Smack domains User::Home and User::App::Shared

Rafał Krypa r.krypa at samsung.com
Wed Apr 8 08:23:30 GMT 2015


On 2015-03-23 10:06, Patrick Ohly wrote:
> Hello!
>
> Where can I find more information about the new(ish) domains
> "User::Home" and "User::App::Shared"? What's the intended usage?

Hi Patrick,
The new labels were introduced to provide applications different level of access to files in user home directory.
The following labels in User domain are currently defined:

  * "User" - files with that label cannot be accessed by applications
  * "User::Home" - applications can access read only
  * "User::App::Shared" - applications can freely read and write, with transmute
  * "User::App::$app_id" - private files of an application
  * "User::App::$pkg_id" - directories for application package, for exchanging data between apps with the same package id



> Commit messages introducing them only refer to September 2014 F2F
> meeting in Vannes, without explaining the purpose for those who were not
> at that meeting.

I thought that the Smack labels were mentioned somewehere on Tizen wiki, but it seems that they aren't.
I will update the Smack page accordingly to fix that.

> https://review.tizen.org/git?p=platform/core/security/default-ac-domains.git;a=commit;h=e0e07131d5999d39f5ab3ea5f54bf83e81abafc3
> https://review.tizen.org/git/?p=platform/core/appfw/tizen-platform-config.git;a=blob;f=packaging/tizen-platform-config.spec;h=6aecd9a2c980777026dc05e805b7ab5f2bc54c83;hb=HEAD
>
> The latter shows how User::Home gets set, for example, for the
> top-level /etc/skel. What about files inside the home?

All files inside home directories of all users should be labeled with a proper label. Labeling of /etc/skel is supposed to provide that, as shown on the second link you provided.

> Are tools creating home directories expected to copy Smack labels? I'm
> not sure whether gumd currently does that.

Yes, gumd should copy files from /etc/skel preserving their Smack labels.It seems that it already does:
https://review.tizen.org/git/?p=platform/upstream/gumd.git;a=blob;f=src/common/gum-file.c;h=a56126ab55879c6da324bacedb87c4191ddd2d37;hb=HEAD#l262
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.tizen.org/pipermail/dev/attachments/20150408/413845a4/attachment-0001.html>


More information about the Dev mailing list