MeeGo Architecture Update Sunil Saxena Elton Yang April 14 th 2011 1
May 12, 2015
MeeGo Architecture Update
Sunil Saxena
Elton Yang
April 14th 2011
1
MeeGo 1.2 Architecture
2
MeeGo 1.2 Architecture – Status
3
Old Security Architecture: Mobile Simplified Security FW
• Driven by Operator Lock Down
• New Focus Driven by End-User Privacy
• Re-Evaluating Solutions For:
– Access Control
– Integrity Protection– Integrity Protection
– Single Sign-On
– Cryptographic Services
– Digital Rights Management
4
Things Change!
http://wiki.meego.com/Security/Architecture
Access Control
• Linux Security Modules (LSM)– Previously Used Simple Mandatory Access Control Kernel (SMACK)
• Basic {subject, object, permission} access control model
• Requires1000+ SMACK rules– Complexity reintroduced!
– Re-Evaluating Other LSMs• SELinux, TOMOYO, App Armor
• “Sandboxing”• “Sandboxing”– There were previously no sandboxing capabilities defined as part of
the MeeGo Security Architecture
– Need way to help isolate untrusted, 3rd party apps
– Evaluating use of Linux Containers (LXC)• Uses Linux Kernel cgroups to create “chroot on steroids”
• Additionally use btrfs filesystem snapshot (disposable environment) as chrootenvirnoment with additional per application storage
5
MeeGo Security New Directions
• Focus: Protect User Data & Privacy – define and classify end user data for contacts, mail, calendar and media
• Simplify Security Components:
– Secure and Trusted boot– Secure and Trusted boot
– Keep secure SW distribution with trusted levels
– Provide Access Control using LSM - SELinux or SMACK
– Provide Application Sandboxing
– Single Sign On support
– Cryptographic Services from user space
6
PIM Storage & Sync
• Buteo sync framework is being replaced with SyncEvolution as it was incomplete and not expected to materialize
• Tracker storage used for Address Book, Calendar data and Email is being replaced by Evolution Data data and Email is being replaced by Evolution Data Server
– Had issues with implementation, privacy controls, performance, scalability and incomplete for syncml sync
7
PIM Storage
• Calendar:– Old: QtMobility/QtOrganizer (API) + KCalCore (KDE) + modifications + mKCal
(sqlite storage)
– New: QtMobility/QtOrganizer (API) + KCalCore (KDE-compatible) + KCal-EDS + libecal/libical (client side) + EDS (server side, stored in iCalendar 2.0 text file)
• Contact:– Old: QtContacts (API) + QtContacts-Tracker (glue code) + Tracker (storage)– Old: QtContacts (API) + QtContacts-Tracker (glue code) + Tracker (storage)
– New: QtContacts (API) + QtContacts-EDS + libebook (client side) + EDS (server side, storage of vCards in Berkley DB); libfolks as replacement for contactsd
• Mail:– Old: QtMobility/QtMessaging API + Qt Messaging Framework (QMF, actual
implementation)
– New: QtMobility/QtMessaging (API) + QMF-compatible API (?) +Camel library (part of EDS,)
8
Data Synchronization
• Old: Buteo Sync Framework, Buteo SyncML, ButeoSync Plugins, Buteo Media Transfer Protocol (MTP)
• New: SyncEvolution, Synthesis SyncML, ButeoMedia Transfer Protocol
9
MCE, Sharing FW, NGF, Profiles, and QmSystem
• Technologies that have not reached maturity that we want to commit them into MeeGo 1.2 core:– MCE provides activity monitoring and notifications via D-Bus, controls display
and backlight, ALS reading and display tuning, airplane mode
– Sharing framework provides a unified API for sharing files via, e.g., BT, email, web services. It includes webupload engine and an API for transfer UI
– QmSystem provides Qt style public APIs for various system services that are – QmSystem provides Qt style public APIs for various system services that are not covered by Qt Mobility
– Profiles provides a daemon and libraries to access and control profiles related data in the device
– NGF (non-graphic feedback) provides unified APIs for apps to request logical events
• The technologies will not be part of Official Architecture or the compliance specification
10
Fastinit / Upstart / Systemd
• MeeGo has fastinit that has been working for a while
• Upstart was planned to be integrated for MeeGo 1.2 for security framework. However, it has not made it in and is rather complexin and is rather complex
• MeeGo 1.2 will stay with fastinit and will switch to systemd in MeeGo 1.3 timeframe
11
timed
• Timed Integration into MeeGo is not complete and has revealed problems in synchronization with remote time sources
– Must have non-privilege process to set time, timezoneand alarms
We feel that we have no choice but not include timed in – We feel that we have no choice but not include timed in the official architecture diagram or the compliance spec;
– We also need accounting for AGPS and Cellulars sources for time
• We hope timed will mature going forward to be part of MeeGo 1.3
12
Application Framework – MTF
• We have moved to QML / Qt to write reference applications
• Following MTF components are being used in MeeGo 1.2 for Tablet reference UX:– MCompositor (Window Manager)– InputMethod – are using MTF inputmethod and have challenges with
password fields– SystemUI –are using it but do not feel good about 3rd party usage.– SystemUI –are using it but do not feel good about 3rd party usage.
• Following MTF components are not being used in MeeGo 1.2 (candidate for dropping): – Applauncher – have no plan to use– ControlPanel – aren’t using it and have implemented a simplified version– Feedback – It does not work and needs haptics/vibra support. It is
missing Qt Mobility backends. – Theme – We would like something simple.
13
MeeGo 1.2 Compliance PackagesDomain Subsystem SRPM
Communications
Bluetooth bluez, obexd
Cellular Framework ofono
ConnMann connman, wpa_supplicant
Telephony & IMlibtelepathy, telepathy-farsight, telepathy-gabble, telepathy-glib, telepathy-mission-control,
telepathy-qt4, telepathy-ring, telepathy-sofiasip, telepathy-stream-engine
Data Management Content Framework libqttracker
Essentials Base Essentials bash, coreutils, dbus, dbus-glib, eggdbus, GConf-dbus, glib2, glibc, libgdbus, udev, udisks, upower
Graphics
OpenGL / OpenGL ES mesa=/usr/lib/libgl.so.1
X11xorg-x11-font-utils, xorg-x11-server, xorg-x11-utils, xorg-x11-utils-xrandr, xorg-x11-xauth, xorg-
x11-xkb-utils
Kernel Linux Kernel kernel
Multimedia
Gstreamer gst-plugins-good, gstreamer
PulseAudio pulseaudioMultimedia PulseAudio pulseaudio
UPnP gupnp
PIM
Calendar Engine kcalcore
Storage evolution-data-server
Synchronization Framework syncevolution
Qt
Qt qt
Qt Mobility qt-mobility
QtWebKit qtwebkit
Software
ManagementPackage Manager PackageKit
System
Context Framework contextkit
Resource Policy ohm
Sensor Framework sensorfw
MeeGo* OSS Core Features – summary
� Core Linux kernel (2.6.33)
� Multitasking support
� 2D / 3D graphics stack (X, OpenGL)
� Framework for native application
development
� Framework for animated, 3D-
accelerated device UIs
� Voice and data connectivity
(oFono, ConnMan)
MeeGo v1.0 OSS Core
Plus:
� Linux kernel 2.6.35 with support for
Intel Atom processor family
� Touch Framework including multi-
touch and gestures
� Sensor framework
� Gcc 4.5 toolchain with Intel Atom
processor optimizations
� Qt 4.7 and Qt Mobility APIs
MeeGo v1.1 OSS Core
Plus:
� Telephony
� SIM/USIM toolkit
� Long SMS handling
� Connectivity
� IPv6
� Tethering (USB, BT)
� Additional BT profiles
� PPP over 3G
� Security framework based on SMACK
MeeGo v1.2 OSS Core
(oFono, ConnMan)
� File system (btrfs)
� Device sync
� APIs for accessing social networks
� Qt 4.7 and Qt Mobility APIs
� MeeGo Web Run Time for web based
development
� Connection Manager enhancements
� Enhanced graphics (X 1.9.0, Mesa
7.8.99)
� Sync engine (Buteo) and Storage
(Tracker) for Contacts, Calendar & Mail
� Security framework based on SMACK
� Policy framework and Rulesets
� Backup and restore
� Multimedia – HTTP progressive download
� Energy and time management
� MCE, NGF, Profiles, QmSystem
� Sharing Framework
� MeeGo SDK support for Windows
� SyncEvolution and EDS
� Required for compliance
� Component did not mature enough to be
required from Compliance perspective
Legend:
Questions?Questions?
16
Thanks
17