-
Overview
-
redpesk OS releases
-
Security updates
-
Application Framework Manager
-
Application Framework Binder
-
APIs & Services
-
Security manager
-
Trusted Boot
-
Recovery features
-
redpak
-
Zephyr in Redpesk
-
Mender redpesk
-
Hardware support
- Download images
- Trusted Boot
- Boards - ARM64
- Boards - x86_64
- Boards - Virtual
- Miscs
Permissions
In the sec-lsm-manager, the following system permission is used : redpesk-permissions
Cynagora
Permissions are sent and stored in cynagora.
For example, if we add the permission urn:AGL:permission::partner:scope-platform
to a demo-app we will have :
CLIENT SESSION, USER, PERMISSION RESULT EXPIRE
demo-app * * urn:AGL:permission::partner:scope-platform yes forever
For more details on cynagora: sec-cynagora
Mandatory Access Control
At this time permissions only have an impact on SELinux.
They will allow to add additional authorizations to an application.
For example the urn:AGL:permission::partner:scope-platform permission will allow access to the /var/scope-platform folder.
Here is a list of currently supported permissions and their effect :
- urn:AGL:permission::partner:scope-platform
Allow access to the
/var/scope-platformfolder - urn:AGL:permission::partner:create-can-socket
Allow create and write on can socket
- urn:AGL:permission::partner:read-afbtest
Allow read binding afbtest
- urn:AGL:permission::partner:execute-shell
Allow execute shell and programs in bin directories
- urn:AGL:permission::partner:manage-tmp
Allow manage all files types in
/tmp - urn:AGL:permission::partner:manage-user-shared
Allow manage all files types in
/run/user/[id]/usrshr/