Security/Tizen 2.X Debugging Environment
Tizen provides Smart Development Bridge as an application development interface. sdb performs very privileged features such as installing and removing applications, launching and killing applications and ptracing them, but at the same time sdb should be sandboxed and limited for unauthorized actions. This characteristic makes sdb as a very unique entity for security perspective and obviously requires careful security consideration.
Please refer to User ID & Group ID section.
/usr/sbin/sdbd is labeled as "sdbd", so all of the processes launched by sdbd will obtain sdbd label unless the executable file has SMACK64EXEC label. In the device, there are number of Smack rules related to sdbd, and most of them indicate accesses from/to sdbd.
For web application development, a special entity Remote inspector is used which works as a virtual web server in the system and communicate with host PC via IP over USB. But IP communication is access controlled by http://tizen.org/privilege/internet privilege, developing web application would not be able to communicate with inspector properly when the application does not declare the privilege. To support this feature, we Smack labeled IP address 10.0.2.2 and 10.0.2.16 as "system::debugging_network", and sdbd has rule for allowing communication. In addition, sdbd adds Smack rules when a new application is being installed by sdbd which means a developing application. This can be shown on
/sys/fs/smackfs/netlabel . Please refer to Smack session.
Ptrace is used for precise debugging and profiling for developing application, however performing ptrace to an arbitrary process can be a serious security hole in terms of a platform security. At the same time, such a platform should support ptrace feature to debug the application accurately. This is a challenging issue for platform security and we applied brilliant feature on ptrace.
Recent kernel patch for Smack ptrace patch is applied and the configuration is set to '1' on
/sys/fs/smackfs/ptrace . Since it only allows to ptrace between same labeled processes, sdbd launches gdb-server with same label of the debugging application, then attach to the debugging application. This feature fortify the platform from arbitrary ptracing.