下午1 intel yang, elton_mee_go-arch-update-final

752 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
752
On SlideShare
0
From Embeds
0
Number of Embeds
42
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

下午1 intel yang, elton_mee_go-arch-update-final

  1. 1. MeeGo Architecture Update Sunil Saxena Elton Yang April 14th 2011 1
  2. 2. MeeGo 1.2 Architecture 2
  3. 3. MeeGo 1.2 Architecture – Status 3
  4. 4. Old Security Architecture: Mobile Simplified Security FW• Driven by Operator Lock Down• New Focus Driven by End- User Privacy• Re-Evaluating Solutions For: – Access Control – Integrity Protection – Single Sign-On – Cryptographic Services – Digital Rights Management http://wiki.meego.com/Security/Architecture Things Change! 4
  5. 5. Access Control• Linux Security Modules (LSM) – Previously Used Simple Mandatory Access Control Kernel (SMACK) • Basic {subject, object, permission} access control model • Requires1000+ SMACK rules – Complexity reintroduced! – Re-Evaluating Other LSMs • SELinux, TOMOYO, App Armor• “Sandboxing” – There were previously no sandboxing capabilities defined as part of the MeeGo Security Architecture – Need way to help isolate untrusted, 3rd party apps – Evaluating use of Linux Containers (LXC) • Uses Linux Kernel cgroups to create “chroot on steroids” • Additionally use btrfs filesystem snapshot (disposable environment) as chroot envirnoment with additional per application storage 5
  6. 6. MeeGo Security New Directions• Focus: Protect User Data & Privacy – define and classify end user data for contacts, mail, calendar and media• Simplify Security Components: – Secure and Trusted boot – Keep secure SW distribution with trusted levels – Provide Access Control using LSM - SELinux or SMACK – Provide Application Sandboxing – Single Sign On support – Cryptographic Services from user space 6
  7. 7. PIM Storage & Sync• Buteo sync framework is being replaced with SyncEvolution as it was incomplete and not expected to materialize• Tracker storage used for Address Book, Calendar data and Email is being replaced by Evolution Data Server – Had issues with implementation, privacy controls, performance, scalability and incomplete for syncml sync 7
  8. 8. PIM Storage• Calendar: – Old: QtMobility/QtOrganizer (API) + KCalCore (KDE) + modifications + mKCal (sqlite storage) – New: QtMobility/QtOrganizer (API) + KCalCore (KDE-compatible) + KCal-EDS + libecal/libical (client side) + EDS (server side, stored in iCalendar 2.0 text file)• Contact: – Old: QtContacts (API) + QtContacts-Tracker (glue code) + Tracker (storage) – New: QtContacts (API) + QtContacts-EDS + libebook (client side) + EDS (server side, storage of vCards in Berkley DB); libfolks as replacement for contactsd• Mail: – Old: QtMobility/QtMessaging API + Qt Messaging Framework (QMF, actual implementation) – New: QtMobility/QtMessaging (API) + QMF-compatible API (?) +Camel library (part of EDS,) 8
  9. 9. Data Synchronization• Old: Buteo Sync Framework, Buteo SyncML, Buteo Sync Plugins, Buteo Media Transfer Protocol (MTP)• New: SyncEvolution, Synthesis SyncML, Buteo Media Transfer Protocol 9
  10. 10. MCE, Sharing FW, NGF, Profiles, and QmSystem• Technologies that have not reached maturity that we want to commit them into MeeGo 1.2 core: – MCE provides activity monitoring and notifications via D-Bus, controls display and backlight, ALS reading and display tuning, airplane mode – Sharing framework provides a unified API for sharing files via, e.g., BT, email, web services. It includes webupload engine and an API for transfer UI – QmSystem provides Qt style public APIs for various system services that are not covered by Qt Mobility – Profiles provides a daemon and libraries to access and control profiles related data in the device – NGF (non-graphic feedback) provides unified APIs for apps to request logical events• The technologies will not be part of Official Architecture or the compliance specification 10
  11. 11. Fastinit / Upstart / Systemd• MeeGo has fastinit that has been working for a while• Upstart was planned to be integrated for MeeGo 1.2 for security framework. However, it has not made it in and is rather complex• MeeGo 1.2 will stay with fastinit and will switch to systemd in MeeGo 1.3 timeframe 11
  12. 12. timed• Timed Integration into MeeGo is not complete and has revealed problems in synchronization with remote time sources – Must have non-privilege process to set time, timezone and alarms – We feel that we have no choice but not include timed in the official architecture diagram or the compliance spec; – We also need accounting for AGPS and Cellulars sources for time• We hope timed will mature going forward to be part of MeeGo 1.3 12
  13. 13. Application Framework – MTF• We have moved to QML / Qt to write reference applications• Following MTF components are being used in MeeGo 1.2 for Tablet reference UX: – MCompositor (Window Manager) – InputMethod – are using MTF inputmethod and have challenges with password fields – SystemUI –are using it but do not feel good about 3rd party usage.• Following MTF components are not being used in MeeGo 1.2 (candidate for dropping): – Applauncher – have no plan to use – ControlPanel – aren’t using it and have implemented a simplified version – Feedback – It does not work and needs haptics/vibra support. It is missing Qt Mobility backends. – Theme – We would like something simple. 13
  14. 14. Domain MeeGo 1.2 Compliance Packages Subsystem SRPM Bluetooth bluez, obexd Cellular Framework ofonoCommunications ConnMann connman, wpa_supplicant libtelepathy, telepathy-farsight, telepathy-gabble, telepathy-glib, telepathy-mission-control, Telephony & IM telepathy-qt4, telepathy-ring, telepathy-sofiasip, telepathy-stream-engineData Management Content Framework libqttrackerEssentials Base Essentials bash, coreutils, dbus, dbus-glib, eggdbus, GConf-dbus, glib2, glibc, libgdbus, udev, udisks, upower OpenGL / OpenGL ES mesa=/usr/lib/libgl.so.1Graphics xorg-x11-font-utils, xorg-x11-server, xorg-x11-utils, xorg-x11-utils-xrandr, xorg-x11-xauth, xorg- X11 x11-xkb-utilsKernel Linux Kernel kernel Gstreamer gst-plugins-good, gstreamerMultimedia PulseAudio pulseaudio UPnP gupnp Calendar Engine kcalcorePIM Storage evolution-data-server Synchronization Framework syncevolution Qt qtQt Qt Mobility qt-mobility QtWebKit qtwebkitSoftware Package Manager PackageKitManagement Context Framework contextkitSystem Resource Policy ohm Sensor Framework sensorfw
  15. 15. MeeGo* OSS Core Features – summaryMeeGo v1.0 OSS Core MeeGo v1.1 OSS Core MeeGo v1.2 OSS Core Core Linux kernel (2.6.33) Plus: Plus: Multitasking support Linux kernel 2.6.35 with support for Telephony Intel Atom processor family SIM/USIM toolkit 2D / 3D graphics stack (X, OpenGL) Long SMS handling Framework for native application Touch Framework including multi- touch and gestures Connectivity development IPv6 Framework for animated, 3D- Sensor framework Tethering (USB, BT) accelerated device UIs Gcc 4.5 toolchain with Intel Atom Additional BT profiles processor optimizations PPP over 3G Voice and data connectivity (oFono, ConnMan) Qt 4.7 and Qt Mobility APIs Security framework based on SMACK Policy framework and Rulesets File system (btrfs) MeeGo Web Run Time for web based development Backup and restore Device sync Multimedia – HTTP progressive download APIs for accessing social networks Connection Manager enhancements Energy and time management Enhanced graphics (X 1.9.0, Mesa MCE, NGF, Profiles, QmSystem 7.8.99) Sharing Framework Sync engine (Buteo) and Storage MeeGo SDK support for Windows (Tracker) for Contacts, Calendar & Mail SyncEvolution and EDS Legend Required for compliance : Component did not mature enough to be required from Compliance perspective
  16. 16. Questions? 16
  17. 17. Thanks 17

×