690 likes | 704 Views
Learn about Tizen Web Framework that provides the best web experience, focusing on HTML5 performance and compliance, with access to device features through Tizen APIs.
E N D
Contents • Web Runtime • Internal Blocks • Feature and Lifecycle • Tizen Web API • Web Device API, Tizen API, Application API, Communication API, Content API, Input/Output API, Social API, System API, User Interface API
Web Application • Web application • Using web based technologies • Accessing local device / platform resources • Can be installed on the device Source: Ming Jin , Tizen Web Runtime. Tizen Developer Conference 2012.
Web app on the Web framework • Web framework • aggregates the Web Runtime along with the W3C API, Device API, and a UI framework containing widgets derived from jQuery Mobile Source: Jaesik Chang , Tizen Webkit For Wearable Devices. Tizen Developer Conference 2014.
Web framework • Provides: • Best Web experience with Browser and packaged Web Apps • Focusing on functionality(HTML5), performance (UI Responsiveness, 2D/3D Acceleration, JS Engine), Standard Compliance(W3C) • More device feature accessibility through Tizen Device API • jQuery Mobile based Tizen Web UI FW enables easy Web App development • Consists of: • Web Runtime: Execution environment for packaged Web App • WebView (WebKit2/EFL): JavaScriptCore, WebCore(HTML5/W3C API implementation), WebKit API Source: Sunil Saxena , Tizen Architecture. Tizen Developer Conference 2012.
Web Runtime on Tizen v2.3 • Web Runtime • Environment within which all web applications run on Tizen • Package management (installation, update, etc.) • Execution and lifecycle (launching, pause, resume, etc.) • Runtime security (API/network access, sandboxing, etc.) • Device and platform integration(access local device and platform resources) Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Tizen Web Runtime Internal Blocks Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Web Runtime web src wrt view view_module.cpp IVewModule class pointing to ViewLogic webkit Injected-bundle Injected-bundle.cpp Load libraries to Webprocess dynamically view_logic.cpp ViewLogic(), createWebView(), prepareView(), showWidget(), hideWidget() CoreModule::Init(), Terminate() api_new core_module.cpp runnable_widget_object.cpp Show(), Hide(), Suspend(), Resume(), Prepareview() web-client wrt-client.cpp WrtClient::WrtClient(), OnStop(), OnCreate(), OnReset() web-launcher wrt-launcher.cpp wrt-common Display_widget_info(), AttachDB() launchpad.c web-launchpad-daemon launchpad_src wrt-installer __real_launch() __normal_fork_exec() __fake_launch_app() __prepare_exec() wrt-security wrt-security ace._client.cpp checkFunctionCall()
Tizen Web Runtime Internal Blocks • WRT Installer • After download is finished, install the resources to the appropriate directories • Register app to WRT database • Extract content of the package file • Check configuration file • Generate manifest file for interacting with native application • Update SMACK (Simplified Mandatory Access Control Kernel) policy based on requested privileges Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Tizen Web Runtime Internal Blocks • WRT Client • Callback related to the life-cycle (launch, resume, pause, terminate) • When new web application is launched, the system spawns two processes • UI process; manage the life cycle of an app • Web process; responsible for rendering the web content Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Tizen Web Runtime Internal Blocks • WRT Core • Core module • Initialize the database, prepare information for launching, check network access • View module • Creation / deletion web view which contain a web application’s content • Control view layer including the capability of show, hide, suspend • Use WebKit and EFLEvas canvas library for view layer • Resource loading, creation of new web view • Add custom JS objects to WebKit view to access Tizen device APIs Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Web core • RunnableWidgetObject • Handle or launch web application at window • Call proper methods at every state changes • Definition of IRunnableWidgetObject interface • web/wrt/src/api_new/i_runnable_widget_object.h • Implementation of RunnableWidgetObject • web/wrt/src/api_new/runnable_widget_object.cpp • ViewLogic • With Webkit and Evas library, geolocation, notification, plugin function is available
Web core • IViewModule
Tizen Web Runtime Internal Blocks • Injected Bundle • Build a process management mechanism inside the WebKit API layer • Support additional function to Web Process by loading library dynamically at startup time like plugin • Unlike plugin, only one shared library can be loaded Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Tizen Web Runtime Internal Blocks • WRT Security • Provide sandbox environment • Enforce SMACK rules • Cannot access the files of another application, system files or features unless it has been granted permission Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Tizen Web Runtime Internal Blocks • WRT Launchpad • Preload WebKit and WRT libraries (such as libewebkit2.so, wrt-client) • Fork a new process (UI process) Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Launchpad • Two key daemons to spawn new process(app) in TIZEN • AMD(application management daemon) and launchpad daemon. • AMD receives the launch request and forwards it to the launchpad(launchpad_preloading_preinitializing_daemon) • launchpadis the parent process of all TIZEN apps. • There are three launchpad daemons; • launchpad, wrt_launchpad and debug_launchpad • AMD chooses the proper launchpad daemon w.r.t. launch request. • debug_launchpaditself is launched by sdbd (sdb daemon) only for debugging purpose.
Web Runtime on Tizen • Since Tizen 2.0 • Hosted web app support • Installation / Update flow improvement • WebKit2/EFL • Improvement of launching • Resources encryption / decryption • Web dynamic box support • Support system language change • Privilege-based API security • Process sandboxing Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Hosted Web App Support • Hosted web app • A Web app with all of its resources located on a remote server • For now, it needs to be packaged with minimal resources: config.xml, signature(s) • Restrictions • Start page should be specified in <tizen:content> extension • All of rendered pages are remote pages • Only W3C/HTML APIs are allowed in remote pages • Created browsing context has the same origin as remote server origin Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Installation/Update flow improvement • Installation Flow • New verification steps introduced • Higher-level privilege declaration is not allowed • Invalid signature is not allowed • New installation steps introduced • Resource encryption (if necessary) • Smack rules population • Update Flow • Update criteria • Must have the same Tizen app ID • Must have the same author signature • Update triggering point • At installation request time, if the request satisfies the “update criteria” • Update result • Web app data (settings, cookies, local storage etc.) must be preserved Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Installation/Update flow Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Based on WebKit2/EFL • Web App Process Model • Each Web app has 1 UI process and 1 web process • UI process manages lifecycle, and Web process is responsible for rendering • NPAPI plugins (if any) will run in separate processes Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Launching procedure • wrt-launchpad • to preload WebKit and WRT libraries Ewk: EFL Webkit Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
WRT – Lifecycle Source: Ming Jin , Tizen Web Runtime. Tizen Developer Conference 2012.
WRT – Lifecycle • Suspend / Resume • By default, webviews will be suspended by WRT when the Web App goes to background, unless the developer explicitly enables it via <tizen:setting> • Suspended activities include: JavaScript executions, timers, animations • Even if a webview is not suspended in background, the painting operations will not happen in background and the backing store will be purged • When switched to foreground, the suspended webviews will be resumed Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Support system language change • Folder-based localization • Web App contents can be localized in file unit according to W3C Widget P&C specification • The localization requires page reloading, and the localized contents will only be reflected at next launching time • Element-based localization • Configuration document can be localized with xml:lang attribute • Content-based localization • System locale change event can be listened with Tizen System Info API • L10n routine needs to be implemented in locale change event handler Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Resource Encryption / Decryption • Resources are encrypted during installation / update • Enabled with <tizen:setting encryption=“enable”/> in config.xml • Web App directory is scanned recursively • Only resources with predefined extensions (html / js / css) are encrypted • Information about encrypted resources are stored in WRT DB • Resources are decrypted at runtime • UI Process informs Bundle (WebProcess) about the decryption necessity • Resources are decrypted to base64 string and read by WebKit Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Resource Encryption / Decryption • Resource Encryption at Install / Update Time Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Resource Encryption / Decryption • Resource Decryption at Loading Time Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Web Dynamic box support • WRT install WDB at the time when its Web app is installed (WDB resources are packaged with its Web app) • On uninstallation, WDB resources are removed with its Web app • Supported sizes: 1x1, 2x1, 2x2 • Supports periodic update Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013. https://developer.tizen.org/ko/documentation/ux-guide/basic-interactions/dynamic-box
Process sandboxing • Web app (UI/Web process) sandboxing • UID: “app” • GUID: “app” • Process smack label: {PkgID} • Resource smack label: {PkgID} • Smack rules: basic application rules + privilege specific rules • Web app private data (e.g., localstorage, indexed db, cookie, etc.) is protected from the rest of system after sandboxing [subjectLabel] [objectLabel] [access(rwxa)] Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Privilege-based API security • Privilege • A predefined collection of privileged APIs that can be assigned to the application to allow it to call the privileged APIs • Ex. http://tizen.org/privilege/account.read • Privilege level • A defined access level for the APIs, based on their influence • Public • Alarm, application, bluetooth, calendar, call history, contact, file system, message port, messaging, power, push, setting, system, etc. • Partner • App manager, secure element, system manager, etc. • Platform • Bluetooth manager, lock manager, package manager, setting manager, etc. Source: Ming Jin , Tizen Web Runtime Update. Tizen Developer Conference 2013.
Privilege-based API security • Access Control enforcements • Tizen WRT supports Tizen WebApps and multiple APIs: W3C APIs, and non-W3C APIs like WebGL and Tizen Web API • WRT has a multi-process model • WebKit based • Widget instances are executed in separate processes • Provides runtime isolation and allows the system to enforce custom process-level containment (sandbox) on each instance • Two levels of access control enforcements • WRT Access Control Engine(ACE): Fine-grained access control on JS APIs • Application Sandbox via SMACK: Process-level containment by the kernel on system calls Source: Onur Aciicmez , Understanding the Permission and Access Control Model for Tizen Application Sandboxing. Tizen Developer Conference 2012.
Privilege-based API security • Access control model • A subset of the JavaScript APIs supported in Tizen are considered restricted • Restricted refers to any JS function that can access the private data on a device such as location, contacts, calendar, etc. • Widgets need authorization to invoke restricted APIs • Permission declarations and authorization: • Declaration in manifest file: • <feature> element for device APIs • <access> element for network resources • Authorization: • prompt type decision according to WRT ACE policy user confirmations Source: Onur Aciicmez , Understanding the Permission and Access Control Model for Tizen Application Sandboxing. Tizen Developer Conference 2012.
Privilege-based API security • Access Control Engine • Component responsible for Tizen policy management • Evaluates policy per single request • Manages policy and prompt verdict cache <feature name=http://tizen.org/api/filesystem required=“true”/> Source: Ming Jin , Tizen Web Runtime. Tizen Developer Conference 2012.
Access Control Enforcements • ACE policy Evaluation PEP (Policy Enforcement Point): ACE interface for WRT PIP (Policy Information Point): Responsible for obtaining attribute values from WRT, Resource Information and OS PDP (Policy Decision Point): evaluates policies; Interacts with the user if necessary Policy Translator: Parses policies (XML) Verdict Manager: Responsible for caching the verdicts Source: Onur Aciicmez , Understanding the Permission and Access Control Model for Tizen Application Sandboxing. Tizen Developer Conference 2012.
Access Control Enforcements • Process Sandbox via SMACK • The SMACK Policy File is updated with the appropriate rules during the install, update, or uninstall operations, as well as at run-time • Rules are based ondevice features (manifest file), user confirmations, and security files (label, permissions for each feature) Access is made to a device feature Widget requests access to a device feature ACE System Linux Kernel SMACK LSM Check access rights in the SMACK Policy File Return result to WRT Source: Onur Aciicmez , Understanding the Permission and Access Control Model for Tizen Application Sandboxing. Tizen Developer Conference 2012.
Web API support • W3C API • implements web standards relating to DOM, styles, device, graphics, media, communication, storage, security, UI, performance, location, and widget • The Device API • provides advanced logic employing sensors, file I/O, capturing, telephony, FM radio, speech recognition, HDMI output, and more Source: Tizen Overview and Architecture, Seokjae Jeong, Korea Linux Forum 2012.
Why Tizen Web Device APIs? • Limitations of standard specifications • Most of them are still working drafts • No full support for the Tizen characteristic features • Tizen Web device APIs • Device APIs give the characteristic features of the Tizen platform • Device APIs have been updated agilely Source: Tizen – Universal Device Platform, Wonseok Lee, Samsung Electronics.
Tizen Web Device APIs Design • Follows W3C specification API style • Numerical constants avoided but string enumerations used • Most methods are asynchronous • Success and error callback, and constructors used • Based on standard technologies • Tizen Web device API specifications are written in WebIDL • Implementation follows the fundamental rule of ECMAScript 5.1 and W3C WebIDL recommendation (for example, type conversion) • Defined tizen namespace • All Tizen device APIs exist in the tizen namespace • tizen is the global object to which all Tizen device APIs are bound Source: Tizen – Universal Device Platform, Wonseok Lee, Samsung Electronics.
Tizen Web Device APIs Design • Defined tizennamespace Source: Tizen – Universal Device Platform, Wonseok Lee, Samsung Electronics.
Tizen Web Device API Modules https://developer.tizen.org/dev-guide/2.3.0/org.tizen.web.apireference/html/web_api_reference.htm Source: Kisub Song , Tizen Web Device API. Tizen Developer Conference 2013.