[Dev] 3rd party so library installation feature

Krzysztof Opasiak k.opasiak at samsung.com
Tue Oct 15 12:25:26 GMT 2013


> -----Original Message-----
> From: dev-bounces at lists.tizen.org [mailto:dev-
> bounces at lists.tizen.org] On Behalf Of ???
> Sent: Tuesday, October 15, 2013 2:11 PM
> To: dev at lists.tizen.org
> Subject: [Dev] 3rd party so library installation feature
> 
> Dear All,
> 
> I want to discuss "3rd party so library installation feature.
> 
> Requirement
> 
> 1. To provide a way to download a necessary shared library from
> authorized/dedicated site
> 2. If users want to use application B which uses a shared library,
> they download that library from the site by themselves.
> 3. When another application C requires the same library later,
> users can use it without additional download.
> 4. When the end user tries to remove application B owning the
> shared library that is required for other installed applications,
> the platform should warn the user that designated applications
> would not work correctly if the library is removed.
> 5. The platform should provide a naming service for the installed
> shared library so that any 3rd party application using it may
> locate and use (load) it without knowing the specific id of the
> owning package/application.
> 
> Considerations
> 
> 1. Library provider
>    1) Tizen app can be a library provider with specifying a tag and
> embedding the libraries.
>    2) Library provider specifies a tag in the manifest file.
>       a)
> <ProvideLibrary>http://tizen.org/library/name</ProvideLibrary>
>       b) This tag can be restricted to partner and platform
> privilege levels.
>    3) Libraries are located at /shared/res/ to share with other
> apps.
> 
> 2. Library user
>    1) Library user specifies a tag in the manifest file.
>       a)
> <RequireLibrary>http://tizen.org/feature/library/name</RequireLibra
> ry>
>    2) Library user has to check whether the library provider app
> has been installed or not.
>       a) The library provider app is not installed, request of
> installation is sent to Store client.
> 
> 
> 3. Platform package manager
>    1) Installed apps from Store should be uninstalled anytime when
> device user requests through the System settings.
>       a) Library provider app should be uninstalled anytime.
>       b) Deep relationship with library provider app and library
> user is not recommended.
>          Library user app can be working without library provider
> app, if needed.
>    2) Package manager can extract information of provider and users
> using manifest at installation time.
>       a) Package manager can display a warning popup to notify a
> message.
>          i.e. "If this app is uninstalled, [AppB, AppC and AppD]
> apps may not be working well."
>       b) If the provider is uninstalled, the related user apps can
> be terminated, if needed.
>    3) Application libraries are located in app directory and don't
> be moved to common library directory.
>       a) Library path is not specified in library user app.
>    4) Package Manager can support library path API using the key
> that is specified in manifest.xml.
> 
> Appendix
> In Android, some apps use functionality and resources of another
> app
> 1. Several apps request functionality to an app
> 2. Several apps use an app as a service app
> 3. App accesses another app resource directly
> 4. Android supports <uses-library>, but these libraries are not
> downloaded by store but preloaded.
> 
> Please check considerations and give me the feedback.
> 

There is some problem with current security model. As you know the code
from shared library is executed with an app privileges and app labels.
This means that app developer will be *responsible* for actions done by
all the libraries which he will use. This leads us that all the shared
libraries should be quite secure. 

How would you like to solve this issue? Will libraries have their own
manifests? What they will declare there? Apps will get additionally all
the permissions of the library? How would you like to test them in
store?

Moreover you should provide a method for libraries versioning (different
versions of apis).

-- 
BR's

Krzysztof Opasiak
Samsung R&D Institute Poland
Samsung Electronics
Cell +48 664 054 227
k.opasiak at samsung.com







More information about the Dev mailing list