Security/Tizen 2.X smack-privilege-config
The application developers don't need to know about Smack at all
Tizen support privileges for API permission that application developers only need to concern about necessary privileges during application development. Therefore the application developers don't need any knowledge about Smack. This is the motivation of smack-privilege-config.
Smack-privilege-config is set of Smack rule templates. Each template has one or several Smack rules which are mapped to a privilege.
The extension of each template file is .smack and they are located in /usr/share/privilege-control.
Name of a template file is decided via below rule.
if application type is native (aka. EFL), and privilege is reading contact, then name of smack file is EFL_org.tizen.privilege.contact.read.smack
If application type is web-runtime, and privilege is launching application, then name of smack file is WRT_org.tizen.privilege.application.launch.smack
There is non-privilege in case of basic rules for application if it runs without privilege. In that case, the name of smack file is EFL.smack or WRT.smack.
Each template file is composed of one or multiple rules. Below is example of WRT.smack(There are almost 120 rules, below is just some of all rules)
~APP~ ail::db rwxa- ~APP~ calendar-service w---- ~APP~ dbus rwxa- dbus ~APP~ rwxa- e17 ~APP~ rwxa-
~APP~ is a tag of ID of the application. When an application is installed, this field will be replaced by the application ID. libprivilege-control takes care of privilege and does mapping between privilege and smack rule based on smack-privilege-config.
Defining those rules is a very tough task. We used UTC(TestCase) for rule finding tool However this approach is highly dependent on code coverage of test cases, so developer should not be convinced by the test result.
If application is created by Tizen-2.2 SDK, we have to support the backward compatibility on Tizen 2.3 device even though there are multiple privileges are newly introduced and deprecated. So, assigning proper Smack rules for given privilege based on the application's API version is important.
Smack-privilege-config divides into 2 directories of template files per platform version.
To assign proper Smack rules, installer checks version of application by the application manifest file, calls API of libprivilege-control, perm_app_set_privilege_version passing version of the application. Then the API sets Smack rules based on platform version(searching smack file on 2.2 or 2.3 directory) and stores it into database.
int perm_app_set_privilege_version(const char* const s_app_label_name, const char * const s_version)
In Tizen 2.2, below rules are placed in non-privileged rules - WRT.smack.
|WRT.smack||~APP~ system::use_internet rw|
|system::use_internet ~APP~ rw|
|~APP~ privilege::tizen::call rw|
Those rules have been moved to each smack file in Tizen 2.3 since new privileges have been added.
Smack rules of each smack file is described below.
|WRT_org.tizen.privilege.internet.smack||~APP~ system::use_internet rw|
|system::use_internet ~APP~ rw|
|WRT_org.tizen.privilege.call.smack||~APP~ privilege::tizen::call rw|
As a result, WRT_org.tizen.privilege.internet.smack and WRT_org.tizen.privilege.call.smack are only placed in /usr/share/privilege-control/2.3, and WRT.smack has difference between 2.2 and 2.3.