Viadeo Twitter Google Bookmarks ! Facebook Digg del.icio.us MySpace Yahoo MyWeb Blinklist Netvouz Reddit Simpy StumbleUpon Bookmarks Windows Live Favorites 
Logo Documentation Qt ·  Page d'accueil  ·  Toutes les classes  ·  Toutes les fonctions  ·  Vues d'ensemble  · 

SXE - Customizing Domains

The following sections describe the methods to customize policy domains. The intended audience for this section are system integrators.

Introduction

An SXE domain is a keyword, made up of lower case a-z and the underscore character, for example "untrusted". The domain specifies allowed access rights, both of

  • SXE applications level policy eg, sending qcop messages
  • LIDS OS level policy eg, access to devices or capabilities

Modifying application level policy

Application level policy is defined in a file called sxe.profiles. Domains typically follow the following format:

    [Domain]
    requests
    ...
    #

The SXE Discovery Mode can be used to determine what requests a particular application makes as it runs. In this mode all requests are allowed and logged, but doing this has a severe impact on performance. To operate qpe in SXE Discovery Mode, ensure Qt Embedded is compiled in debug mode and that and the SXE_DISCOVERY_MODE environment variable is exported. The requests will all be logged in /tmp/qtopia-0/sxe_discovery.log (where 0 is the session). The requests can be compared with sxe.profiles to see if the domain is lacking requests used by the application.

Alternatively, an application can run without SXE discovery mode and if there is a request made that is not in the application's declared domain then it will breach policy and the qpe console output and/or security log can be viewed to see what request was needed.

If sxe.profiles needs to be updated simply add any extra requests to the appropriate domain. It is helpful to note that the wildcard * maybe be placed at the end of a request. This is useful for situations where a family of requests, which share the same prefix, can be added as one entry.

Note: After changing policy, ensure that sxe.profiles in the image directory is up to date. If shadow building, most of the time copying <qt-extended-root-dir>/etc/sxe.profiles to <image-dir>/etc/sxe.profiles is sufficient.

Modifying OS Level policy

OS Level policy is defined by scripts in the <qt-extended-root-dir>/etc/sxe_domains directory. The script names consist of the domain name preceded by sxe_qtopia, eg sxe_qtopia_untrusted. The scripts run the lidsconf utility which is used to apply a set of MAC rules. See also SXE - System Integration.

Troubleshooting

To trouble-shoot SXE problems try these ideas:

  • run qbuild && qbuild image in the build root to ensure the image is up to date
  • flash the image onto your device to make sure the device is up to date
  • use the dumpsec.pl script. Without parameters it will show the program id associated with each registered binary, by providing a parameter of program name or program id, eg dumpsec.pl Camera or dumpsec.pl 32 a detailed listing with be shown for matching application/s.
  • check the applications qbuild.pro file to ensure the correct domain has been declared by the application
  • compile in debug mode and export SXE_DISCOVERY_MODE to see what requests an application is making.
  • turn on SXE logging in the log utility

Domains

The SXE operates with the two domains listed below:

SXE Profile nameAccess Controls EffectInformation displayRisk level
untrustedRestricts application privileges to that of gamesrequests minimal access privileges on your deviceLow
trustedUnlimited access to device filesystem and application level service requestsrequests unrestricted access on your deviceHigh

(You may notice that there is a "qpe domain" in sxe.profiles, the qpe server needs to declare this for historical reasons so it should not be removed, but for all other intents and purposes it can be ignored)
Cette page est une traduction d'une page de la documentation de Qt, écrite par Nokia Corporation and/or its subsidiary(-ies). Les éventuels problèmes résultant d'une mauvaise traduction ne sont pas imputables à Nokia. Qt qtextended4.4
Copyright © 2012 Developpez LLC. Tous droits réservés Developpez LLC. Aucune reproduction, même partielle, ne peut être faite de ce site et de l'ensemble de son contenu : textes, documents et images sans l'autorisation expresse de Developpez LLC. Sinon, vous encourez selon la loi jusqu'à 3 ans de prison et jusqu'à 300 000 E de dommages et intérêts. Cette page est déposée à la SACD.
Vous avez déniché une erreur ? Un bug ? Une redirection cassée ? Ou tout autre problème, quel qu'il soit ? Ou bien vous désirez participer à ce projet de traduction ? N'hésitez pas à nous contacter ou par MP !
 
 
Developpez.com

Nous contacter

Participez

Informations légales

 
Services

Forum Qt

Blogs

Hébergement

 
Partenaires

Hébergement Web