Security/Tizen 2.X smack-privilege-config

From Tizen Wiki
Jump to: navigation, search

The application developers don't need to know about Smack at all

Tizen support privileges for API permission that application developers only need to concern about necessary privileges during application development. Therefore the application developers don't need any knowledge about Smack. This is the motivation of smack-privilege-config.

Smack-privilege-config-diagram revised.png


Smack-privilege-config is set of Smack rule templates. Each template has one or several Smack rules which are mapped to a privilege.


The extension of each template file is .smack and they are located in /usr/share/privilege-control.

Name of a template file is decided via below rule.


For example, if application type is native (aka. EFL), and privilege is reading contact, then name of smack file is
If application type is web-runtime, and privilege is launching application, then name of smack file is WRT_org.tizen.privilege.application.launch.smack

There is non-privilege in case of basic rules for application if it runs without privilege. In that case, the name of smack file is EFL.smack or WRT.smack.

Refer to privilege, [APP_TYPE]_partner.smack or [APP_TYPE]_platform.smack would be defined. These partner and platform are distinguished per certificate by cert-svc.

Rule composition

Each template file is composed of one or multiple rules. Below is example of WRT.smack(There are almost 120 rules, below is just some of all rules)

 ~APP~ ail::db rwxa-
 ~APP~ calendar-service w----
 ~APP~ dbus rwxa-
 dbus ~APP~ rwxa-
 e17 ~APP~ rwxa-

~APP~ is a tag of ID of the application. When an application is installed, this field will be replaced by the application ID. libprivilege-control takes care of privilege and does mapping between privilege and smack rule based on smack-privilege-config.

Defining those rules is a very tough task. We used UTC(TestCase) for rule finding tool However this approach is highly dependent on code coverage of test cases, so developer should not be convinced by the test result.

Backward compatibility

If application is created by Tizen-2.2 SDK, we have to support the backward compatibility on Tizen 2.3 device even though there are multiple privileges are newly introduced and deprecated. So, assigning proper Smack rules for given privilege based on the application's API version is important.

Smack-privilege-config divides into 2 directories of template files per platform version.


To assign proper Smack rules, installer checks version of application by the application manifest file, calls API of libprivilege-control, perm_app_set_privilege_version passing version of the application. Then the API sets Smack rules based on platform version(searching smack file on 2.2 or 2.3 directory) and stores it into database.

int perm_app_set_privilege_version(const char* const s_app_label_name, const char * const s_version)

In Tizen 2.2, below rules are placed in non-privileged rules - WRT.smack.

Smack file Rule
WRT.smack ~APP~ system::use_internet rw
system::use_internet ~APP~ rw
~APP~ privilege::tizen::call rw

Those rules have been moved to each smack file in Tizen 2.3 since new privileges have been added.

Privilege Type Smack file WRT WRT_org.tizen.privilege.internet.smack WRT

Smack rules of each smack file is described below.

Smack file Rule
WRT_org.tizen.privilege.internet.smack ~APP~ system::use_internet rw
system::use_internet ~APP~ rw ~APP~ privilege::tizen::call rw

As a result, WRT_org.tizen.privilege.internet.smack and are only placed in /usr/share/privilege-control/2.3, and WRT.smack has difference between 2.2 and 2.3.