|
Hello Tomasz Swierczek Thanks for the response. 1) The system component is a multimedia framework (which is the RPM) for running neural network models. This framework will support running various models for inference. So, an application can call the system component to run its own model (this is the SO file) for inference. 2) Yes, the system component is an SO file along with a c-api + static library. An application can use the c-api provided to use it. No, its not a system service, just a library. 3) The SO file in the application is located in the ./lib/ folder of the application. The full path of the SO in the system is /opt/usr/globalapps/org.example.application/lib/libxyz.so. The output of chsmack <path> - access="User::Pkg::org.example.application::RO" The current owner of the file is tizenglobalapp and the group is root. I have tried with permissions of 644 and 775, but still no success. I am using Tizen version 5.0. Regarding how the SO file is loaded - currently, the SO file is a custom model file, which is being loaded using dlopen()/dlsys() in the library and loaded functions are correspondingly called. For the purpose of testing, the full path of the SO file is being passed to the system library from the application. Regards Parichay Kapoor --------- Original Message --------- Sender : Tomasz Swierczek <t.swierc...@samsung.com> Staff Engineer/Head of Part/Security (PLT) /SRPOL/Samsung Electronics Date : 2019-05-07 14:21 (GMT+9) Title : RE: [Dev] Loading shared objects of application from platform libraries
Hello Parichay, Kapoor,
1) Can you elaborate more on why a system component – which you RPM will be – should open an SO file provided by application?
2) From your earlier emails from the mailing list I can see that your system component is an SO file (subject “[Dev] Adding new rpm package to tizen emulator+SDK”) – how is it run? Which process uses it? Is it a system service? If yes, which one?
3) Can you list up the attributes if SO file *provided by the application* (its location after the application is installed, with full path on the system plus output of chsmack <the path>?)
In general, depending on which Tizen version your device has (I am assuming Tizen version 3.0 or higher), there should be nothing that prevents system components (run with Smack labels User, System or System::Privileged) to manipulate application binaries (execute/read them) – most importantly, because application launcher (also a system component!) needs to be able to properly execute applications, which can freely contain some SO files of their own (like ie. org.tizen.contacts app has under its ./lib/ subdirectory where it is installed). However, in principle, running application code (considered typically unsafe) in context of a system service (which I’m assuming you’re not doing, however, I’m asking number 2. just to be sure), can possibly be a little bit dangerous.
Also, if you say that you try to load the SO file of the app somehow and cannot do it – how exactly do you try to do it? Can you list some errors/actions taken to do it so I could help you more? For sure the system loader doesn’t have the apps/<id>/lib path of each application in its searching path – are you sure you’re trying to load the SO file from proper location?
Best Regards,
Tomasz Świerczek Samsung R&D Institute Poland Samsung Electronics Office +48 22 377 95 59 Cell +48 503 135 021
From: Dev [mailto:dev-boun...@lists.tizen.org] On Behalf Of Parichay Kapoor
Hello
We are making a new package for tizen along with its c-api for Tizen. One of the features of the package is to run a shared-object .so file provided by the application. (package loads model.so from the application and executes it)
This is most likely due tizen security policy, which does not allow loading shared objects of application from platform libraries.
Is there any work around for this?
Regards Parichay |
_______________________________________________ Dev mailing list Dev@lists.tizen.org https://lists.tizen.org/listinfo/dev
