[Dev] SMACK in Tizen
v.barinov at samsung.com
Thu Oct 30 05:25:21 GMT 2014
Philippe Coval <philippe.coval at open.eurogiciel.org> writes:
> On Wed, Oct 29, 2014 at 11:09 AM, Vyacheslav Barinov
> <v.barinov at samsung.com> wrote:
>> José Bollo <jose.bollo at open.eurogiciel.org> writes:
>>> Le mercredi 29 octobre 2014 à 10:08 +0300, Vyacheslav Barinov a écrit :
>>>> What is current SMACK state in Tizen:Common builds?
>>> Hi Vyacheslav,
>>> Tizen:Common is a work in progress implementation of the Security model
>>> of tizen 3 described by this wiki page:
>>>> I see smack-related packages installed into firmware but there are neither rules in
>>>> /etc/smack/accesses.d nor security labels on binaries in latest snapshot firmware.
>>> It is not true. What did you inspected? Which image?
>> I've just tested tizen-common_20141028.4_common-x11-2parts-armv7l.tar.gz image from
> What kernel are you using with this rootfs ? and what device ?
> default one is vexpress but only for QEmu then you need some adapation
> to other boards like renesas one :
> But make sure your kernel has SMACK support to support full Tizen security model
> note X11 is not in best shape AFAIK I invite you to check wayland
> image if you can
> And if you use odroid board
> there are some WIP image to be released soon at :
I'm using kernel from kernel-common RPM package and Arndale board as a hardware.
And yes, kernel supports SMACK, I can set labels, I see rules loaded in /sys/fs/smack and so on.
Actually my question was more about organization and rules, than about technical issues: I'm working
now on AArch64 port and trying to reproduce all the functionality from armv7l Tizen.
I've built a kernel from linaro master branch switching on SMACK there.
Technically it also works (at least in qemu and FastModels, waiting for hardware shipment to test)
but I saw Tizen of version 2 and there was pretty interesting system — every application owned its own
domain and every file in /usr/apps/org.tizen.calculator/, for instance, has been marked with
access="org.tizen.calculator" xattr. And there was a really huge ruleset to manage all interactions
Now I see there is a rather simple new security model. Thanks to José Bollo: that domain model
description was the thing I've been looking for.
And the only question left — is there a possibility to get a SMACK access denial in a snapshot
firmware boot? Just for testing purposes.
More information about the Dev