Using plugs within redpesk framework

Redpesk framework installs applications which it manages in separate directories and isolates them from each other using Linux security modules like Smack or SELinux.

The plug mechanism allows an application to export parts of it to specific applications, breaking the isolation rules on purpose.

This document gives use cases, explains how it works, and how to use it.

Plugins use case

The main use case, but not the only one, is plugins.

A plugin is a piece of data and/or code used to add features to some other component. In other words, a plugin is an extension mechanism that allows the addition of features to an application.

In the history of redpesk framework, the need emerged for the CAN (Controller Area Network) implementation. Redpesk provides an application dedicated to handling the CAN bus for its clients. It wraps control of the bus within a single point and provides a high level API.

To offer the high level API to its clients, an API where binary encoding of data is hidden and where data are named, it receives extensions (plugins) that describe the currently connected equipment and the encoding of data sent on CAN.

For example, if you install equipment (hardware) on the CAN bus, you also install its related plugin (software) that describes it to the CAN bus application.

As it could be deduced from the description, the CAN bus application is installed once and the plugins that describe the equipment are installed independently afterwards.

Since canbus-binding 2.0.3, the application CAN bus installed in the directory /usr/redpesk/canbus-binding has a directory for plugging plugins which is /usr/redpesk/canbus-binding/plugins. On startup, the application canbus-binding 2 scans recursively the contents of the directories:

${AFB_ROOTDIR}/etc
${AFB_ROOTDIR}/plugins
${CANBUS_PLUGINS_PATH}

It loads every file with .json or .so as an extension, presuming them to be configuration and extension. Items deemed compatible with canbus-binding are then activated and made available to clients of the canbus-binding application.

How plugs work?

The plug mechanism creates a symbolic link to an exported directory in a directory.

Example: the plugin vcar-signals is an application installed in /usr/redpesk/vcar-signals. It contains the plugin library /usr/redpesk/vcar-signals/lib/plugin-vcar-signals.so. To make that plugin available to canbus-binding, the manifest file of vcar-signals declares that it plugs its lib directory in the plugin directory of canbus-binding. That declaration asks the framework to create the symbolic link below during installation of vcar-signals.

/usr/redpesk/canbus-binding/plugins/vcar-signals -> /usr/redpesk/vcar-signals/lib

Using this example, it is possible to introduce some terminology.

exported directory: the exported directory is the directory that the installed application exports (in the example, the exported directory is /usr/redpesk/vcar-signals/lib)
import directory: the directory where the exported directory is plugged, or in other words, the directory where the symbolic link is created (in the example, the import directory is /usr/redpesk/canbus-binding/plugins)
exporting application: the application that exports a directory (in the example, vcar-signals)
import application: the application that receives access to the exported directory (in the example, canbus-binding)

The created link

The import directory is deduced from the ID of the import application (<importid>), it is /redpesk/<importid>/plugins.

The exported directory is given by the path (<expdir>) that must be relative to the root dir of the installed application (<rootdir>), it is <rootdir>/<expdir>.

The name of the link is the application ID of the exporting application (<exportid>).

So in the end, the following link is created:

/redpesk/<importid>/plugins/<exportid> -> <rootdir>/<expdir>

Security

Installing an extension should be under control in order to avoid a malicious actor introducing a vulnerability in the system.

When plugs are used for exporting to the import application of ID <importid>, the exporting application must have the permission urn:redpesk:permission:<importid>:partner:export:plug if the import application does not have the permission urn:redpesk:permission::public:plugs.

Otherwise, if the import application has the permission urn:redpesk:permission::public:plugs, the exporting application must have the permission urn:redpesk:permission:<importid>:public:export:plug.

Rules of use

An application can export any of its directories
An application can export only one directory to another application
An application can export the same directory to many applications
An application can export more than a single directory
The contents of the directory is recursively made available to import applications
An import application must have the directory /redpesk/<importid>/plugins

How to use plugs?

Plug behaviour is only available in manifest.yml files.

The manifest.yml file accepts a root entry named plugs that contains a list of objects having the entries name and value. The name is the relative path of the exported directory and the value is the application ID of the import application.

Example:

plugs:
   - name: lib
     value: canbus-binding

History

2023-12-18, Louis-Baptiste Sobolewski & Frances Thompson, proofreading
2023-12-15, José Bollo, Creation for version afb-app-manager 12.2.2 and sec-lsm-manager 2.6.1

Developer Guides Overview

Application Framework Bindings

Application Framework Bindings C

Binder's client tool

Application Framework

Using the CMAKE Applications Module

Controller Guides

AFB Helper Guide

Monitoring