Home · All Classes · Grouped Classes · Annotated · Functions

SXE - Sandbox Model

The SXE operates

The implementation of the SXE logically categorizes all applications as either trusted or untrusted.

Trusted applications have no restrictions enforced upon them and all applications pre-installed on the Qtopia image are considered trusted.

Downloaded applications can be either untrusted or trusted (packagemanager can be configured only to install untrusted packages which will be subject to sandbox conditions).

The restrictions in the capabilities and privileges of an application are enforced through two sets of rules.

  1. The operating-system level MAC rules (which can be divided into file system and capability rules)
  2. The application level Qtopia rules.

These are summarized in the table below:

Policy Rule SetEnforced byItems controlledExamples
Mandatory Access Control (MAC) file systemThe MAC enabled Linux kernel entities on the file system
  • /dev/ttyS0 (a device),
  • /tmp/qt-embedded-0 (a Unix Domain Socket) or
  • /etc/passwd (a plain file)
Mandatory Access Control (MAC) capabilitiesThe MAC enabled Linux kernel system capabilities
  • CAP_NET_RAW - write raw socket data,
  • CAP_SYS_ADMIN - range of actions incl forging the PID on a Unix Domain Socket
Application rule-setsthe Qtopia Safe Execution Environment systemrequests for services
  • QCop messages: transmit sms, dial number
  • sound server services

When a package is installed a program identity is associated with the package executable which is recorded in the installation table. For Qtopia 4.3, there is a one is to one relationship between a progId and domain, for example progId 1 could refer to a trusted packages while 2 refers to untrusted. The program identity defines the MAC rules that are applied to an application and is used to index into the application rule-set to decide what controls to apply.


Copyright © 2008 Nokia Trademarks
Qtopia 4.3.3