Security/Tizen 6.X Security Manager

From Tizen Wiki
Jump to: navigation, search

Introduction

Security-manager on Tizen 6.X supports the same mechanisms as Security Manager for Tizen 3.X, Security Manager for Tizen 4.X and later versions. This page describes new mechanisms introduced in Tizen 6.X.

Features & API Overview

Application lifetime support

Application access policy management

Smack rules

Privilege-Smack mapping

Since 1.6.0 version, each Tizen privilege can be mapped to a Smack label and have a Smack rules set, which will be applied whenever an application, which has access to given privilege, is launched.

This is configured using two files:

  • privilege-smack.list - file for mapping privilege to its <Smack label> and the <name of file containing template Smack rules>
  • template Smack rule file or the already provided default file priv-rules-default-template.smack.

Each line of privilege-smack.list mapping file describes privilege mapping to its Smack label and file name of Smack rules template in a format:

<Privilege name> <Privilege Smack label> <file name of Smack rules template file>

Smack rules file name has to correspond to a file existing in privilege-mapping subdirectory of security-manager policy directory (usually /usr/share/security-manager/policy/privilege-mapping/).

The template Smack rules file for privilege Smack mapping should contain only rules consisting of below wildcards:

  • ~PROCESS~ - replaced by application process Smack label
  • ~PRIVILEGE~ - replaced by privilege Smack label (accordingly to privilege-smack.list mapping)
  • ~PATH_RO~, ~PATH_RW~, ~PATH_TRUSTED~ - all application related paths

(for e.g. "~PROCESS~ ~PRIVILEGE~ w", "~PRIVILEGE~ ~PATH_RO~ rx")

Smack template rules file name can have a special value default. For such mapping a default Smack rules template file priv-rules-default-template.smack, provided with security-manager-policy package, will be used. The default file contains rules:

~PRIVILEGE~ ~PROCESS~ w

~PROCESS~ ~PRIVILEGE~ w

These rules can be used for e.g. as part of one of Internet access control mechanisms.

Rules with custom label (not replaceable by wildcard) will be rejected (for e.g. "~PROCESS~ SomeLabel rwx").

IMPORTANT: Privilege-Smack mapping mechanism can be used only, when Tizen is running with single user. Smack rules affect all applications of the same application id or package id, regardless of user context of application process. If situation, when two instances of the same application, but under different user context, is detected, Smack rules generated from privilege mapping will be disabled for these instances.