Open sr229 opened 6 years ago
This is definitely something we should look into. This could also aid in trusted app or notification restrictions. It’s a mess ATM
This would also enhance #8 since we can effectively turn that into a policy enforcer like Linux's AppArmor/SELinux
Possibly Enforce a Code Identifer Gen for all the Apps and following that ID to the policy official database?
Sounds like a great idea to enforce but this has to be done on template-side and not runtime
Should go in hand with #10
As an update to this, I can confidently say that we should adopt the RDNN format. First party applets will have the app.aliceos.<appname>
notation reserved.
This is the spec for Applet Policy to go with the #8.
Implemented using internal Policy implementation Rayleigh.
Policy 1: valid package identifier
Policy will only permit launch of application from entrypoint if identifier is a proper identifier. Policy will prevent launch of app if identifier is incorrect and would log a application error.
Policy 2: strict arbitrary execution
Policy will only allow arbitrary access of the host system if manifest declares that it's confinement is classic
. Apps are isolated by nature and would have no access to sensitive APIs. Block all sensitive API calls if isolated app is not a classic isolation.
I'll be sure to add this to the new documentation
Spec added: https://docs.aliceos.app/applets/security.html
Should be handled by SEAlice now. Part of #13
Frankly speaking, an applet must have a package identifier to be able to be identified properly from first party apps.
Package Naming
You have the option of the following:
Android/GNOME/GTK App package identifier
io.sayonika.VisualStudio.Monaco
.NET package identifier
Sayonika.VisualStudio.Monaco
This is to allow a more consistent third-party ecosystem
Reserved package domains
Following Package domains are reserved for first-party.
io.aliceos.<appname>
moe.aliceos.<appname>
AliceOS.<appname>
net.marquiskurt.<appname>