Security/Tizen 2.X libprivilege-control

From Tizen Wiki
Jump to: navigation, search

Overview

  • The libprivilege-control library is used to
    • Drop the privilege of root process to non-root process. (In Tizen 2.3, this account is 'app')
      • In case of some service daemons, they have 'root' privilege because be executed by init.d in the past (not now).
      • In case of application, they are 'root' because the launchpad-daemon is 'root'.
    • Apply privilege to installing 3rd party applications(native, web).
      • Apply smack rule by privilege(s) that they have.
      • Those rules are stored in the database and loaded when each booting time.


Change privilege when launching applications.

  • Change user account of launched application which has root to app account.
  • This functionality was developed originally for applications not launched by AUL, but this is no longer used because those applications will have app account by systemd.

Libprivilege-control pig1.png

Give smack label to home / media directory, network label.

  • This is performed by 'smack-default-labeling' script. And this is performed by systemd - smack-default-service.service.
  • The home directory(/opt/home/app/) will have system::homedir label and the media directory(/opt/usr/media/) will have system::media label.
    These all directories will have transmute attribute, therefore all the files and directories written in the above directories also same labels.
  • All externel network packets will have system::use_internet label. And the packets generated by IPv6 also have system::use_internet label now.


When installing 3rd party application, insert smack rules / uninstalling, delete rules.

  • Applying privileges
    • The main objective of privilege is informing what does this application do to User. And this is used to give authority for specific job by privilege 'level'.
    • All the 3rd party applications will have privilege(s). The developer selects proper privilege(s) on SDK. If no privilege is selected, that application have default rules.
    • The smack rules are given by selected privilege, and you can see this privilege-smack rule mapping on smack-privilege-config module.
    • All privileges are divided by level, smack rules given by privilege are stored in DB and loaded.
    • When installing application, DB is updated and rules are applied; uninstalling application, DB is also updated and rules are deleted.
  • The level of privilege.
    • public level : all developer can use without restriction
    • partner level : permitted to second partner developer
    • platform level : permitted to internal developers
  • The privilege DB
    • Use Sqilte 3 Database for updating smack rules during runtime.
    • The smack rules in DB are loaded into kernel memory when booting.
    • The DB has privilege information at the beginning.

Development Guide (Link)