12 The name **afb-daemon** stands for *Application
13 Framework Binder Daemon*. That is why afb-daemon
14 is also named ***the binder***.
16 **Afb-daemon** is in charge to bind one instance of
17 an application to the AGL framework and AGL system.
19 On the following figure, you can use a typical use
22 <a id="binder-fig-basis"><h4>Figure: binder afb-daemon, basis</h4></a>
24 . . . . . . . . . . . . . . . . . . . . . . . . . .
25 . Isolated security context .
27 . +------------------------------+ .
29 . | A P P L I C A T I O N | .
31 . +--------------+---------------+ .
34 . +-------------------+----------------------+ .
37 . | A F B - D A E M O N : PLUGINS | .
39 . +-------------------+----------------------+ .
41 . . . . . . . . . . . . | . . . . . . . . . . . . .
46 The application and its companion binder run in secured and isolated
47 environment set for them. Applications are intended to access to AGL
48 system through the binder.
50 The binder afb-daemon serves multiple purposes:
52 1. It acts as a gateway for the application to access the system;
54 2. It acts as an HTTP server for serving files to HTML5 applications;
56 3. It allows HTML5 applications to have native extensions subject
57 to security enforcement for accessing hardware ressources or
58 for speeding parts of algorithm.
60 Use cases of the binder afb-daemon
61 ----------------------------------
63 This section tries to give a better understanding of the binder
64 usage through several use cases.
66 ### Remotely running application
68 One of the most interresting aspect of using the binder afb-daemon
69 is the ability to run applications remotely. This feature is
70 possible because the binder afb-daemon implements native web
73 So the [figure binder, basis](#binder-fig-1) would become
74 when the application is run remotely:
76 <a id="binder-fig-remote"><h4>Figure: binder afb-daemon and remotely running application</h4></a>
78 +------------------------------+
80 | A P P L I C A T I O N |
82 +--------------+---------------+
88 . . . . . . . . . . . . . . | . . . . . . . . . . . . . .
89 . Isolated security | .
92 . . . . . . . . . . . . . . . . . . . . . . . . . .
94 . . F I R E W A L L . .
96 . . . . . . . . . . . . . . . . . . . . . . . . . .
98 . +-------------------+----------------------+ .
100 . | A F B - D A E M O N : PLUGINS | .
102 . +-------------------+----------------------+ .
104 . . . . . . . . . . . . . . | . . . . . . . . . . . . . .
109 ### Adding native features to HTML5/QML applications
111 Applications can provide with their packaged delivery a plugin.
112 That plugin will be instanciated for each application instance.
113 The methods of the plugin will be accessible by applications and
114 will be excuted within the security context.
116 ### Offering services to the system
118 It is possible to run the binder afb-daemon as a daemon that provides the
121 This will be used for:
123 1. offering common APIs
125 2. provide application's services (services provided as application)
127 In that case, the figure showing the whole aspects is
129 <a id="binder-fig-remote"><h4>Figure: binder afb-daemon for services</h4></a>
131 . . . . . . . . . . . . . . . . . . . . . .
132 . Isolated security context application .
134 . +------------------------------+ .
136 . | A P P L I C A T I O N | .
138 . +--------------+---------------+ . . . . . . . . . . . . . . . . . . . . . . .
139 . | . . Isolated security context A .
141 . +-----------------+------------------+ . . +------------------------------------+ .
143 . | b i n d e r : | . . | b i n d e r : service | .
144 . | A F B - D A E M O N : PLUGINS | . . | A F B - D A E M O N : PLUGINS | .
145 . | : | . . | : A | .
146 . +-----------------+------------------+ . . +-----------------+------------------+ .
148 . . . . . . . . . . | . . . . . . . . . . . . . . . . . . . . . | . . . . . . . . . . .
151 ================================================================================
152 D - B U S & C Y N A R A
153 ================================================================================
156 . . . . . . . . . . | . . . . . . . . . . . . . . . . . . . . . | . . . . . . . . . . .
158 . +-----------------+------------------+ . . +-----------------+------------------+ .
160 . | b i n d e r : service | . . | b i n d e r : service | .
161 . | A F B - D A E M O N : PLUGINS | . . | A F B - D A E M O N : PLUGINS | .
162 . | : B | . . | : C | .
163 . +------------------------------------+ . . +------------------------------------+ .
165 . Isolated security context B . . Isolated security context C .
166 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
169 For this case, the binder afb-daemon takes care to attribute one single session
170 context to each client instance. It allows plugins to store and retrieve data
171 associated to each of its client.
173 The plugins of the binder afb-daemon
174 ------------------------------------
176 The binder can instanciate plugins. The primary use of plugins
177 is to add native methods that can be accessed by applications
178 written with any language through web technologies ala JSON RPC.
180 This simple idea is declined to serves multiple purposes:
182 1. add native feature to applications
184 2. add common API available by any applications
186 3. provide customers services
188 A specific document explains how to write an afb-daemon binder plugin:
189 [HOWTO WRITE a PLUGIN for AFB-DAEMON](afb-plugin-writing.html)
192 Launching the binder afb-daemon
193 -------------------------------
195 The launch options for binder **afb-daemon** are:
199 Prints help with available options
203 Display version and copyright
207 Increases the verbosity, can be repeated
211 HTTP listening TCP port [default 1234]
215 HTTP Root Directory [default $AFBDIR or else $HOME/.AFB]
219 Angular Base Root URL [default /opa]
221 This is used for any application of kind OPA (one page application).
222 When set, any missing document whose url has the form /opa/zzz
223 is translated to /opa/#!zzz
227 HTML Root API URL [default /api]
229 The plugins are available within that url.
233 Maps a path located anywhere in the file system to the
234 a subdirectory. The syntax for mapping a PATH to the
235 subdirectory NAME is: --alias=/NAME:PATH.
237 Example: --alias=/icons:/usr/share/icons maps the
238 content of /usr/share/icons within the subpath /icons.
240 This option can be repeated.
244 Plugin API timeout in seconds [default 20]
246 Defines how many seconds maximum a method is allowed to run.
251 Client Session Timeout in seconds [default 3600]
255 Client cache end of live [default 100000 that is 27,7 hours]
259 Sessions file path [default rootdir/sessions]
263 Maximum count of simultaneous sessions [default 10]
267 Load Plugins from given paths separated by colons
268 as for dir1:dir2:plugin1.so:... [default = $libdir/afb]
270 You can mix path to directories and to plugins.
271 The sub-directories of the given directories are searched
274 The plugins are the files terminated by '.so' (the extension
275 so denotes shared object) that contain the public entry symbol.
279 Load the plugin of given path.
283 Initial Secret token to authenticate.
285 If not set, no client can authenticate.
287 If set to the empty string, then any initial token is accepted.
291 Set the mode: either local, remote or global.
293 The mode indicate if the application is run locally on the host
294 or remotely through network.
298 Set the #fd to signal when ready
300 If set, the binder afb-daemon will write "READY=1\n" on the file
301 descriptor whose number if given (/proc/self/fd/xxx).
305 Transparent binding to a binder afb-daemon service through dbus.
307 It creates an API of name xxxx that is implemented remotely
308 and queried via DBUS.
312 Provides a binder afb-daemon service through dbus.
314 The name xxxx must be the name of an API defined by a plugin.
315 This API is exported through DBUS.
319 Get all in foreground mode (default)
323 Get all in background mode
326 Future development of afb-daemon
327 --------------------------------
329 - The binder afb-daemon would launch the applications directly.
331 - The current setting of mode (local/remote/global) might be reworked to a
332 mechanism for querying configuration variables.
334 - Implements "one-shot" initial token. It means that after its first
335 authenticated use, the initial token is removed and no client can connect
338 - Creates some intrinsic APIs.
340 - Make the service connection using WebSocket not DBUS.
342 - Management of targetted events.
344 - Securisation of LOA.
346 - Integration of the protocol JSON-RPC for the websockets.