Languages

Menu
Sites
Language
Knox MDM for Tizen not working

Hi,

We are developing an applicaiton using Knox mdm for tizen. I have included the include files in my project and also the libs. I was able to compile and run the app with mdm. However, the call to mdm_register_client is failing with MDM_RESULT_ACCESS_DENIED. I have added the privilege <privilege>http://developer.samsung.com/tizen/privilege/mdm.password</privilege> and feature <feature name="http://developer.samsung.com/tizen/feature/mdm">true</feature>.

I have the latest software updated on the Z3 device Tizen 2.4.0.2. Using Tizen public sdk 2.4.

if ( mdm_register_client( "com.xyz.pkg" ) == MDM_RESULT_SUCCESS)

Please let me know something more has to be done.

Thanks in advance.

Edited by: Me Papillon on 04 Jan, 2016
List

Responses

4 Replies
Md. Mahmud Muntakim Khan

Dear Papillon,

Thank you for your question.

To get a good startup in smack you can visit below link:

https://www.kernel.org/doc/Documentation/security/Smack.txt

When you have an error like *_ACCESS_DENIED at first you need to check which permission is actually missing. If it is a smack related issue you can find that in the *.log files inside /var/log/audit/ folder in the device. For example I have built an app org.example.basicuiapplication from which I am launching another app. But I was getting *_ACCESS_DENIED error. So I check with the following command from my pc.

sdb shell cat /var/log/audit/audit-smack1451448060.log |grep org.example.basicuiapplication

the output was like below:

[privilege-by-pid.cpp:131] processOne(): SS_SMACK: zone=host, caller_pid=1536, subject=org.example.basicuiapplication, object=aul::launch, access=x, result=0, caller_path=/usr/bin/launchpad-loader

Here it meant that my application org.example.basicuiapplication required execution permission on aul::launch which is missing.
Now we can confirm that by checking the permissions of my application actually have from the /smack/load2 file of the device. When I ran the following command:

sdb shell cat /smack/load2 |grep org.example.basicuiapplication | grep aul::launch

nothing was in the output.
Form here I understood that the permission is missing.

Smack permissions are related to priviledge applied to an application. Now I had to find the priviledge name that I need to add to my application. The mapping can be found in the /usr/share/privilege-control/2.4/ folder of the device with tizen 2.4 and the mapping files have *.smack extension. So I ran the following command:

find . name "*smack" -print | xargs grep aul::launch

and the output was below:

find: ./proc/1580/net: Invalid argument
find: ./run/tzip: No such file or directory
./usr/share/privilege-control/2.3/WRT_partner.smack:~APP~ aul::launch --x--
./usr/share/privilege-control/2.3/EFL_org.tizen.privilege.appmanager.launch.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.3/WRT_org.tizen.privilege.datacontrol.consumer.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.3/WRT_platform.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.3/WRT_org.tizen.privilege.application.launch.smack:~APP~ aul::launch x---
./usr/share/privilege-control/2.3/WRT.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.4/WRT_partner.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.4/EFL_org.tizen.privilege.appmanager.launch.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.4/WRT_org.tizen.privilege.datacontrol.consumer.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.4/WRT_platform.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.4/WRT_org.tizen.privilege.application.launch.smack:~APP~ aul::launch x---
./usr/share/privilege-control/2.4/WRT.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.3.1/WRT_partner.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.3.1/EFL_org.tizen.privilege.appmanager.launch.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.3.1/WRT_org.tizen.privilege.datacontrol.consumer.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.3.1/WRT_platform.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.3.1/WRT_org.tizen.privilege.application.launch.smack:~APP~ aul::launch x---
./usr/share/privilege-control/2.3.1/WRT.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.2.1/OSP_org.tizen.privilege.appmanager.launch.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.2.1/WRT_partner.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.2.1/WRT_org.tizen.privilege.datacontrol.consumer.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.2.1/OSP_org.tizen.privilege.application.launch.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.2.1/WRT_platform.smack:~APP~ aul::launch --x---
./usr/share/privilege-control/2.2.1/WRT_org.tizen.privilege.application.launch.smack:~APP~ aul::launch x---
./usr/share/privilege-control/2.2.1/OSP_org.tizen.privilege.datacontrol.consumer.smack:~APP~ aul::launch x---
./usr/share/privilege-control/2.2.1/WRT.smack:~APP~ aul::launch --x---

So I added the priviledge http://tizen.org/privilege/appmanager.launch to my application and installed that in the device. Then I ran the command again:

sdb shell cat /smack/load2 |grep org.example.basicuiapplication | grep aul::launch

and the output was:

org.example.basicuiapplication aul::launch

which shows that the permission was acquired.

Hope this post help you with your problem.

Me Papillon

Hi,

Thank you for the reply. Seems we do not have access to the log directory of /var folder. I am getting permission denied for sdb shell cat /var/log/audit/.

Below is the dlogutil logs

E/VCONF   ( 1797): vconf.c: _vconf_check_retry_err(1368) > db/mdm/enable : check retry err (-21/13).
E/VCONF   ( 1797): vconf.c: _vconf_get_key_filesys(2371) > _vconf_get_key_filesys(db/mdm/enable) step(-21) failed(13 / Permission denied) retry(0)
E/VCONF   ( 1797): vconf.c: _vconf_get_key(2407) > _vconf_get_key(db/mdm/enable) step(-21) failed(13 / Permission denied)
E/VCONF   ( 1797): vconf.c: vconf_get_int(2650) > vconf_get_int(1797) : db/mdm/enable error

Please guide.

 

 

Me Papillon

Hi,

Thank you for the reply. Seems we do not have access to the log directory of /var folder. I am getting permission denied for sdb shell cat /var/log/audit/.

Below is the dlogutil logs for mdm_get_service() call.

E/VCONF   ( 1797): vconf.c: _vconf_check_retry_err(1368) > db/mdm/enable : check retry err (-21/13).
E/VCONF   ( 1797): vconf.c: _vconf_get_key_filesys(2371) > _vconf_get_key_filesys(db/mdm/enable) step(-21) failed(13 / Permission denied) retry(0)
E/VCONF   ( 1797): vconf.c: _vconf_get_key(2407) > _vconf_get_key(db/mdm/enable) step(-21) failed(13 / Permission denied)
E/VCONF   ( 1797): vconf.c: vconf_get_int(2650) > vconf_get_int(1797) : db/mdm/enable error

Please let me know something more has to be done.

Me Papillon

Hi,

Got this issue fixed. I had to change the api version to 2.4.0.2.