Enforce package identifier for apps

ProjectAliceDev / aliceos-classic

A virtual operating system framework for Ren'Py projects

https://aliceos.app

GNU Lesser General Public License v3.0

7 stars 1 forks source link

Enforce package identifier for apps #9

Open sr229 opened 6 years ago

sr229 commented 6 years ago

Frankly speaking, an applet must have a package identifier to be able to be identified properly from first party apps.

Package Naming

You have the option of the following:

Android/GNOME/GTK App package identifier

io.sayonika.VisualStudio.Monaco

.NET package identifier

Sayonika.VisualStudio.Monaco

This is to allow a more consistent third-party ecosystem

Reserved package domains

Following Package domains are reserved for first-party.

io.aliceos.<appname>
moe.aliceos.<appname>
AliceOS.<appname>
net.marquiskurt.<appname>

alicerunsonfedora commented 6 years ago

This is definitely something we should look into. This could also aid in trusted app or notification restrictions. It’s a mess ATM

sr229 commented 6 years ago

This would also enhance #8 since we can effectively turn that into a policy enforcer like Linux's AppArmor/SELinux

Bronya-Rand commented 6 years ago

Possibly Enforce a Code Identifer Gen for all the Apps and following that ID to the policy official database?

sr229 commented 6 years ago

Sounds like a great idea to enforce but this has to be done on template-side and not runtime

alicerunsonfedora commented 6 years ago

Should go in hand with #10

alicerunsonfedora commented 5 years ago

As an update to this, I can confidently say that we should adopt the RDNN format. First party applets will have the app.aliceos.<appname> notation reserved.

sr229 commented 5 years ago

This is the spec for Applet Policy to go with the #8.

Implemented using internal Policy implementation Rayleigh.

Package Identifier Policy

Policy 1: valid package identifier

Policy will only permit launch of application from entrypoint if identifier is a proper identifier. Policy will prevent launch of app if identifier is incorrect and would log a application error.

Policy 2: strict arbitrary execution

Policy will only allow arbitrary access of the host system if manifest declares that it's confinement is classic. Apps are isolated by nature and would have no access to sensitive APIs. Block all sensitive API calls if isolated app is not a classic isolation.

alicerunsonfedora commented 5 years ago

I'll be sure to add this to the new documentation

alicerunsonfedora commented 5 years ago

Spec added: https://docs.aliceos.app/applets/security.html

alicerunsonfedora commented 5 years ago

Should be handled by SEAlice now. Part of #13