On Tue, Sep 3, 2013 at 12:15 PM, Glauco Junquera <[email protected]> wrote: > I recently started studying smack on Tizen and I have some questions that I > was unable to find answers by searching the web. > > The questions are the following: > - Are Smack rules created at application installation time?
Tizen RPM's can add more rules, yes. It doesn't mean that they do, or must, or that providers use this mechanism, but it is encouraged, and the standard implementation we do in Tizen. > - Does privileges declared on application manifest.xml have a corresponding > smack label? This question is a bit confusing.... I think you are asking "Do privileges declared in an applications' manifest correspond to SMACK labels?" The answer to that would be: They are smack labels. the manifests declare what labels should be set on the components (files, folders) that the package installs. > - What is responsible for creating smack rules? The kernel? If yes, how can a > userspace program request the kernel to create smack rules? The developer is responsible for adding rules to the system such that they are loaded at startup or package installation time. Userspace programs in general should not add/remove rules, as this is obviously a privilege escalation problem. The base system code "loads" these rules into the kernel memory. The kernel only enforces rules. It does not create new rules or modify them. > I would appreciate if someone could help me =) I'm not a SMACK expert, there are a few others on this list (including the author of SMACK) that can better clarify things. Feel free to ask more if you have more questions. Auke _______________________________________________ General mailing list [email protected] https://lists.tizen.org/listinfo/general
