Home · All Classes · Grouped Classes · Annotated · Functions

Content: Installed Software: Safe Execution Environment
Functional Description

The Safe Execution Environment provides a level of security to enable downloading, installing and running third-party native applications; by addressing the risk of compromising the operation of the device, or its data, when running such applications.

The Safe Execution Environment for Qtopia 4.3 Final only supports the download and secure execution of games

Features

Game Download (QTOPIA-1598)

End-users may safely download and run games. Here games refers to restricted applications which do not require access to the full range of Qtopia features (such as networking and document access).

These applications are restricted to

Safe Execution Package Manager (QTOPIA-1595)

Refer to the Package Manager spec for details of the SXE related features of the Package Manager.

Safe Execution Policy Implementation (QTOPIA-1594)

Application Level Policy

A policy file can be used to regulate the communication between applications and the server that take place along Qtopia IPC. The policy file consists of a set of domains, each of which consists of a set of request strings. There are currently 2 domains, untrusted and trusted.

Through application policy, requests can be allowed for applications in the trusted domain while denied for those in the untrusted domain.

OS Level Policy

Application level policy is supplemented by Operating System level policy provided by a number of scripts. These scripts are used specify the policy of a Mandatory Access Control implementation ( such as LIDS from http://www.lids.org). Mandatory Access Control can, for example, prevent a program accessing the network or modem device directly.

Sample Integration (QTOPIA-1596)

An example integration of MAC rules, SXE file-system and Qtopia is provided as part of the Greenphone image. Scripts to build modified versions of the kernel, and the image are available. Generic script templates are also provided so that system customization can be performed for other platforms.

Sand-boxing (QTOPIA-1599)

Untrusted applications run under a sandbox MAC rule set which inverts the usual system of allow, unless specifically denied to instead be deny, unless specifically allowed. This ensures that downloaded applications are not able to access any exploitable system resources.

The sandbox restricts the application to a specific subset of the file-system for its read-write access.

This feature includes a complete integration of the the SANDBOX rule into the 2.4 kernel based file-system on the Greenphone. It also caters for read-only filesystems such as cramfs.

The sandbox implementation is provided as a set of kernel patches and file-system tools, which builders of an SXE Qtopia device must apply during integration.

Security Monitor (QTOPIA-1601)

SxeMonitor is a Qtopia system process, which monitors breaches in SXE policy. The following action is taken upon detection of a policy breach:

Two tier domain model (QTOPIA-7752)

SXE adopts a two tier domain model, all applications must declare whether they belong into the trusted or untrusted domains. Application and OS level policy files have been developed so that untrusted applications will run under sandbox conditions while trusted applications are unrestricted.

All system applications are trusted while downloaded applications are may either be untrusted or trusted. (SXE may be configured so that downloaded applications must always declare themselves untrusted).

SXE only supports the running of games within the untrusted domain.


Copyright © 2008 Nokia Trademarks
Qtopia 4.3.3