua2cWrapperT)DispatchOneL2c; int Lua2cAddOne(luaL_Reg *l2cFunc, const char* l2cName, int index) { if(ctlPlugin->ctlL2cFunc->l2cCount) {index += ctlPlugin->ctlL2cFunc->l2cCount+1;} char *funcName; size_t p_length = 6 + strlen(l2cName); funcName = malloc(p_length + 1); strncpy(funcName, "lua2c_", p_length); strncat(funcName, l2cName, p_length - strlen (funcName)); Lua2cFunctionT l2cFunction = (Lua2cFunctionT) dlsym(dlHandle, funcName); if (!l2cFunction) { AFB_ApiError(apiHandle, "CTL-PLUGIN-LOADONE symbol'%s' missing err=%s", funcName, dlerror()); return 1; } l2cFunc[index].func = (void*) l2cFunction; l2cFunc[index].name = strdup(l2cName); return 0; } int count = 0, errCount = 0; luaL_Reg *l2cFunc = NULL; if(!ctlPlugin->ctlL2cFunc) { ctlPlugin->ctlL2cFunc = calloc(1, sizeof(CtlLua2cFuncT)); } ctlPlugin->ctlL2cFunc->prefix = (lua2c_prefix) ? lua2c_prefix : ctlPlugin->uid; // look on l2c command and push them to LUA if (json_object_get_type(lua2csJ) == json_type_array) { size_t length = json_object_array_length(lua2csJ); l2cFunc = calloc(length + ctlPlugin->ctlL2cFunc->l2cCount + 1, sizeof (luaL_Reg)); for (count = 0; count < length; count++) { int err; const char *l2cName = json_object_get_string(json_object_array_get_idx(lua2csJ, count)); err = Lua2cAddOne(l2cFunc, l2cName, count); if (err) errCount++; } } else { l2cFunc = calloc(2 + ctlPlugin->ctlL2cFunc->l2cCount, sizeof (luaL_Reg)); const char *l2cName = json_object_get_string(lua2csJ); errCount = Lua2cAddOne(l2cFunc, l2cName, count); count++; } if (errCount) { AFB_ApiError(apiHandle, "CTL-PLUGIN-LOADONE %d symbols not found in plugin='%s'", errCount, pluginpath); return -1; } int total = ctlPlugin->ctlL2cFunc->l2cCount + count; if(ctlPlugin->ctlL2cFunc->l2cCount) { for (int offset = ctlPlugin->ctlL2cFunc->l2cCount; offset < total; offset++) { int index = offset - ctlPlugin->ctlL2cFunc->l2cCount; l2cFunc[index] = ctlPlugin->ctlL2cFunc->l2cFunc[index]; } free(ctlPlugin->ctlL2cFunc->l2cFunc); } ctlPlugin->ctlL2cFunc->l2cFunc = l2cFunc; ctlPlugin->ctlL2cFunc->l2cCount = total; LuaL2cNewLib(ctlPlugin->ctlL2cFunc->l2cFunc, ctlPlugin->ctlL2cFunc->l2cCount, ctlPlugin->ctlL2cFunc->prefix); } #endif DispatchPluginInstallCbT ctlPluginOnload = dlsym(dlHandle, "CtlPluginOnload"); if (ctlPluginOnload) { ctlPlugin->api = apiHandle; if((*ctlPluginOnload) (ctlPlugin, handle)) { AFB_ApiError(apiHandle, "Plugin Onload function hasn't finish well. Abort initializati
# Comparison to other frameworks

- Tizen framework
- xdg-app
- ostro

## Organization of directory of applications

The main path for applications are: APPDIR/PKGID/VER.

Where:

- APPDIR is as defined above
- PKGID is a directory whose name is the package identifier
- VER is the version of the package MAJOR.MINOR

The advantage of such an organization is to allow several versions to live together.  
This is required for multiple reasons (ie: roll back) and to comply with developers habits.

### Identity of installed files

All the files are installed as user "userapp" and group "userapp".  
All files have rw(x) for user and r-(x) for group and others.

This allows any user to read files.

### Labeling the directories of applications

## Organization of data

The data of a user are contain within its directory and are labeled using the application labels

## Setting Smack rules for the application

For Tizen, the following rules are set by the security manager for each application.

    System ~APP~             rwx
    System ~PKG~             rwxat
    System ~PKG~::RO         rwxat
    ~APP~  System            wx
    ~APP~  System::Shared    rxl
    ~APP~  System::Run       rwxat
    ~APP~  System::Log       rwxa
    ~APP~  _                 l
    User   ~APP~             rwx
    User   ~PKG~             rwxat
    User   ~PKG~::RO         rwxat
    ~APP~  User              wx
    ~APP~  User::Home        rxl
    ~APP~  User::App::Shared rwxat
    ~APP~  ~PKG~             rwxat
    ~APP~  ~PKG~::RO         rxl

Here, ~PKG~ is the identifier of the package and ~APP~ is the identifier of the application.

## What user can run an application`?`

Not all user are able to run all applications.  
How to manage that?

[meta-intel]:       https://github.com/01org/meta-intel-iot-security                "A collection of layers providing security technologies"
[widgets]:          http://www.w3.org/TR/widgets                                    "Packaged Web Apps"
[widgets-digsig]:   http://www.w3.org/TR/widgets-digsig                             "XML Digital Signatures for Widgets"
[libxml2]:          http://xmlsoft.org/html/index.html                              "libxml2"
[openssl]:          https://www.openssl.org                                         "OpenSSL"
[xmlsec]:           https://www.aleksey.com/xmlsec