Application framework

version: 1
Date:    29 mai 2016
Author:  José Bollo

Foreword

This document describes what we intend to do. It may happen that our current implementation and the content of this document differ.

In case of differences, it is assumed that this document is right and the implementation is wrong.

Overview

The application framework on top of the security framework provides the components to install and uninstall applications and to run it in a secured environment.

The goal is to manage applications and to hide the details of the security framework to the applications.

For the reasons explained in introduction, we did not used the application framework of Tizen as is but used an adaptation of it.

The basis is kept identical: the applications are distributed in a digitally signed container that must match the specifications of widgets (web applications). This is described by the technical recomendations widgets and widgets-digsig of the W3 consortium.

This model allows the distribution of HTML, QML and binary applications.

The management of signatures of the widget packages This basis is not meant as being rigid and it can be extended in the futur to include for example incremental delivery.

Comparison to other frameworks

Tizen framework

xdg-app

ostro

Organisation of directory of applications

The main path for applivcations are: APPDIR/PKGID/VER.

Where:

This organisation has the advantage to allow several versions to leave together. This is needed for some good reasons (rolling back) and also for less good reasons (user habits).

Identity of installed files

All the files are installed as the user “userapp” and group “userapp”. All files have rw(x) for user and r-(x) for group and others.

This allows any user to read the files.

Labelling the directories of applications

Organisation of data

The data of a user are in its directory and are labelled using the labels of the application

Setting Smack rules for the application

For Tizen, the following rules are set by the security manager for each application.

System ~APP~             rwx
System ~PKG~             rwxat
System ~PKG~::RO         rwxat
~APP~  System            wx
~APP~  System::Shared    rxl
~APP~  System::Run       rwxat
~APP~  System::Log       rwxa
~APP~  _                 l
User   ~APP~             rwx
User   ~PKG~             rwxat
User   ~PKG~::RO         rwxat
~APP~  User              wx
~APP~  User::Home        rxl
~APP~  User::App::Shared rwxat
~APP~  ~PKG~             rwxat
~APP~  ~PKG~::RO         rxl

Here, ~PKG~ is the identifier of the package and ~APP~ is the identifier of the application.

What user can run an application?

Not all user are able to run all applications. How to manage that?