Hi Pawel, Please remember that all apps should follow the same workflow. That means all applications should have be managed in the same especially for security task, that should be common for all applications but we can't add specific step if an installation for a designed type of app requires ones.
The encryption is specific WRT you are right so we should be able to handle it. When we initialize the app_installer for wgt, we will adjust the list of step by adding a encryption step dedicated to widget. About the implementation It would be preferable that encryption should be done by a platform service Let me clarify this point. I let you know what my complete point of view. Thanks BR Baptiste 2014-11-20 17:14 GMT+01:00 Pawel Sikorski <[email protected]>: > Dear Baptiste, > > Thank You for sharing the status. > > > > We had a small discussion about the **Encryption feature**. Please see a > description of this requirement below and its current status. > > > > -------------------- > ------------------------------------------------------------ > > > > Link to above spec: > https://developer.tizen.org/dev-guide/2.2.1/org.tizen.web.appprogramming/html/basics_tizen_programming/web_security_privacy.htm > > Link to specification: > https://source.tizen.org/sites/default/files/page/tizen-2.2-wrt-core-spec.pdf > > > > > 5.2. Web Application Protection > > 0650. For Web Applications that explicitly turn on encryption through the > <tizen:setting /> element in the > > configuration file, the WRT MUST provide the following measures to protect > Web Application resources: > > * The WRT MUST encrypt the HTML, JS, and CSS file resources of the Web > Application stored by the > > device. > > * When the Web Application is being run, the WRT MUST decrypt the > encrypted resources (HTML, JS, > > and CSS) in a manner transparent to the application itself." > > > > Crosswalk implementation details: > > > > Currently application is being encrypted during widget installation > process (encrypted file types: *.js, *.html, *.css, *.xhtml). Encryption > starts in xwalk_package_installer.cc:407 (method Install()). > > These files are encrypted with AES key, which is generated with help of > chromium's "crypto" module and with usage of the same library they are > decrypted. > > After encryption key is saved in tizen's secure-storage (libss-client and > ss-server packages). Key is generated for each file separately. > > Files are decrypted in memory during runtime with usage of key located in > secure-storage. Decryption is covered in class > URLRequestApplicationJobTizen (application_protocols.cc:181). > > > > Link to PR: > > https://github.com/crosswalk-project/crosswalk/pull/2467 > > > > Link to XWALK bug: > > https://crosswalk-project.org/jira/browse/XWALK-1172 > > > > > -------------------------------------------------------------------------------- > > > > What do you think about that? It looks as a specific step just for Web > Applications. > > > > Best Regards, > > Pawel Sikorski > > > > > > *From:* Dev [mailto:[email protected]] *On Behalf Of *Baptiste > Durand > *Sent:* Thursday, November 20, 2014 5:02 PM > *To:* [email protected] > *Subject:* [Dev] App Installer WorkShop Status > > > > Hi all > > > Here is the status of the Work shop about App_installer package > > confcall 20th of November > > Present : Pawel Sikorski , Dominique Le Foll, Baptiste Durand > > > > ------------------------------ > > > ------------------------------------------------------------------------------------------ > Business logic location : > > A decision has been taken to re localize the business logic in the > frontend, that means installer backend should not have a specific logic. > > In consequences, the backend installation should be able to execute a > request ( install / uninstall / reinstall / update a package) > > That means if an installation fails because the package is already > installed an exception should be thrown by backend, there won't no implicit > update. > > > > ------------------------------ > > > ------------------------------------------------------------------------------------------ > > List of step for installation : > > Here the list for an app installation > 1) Unpack archive > > 2) Signature step > 2a)signature validation > 2b) certificate check > > 2c) Extraction of level of signature (Platdorm/ Partner ...) > > 3) Extration of manifest > > 3a) Extraction of privileges and comparison with signature level > > 4) Creation of final Directory + Cpopy of Applciation files > > 5) Generate final manifest.xml + Generate desktop File > > 6) Register applications in database. > > 7) Security manager calls for Set smack Label > > > > > Samsung Poland team is in charge to find how the steps 2a/b/c & 3a > should be handled. > > (Security Manager could be a candidate to do this check) > > > ------------------------------------------------------------------------------------------------------------------------------ > > Other mode of Installation > > > It was concluded that for now only Offline Installation is relevant. > > Offline installation should be handled by a dedicated set of steps. > > The wiki will be updated following this. > > > > BR > > > > -- > > Baptiste DURAND > Eurogiciel Vannes/FR > -- Baptiste DURAND Eurogiciel Vannes/FR
_______________________________________________ Dev mailing list [email protected] https://lists.tizen.org/listinfo/dev
