The application framework
The daemon afm-system-daemon handle applications life. Understand that they will manage operations that mainly are:
In addition, they ensure that operations use the security framework as needed and that applications are executed in the correct context.
The daemon afm-system-daemon is accessible through redpesk micro-service architecture using either the binder afb-binder or the client library libafbwsc.
afm-system-daemon is launched by systemd services. Normally, service files are located in the directory /lib/systemd/system/afm-system-daemon.service.
Internally, the daemon is built as a binding served by afb-binder.
Tasks of afm-system-daemon
Maintaining list of applications
At start afm-system-daemon scans the directories containing applications and load in memory a list of available applications accessible by current user.
When afm-system-daemon installs or removes an application, on success it sends the signal. When receiving such a signal, afm-system-daemon rebuilds its applications list.
afm-system-daemon provides the data it collects about applications to its clients. Clients may either request the full list of available applications or a more specific information about a given application.
afm-system-daemon launches application by using systemd. Systemd builds a secure environment for the application before starting it.
Once launched, running instances of application receive a runid that identify them. On previous versions, the runid had a special meaning. The current version uses the linux PID of the launched process as runid.
Managing instances of running applications
afm-system-daemon manages the list of applications that it launched.
When owning the right permissions, a client can get the list of running instances and details about a specific running instance. It can also terminate a given application.
Installing and uninstalling applications
If the client own the right permissions, afm-system-daemon delegates that task to afm-system-daemon.