In harmattan, if you want to access certain resources (E.G. Tracker) you need to ask for permission to the Security FW. It is not as bad as it sounds. You just need to add a file in your package explaining what “tokens” do you need. Then depending on where your package comes from and some other ingredients, the security FW decides if your application is worthy of such a privilege.
Today I was packaging a very first version of Mussorgsky in QML which requires the “TrackerReadAccess” token (to query Tracker via dbus). So far I have been working in the command line tool where a aegis-su -r TrackerReadAccess python mussorgsky.py was enough. But how to do the same when the application is installed?
- Create a
$PACKAGE_NAME.aegisfile under yourdebian/directory. There you need to declare what tokens you want for what binary. Example: in mussorgsky.aegis I request “TrackerReadAccess” for “/usr/lib/mussorgsky/mussorgsky-qml.py”, which is the executable that starts my program. - Put the aegis file in the package. Using CDBS is almost the same as in C++, without the include of autotools.mk:
# Add this to the debian/rules file
PACKAGE_TARGETS := $(foreach pkg,$(DEB_ALL_PACKAGES),binary/$(pkg))
$(PACKAGE_TARGETS)::
[ ! -f debian/$(notdir $@).aegis ] || aegis-deb-add -control \
debian/$(notdir $@)/DEBIAN/control .. debian/$(notdir $@).aegis=_aegis - Make your package build-depend on
aegis-builder (>=1.4)
Then you build your package. It should install nicely and your application run without problems on the device. Still, a couple of remarks:
- The token must go to a executable script (with
#!/usr/bin/pythonon its first line).python myscript.pywill not work. The path is absolute. - After installing the package, do NOT modify the installed files if they request a token. Security FW will discover an unexpected change in the file and lock the device (ops! reflash). Imported files and other resources can be modified.
Happy hacking.
Ivan Frade's Blog 