-
Overview
-
redpesk OS releases
-
Security updates
-
Application Framework Manager
-
Application Framework Binder
-
APIs & Services
-
Security manager
-
OP-TEE within redpesk
-
Trusted Boot
-
Recovery features
-
redpak
-
Minimal image
- Reduce image size
- Optimizing boot time
-
Kernel fragments description
- Introduction to Linux Kernel Configuration
- 01 Disable IPC, Timers and Audit
- 02 Disable Kconfig, Scheduler and Initrd
- 03 Disable Perf, Profiling and Errata
- 04 Disable EFI, Power Management Debug and Energy Model
- 05 Disable Schedutil, CPUFreq Governors and Virtualization
- 06 Disable Kprobes and Jump Labels
- 07 Disable GCC Plugins and Function Alignment
- 08 Disable Partition Parsers
- 09 Enable Inline Spinlocks and Kernel Operations
- 10 Disable Swap, Memory Hotplug and KSM
- 11 Disable Networking IPv4, IPv6, Netfilter
- 12 Disable SCTP, VLAN, TIPC, BATMAN
- 13 Disable Wireless, Bluetooth, CAN and RFKILL
- 14 Disable PCI and Firmware
- 15 Disable GNSS and ProcEvents
- 16 Disable Block Storage NBD and AoE
- 17 Disable EEPROM and Misc Drivers
- 18 Disable Network Device Drivers
- 19 Disable PHY Drivers
- 20 Disable PPP, WLAN Coexistence, and Failover
- 21 Disable Input Devices
- 22 Disable Serial, TTY and TPM
- 23 Disable I2C, Power and Sensor Drivers
- 24 Disable MFD, Display and Media Drivers
- 25 Disable USB, Sound, RTC and VirtIO
- 26 Disable Filesystem Encodings and Compatibility
- 27 Enable Minimal Cryptographic Core with SHA3 and XTS
- 28 Disable Hardware Cryptography, Keep DRBG and Jitter Entropy
- 29 Disable Kernel Debugging Features
- 30 Disable Filesystem Verity and SecurityFS
-
Zephyr in Redpesk
-
PERM-CHECK extension
-
Mender redpesk (OTA)
-
Hardware support
- Download images
- Image metrics
- Trusted Boot
- Boards - ARM64
- Boards - x86_64
- Boards - Virtual
- Miscs
Permission Checking API extension for libafb
AFB extension for querying cynagora permissions
Usage
Exemple of use within afb-binder:
afb-binder --name=perm-check --verbose \
--extension=libafb-perm-check-ext.so \
--perm-check-scope=public
Dependencies
Depends of afb-libafb and afb-binding.
The simplest is to install micro service development packages, see afb micro-service development.
Build from source
mkdir build
cd build
cmake ..
make
Internals
The extension defines an API implementing one verb for checking cynagora permissions.
The verb can receive either 4 strings, one JSON object, or, one JSON array.
When a JSON object is given, it must have at least the 4 fields ‘client’, ‘user’, ‘session’ and ‘permission’.
When 4 strings are given or a JSON array of 4 values, the values are positionnal and must be in that order: ‘client’, ‘user’, ‘session’ and ‘permission’.
Examples:
- single value:
{"client":"C","user":"U","session":"S","permission":"P"} - single value:
["C","U","S","P"] - 4 values:
- value 1:
C - value 2:
U - value 3:
S - value 4:
P
- value 1:
The verb reply an integer value:
- 1 when the permission is granted
- 0 when the permission is refused
- a negative value if an error occured
On error, the permission is not granted.
Settings
Default settings are generally well enough.
The default names are perm for the API and check for the verb.
These names can be changed using command line argument:
- To change the API name:
--perm-check-api=NAME - To change the verb name:
--perm-check-verb=NAME
The API is created in the default scope. But the scope can be changed using the
option --perm-check-scope=NAME.
iThe API can be disabled using the option --perm-check-disabled.
public using
-a, –perm-check-api=NAME Set the API name (default perm) -d, –perm-check-disabled Disable the extension –perm-check-scope=NAME Set scope of the declared API –perm-check-verb=NAME Set the VERB name (default check)