Central Tizen service for configuration of security policy for applications and users. This component encapsulates logic for configuration of security mechanisms in Tizen. It is responsible for configuring proper policy to enforce privileges for applications and users. Configured security mechanisms: - Smack - Cynara - DAC (with respect to privilege enforcement) - Network filtering (enforcement of network access privilege) It supports multi-user, applications installed per user or globally and integrates with Vasum for setting security policy in multi-container environment.
README for security-manager project
The security manager is project forked from security-server, from which
it inherits its main design: division for two parts:
* system daemon (security-manager)
* library for communication with daemon (libsecurity-manager).
The implementation of daemon part is divided into:
manager part: that is responsible for threads and communication management
with no awareness of what information is being transferred. This part is
implemented by SocketManager class that works with GenericSocketService as
a generalization for services that security-server provides.
and
services part: implemented as classes derived from GenericSocketService
grouped in src/server/service directory that defines actions done by
security-manager after receiving certain requests from client side.
The security-manager's manager part is fully inherited from security-server,
while services are completely diffrent.
The security-manager services are ment to gather information about security
permissions in the system and provide access to that data via means of
libsecurity-manager.