> -----Original Message----- > From: [email protected] [mailto:dev- > [email protected]] On Behalf Of ??? > Sent: Tuesday, October 15, 2013 2:11 PM > To: [email protected] > Subject: [Dev] 3rd party so library installation feature > > Dear All, > > I want to discuss "3rd party so library installation feature. > > Requirement > > 1. To provide a way to download a necessary shared library from > authorized/dedicated site > 2. If users want to use application B which uses a shared library, > they download that library from the site by themselves. > 3. When another application C requires the same library later, > users can use it without additional download. > 4. When the end user tries to remove application B owning the > shared library that is required for other installed applications, > the platform should warn the user that designated applications > would not work correctly if the library is removed. > 5. The platform should provide a naming service for the installed > shared library so that any 3rd party application using it may > locate and use (load) it without knowing the specific id of the > owning package/application. > > Considerations > > 1. Library provider > 1) Tizen app can be a library provider with specifying a tag and > embedding the libraries. > 2) Library provider specifies a tag in the manifest file. > a) > <ProvideLibrary>http://tizen.org/library/name</ProvideLibrary> > b) This tag can be restricted to partner and platform > privilege levels. > 3) Libraries are located at /shared/res/ to share with other > apps. > > 2. Library user > 1) Library user specifies a tag in the manifest file. > a) > <RequireLibrary>http://tizen.org/feature/library/name</RequireLibra > ry> > 2) Library user has to check whether the library provider app > has been installed or not. > a) The library provider app is not installed, request of > installation is sent to Store client. > > > 3. Platform package manager > 1) Installed apps from Store should be uninstalled anytime when > device user requests through the System settings. > a) Library provider app should be uninstalled anytime. > b) Deep relationship with library provider app and library > user is not recommended. > Library user app can be working without library provider > app, if needed. > 2) Package manager can extract information of provider and users > using manifest at installation time. > a) Package manager can display a warning popup to notify a > message. > i.e. "If this app is uninstalled, [AppB, AppC and AppD] > apps may not be working well." > b) If the provider is uninstalled, the related user apps can > be terminated, if needed. > 3) Application libraries are located in app directory and don't > be moved to common library directory. > a) Library path is not specified in library user app. > 4) Package Manager can support library path API using the key > that is specified in manifest.xml. > > Appendix > In Android, some apps use functionality and resources of another > app > 1. Several apps request functionality to an app > 2. Several apps use an app as a service app > 3. App accesses another app resource directly > 4. Android supports <uses-library>, but these libraries are not > downloaded by store but preloaded. > > Please check considerations and give me the feedback. >
There is some problem with current security model. As you know the code from shared library is executed with an app privileges and app labels. This means that app developer will be *responsible* for actions done by all the libraries which he will use. This leads us that all the shared libraries should be quite secure. How would you like to solve this issue? Will libraries have their own manifests? What they will declare there? Apps will get additionally all the permissions of the library? How would you like to test them in store? Moreover you should provide a method for libraries versioning (different versions of apis). -- BR's Krzysztof Opasiak Samsung R&D Institute Poland Samsung Electronics Cell +48 664 054 227 [email protected] _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
