Security/Tizen 4.X Security Manager

From Tizen Wiki
Jump to: navigation, search

Introduction

Security-manager on Tizen 4.X supports the same mechanisms as Security Manager for Tizen 3.X. This page describes new mechanism introduced in Tizen 4.X.

Features & API Overview

Application lifetime support

Application access policy management

Mount namespaces

The mechanism was introduced in security-manager release 1.2.27 and was successively improved in further releases. It provides isolation of the list of mount points seen by the application in each namespace instance. Thus, the applications in each of the mount namespace instances will see distinct single-directory hierarchies.

The functionality uses setns [1] function and because of that it requires CAP_SYS_ADMIN capability and kernel 3.8+. It means that the launcher that uses the security-manager API needs to have CAP_SYS_ADMIN capability.

The mount namespaces support is detected in runtime. If it is not supported, privileges are handled by groups. If mount namespaces support is detected, application launches in mount namespace and http://tizen.org/privilege/externalstorage privilege is mapped to /opt/media filesystem directory while http://tizen.org/privilege/mediastorage privilege is mapped to /opt/usr/media filesystem directory. If application privilege status is set to deny, the directories are bind mounted to dummy directory and there is no access to filesystem.