Hello, Philippe Coval <[email protected]> writes:
> On Wed, Oct 29, 2014 at 11:09 AM, Vyacheslav Barinov > <[email protected]> wrote: >> Hello, >> >> José Bollo <[email protected]> writes: >> >>> Le mercredi 29 octobre 2014 à 10:08 +0300, Vyacheslav Barinov a écrit : >>>> Hello, >>>> >>>> What is current SMACK state in Tizen:Common builds? >>> >>> Hi Vyacheslav, >>> >>> Tizen:Common is a work in progress implementation of the Security model >>> of tizen 3 described by this wiki page: >>> https://wiki.tizen.org/wiki/Security:SmackThreeDomainModel >>> >>>> I see smack-related packages installed into firmware but there are >>>> neither rules in >>>> /etc/smack/accesses.d nor security labels on binaries in latest snapshot >>>> firmware. >>> >>> It is not true. What did you inspected? Which image? >> >> I've just tested tizen-common_20141028.4_common-x11-2parts-armv7l.tar.gz >> image from >> https://download.tizen.org/snapshots/tizen/common/latest/images/arm-x11/common-x11-2parts-armv7l/ > > hi, > > What kernel are you using with this rootfs ? and what device ? > default one is vexpress but only for QEmu then you need some adapation > to other boards like renesas one : > > https://dockr.eurogiciel.fr/blogs/embedded/tizen-arm-images-to-renesas/ > > But make sure your kernel has SMACK support to support full Tizen security > model > note X11 is not in best shape AFAIK I invite you to check wayland > image if you can > > And if you use odroid board > there are some WIP image to be released soon at : > http://download.tizen.org/snapshots/tizen/common/latest/repos/arm-wayland/ I'm using kernel from kernel-common RPM package and Arndale board as a hardware. And yes, kernel supports SMACK, I can set labels, I see rules loaded in /sys/fs/smack and so on. Actually my question was more about organization and rules, than about technical issues: I'm working now on AArch64 port and trying to reproduce all the functionality from armv7l Tizen. I've built a kernel from linaro master branch switching on SMACK there. Technically it also works (at least in qemu and FastModels, waiting for hardware shipment to test) but I saw Tizen of version 2 and there was pretty interesting system — every application owned its own domain and every file in /usr/apps/org.tizen.calculator/, for instance, has been marked with access="org.tizen.calculator" xattr. And there was a really huge ruleset to manage all interactions between domains. Now I see there is a rather simple new security model. Thanks to José Bollo: that domain model description was the thing I've been looking for. And the only question left — is there a possibility to get a SMACK access denial in a snapshot firmware boot? Just for testing purposes. Best Regards, Vyacheslav Barinov _______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
