730 likes | 752 Views
Web Framework. Contents. Web framework WRT, W3C Web APIs, Supplementary APIs, Device APIs, UI framework Web runtime Installer, client, core, injected bundle, security, launchpad Web APIs HTML5+deviceAPI Device APIs
E N D
Contents • Web framework • WRT, W3C Web APIs, Supplementary APIs, Device APIs, UI framework • Web runtime • Installer, client, core, injected bundle, security, launchpad • WebAPIs • HTML5+deviceAPI • Device APIs • Common, content, social, application, system, communication, Input/Output, UI • Web view • WebKit, Webkit2, Webkit2/EFL
Web Application • Web application • Using web based technologies • Accessing local device / platform resources • Can be installed on the device Source: Ming Jin , Tizen Web Runtime. Tizen Developer Conference 2012.
Web app on the Web framework • Web framework • aggregates the Web Runtime along with the W3C API, Device API, and a UI framework containing widgets derived from jQuery Mobile Source: Jaesik Chang , Tizen Webkit For Wearable Devices. Tizen Developer Conference 2014.
Web framework • Provides: • Best Web experience with Browser and packaged Web Apps • Focusing on functionality(HTML5), performance (UI Responsiveness, 2D/3D Acceleration, JS Engine), Standard Compliance(W3C) • More device feature accessibility through Tizen Device API • jQuery Mobile based Tizen Web UI FW enables easy Web App development • Consists of: • Web Runtime: Execution environment for packaged Web App • WebView (WebKit2/EFL): JavaScriptCore, WebCore(HTML5/W3C API implementation), WebKit API Source: Sunil Saxena , Tizen Architecture. Tizen Developer Conference 2012.
Web Runtime on Tizen • Web Runtime • Environment within which all web applications run on Tizen • Package management (installation, update, etc.) • Execution and lifecycle (launching, pause, resume, etc.) • Runtime security (API/network access, sandboxing, etc.) • Device and platform integration(access local device and platform resources) Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Tizen Web Runtime Internal Blocks Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Web Runtime web src wrt view view_module.cpp IVewModule class pointing to ViewLogic webkit Injected-bundle Injected-bundle.cpp Load libraries to Webprocess dynamically view_logic.cpp ViewLogic(), createWebView(), prepareView(), showWidget(), hideWidget() CoreModule::Init(), Terminate() api_new core_module.cpp runnable_widget_object.cpp Show(), Hide(), Suspend(), Resume(), Prepareview() web-client wrt-client.cpp WrtClient::WrtClient(), OnStop(), OnCreate(), OnReset() web-launcher wrt-launcher.cpp wrt-common Display_widget_info(), AttachDB() launchpad.c web-launchpad-daemon launchpad_src wrt-installer __real_launch() __normal_fork_exec() __fake_launch_app() __prepare_exec() wrt-security wrt-security ace._client.cpp checkFunctionCall()
Tizen Web Runtime Internal Blocks • WRT Installer • After download is finished, install the resources to the appropriate directories • Register app to WRT database • Extract content of the package file • Check configuration file • Generate manifest file for interacting with native application • Update SMACK (Simplified Mandatory Access Control Kernel) policy based on requested privileges Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Application install wrt-installer main() WrtInstaller: Public DPL::Application InstallStepEnum InstallerLogic::InstallWidget /wrt.installer.git/src/wrt-installer/wrt_installer_api.cpp wrt_install_widget CONTROLLER_POST_EVENT JobWidgetInstall::JobWidgetInstall AddTask() /wrt.installer.git/src/jobs/widget_install/job_widget_install.cpp TaskDesktopFile::TaskDesktopFile app.Exec() TaskDesktopFile::stepCreateExecFile [ln –s /usr/bin/wrt-client {widget-handle} ] /wrt.installer.git/src/jobs/widget_install/widget_install_context.h
Application launch wrt-launch g_dbConnection->AttachDatabase(); launchpad_preloading_preinitializing_daemon AUL aul_launch_app app_send_cmd AUL __launchpad_main_loop Fork(); execv __create_server_sock __create_client_socket ail_package_get_appinfo wrt-commons /opt/apps/org.tizen.webui/bin/ WrtDatabase::Address() ail ail_package_get_appinfo GlobalConfig::GetWrtDatabaseFilePath(); Global_config.h GetWrtDatabaseFilePath() Db: .app_info.db.wrt.db /wrt.installer.git/wrt-commons/modules/widget_dao/include/dpl/wrt-dao-ro/global_config.h
Addstep(&WrtClient::initStep); Addstep(&Wrtclient::launchStep); AddStep(&WrtClient::finalizeLaunchStep); AddStep(&WrtClient::killWidgetStep); DPL::Event::ControllerEventHandler wrt-client WrtClient::OnReset WrtClient::setStep main() WrtClient.Exec() wrt-common Application::Exec() Application::app_reset app-core appcore_efl_main __before_loop __do_app elm_run(); appcore_init elementary-1.0 aul Aul_launch_argv_handler ecore_main_loop_begin() app_start_internal _aul_handler
wrt-client WidgetController WrtClient::setStep WidgetController::OnEventReceived( WidgetControllerEvents::InitializeEvent WidgetConrtollerEvents::LaunchWidgetIdEvent Addstep(&WrtClient::initStep); Addstep(&WrtClient::launchStep); AddStep(&WrtClient::finalizeLaunchStep); AddStep(&WrtClient::killWidgetStep); DPL::Event::ControllerEventHandler <NextStepEvent>::PostEvent(NextStepEvent) WidgetLogic wrt-common Event controll system
wrt-client WidgetController::OnEventRecievd m_widgetLogic.createWidgetModel() m_view->prepareView m_view->showWidget new WidgetViewDataStructure(max win) new WindowData(); createWebview(m_widgetView); ViewLogic::prepareWebview elm-webview createWindow(pid); elm_webview_add() elm_webview_uri_set window = elm_win_add(); ecore_x_window_prop_property_set webkit-engine elementary Elementaryelm-webview-1.0.1 ewk_view_uri_set() win = ELM_NEW(Elm_Win)l eina_list_append(_elm_win_list.win->win_obj); wd->webkit = _elm_smart_WebView_add() ewk_view_reload()
Tizen Web Runtime Internal Blocks • WRT Client • Callback related to the life-cycle (launch, resume, pause, terminate) • When new web application is launched, the system spawns two processes • UI process; manage the life cycle of an app • Web process; responsible for rendering the web content Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Tizen Web Runtime Internal Blocks • WRT Core • Core module • Initialize the database, prepare information for launching, check network access • View module • Creation / deletion web view which contain a web application’s content • Control view layer including the capability of show, hide, suspend • Use WebKit and EFLEvas canvas library for view layer • Resource loading, creation of new web view • Add custom JS objects to WebKit view to access Tizen device APIs Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Web core • Runnablewidgetobject • Handle or launch web application at window • Call proper methods at every state changes • Definition of IRunnableWidgetObject interface • web/wrt/src/api_new/i_runnable_widget_object.h • Implementation of RunnableWidgetObject • web/wrt/src/api_new/runnable_widget_object.cpp • ViewLogic • With Webkit and Evas library, geolocation, notification, plugin function is available
Web core • IViewModule
Tizen Web Runtime Internal Blocks • Injected Bundle • Build a process management mechanism inside the WebKit API layer • Support additional function to Web Process by loading library dynamically at startup time like plugin • Unlike plugin, only one shared library can be loaded Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Tizen Web Runtime Internal Blocks • WRT Security • Provide sandbox environment • Enforce SMACK rules • Cannot access the files of another application, system files or features unless it has been granted permission Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Tizen Web Runtime Internal Blocks • WRT Launchpad • Preload WebKit and WRT libraries (such as libewebkit2.so, wrt-client) • Fork a new process (UI process) Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Web Runtime on Tizen • Since Tizen 2.0 • Hosted web app support • Installation / Update flow improvement • WebKit2/EFL • Improvement of launching • Resources encryption / decryption • Web dynamic box support • Support system language change • Privilege-based API security • Process sandboxing Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Hosted Web App Support • Hosted web app • A Web app with all of its resources located on a remote server • For now, it needs to be packaged with minimal resources: config.xml, signature(s) • Restrictions • Start page should be specified in <tizen:content> extension • All of rendered pages are remote pages • Only W3C/HTML APIs are allowed in remote pages • Created browsing context has the same origin as remote server origin Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Installation/Update flow improvement • Installation Flow • New verification steps introduced • Higher-level privilege declaration is not allowed • Invalid signature is not allowed • New installation steps introduced • Resource encryption (if necessary) • Smack rules population • Deprecated steps • W3C widget P&C <feature> tag checking is ignored (used as Store side filtering purpose for now) • Update Flow • Update criteria • Must have the same Tizen app ID • Must have the same author signature • Update triggering point • At installation request time, if the request satisfies the “update criteria” • Update result • Web app data (settings, cookies, local storage etc.) must be preserved Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Installation/Update flow • Installation / Update Flow Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
WRT – Lifecycle • Suspend / Resume • By default, webviews will be suspended by WRT when the Web App goes to background, unless the developer explicitly enables it via <tizen:setting> • Suspended activities include: JavaScript executions, timers, animations • Even if a webview is not suspended in background, the painting operations will not happen in background and the backing store will be purged • When switched to foreground, the suspended webviews will be resumed Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
WRT – Lifecycle Source: Ming Jin , Tizen Web Runtime. Tizen Developer Conference 2012.
Based on WebKit2/EFL • Web App Process Model • Each Web app has 1 UI process and 1 web process • UI process manages lifecycle, and Web process is responsible for rendering • NPAPI plugins (if any) will run in separate processes Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Launching procedure • wrt-launchpad • to preload WebKit and WRT libraries Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Resource Encryption / Decryption • Resources are encrypted during installation / update • Enabled with <tizen:setting encryption=“enable”/> in config.xml • Web App directory is scanned recursively • Only resources with predefined extensions (html / js / css) are encrypted • Information about encrypted resources are stored in WRT DB • Resources are decrypted at runtime • UI Process informs Bundle (WebProcess) about the decryption necessity • Resources are decrypted to base64 string and read by WebKit Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Resource Encryption / Decryption • Resource Encryption at Install / Update Time Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Resource Encryption / Decryption • Resource Decryption at Loading Time Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Web Dynamic box support • Web dynamic box • WRT install WDB at the time when its Web app is installed (WDB resources are packaged with its Web app) • On uninstallation, WDB resources are removed with its Web app • Supported sizes: 1x1, 2x1, 2x2 • Supports periodic update Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013. https://developer.tizen.org/ko/documentation/ux-guide/basic-interactions/dynamic-box
Support system language change • Folder-based localization • Web App contents can be localized in file unit according to W3C Widget P&C specification • The localization requires page reloading, and the localized contents will only be reflected at next launching time • Element-based localization • Configuration document can be localized with xml:lang attribute • Content-based localization • System locale change event can be listened with Tizen System Info API • L10n routine needs to be implemented in locale change event handler Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Process sandboxing • Web app (UI/Web process) sandboxing • UID: “app” • GUID: “app” • Process smack label: {PkgID} • Resource smack label: {PkgID} • Smack rules: basic application rules + privilege specific rules • Web app private data (e.g., localstorage, indexed db, cookie, etc.) is protected from the rest of system after sandboxing Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Privilege-based API security • Privilege • A predefined collection of privileged APIs that can be assigned to the application to allow it to call the privileged APIs • Ex. http://tizen.org/privilege/account.read • Privilege level • A defined access level for the APIs, based on their influence • Public • Alarm, application, bluetooth, calendar, call history, contact, file system, message port, messaging, power, push, setting, system, etc. • Partner • App manager, secure element, system manager, etc. • Platform • Bluetooth manager, lock manager, package manager, setting manager, etc. Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Privilege-based API security • Access control model • A subset of the JavaScript APIs supported in Tizen are considered restricted • Restricted refers to any JS function that can access the private data on a device such as location, contacts, calendar, etc. • Widgets need authorization to invoke restricted APIs • Permission declarations and authorization: • Declaration in manifest file: • <feature> element for device APIs • <access> element for network resources • Authorization: • prompt type decision according to WRT ACE policy user confirmations Source: Onur Aciicmez , Understanding the Permission and Access Control Model for Tizen Application Sandboxing. Tizen Developer Conference 2012.
Privilege-based API security • Access Control enforcements • Tizen WRT supports Tizen WebApps and multiple APIs: W3C APIs, and non-W3C APIs like WebGL and Tizen Web API • WRT has a multi-process model • WebKit based • Widget instances are executed in separate processes • Provides runtime isolation and allows the system to enforce custom process-level containment (sandbox) on each instance • Two levels of access control enforcements • WRT Access Control Engine(ACE): Fine grained access ontrol on JS APIs • Application Sandbox via SMACK: Process-level containment by the kernel on system calls Source: Onur Aciicmez , Understanding the Permission and Access Control Model for Tizen Application Sandboxing. Tizen Developer Conference 2012.
Privilege-based API security • Access Control Engine • Component responsible for Tizen policy management • Evaluates policy per single request • Manages policy and prompt verdict cache <feature name=http://tizen.org/api/filesystem required=“true”/> Source: Ming Jin , Tizen Web Runtime. Tizen Developer Conference 2012.
Access Control Enforcements • ACE policy Evaluation PEP (Policy Enforcement Point): ACE interface for WRT PIP (Policy Information Point): Responsible for obtaining attribute values from WRT, Resource Information and OS PDP (Policy Decision Point): evaluates policies; Interacts with the user if necessary Policy Translator: Parses policies (XML) Verdict Manager: Responsible for caching the verdicts Source: Onur Aciicmez , Understanding the Permission and Access Control Model for Tizen Application Sandboxing. Tizen Developer Conference 2012.
Access Control Enforcements • Process Sandbox via SMACK • The SMACK Policy File is updated with the appropriate rules during the install, update, or uninstall operations, as well as at run-time • Rules are based ondevice features (manifest file), user confirmations, and security files (label, permissions for each feature) Access is made to a device feature Widget requests access to a device feature ACE System Linux Kernel SMACK LSM Check access rights in the SMACK Policy File Return result to WRT Source: Onur Aciicmez , Understanding the Permission and Access Control Model for Tizen Application Sandboxing. Tizen Developer Conference 2012.
Web API support • W3C API • implements web standards relating to DOM, styles, device, graphics, media, communication, storage, security, UI, performance, location, and widget • The Device API • provides advanced logic employing sensors, file I/O, capturing, telephony, FM radio, speech recognition, HDMI output, and more Source: Tizen Overview and Architecture, Seokjae Jeong, Korea Linux Forum 2012.
Why Tizen Web Device APIs? • Limitations of standard specifications • Most of them are still working drafts • No full support for the Tizen characteristic features • Tizen Web device APIs • Device APIs give the characteristic features of the Tizen platform • Device APIs have been updated agilely Source: Tizen – Universal Device Platform, Wonseok Lee, Samsung Electronics.
Tizen Web Device APIs Design • Follows W3C specification API style • Numerical constants avoided but string enumerations used • Most methods are asynchronous • Success and error callback, and constructors used • Based on standard technologies • Tizen Web device API specifications are written in WebIDL • Implementation follows the fundamental rule of ECMAScript 5.1 and W3C WebIDL recommendation (for example, type conversion) • Defined tizen namespace • All Tizen device APIs exist in the tizen namespace • tizen is the global object to which all Tizen device APIs are bound Source: Tizen – Universal Device Platform, Wonseok Lee, Samsung Electronics.
Tizen Web Device APIs Design • Defined tizennamespace Source: Tizen – Universal Device Platform, Wonseok Lee, Samsung Electronics.
Tizen Web Device API Modules Source: Kisub Song , Tizen Web Device API. Tizen Developer Conference 2013.