Home · All Classes · Grouped Classes · Annotated · Functions

SXE - Application checklist

For an application to run correctly on an sxe-enabled device the following requirements should be observed. These apply to both pre-installed and downloaded applications.

Requirements

Source Code Requirements

Project file(.pro) Requirements

The above requirements refer specifically to Qtopia applications which communicate with the qpe server and make requests. Binaries which do not communicate with the server do not need to do these steps. They still need to declare a domain however and are bound by the MAC rules that domain imposes.

Note: SXE does not support running pure QtopiaCore embedded applications with Qtopia.

Qpk packages and SXE

There are a number of caveats to be aware of when installing qpk packages on an SXE configured Qtopia.

Understanding security violations

For untrusted applications, as long as functionality is limited to that described in SXE - Aims and Limitations, a developer generally should not run into any issues with SXE. However, on occasion code may be written which causes an application to violate policy. When an application breaches security policy, the SxeMonitor will act to kill the errant process and send a synthetic SMS to the user (provided security logging has been correctly configured).

The synthetic SMS will contain the violation. Application level violations are of the form:

    Violation: Request for foo was denied

where foo is the denied request string.

Another way of determining the violation is to lookup the console/Qtopia log output where the request denial will be of the form

    foo - denied: for Program Id 2 [PID 3476]

This method can be used even even if security logging has not been correctly setup. These kinds of violations occur if a service request has been made that is not allowed in the application's declared domain. sxe.profiles contains the definitive list of requests allowed in a given domain.

OS level violations can vary but the most common type is

    Violation: Attempt to open foo for writing

The corresponding log entry is of the form:

    LIDS: bar (dev 100:32 inode 4119) pid 6027 ppid 1112 uid/gid (0/0) on (null tty) : Attempt to open foo for writing

where foo is the path to a protected file and bar is an executable breaching policy. Security logging must be setup in order to see LIDS violations.

Once the violation has been identified, it may be used to help identify what the offending code is. For downloaded applications the script sxe_sandbox and the scripts under sxe_domains are the definitive guide for the OS level access granted to a domain. Applications pre-installed in the Qtopia image should never receive LIDS violations.

FAQ

Q: I'm working with Qtopia on a desktop environment, I have used the SXE macros and when I run my binary it gives me the error: SXE key has not been set.

A: Ensure that the binary you are running is from the Qtopia image directory, as this is where the keyed binaries are placed after a make install


Copyright © 2008 Nokia Trademarks
Qtopia 4.3.3