Enforce package identifier for apps #9
Comments
alicerunsonfedora
assigned abduelhamit, sr229, alicerunsonfedora and Bronya-Rand and unassigned abduelhamit
alicerunsonfedora
added
Applet System
enhancement
|
This is definitely something we should look into. This could also aid in trusted app or notification restrictions. It’s a mess ATM |
|
This would also enhance #8 since we can effectively turn that into a policy enforcer like Linux's AppArmor/SELinux |
|
Possibly Enforce a Code Identifer Gen for all the Apps and following that ID to the policy official database? |
|
Sounds like a great idea to enforce but this has to be done on template-side and not runtime |
|
Should go in hand with #10 |
|
As an update to this, I can confidently say that we should adopt the RDNN format. First party applets will have the |
|
This is the spec for Applet Policy to go with the #8. Implemented using internal Policy implementation Rayleigh. Package Identifier PolicyPolicy 1: valid package identifier Policy will only permit launch of application from entrypoint if identifier is a proper identifier. Policy will prevent launch of app if identifier is incorrect and would log a application error. Policy 2: strict arbitrary execution Policy will only allow arbitrary access of the host system if manifest declares that it's confinement is |
|
I'll be sure to add this to the new documentation |
|
Spec added: https://docs.aliceos.app/applets/security.html |
|
Should be handled by SEAlice now. Part of #13 |
alicerunsonfedora
modified the milestones:
Beta Release 1.0.0,
1.0.0 Technical Preview 3
Frankly speaking, an applet must have a package identifier to be able to be identified properly from first party apps.
Package Naming
You have the option of the following:
Android/GNOME/GTK App package identifier
io.sayonika.VisualStudio.Monaco.NET package identifier
Sayonika.VisualStudio.MonacoThis is to allow a more consistent third-party ecosystem
Reserved package domains
Following Package domains are reserved for first-party.
io.aliceos.<appname>moe.aliceos.<appname>AliceOS.<appname>net.marquiskurt.<appname>The text was updated successfully, but these errors were encountered: