MeeGo 1.2 Harmattan Security Tokens
(Rahulvala -) |
(Gnuton - - →APIs that require security tokens) |
||
| Line 106: | Line 106: | ||
*TrackerWriteAccess | *TrackerWriteAccess | ||
|} | |} | ||
| + | |||
| + | Description of posix tokens can be found [http://www.gentoo.org/proj/en/hardened/capabilities.xml here]. | ||
=== Qt Declarative modules that require security credentials === | === Qt Declarative modules that require security credentials === | ||
Revision as of 14:08, 8 December 2011
Contents |
MeeGo 1.2 Harmattan APIs/Qt Quick Modules that require security credentials
This section lists all MeeGo 1.2 Harmattan and Platform APIs and Qt Declarative modules that require security credentials. Please do not add any unnecessary tokens to your application's Aegis Manifest file .
APIs that require security tokens
| API | Required token |
|---|---|
| Accounts Framework |
|
| Associate Content with Actions |
|
| Location Extras |
|
| Location Picker |
|
| QmSystem |
|
| QtMobility Contacts |
|
| QtMobility Gallery |
|
| QtMobility Location |
|
| QtMobility Messaging |
|
| QtMobility Multimedia |
|
| QtMobility Organizer |
|
| QtMobility Systeminfo |
|
| QtSparql RDF Tracker |
|
| Relevance Search |
|
| Share UI Extension API |
|
| Single Sign On |
|
| Web Upload Services |
|
Description of posix tokens can be found here.
Qt Declarative modules that require security credentials
| Qt Declarative module | Required token |
|---|---|
| MapsPlugin |
|
| QSparql |
|
| QtMobility.contacts |
|
|
QtMobility.gallery |
|
| QtMobility.location |
|
| QtMobility.messaging |
|
| QtMobility.organizer |
|
| QtMobility.systeminfo |
|
| QtMultimediaKit |
|
(Courtesy of the MeeGo 1.2 Harmattan documentation team)
Complete list of tokens available
As Harmattan developer, you have maybe noticed that some applications work correctly only if launched by Qt Creator or via SSH and that they don't work when launched from the phone application menu. This happens because these apps need some capabilities to run correctly on Harmattan if they run as "user". These set of capabilities are generally granted by the system to the app by default when the app runs via SSH/developer.
The complete list of tokens which are granted to "developer" are the following: /home/developer $ accli -I Current mode: normal Credentials:
UID::user
GID::developer
CAP::chown
CAP::dac_read_search
CAP::fowner
CAP::fsetid
CAP::kill
CAP::linux_immutable
CAP::net_bind_service
CAP::net_broadcast
CAP::net_admin
CAP::net_raw
CAP::ipc_lock
CAP::ipc_owner
CAP::sys_chroot
CAP::sys_ptrace
CAP::sys_pacct
CAP::sys_boot
CAP::sys_nice
CAP::sys_resource
CAP::sys_time
CAP::sys_tty_config
CAP::lease
CAP::audit_write
CAP::audit_control
CAP::setfcap
GRP::root
GRP::dialout
GRP::video
GRP::pulse-access
GRP::users
GRP::metadata-users
GRP::calendar
AID::.develsh.
Cellular
TrackerReadAccess
TrackerWriteAccess
Location
FacebookSocial
tracker::tracker-extract-access
tracker::tracker-miner-fs-access
libaccounts-noa::accesssvt
package-manager::packagemanager_limited
package-manager::packagemanager_private
icd2::icd2-plugin
develsh::develsh
If you run accli -I in the user terminal instead, you can see how little is the set of capabilities which the system grants to app launched by "user". /home/user $ accli -I Current mode: normal Credentials:
UID::user
GID::users
SRC::com.nokia.maemo
AID::com.nokia.maemo.meegotouchhome-nokia.
meegotouchhome-nokia::meegotouchhome-nokia
For this reason, applications which have to redistributed have to define a manifest file which requests some of the capabilities listed in the first list and which are missing in the second one.
