Taste the Rainbow:0.7.4: Difference between revisions

From OLPC
Jump to navigation Jump to search
(New page: This page is a guided tour of the [http://dev.laptop.org/git?p=users/mstone/security;a=tree;hb=5718e427e3c6830669c996403435a4fc794c66c0 source code] of the rainbow-0.7.2 releas...)
 
No edit summary
Line 1: Line 1:
This page is a guided tour of the [http://dev.laptop.org/git?p=users/mstone/security;a=tree;hb=5718e427e3c6830669c996403435a4fc794c66c0 source code] of the [[Rainbow|rainbow-0.7.2]] release.
This page is a guided tour of the [http://dev.laptop.org/git?p=users/mstone/security;a=tree;hb=0168171c698d3ac75645dc150052fd34b28ec357 source code] of the [[Rainbow|rainbow-0.7.4]] release.


== Source Code Overview ==
== Source Code Overview ==
Please start in my [http://dev.laptop.org/git?p=users/mstone/security;a=tree;f=rainbow;h=f3f9f1eec7f55d59f1538cf3394a20e26e34657f;hb=5718e427e3c6830669c996403435a4fc794c66c0 rainbow-0.7.2 tree].
Please start in my [http://dev.laptop.org/git?p=users/mstone/security;a=tree;f=rainbow;hb=0168171c698d3ac75645dc150052fd34b28ec357 rainbow-0.7.4 tree].


./
./
Line 13: Line 13:
| to use the same session bus and enables OLPC-specific
| to use the same session bus and enables OLPC-specific
| dbus access checks. When /etc/olpc-security exists,
| dbus access checks. When /etc/olpc-security exists,
| session-olpc.conf is loaded by [http://dev.laptop.org/git?p=sugar;a=blob;f=bin/sugar.in;h=140c56ef7306e04e8c71ac4c89dab286d01199e1;hb=bde0e167a32eab3e697d5aeb7fffcd0b1be5b1b0 /usr/bin/sugar]
| session-olpc.conf is loaded by [http://dev.laptop.org/git?p=sugar;a=blob;f=bin/sugar.in;hb=0168171c698d3ac75645dc150052fd34b28ec357 /usr/bin/sugar]
|
|
|--- docs : explanations & notes
|--- docs : explanations & notes
Line 30: Line 30:


The key functions for launching activities are
The key functions for launching activities are
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;h=dd39a3f648b97cddfae68a5a34c731d7f54567ee;hb=5718e427e3c6830669c996403435a4fc794c66c0#l86 inject.py:grab_home()],
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=0168171c698d3ac75645dc150052fd34b28ec357#l86 inject.py:grab_home()],
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;h=dd39a3f648b97cddfae68a5a34c731d7f54567ee;hb=5718e427e3c6830669c996403435a4fc794c66c0#l110 inject.py:configure_home_and_scratch()], and
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=0168171c698d3ac75645dc150052fd34b28ec357#l110 inject.py:configure_home_and_scratch()], and
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;h=dd39a3f648b97cddfae68a5a34c731d7f54567ee;hb=5718e427e3c6830669c996403435a4fc794c66c0#l142 inject.py:launch()].
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=0168171c698d3ac75645dc150052fd34b28ec357#l142 inject.py:launch()].


These functions are called in the order listed from
These functions are called in the order listed from
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;h=dd39a3f648b97cddfae68a5a34c731d7f54567ee;hb=5718e427e3c6830669c996403435a4fc794c66c0#l197 inject.py:run()]
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/inject.py;hb=0168171c698d3ac75645dc150052fd34b28ec357#l197 inject.py:run()]


which which is, in turn, called from
which which is, in turn, called from
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/service.py;h=9468b3e64b2d6cb286b8a62b033629afefb0e40d;hb=5718e427e3c6830669c996403435a4fc794c66c0#l58 service.py:Rainbow.CreateActivity()]
*[http://dev.laptop.org/git?p=users/mstone/security;a=blob;f=rainbow/rainbow/service.py;hb=0168171c698d3ac75645dc150052fd34b28ec357#ll58 service.py:Rainbow.CreateActivity()]


These six functions (and the relatively simple helpers they call) exhaust the functionality provided by rainbow-0.7.2.
These six functions (and the relatively simple helpers they call) exhaust the functionality provided by rainbow-0.7.4.


== Developing Rainbow ==
== Developing Rainbow ==

Revision as of 21:24, 27 November 2007

This page is a guided tour of the source code of the rainbow-0.7.4 release.

Source Code Overview

Please start in my rainbow-0.7.4 tree.

 ./
  |--- README : Standard boilerplate about where work gets done; somewhat dated in this release.
  |--- rainbow.spec.in : spec-file template for building RPMS
  |--- Makefile.package : package-specific variables for use in ../Makefile.fedora
  |--- conf : installation-time configuration files
  |     \--- session-olpc.conf : applies some unusual dbus rules to allow many uids
  |                              to use the same session bus and enables OLPC-specific 
  |                              dbus access checks. When /etc/olpc-security exists, 
  |                              session-olpc.conf is loaded by /usr/bin/sugar 
  | 
  |--- docs : explanations & notes
  |     |--- DESIGN : A discussion of how the predecessor to the current architecture arose.
  |     \--- NOTES : various problems I have encountered and thoughts on how to solve them.
  |     *--- rainbow.txt : a sketch & justification of the current design
  |
  \--- rainbow : source code
        |--- permissions : a stub based on the secure installation work that marcopg and 
        |                  neuralis did together a few weeks ago
        |--- util : functions wrapping frequently used idioms or useful syscalls
        |--- inject.py : logic implementing activity launching
        \--- service.py : dbus service entry-point

Activity Launching

The key functions for launching activities are

These functions are called in the order listed from

which which is, in turn, called from

These six functions (and the relatively simple helpers they call) exhaust the functionality provided by rainbow-0.7.4.

Developing Rainbow

I develop Rainbow in four basic modes:

  • From a live git clone, when developing new features.
 cp setup.py.in setup.py 
 sed -i -e 's/@VERSION@/1/' setup.py 
 python setup.py develop
  • By packaging snapshots of a git clone to try out packaging changes.
 make snapshot
  • With locally-built or scratch-built packages, when I'm getting ready to tag a release.
 make release