Uploaded image for project: ' AGL Development'
  1. AGL Development
  2. SPEC-1870

Integrate AFM with WAM


      WAM follows the Chromium process model, which can be summarized as follows:

      • There is one render process per open site/web application.
      • There is one common browser process, which performs I/O and networking for all sites/webapps.

      As a consequence of this process model, the browser process must have access to the APIs (via WebSockets) requested by all of the running webapps. This behavior doesn't match the AFM security model, where each application process is expected to access only the authorized APIs and this is enforced via SMACK labels.

      The proposal to solve this problem is to create a proxy process for each render process, which would have the correct SMACK label for the corresponding webapp to access its authorized APIs. The browser process would redirect all the networking requested by render processes to the proxy process and wouldn't have special permissions. 

      Repositories :

      WebAppMgr : https://github.com/webosose/wam Branch : @1.agl.flounder

      meta-agl-lge : https://github.com/webosose/meta-agl-lge Branch : flounder

      chromium53 : https://github.com/webosose/chromium53 Branch : @1.agl.flounder


      Hardware :

      1. Renesas m3 board : Reproducible 
      2. Minnowboard : Non reproducible 
      3. Raspberry pi : -

        1. Chrome-trace.tar.xz
          2.68 MB
        2. hvac-enact.strace
          88 kB
        3. IPC-LOGGING-Minnowboard.txt
          1012 kB
        4. lsof.png
          364 kB
        5. not-working.tar.xz
          6.32 MB
        6. pvrtrace01.tar.xz
          183 kB
        7. tcpdump-without-response
          17 kB
        8. tcpdump-with-response
          29 kB
        9. working.tar.xz
          343 kB
        No reviews matched the request. Check your Options in the drop-down menu of this sections header.

            abhijeetk Abhijeet Kandalkar
            ltilve Lorenzo Tilve
            0 Vote for this issue
            9 Start watching this issue