Part 5 - Platform

Abstract

The Automotive Grade Linux platform is a Linux distribution with AGL compliant applications and services. The platform includes the following software:

  • Linux BSP configured for reference boards.
  • Proprietary device drivers for common peripherals on reference boards.
  • Application framework.
  • Windows/layer management (graphics).
  • Sound resource management.
  • An atomic software update system (chapter Update).
  • Building and debug tools (based on Yocto project).
Domain Improvement
Platform-Abstract-1 Create a graphics and sound part.

This part focuses on the AGL platform including all tools and techniques used to upgrade the security and downgrade the danger. It must be possible to apply the two fundamental principles written at the very beginning of the document. First of all, security management must remain simple. You must also prohibit everything by default, and then define a set of authorization rules. As cases to deal with, we must:

  • Implement a MAC for processes and files.
  • Limit communication between applications (SystemBus and SystemD part).
  • Prohibit all tools used during development mode (Utilities and Services part).
  • Manage user capabilities (Users part).
  • Manage application permissions and policies (AGLFw part).

The tools and concepts used to meet these needs are only examples. Any other tool that meets the need can be used.

In AGL, as in many other embedded systems, different security mechanisms settle in the core layers to ensure isolation and data privacy. While the Mandatory Access Control layer (SMACK) provides global security and isolation, other mechanisms like Cynara are required to check application's permissions at runtime. Applicative permissions (also called "privileges") may vary depending on the user and the application being run: an application should have access to a given service only if it is run by the proper user and if the appropriate permissions are granted.

Discretionary Access Control

Discretionary Access Control (DAC) is the traditional Linux method of separating users and groups from one another. In a shared environment where multiple users have access to a computer or network, Unix IDs have offered a way to contain access within privilege areas for individuals, or shared among the group or system. The Android system took this one step further, assigning new user IDs for each App. This was never the original intention of Linux UIDs, but was able to provide Android’s initial security element: the ability to sandbox applications.

Although AGL mentions use of DAC for security isolation, the weight of the security responsibility lies in the Mandatory Access Control (MAC) and Cynara. Furthermore, there are system services with unique UIDs. however,the system does not go to the extreme of Android, where every application has its own UID. All sandboxing (app isolation) in AGL is handled in the MAC contexts.

Mandatory Access Control

Mandatory Access Control (MAC) is an extension to DAC, whereby extended attributes (xattr) are associated with the filesystem. In the case of AGL, the smackfs filesystem allows files and directories to be associated with a SMACK label, providing the ability of further discrimination on access control. A SMACK label is a simple null terminated character string with a maximum of 255 bytes. While it doesn’t offer the richness of an SELinux label, which provides a user, role,type, and level, the simplicity of a single value makes the overall design far less complex. There is arguably less chance of the security author making mistakes in the policies set forth.


Acronyms and Abbreviations

The following table lists the terms utilized within this part of the document.

Acronyms or Abbreviations Description
ACL Access Control Lists
alsa Advanced Linux Sound Architecture
API Application Programming Interface
AppFw Application Framework
BSP Board Support Package
Cap Capabilities
DAC Discretionary Access Control
DDOS Distributed Denial Of Service
DOS Denial Of Service
IPC Inter-Process Communication
MAC Mandatory Access Control
PAM Pluggable Authentication Modules
SMACK Simplified Mandatory Access Control Kernel