-The figure below shows the major components of the framework
-and their interactions going through the following scenario:
-APPLICATION installs an other application and then launch it.
-
- +-----------------------------------------------------------------------+
- | User |
- | ................................ |
- | : Smack isolation context : |
- | : : ........................... |
- | : +-----------------------+ : : Smack isolation context : |
- | : | | : : : |
- | : | APPLICATION | : : OTHER application : |
- | : | | : :.........................: |
- | : +-----------+-----------+ : ^ |
- | : | : | |
- | : |(1),(7) : |(13) |
- | : | : | |
- | : +-----------v-----------+ : +---------+---------------+ |
- | : | binder afb-daemon | : | | |
- | : +-----------------------+ : | afm-user-daemon | |
- | : | afm-main-plugin | : | | |
- | : +-----+--------------+--+ : +------^-------+------+---+ |
- | :........|..............|......: | | : |
- | |(2) |(8) |(10) | : |
- | | | | | : |
- | | +----v--------------------+---+ | : |
- | | | D-Bus session | |(11) :(12) |
- | | +-------------------------+---+ | : |
- | | | | : |
- | | |(9) | : |
- | | | | : |
- :===========|===================================|=======|======:========:
- | | | | : |
- | | +---v-------v--+ : |
- | +------v-------------+ (3) | | : |
- | | D-Bus system +-----------------> CYNARA | : |
- | +------+-------------+ | | : |
- | | +------^-------+ : |
- | |(4) | : |
- | | |(6) v |
- | +------v--------------+ +---------+---------------+ |
- | | | (5) | | |
- | | afm-system-daemon +-------------> SECURITY-MANAGER | |
- | | | | | |
- | +---------------------+ +-------------------------+ |
- | |
- | System |
- +-----------------------------------------------------------------------+
-
-Let follow the sequence of calls:
-
-1. APPLICATION calls its **binder** to install the OTHER application.
-
-2. The plugin **afm-main-plugin** of the **binder** calls, through
- **D-Bus** system, the system daemon to install the OTHER application.
-
-3. The system **D-Bus** checks wether APPLICATION has the permission
- or not to install applications by calling **CYNARA**.
-
-4. The system **D-Bus** transmits the request to **afm-system-daemon**.
-
- **afm-system-daemon** checks the application to install, its
- signatures and rights and install it.
-
-5. **afm-system-daemon** calls **SECURITY-MANAGER** for fullfilling
- security context of the installed application.
-
-6. **SECURITY-MANAGER** calls **CYNARA** to install initial permissions
- for the application.
-
-7. APPLICATION call its binder to start the nearly installed OTHER application.
-
-8. The plugin **afm-main-plugin** of the **binder** calls, through
- **D-Bus** session, the user daemon to launch the OTHER application.
-
-9. The session **D-Bus** checks wether APPLICATION has the permission
- or not to start an application by calling **CYNARA**.
-
-10. The session **D-Bus** transmits the request to **afm-user-daemon**.
-
-11. **afm-user-daemon** checks wether APPLICATION has the permission
- or not to start the OTHER application **CYNARA**.
-
-12. **afm-user-daemon** uses **SECURITY-MANAGER** features to set
- the seciruty context for the OTHER application.
-
-13. **afm-user-daemon** launches the OTHER application.
-
-This scenario does not cover all the features of the frameworks.
-Shortly because details will be revealed in the next chapters,
-the components are:
-
-* ***SECURITY-MANAGER***: in charge of setting Smack contexts and rules,
- of setting groups, and, of creating initial content of *CYNARA* rules
- for applications.
-
-* ***CYNARA***: in charge of handling API access permissions by users and by
- applications.
-
-* ***D-Bus***: in charge of checking security of messaging. The usual D-Bus
- security rules are enhanced by *CYNARA* checking rules.