Home · All Namespaces · All Classes · Grouped Classes · Modules · Functions |
The SXE policy has a number of impacts and implications for the following:
These are discussed in detail in the following sections.
SXE will impact developers of 3rd party downloadable applications. Because downloaded applications will operate in a sandbox environment, resources and services available will be limited. Given the current support only for games, developers will need to ensure their applications adhere to those capabilities outlined in Aims and Limitations
In addition, the custom qpk package format must be used, however this is automated on the SDK. Some very limited provision will be provided for legacy .ipkg format, but this will not be formally supported and will likely work for only very simple applications.
There should be little impact for OEMS. The intention is that the integrators and OEMs work with a Qt Extended 4 SDK the same way they work with current SDKs.
OEMS may wish to provide a support framework to receive any end-user reports of security violations; or they may wish for this to be the responsibility of the network provider.
The design and build of the Linux kernel and file-system must now include the Mandatory Access Control(MAC) kernel and its associate user-space binaries: lidsconf and lidsadm. Development of such kernels and file-systems is straightforward and is described in the documentation for LIDS. Integrators will also need to apply a custom patch to LIDS, made for Qt Extended, which contains various enhancements and requisite kernel modifications specific to SXE.
Operators require a higher level of confidence in the integrity of the phone software stack, in the face of downloadable application scenarios, and virus activity.
With respect to content provision, placement of packages for download will operate with little change, that is, it is OEM configurable.
Violations are detailed in a synthesized email message in the SMS Inbox. Notification of the arrival of the message is as for any other message. The text of the message describes the violation and includes technical data pertaining to the violation. This can then be forwarded to a support number for analysis of the violation.
In many cases Simple authentication can be used, and optimizations are possible such that if key-based identification is required for complex scenarios the incremental addition to IPC end-to-end time is minimal and not noticeable.
This is only required if an untrusted transport is used, for example if a UDP socket or similar system.
To mitigate performance impact from the application rule-set, rule set lookups are cached and the caching policy may be adjusted for better performance if memory resources are available.
Copyright © 2009 Nokia | Trademarks | Qt Extended 4.4.3 |