下午1 intel yang, elton_mee_go-arch-update-final

MeeGo Architecture Update

Sunil Saxena

Elton Yang

April 14th 2011

1

MeeGo 1.2 Architecture

2

MeeGo 1.2 Architecture – Status

3

Old Security Architecture: Mobile Simplified Security FW

• Driven by Operator Lock Down

• New Focus Driven by End-User Privacy

• Re-Evaluating Solutions For:

– Access Control

– Integrity Protection– Integrity Protection

– Single Sign-On

– Cryptographic Services

– Digital Rights Management

4

Things Change!

http://wiki.meego.com/Security/Architecture

Access Control

• Linux Security Modules (LSM)– Previously Used Simple Mandatory Access Control Kernel (SMACK)

• Basic {subject, object, permission} access control model

• Requires1000+ SMACK rules– Complexity reintroduced!

– Re-Evaluating Other LSMs• SELinux, TOMOYO, App Armor

• “Sandboxing”• “Sandboxing”– There were previously no sandboxing capabilities defined as part of

the MeeGo Security Architecture

– Need way to help isolate untrusted, 3rd party apps

– Evaluating use of Linux Containers (LXC)• Uses Linux Kernel cgroups to create “chroot on steroids”

• Additionally use btrfs filesystem snapshot (disposable environment) as chrootenvirnoment with additional per application storage

5

MeeGo Security New Directions

• Focus: Protect User Data & Privacy – define and classify end user data for contacts, mail, calendar and media

• Simplify Security Components:

– Secure and Trusted boot– Secure and Trusted boot

– Keep secure SW distribution with trusted levels

– Provide Access Control using LSM - SELinux or SMACK

– Provide Application Sandboxing

– Single Sign On support

– Cryptographic Services from user space

6

PIM Storage & Sync

• Buteo sync framework is being replaced with SyncEvolution as it was incomplete and not expected to materialize

• Tracker storage used for Address Book, Calendar data and Email is being replaced by Evolution Data data and Email is being replaced by Evolution Data Server

– Had issues with implementation, privacy controls, performance, scalability and incomplete for syncml sync

7

PIM Storage

• Calendar:– Old: QtMobility/QtOrganizer (API) + KCalCore (KDE) + modifications + mKCal

(sqlite storage)

– New: QtMobility/QtOrganizer (API) + KCalCore (KDE-compatible) + KCal-EDS + libecal/libical (client side) + EDS (server side, stored in iCalendar 2.0 text file)

• Contact:– Old: QtContacts (API) + QtContacts-Tracker (glue code) + Tracker (storage)– Old: QtContacts (API) + QtContacts-Tracker (glue code) + Tracker (storage)

– New: QtContacts (API) + QtContacts-EDS + libebook (client side) + EDS (server side, storage of vCards in Berkley DB); libfolks as replacement for contactsd

• Mail:– Old: QtMobility/QtMessaging API + Qt Messaging Framework (QMF, actual

implementation)

– New: QtMobility/QtMessaging (API) + QMF-compatible API (?) +Camel library (part of EDS,)

8

Data Synchronization

• Old: Buteo Sync Framework, Buteo SyncML, ButeoSync Plugins, Buteo Media Transfer Protocol (MTP)

• New: SyncEvolution, Synthesis SyncML, ButeoMedia Transfer Protocol

9

MCE, Sharing FW, NGF, Profiles, and QmSystem

• Technologies that have not reached maturity that we want to commit them into MeeGo 1.2 core:– MCE provides activity monitoring and notifications via D-Bus, controls display

and backlight, ALS reading and display tuning, airplane mode

– Sharing framework provides a unified API for sharing files via, e.g., BT, email, web services. It includes webupload engine and an API for transfer UI

– QmSystem provides Qt style public APIs for various system services that are – QmSystem provides Qt style public APIs for various system services that are not covered by Qt Mobility

– Profiles provides a daemon and libraries to access and control profiles related data in the device

– NGF (non-graphic feedback) provides unified APIs for apps to request logical events

• The technologies will not be part of Official Architecture or the compliance specification

10

Fastinit / Upstart / Systemd

• MeeGo has fastinit that has been working for a while

• Upstart was planned to be integrated for MeeGo 1.2 for security framework. However, it has not made it in and is rather complexin and is rather complex

• MeeGo 1.2 will stay with fastinit and will switch to systemd in MeeGo 1.3 timeframe

11

timed

• Timed Integration into MeeGo is not complete and has revealed problems in synchronization with remote time sources

– Must have non-privilege process to set time, timezoneand alarms

We feel that we have no choice but not include timed in – We feel that we have no choice but not include timed in the official architecture diagram or the compliance spec;

– We also need accounting for AGPS and Cellulars sources for time

• We hope timed will mature going forward to be part of MeeGo 1.3

12

Application Framework – MTF

• We have moved to QML / Qt to write reference applications

• Following MTF components are being used in MeeGo 1.2 for Tablet reference UX:– MCompositor (Window Manager)– InputMethod – are using MTF inputmethod and have challenges with

password fields– SystemUI –are using it but do not feel good about 3rd party usage.– SystemUI –are using it but do not feel good about 3rd party usage.

• Following MTF components are not being used in MeeGo 1.2 (candidate for dropping): – Applauncher – have no plan to use– ControlPanel – aren’t using it and have implemented a simplified version– Feedback – It does not work and needs haptics/vibra support. It is

missing Qt Mobility backends. – Theme – We would like something simple.

13

MeeGo 1.2 Compliance PackagesDomain Subsystem SRPM

Communications

Bluetooth bluez, obexd

Cellular Framework ofono

ConnMann connman, wpa_supplicant

Telephony & IMlibtelepathy, telepathy-farsight, telepathy-gabble, telepathy-glib, telepathy-mission-control,

telepathy-qt4, telepathy-ring, telepathy-sofiasip, telepathy-stream-engine

Data Management Content Framework libqttracker

Essentials Base Essentials bash, coreutils, dbus, dbus-glib, eggdbus, GConf-dbus, glib2, glibc, libgdbus, udev, udisks, upower

Graphics

OpenGL / OpenGL ES mesa=/usr/lib/libgl.so.1

X11xorg-x11-font-utils, xorg-x11-server, xorg-x11-utils, xorg-x11-utils-xrandr, xorg-x11-xauth, xorg-

x11-xkb-utils

Kernel Linux Kernel kernel

Multimedia

Gstreamer gst-plugins-good, gstreamer

PulseAudio pulseaudioMultimedia PulseAudio pulseaudio

UPnP gupnp

PIM

Calendar Engine kcalcore

Storage evolution-data-server

Synchronization Framework syncevolution

Qt

Qt qt

Qt Mobility qt-mobility

QtWebKit qtwebkit

Software

ManagementPackage Manager PackageKit

System

Context Framework contextkit

Resource Policy ohm

Sensor Framework sensorfw

MeeGo* OSS Core Features – summary

� Core Linux kernel (2.6.33)

� Multitasking support

� 2D / 3D graphics stack (X, OpenGL)

� Framework for native application

development

� Framework for animated, 3D-

accelerated device UIs

� Voice and data connectivity

(oFono, ConnMan)

MeeGo v1.0 OSS Core

Plus:

� Linux kernel 2.6.35 with support for

Intel Atom processor family

� Touch Framework including multi-

touch and gestures

� Sensor framework

� Gcc 4.5 toolchain with Intel Atom

processor optimizations

� Qt 4.7 and Qt Mobility APIs

MeeGo v1.1 OSS Core

Plus:

� Telephony

� SIM/USIM toolkit

� Long SMS handling

� Connectivity

� IPv6

� Tethering (USB, BT)

� Additional BT profiles

� PPP over 3G

� Security framework based on SMACK

MeeGo v1.2 OSS Core

(oFono, ConnMan)

� File system (btrfs)

� Device sync

� APIs for accessing social networks

� Qt 4.7 and Qt Mobility APIs

� MeeGo Web Run Time for web based

development

� Connection Manager enhancements

� Enhanced graphics (X 1.9.0, Mesa

7.8.99)

� Sync engine (Buteo) and Storage

(Tracker) for Contacts, Calendar & Mail

� Security framework based on SMACK

� Policy framework and Rulesets

� Backup and restore

� Multimedia – HTTP progressive download

� Energy and time management

� MCE, NGF, Profiles, QmSystem

� Sharing Framework

� MeeGo SDK support for Windows

� SyncEvolution and EDS

� Required for compliance

� Component did not mature enough to be

required from Compliance perspective

Legend:

Questions?Questions?

16

Thanks

17