Application framework/model (AppFw)

The application framework manages:

  • The applications and services management: Installing, Uninstalling, Listing, …
  • The life cycle of applications: Start -> (Pause, Resume) -> Stop.
  • Events and signals propagation.
  • Privileges granting and checking.
  • API for interaction with applications.
  • The security model refers to the security model used to ensure security and to the tools that are provided for implementing that model. It’s an implementation detail that should not impact the layers above the application framework.

  • The security model refers to how DAC (Discretionary Access Control), MAC (Mandatory Access Control) and Capabilities are used by the system to ensure security and privacy. It also includes features of reporting using audit features and by managing logs and alerts.

The AppFw uses the security model to ensure the security and the privacy of the applications that it manages. It must be compliant with the underlying security model. But it should hide it to the applications.

Domain Object Recommendations
Platform-AGLFw-AppFw-1 Security model Use the AppFw as Security model.

See AGL AppFw Privileges Management and AGL - Application Framework Documentation for more information.

Cynara

There’s a need for another mechanism responsible for checking applicative permissions: Currently in AGL, this task depends on a policy-checker service (Cynara).

  • Stores complex policies in databases.
  • “Soft” security (access is checked by the framework).

Cynara interact with D-Bus in order to deliver this information.

Domain Object Recommendations
Platform-AGLFw-Cynara-1 Permissions Use Cynara as policy-checker service.

Policies

  • Policy rules:

    • Are simple - for pair [application context, privilege] there is straight answer (single Policy Type): [ALLOW / DENY / …].
    • No code is executed (no script).
    • Can be easily cached and managed.
  • Application context (describes id of the user and the application credentials) It is build of:

    • UID of the user that runs the application.
    • SMACK label of application.

Holding policies

Policies are kept in buckets. Buckets are set of policies which have additional a property of default answer, the default answer is yielded if no policy matches searched key. Buckets have names which might be used in policies (for directions).