Security/Tizen 3.X Security Manager/Private sharing

From Tizen Wiki
Jump to: navigation, search

Background

Basically, all applications are sandboxed in Tizen, so any application cannot access to data of other applications. But in special situation, there was a request to share one application's data with other applications, so new method of sharing data only for designated receiver has been added.

Purpose

One application shares its data with another application. It is shared in a way that uses the API explicitly, when it is used, releases the sharing explicitly as well. When rebooting, the sharing is released. Restrict the data that can be shared to to data directory of an application. (/home/owner/apps/$pkg_id/data/)

How to share

An application that wants to share configures its application id (owner_app_id), target application id (target_app_id) and shared resource file list (file path).

  • Set smack label : The security-manager makes and changes the smack label for shared resources. The smack label is made based on the owner_app_id. For more information, please refer the generateSharedPrivateLabel function in src/common/smack-label.cpp in security-manager repository.
  • Set smack rule : The owner application will have all rules (rwxat), and the target application will have rxl rules.

The smack labels and rules are valid until 1) released by calling the function explicitly (security_manager_private_sharing_drop) or 2) rebooted the target.

How to use

The functions of the security-manager is not opened to the applications directly. These functions are provided to internal modules and applications can use this functionality by app-control. (need to ask to appfw)