×
Namespaces

Variants
Actions
(Difference between revisions)

MeeGo 1.2 Harmattan Security Tokens

From Nokia Developer Wiki
Jump to: navigation, search
gnuton (Talk | contribs)
(Gnuton - - Complete list of tokens available in develsh)
hamishwillee (Talk | contribs)
m (Hamishwillee - Bot update - Add ArticleMetaData)
 
(13 intermediate revisions by 3 users not shown)
Line 1: Line 1:
[[Category:MeeGo 1.2 Harmattan]]
+
{{ArticleMetaData <!-- v1.2 -->
 +
|sourcecode= <!-- Link to example source code e.g. [[Media:The Code Example ZIP.zip]] -->
 +
|installfile= <!-- Link to installation file (e.g. [[Media:The Installation File.sis]]) -->
 +
|devices= <!-- Devices tested against - e.g. ''devices=Nokia 6131 NFC, Nokia C7-00'') -->
 +
|sdk= <!-- SDK(s) built and tested against (e.g. [http://linktosdkdownload/ Qt SDK 1.1.4]) -->
 +
|platform= <!-- Compatible platforms - e.g. Symbian^1 and later, Qt 4.6 and later -->
 +
|devicecompatability= <!-- Compatible devices e.g.: All* (must have internal GPS) -->
 +
|dependencies= <!-- Any other/external dependencies e.g.: Google Maps Api v1.0 -->
 +
|signing= <!-- Signing requirements - empty or one of: Self-Signed, DevCert, Manufacturer -->
 +
|capabilities= <!-- Capabilities required by the article/code example (e.g. Location, NetworkServices. -->
 +
|keywords= <!-- APIs, classes and methods (e.g. QSystemScreenSaver, QList, CBase -->
 +
|language= <!-- Language category code for non-English topics - e.g. Lang-Chinese -->
 +
|translated-by= <!-- [[User:XXXX]] -->
 +
|translated-from-title= <!-- Title only -->
 +
|translated-from-id= <!-- Id of translated revision -->
 +
|review-by= <!-- After re-review: [[User:username]] -->
 +
|review-timestamp= <!-- After re-review: YYYYMMDD -->
 +
|update-by= <!-- After significant update: [[User:username]]-->
 +
|update-timestamp= <!-- After significant update: YYYYMMDD -->
 +
|creationdate= 20110803
 +
|author= [[User:Ronanmac]]
 +
}}
 +
[[Category:Qt Mobility]][[Category:Qt Quick]][[Category:MeeGo Harmattan]]
 
==MeeGo 1.2 Harmattan APIs/Qt Quick Modules that require security credentials==
 
==MeeGo 1.2 Harmattan APIs/Qt Quick Modules that require security credentials==
  
Line 6: Line 28:
  
 
=== APIs that require security tokens ===
 
=== APIs that require security tokens ===
 +
'''UPDATE (12th Dec 2011): Tokens with strikethrough are not available and methods requiring them to work will be removed from official harmattan documentation soon'''
  
 
{| class="wikitable sortable"
 
{| class="wikitable sortable"
Line 106: Line 129:
 
*TrackerWriteAccess
 
*TrackerWriteAccess
 
|}
 
|}
 +
 +
Description of posix tokens can be found [http://www.gentoo.org/proj/en/hardened/capabilities.xml here].
  
 
=== Qt Declarative modules that require security credentials ===
 
=== Qt Declarative modules that require security credentials ===
Line 169: Line 194:
 
(Courtesy of the MeeGo 1.2 Harmattan documentation team)
 
(Courtesy of the MeeGo 1.2 Harmattan documentation team)
  
=== Complete list of tokens available ===
+
=== Almost complete list of tokens available ===
As Harmattan developer, you have maybe noticed that some applications work correctly only if launched by Qt Creator or via SSH and that they don't work when launched from the phone application menu.
+
As Harmattan developer, you have maybe noticed that some applications work correctly only if launched by Qt Creator or via SSH and that they don't work when launched from the phone application menu or by terminal.
This happens because these apps need some capabilities to run correctly on Harmattan if they run as "user". These  set of capabilities are generally granted by the system to the app by default when the app runs via SSH/developer.
+
  
The complete list of tokens which are granted to "developer" are the following:
+
In fact, when we run an application as developer or inside develsh, it gets the following security tokens by default:
 
/home/developer $ accli -I
 
/home/developer $ accli -I
 
Current mode: normal
 
Current mode: normal
Line 224: Line 248:
 
         develsh::develsh
 
         develsh::develsh
  
If you run accli -I in the user terminal instead, you can see how little is the set of capabilities which the system grants to app launched by "user".
+
But, when the same app is launched by the application menu or by the teminal, it takes only these capabilities.
 
/home/user $ accli -I
 
/home/user $ accli -I
 
Current mode: normal
 
Current mode: normal
Line 234: Line 258:
 
         meegotouchhome-nokia::meegotouchhome-nokia
 
         meegotouchhome-nokia::meegotouchhome-nokia
  
For this reason, applications which have to redistributed  have to define a manifest file which requests  some of the capabilities listed in the first list and which are missing in the second one.
+
As you can see here, the capabilities granted to applications which run as user are really few. For this reason on harmattan we have Manifest files. A Developer can write only one manifest file for Debian package. Each manifest file can request additional capabilities to one or more applications installed by the package.
 +
 
 +
=== What tokens this APIneed?  ===
 +
Here is the list of functions which I don't know what capabilities need to work correctly
 +
* '''Bluetooth Mobility API''': '[http://doc.qt.nokia.com/qtmobility-1.2/ql2capserver.html#listen QL2capServer::listen']' fails for low ports. (eg: 0x20). It works fine without requiring tokens for higher ports (eg: 0x1001) or 0x0. It runs fine in develsh without needs of tokens.
  
 
=== Further readings ===
 
=== Further readings ===
 
* [http://harmattan-dev.nokia.com/docs/library/html/guide/html/Developer_Library_Developing_for_Harmattan_Harmattan_security.html Harmattan Security guide]
 
* [http://harmattan-dev.nokia.com/docs/library/html/guide/html/Developer_Library_Developing_for_Harmattan_Harmattan_security.html Harmattan Security guide]

Latest revision as of 09:45, 26 July 2012

Article Metadata
Article
Created: ronanmac (03 Aug 2011)
Last edited: hamishwillee (26 Jul 2012)

Contents

[edit] MeeGo 1.2 Harmattan APIs/Qt Quick Modules that require security credentials

This section lists all MeeGo 1.2 Harmattan and Platform APIs and Qt Declarative modules that require security credentials. Please do not add any unnecessary tokens to your application's Aegis Manifest file .


[edit] APIs that require security tokens

UPDATE (12th Dec 2011): Tokens with strikethrough are not available and methods requiring them to work will be removed from official harmattan documentation soon

API Required token
Accounts Framework
  • TrackerReadAccess
  • TrackerWriteAccess
Associate Content with Actions
  • TrackerReadAccess
Location Extras
  • GRP::metadata-users
  • Location
  • TrackerReadAccess
  • TrackerWriteAccess
Location Picker
  • Location
  • TrackerReadAccess
QmSystem
  • mce::CallStateControl (check comments below)
  • mce::DeviceModeControl (check comments below)
  • timed::TimeControl (check comments below)
  • dsme::DeviceStateControl (check comments below)
  • mce::LEDControl (check comments below)
  • mce::TKLockControl (https://harmattan-bugs.nokia.com/show_bug.cgi?id=114)
  • mce::DeviceLockControl (check comments below)
QtMobility Contacts
  • GRP::metadata-users
  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility Gallery
  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility Location
  • Location
  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility Messaging
  • Cellular
  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility Multimedia
  • GRP::pulse-access
  • GRP::video
QtMobility Organizer
  • GRP::calendar
  • GRP::metadata-users
  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility Systeminfo
  • mce::DeviceModeControl (check comments below)
  • mce::TKLockControl (check comments below)
QtSparql RDF Tracker
  • TrackerReadAccess
  • TrackerWriteAccess
Relevance Search
  • relevance::RelevanceAllContentTypes (check comments below)
  • smartsearch::RelevanceAllContentTypes (check comments below)
Share UI Extension API
  • TrackerReadAccess
Single Sign On
  • keychain-access (check comments below)
Web Upload Services
  • TrackerReadAccess
  • TrackerWriteAccess

Description of posix tokens can be found here.

[edit] Qt Declarative modules that require security credentials

Qt Declarative module Required token
MapsPlugin
  • Location
QSparql
  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility.contacts
  • GRP::metadata-users
  • TrackerReadAccess
  • TrackerWriteAccess

QtMobility.gallery

  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility.location
  • Location
  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility.messaging
  • Cellular
  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility.organizer
  • GRP::calendar
  • GRP::metadata-users
  • TrackerReadAccess
  • TrackerWriteAccess
QtMobility.systeminfo
  • Cellular
  • mce::DeviceModeControl (check comments below)
  • mce::TKLockControl (check comments below)
QtMultimediaKit
  • GRP::pulse-access
  • GRP::video

(Courtesy of the MeeGo 1.2 Harmattan documentation team)

[edit] Almost complete list of tokens available

As Harmattan developer, you have maybe noticed that some applications work correctly only if launched by Qt Creator or via SSH and that they don't work when launched from the phone application menu or by terminal.

In fact, when we run an application as developer or inside develsh, it gets the following security tokens by default: /home/developer $ accli -I Current mode: normal Credentials:

       UID::user
       GID::developer
       CAP::chown
       CAP::dac_read_search
       CAP::fowner
       CAP::fsetid
       CAP::kill
       CAP::linux_immutable
       CAP::net_bind_service
       CAP::net_broadcast
       CAP::net_admin
       CAP::net_raw
       CAP::ipc_lock
       CAP::ipc_owner
       CAP::sys_chroot
       CAP::sys_ptrace
       CAP::sys_pacct
       CAP::sys_boot
       CAP::sys_nice
       CAP::sys_resource
       CAP::sys_time
       CAP::sys_tty_config
       CAP::lease
       CAP::audit_write
       CAP::audit_control
       CAP::setfcap
       GRP::root
       GRP::dialout
       GRP::video
       GRP::pulse-access
       GRP::users
       GRP::metadata-users
       GRP::calendar
       AID::.develsh.
       Cellular
       TrackerReadAccess
       TrackerWriteAccess
       Location
       FacebookSocial
       tracker::tracker-extract-access
       tracker::tracker-miner-fs-access
       libaccounts-noa::accesssvt
       package-manager::packagemanager_limited
       package-manager::packagemanager_private
       icd2::icd2-plugin
       develsh::develsh

But, when the same app is launched by the application menu or by the teminal, it takes only these capabilities. /home/user $ accli -I Current mode: normal Credentials:

       UID::user
       GID::users
       SRC::com.nokia.maemo
       AID::com.nokia.maemo.meegotouchhome-nokia.
       meegotouchhome-nokia::meegotouchhome-nokia

As you can see here, the capabilities granted to applications which run as user are really few. For this reason on harmattan we have Manifest files. A Developer can write only one manifest file for Debian package. Each manifest file can request additional capabilities to one or more applications installed by the package.

[edit] What tokens this APIneed?

Here is the list of functions which I don't know what capabilities need to work correctly

  • Bluetooth Mobility API: 'QL2capServer::listen'' fails for low ports. (eg: 0x20). It works fine without requiring tokens for higher ports (eg: 0x1001) or 0x0. It runs fine in develsh without needs of tokens.

[edit] Further readings

This page was last modified on 26 July 2012, at 09:45.
195 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.

 

Thank you!

We appreciate your feedback.

×