From 2ccbf2bf1a7166c66fb8a4615033b144262cbd71 Mon Sep 17 00:00:00 2001 From: Krzysztof Dynowski Date: Wed, 20 Sep 2017 17:34:56 +0200 Subject: [PATCH] [TWDAPI-172] Web TEF API (GlobalPlaform) documentation. Change-Id: I85fde8db7b42b7cef2290809f8dfec59c18fee5f --- org.tizen.guides/html/index.htm | 1 + org.tizen.guides/html/web/security/libteec_w.htm | 242 ++++ .../html/web/security/security_cover_w.htm | 8 +- org.tizen.guides/index.xml | 1 + .../html/web/details/app_filtering_w.htm | 10 + .../html/web/details/sec_privileges_w.htm | 31 + .../html/device_api/mobile/index.html | 8 + .../html/device_api/mobile/tizen/libteec.html | 1510 ++++++++++++++++++++ .../mobile/tizen/systeminfo_capability_keys.html | 23 + .../html/device_api/tv/index.html | 7 + .../html/device_api/tv/tizen/libteec.html | 1509 +++++++++++++++++++ .../html/device_api/wearable/index.html | 8 + .../html/device_api/wearable/tizen/libteec.html | 1510 ++++++++++++++++++++ org.tizen.web.apireference/html/index.htm | 3 + 14 files changed, 4868 insertions(+), 3 deletions(-) create mode 100644 org.tizen.guides/html/web/security/libteec_w.htm create mode 100755 org.tizen.web.apireference/html/device_api/mobile/tizen/libteec.html create mode 100755 org.tizen.web.apireference/html/device_api/tv/tizen/libteec.html create mode 100644 org.tizen.web.apireference/html/device_api/wearable/tizen/libteec.html diff --git a/org.tizen.guides/html/index.htm b/org.tizen.guides/html/index.htm index af33a24..054b7cf 100644 --- a/org.tizen.guides/html/index.htm +++ b/org.tizen.guides/html/index.htm @@ -688,6 +688,7 @@
  • Security
  • Error Handling
    • diff --git a/org.tizen.guides/html/web/security/libteec_w.htm b/org.tizen.guides/html/web/security/libteec_w.htm new file mode 100644 index 0000000..8b4bb05 --- /dev/null +++ b/org.tizen.guides/html/web/security/libteec_w.htm @@ -0,0 +1,242 @@ + + + + + + + + + + + + + TEE Communication + + + +
    +
    +

    Mobile Web Wearable Web TV Web

    +
    + +
    +

    Dependencies

    +
      +
    • Tizen 4.0 and Higher for Mobile
      • +
    • Tizen 4.0 and Higher for Wearable
      • +
    • Tizen 4.0 and Higher for TV
      • +
    +

    Content

    + +

    Related Info

    + +
    +
    + +
    + +

    TEE Communication

    +

    You can create secure communications by executing your application in a trusted execution environment (TEE), and communicating with other applications within that environment. To implement TEE communication, you can use the LibTeec API, which is based on the GlobalPlatform® TEE Client API.

    + +

    You can run applications in 2 environments: a rich environment (like Linux) with client applications (CA) and a secure environment with trusted applications (TA).

    +

    Figure: TEE communication architecture

    +

    TEE communication architecture

    + +

    The main features of the LibTeec API include:

    + +
    +Note +For security reasons, each device vendor usually uses their own TEE solution. If you intend your LibTeec application to be used on a real device, you must test your application on the TEE solution provided by the specific vendor. When developing and installing your trusted application, refer to the documentation provided by the vendor. +
    + +

    Prerequisites

    +

    To enable your application to use the TEE communication functionality:

    +
    • To use the LibTeec API, the application has to request permission by adding the following privilege to the config.xml file: +
      +<tizen:privilege name="http://tizen.org/privilege/tee.client"/>
+
      +
      +Note +To be able to use this privilege, your application must be signed with a partner-level certificate. +
      +
      • +
    • The trusted applications must be placed in a non-secure application install or resource directory before they can be discovered and transferred to the TEE.
      • +
    + +

    Connecting Applications

    +

    To connect a client application to a trusted application, first create a new TEE context with the getContext() method, and then open a session with the trusted application with the openSession() method of the context, identifying the trusted application by its UUID:

    +
    +Note +A client application can connect only to its own trusted application. Built-in security rules prevent connecting to other trusted applications. +
    +
    +try {
+    function sessionSuccess(session) {
+        /* Session opened, the application can now communicate with the trusted application */
+        console.log('session opened');
+
+        session.close();
+    }
+
+    function sessionError(err) {
+        console.log('openSession: ' + err.name + ': ' + err.message);
+    }
+
+    var ta = '123e4567-e89b-12d3-a456-426655440000'; /* UUID of the trusted application */
+    var ctx = tizen.teec.getContext();
+
+    ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+} catch (err) {
+    console.log(err.name + ': ' + err.message);
+}
+
    + +

    Sending Secure Commands

    +

    After opening a session with a trusted application, a client application can execute methods in the trusted application by sending secure commands to the trusted application.

    +

    To send a command, use the invokeCommand() method, with the first parameter identifying the method to be executed by the trusted application, and the second parameter containing an array of the executable method's parameters. The parameter array can have at most 4 elements.

    +

    You can use 3 types of objects in the parameters array:

    +
      +
    • TeecValue object (in mobile, wearable, and TV applications), which contains 1 or 2 simple integers.
      • +
    • TeecTempMemory object (in mobile, wearable, and TV applications), which contains a local memory reference.
      • +
    • TeecRegisteredMemory object (in mobile, wearable, and TV applications), which contains a registered shared memory reference.
      • +
    +
    +try {
+    var gSession;
+
+    function commandError(err) {
+        gSession.close();
+    }
+
+    function commandSuccess(cmd, params) {
+        console.log('command ' + cmd + ': ', params);
+        gSession.close();
+    }
+
+    function sessionSuccess(session) {
+        /* Session opened, the application can now communicate with the trusted application */
+        gSession = session;
+        var data = [1,2,3,4,45,6,7,7,7];
+        var p1 = new TeecValue(10, 100); /* Integer parameters */
+        var p2 = new TeecTempMemory(data); /* Temporary memory reference parameter */
+        session.invokeCommand(1, [p1, p2], commandSuccess, commandError);
+    }
+
+    function sessionError(err) {
+        console.log('openSession: ' + err.name + ': ' + err.message);
+    }
+
+    var ta = '123e4567-e89b-12d3-a456-426655440000';
+    var ctx = tizen.teec.getContext();
+    val cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+} catch (err) {
+    console.log(err.name + ': ' + err.message);
+}
+
    + +

    Using Shared Memory

    +

    You can handle a block of data without copying it to and from the trusted environment. For example, the client application can share a block of encrypted data from a data provider with the trusted application, and the trusted application can decrypt it.

    + +

    To share a memory block between a client application and a trusted application:

    +
      +
    1. Allocate a new memory block as shared memory with the allocateSharedMemory() method: +
      +try {
+    var gContext = tizen.teec.getContext();
+    var gCleanup = false;
+    var gSession = null;
+    var ta = '123e4567-e89b-12d3-a456-426655440000';
+    /* Allocate shared memory */
+    var gShm = ctx.allocateSharedMemory(1024*1024, TeecSharedMemoryFlags.INOUT);
+
      +
      2. +
    2. Fill the memory block with data from the data provider and create a new shared memory reference based on the memory block: + +
      +    function cleanup() {
+        if (gSession !== null) {
+            gSession.close();
+            gSession = null;
+        }
+        gContext.releaseSharedMemory(gShm);
+    }
+
+    function getNextBlockFromDataProvider() {
+        /* Fill the shared memory identified by gShm */
+    }
+
+    function commandError(err) {
+        if (gCleanup === true) cleanup();
+    }
+
+    function commandSuccess(cmd, params) {
+        console.log('command ' + cmd + ': ', params);
+        if (gCleanup === true) cleanup();
+    }
+
+    function sessionSuccess(session) {
+        /* Session opened, the application can now communicate with the trusted application */
+        gSession = session;
+
+        /* Get data from data provider */
+        while (getNextBlockFromDataProvider()) {
+            var p1 = new TeecRegisteredMemory(gShm, 0, gShm.size);  /* Shared memory reference parameter */
+
      +
      3. +
    3. Pass the shared memory reference to the trusted application as a TeecRegisteredMemory object (in mobile, wearable, and TV applications) in the parameter array of the invokeCommand() method: +
      +            session.invokeCommand(1, [p1], commandSuccess, commandError);
+        }
+        gCleanup = true;
+        session.invokeCommand(1, [], commandSuccess, commandError);
+    }
+
+    function sessionError(err) {
+        console.log('openSession: ' + err.name + ': ' + err.message);
+    }
+
+    gContext.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+} catch (err) {
+    console.log(err.name + ': ' + err.message);
+}
+
      +
      4. +
    + + + +
    + +Go to top + + + + + + + diff --git a/org.tizen.guides/html/web/security/security_cover_w.htm b/org.tizen.guides/html/web/security/security_cover_w.htm index 3fae815..633c6bc 100644 --- a/org.tizen.guides/html/web/security/security_cover_w.htm +++ b/org.tizen.guides/html/web/security/security_cover_w.htm @@ -33,13 +33,15 @@

    Security

    -

    The security features introduce how you can store and recall data in a secure manner in your application.

    +

    The security features introduce how you can store and recall data, and communicate with other applications in a secure manner in your application.

    -

    You can use the following security features in your native applications:

    +

    You can use the following security features in your Web applications:

    • Secure Key Management -

      You can provide a secure repository for keys, certificates, and sensitive data related to users and their password-protected applications. You can also use secure cryptographic operations for non-exportable keys without revealing the key values to clients.

      • + +
    • TEE Communication +

      You can create secure communications by executing your application in a trusted execution environment (TEE), and communicating with other applications within that environment.

    diff --git a/org.tizen.guides/index.xml b/org.tizen.guides/index.xml index 2a0f398..abb6a6f 100644 --- a/org.tizen.guides/index.xml +++ b/org.tizen.guides/index.xml @@ -494,6 +494,7 @@ + diff --git a/org.tizen.training/html/web/details/app_filtering_w.htm b/org.tizen.training/html/web/details/app_filtering_w.htm index 3f95bd1..4544d90 100644 --- a/org.tizen.training/html/web/details/app_filtering_w.htm +++ b/org.tizen.training/html/web/details/app_filtering_w.htm @@ -379,6 +379,11 @@ 2.2.1 +http://tizen.org/feature/security.tee + Specify this key, if the application requires the Trusted Execution Environment feature. + 4.0 + + http://tizen.org/feature/sensor.accelerometer Specify this key, if the application requires an acceleration sensor. 4.0 @@ -687,6 +692,11 @@ 2.2.1 +http://tizen.org/feature/security.tee + Specify this key, if the application requires the Trusted Execution Environment feature. + 4.0 + + http://tizen.org/feature/sensor.accelerometer Specify this key, if the application requires an acceleration sensor. 4.0 diff --git a/org.tizen.training/html/web/details/sec_privileges_w.htm b/org.tizen.training/html/web/details/sec_privileges_w.htm index 5eb7cfc..616218f 100644 --- a/org.tizen.training/html/web/details/sec_privileges_w.htm +++ b/org.tizen.training/html/web/details/sec_privileges_w.htm @@ -396,6 +396,13 @@ tr.partner-level, tr.platform-level { background-color: #cff } 2.2.1 The application can read system information. + + http://tizen.org/privilege/tee.client + partner + - + 4.0 + The application can communicate with a Trusted Application. + http://tizen.org/privilege/telephony public @@ -755,6 +762,13 @@ tr.partner-level, tr.platform-level { background-color: #cff } 2.2.1 The application can read system information. + + http://tizen.org/privilege/tee.client + partner + - + 4.0 + The application can communicate with a Trusted Application. + http://tizen.org/privilege/telephony public @@ -862,6 +876,23 @@ tr.partner-level, tr.platform-level { background-color: #cff } +

    Table: TV Web Device API privileges

    + + + + + + + + + + + + + + + +
    PrivilegeLevelSinceDescription
    http://tizen.org/privilege/tee.clientpartner4.0The application can communicate with a Trusted Application.
    diff --git a/org.tizen.web.apireference/html/device_api/mobile/index.html b/org.tizen.web.apireference/html/device_api/mobile/index.html index 1403beb..e4a4d08 100644 --- a/org.tizen.web.apireference/html/device_api/mobile/index.html +++ b/org.tizen.web.apireference/html/device_api/mobile/index.html @@ -261,6 +261,14 @@ 3.0 Mandatory Yes + + + + LibTeec + This API provides interfaces and methods (LibTeec API) for a Trust Zone + 4.0 + Mandatory + Yes

    Social

    diff --git a/org.tizen.web.apireference/html/device_api/mobile/tizen/libteec.html b/org.tizen.web.apireference/html/device_api/mobile/tizen/libteec.html new file mode 100755 index 0000000..f69ad2e --- /dev/null +++ b/org.tizen.web.apireference/html/device_api/mobile/tizen/libteec.html @@ -0,0 +1,1510 @@ + + + + + +LibTeec API + + +
    +
    +

    LibTeec API

    +
    + The LibTeec API provides functionality to communicate with application executed in trusted environment. +
    +
    +

    +Libteec can be understood as a universal API for communication with trusted execution environment (TEE). +This API follows GlobalPlatform (GP) specification.
    The original documentation (TEE_Client_API_Specification-xxx.pdf) +is available to download from GlobalPlatform.org under Device section. +

    +

    +The Libteec provides a set of functions for executing application in TrustZone and communicating with it. +This way we have, so called, two worlds: rich world (like Linux) with Client Application (CA) and +secure world with Trusted Application (TA). +

    +
    +

    Table of Contents

    + +
    +

    Summary of Interfaces and Methods

    +
    APIDescriptionVersion (Since)MobileSupported on
    Mobile Emulator
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    InterfaceMethod
    LibTeecManagerObject
    LibTeecManager
    +TeecContext getContext (optional DOMString? name)
    TeecContext +
    +TeecTaskId openSession (TeecUuid taUUID, TeecLoginMethod loginMethod, unsigned long? connectionData, TeecParameter[] params, TeecOpenSuccessCallback successCallback, optional ? errorCallback)
    + + +
    +TeecSharedMemory registerSharedMemory (unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags)
    + +
    TeecSession +
    void close ()
    +
    +TeecTaskId invokeCommand (long cmd, TeecParameter[] params, TeecCommandSuccessCallback successCallback, optional ? errorCallback)
    +
    TeecSharedMemory +
    void setData (byte[] data, unsigned long long offset)
    +
    void getData (byte[] data, unsigned long long offset)
    +
    TeecParameter
    TeecRegisteredMemory
    TeecTempMemory
    TeecValue
    TeecOpenSuccessCallback
    void onsuccess (TeecSession session)
    TeecCommandSuccessCallback
    void onsuccess (long cmd, TeecParameter[] params)
    +
    +

    1. Type Definitions

    +
    +

    1.1. TeecLoginMethod

    +
    + This type denotes Session Login Method used in OpenSession. +
    +
      enum TeecLoginMethod {
+    "PUBLIC",
+    "USER",
+    "GROUP",
+    "APPLICATION"
+  };
    +

    + Since: + 4.0 +

    +
    +

    +The following methods are supported: +

    +
      +
    • +PUBLIC - No login data is provided.
      • +
    • +USER - Login data about the user running the Client Application process is provided.
      • +
    • +GROUP - Login data about the group running the Client Application process is provided.
      • +
    • +APPLICATION - Login data about the running Client Application itself is provided.
      • +
    +
    +
    +
    +

    1.2. TeecValueType

    +
    + This type denotes Value parameter. +
    +
      enum TeecValueType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    +
      +
    • +INPUT - The Parameter is a TeecValue tagged as input.
      • +
    • +OUTPUT - The Parameter is a TeecValue tagged as output.
      • +
    • +INOUT - The Parameter is a TeecValue tagged as both input and output.
      • +
    +
    +
    +
    +

    1.3. TeecTempMemoryType

    +
    + This type denotes TempMemory parameter. +
    +
      enum TeecTempMemoryType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    + +
    +
    +
    +

    1.4. TeecRegisteredMemoryType

    +
    + This type denotes RegisteredMemory parameter. +
    +
      enum TeecRegisteredMemoryType {
+    "WHOLE",
+    "PARTIAL_INPUT",
+    "PARTIAL_OUTPUT",
+    "PARTIAL_INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    +
      +
    • +WHOLE - The Parameter is a TeecRegisteredMemory that refers to the entire Shared Memory block.
      • +
    • +PARTIAL_INPUT - The Parameter is a TeecRegisteredMemory that refers to a part of SharedMemory and is tagged as input.
      • +
    • +PARTIAL_OUTPUT - The Parameter is a TeecRegisteredMemory that refers to a part of SharedMemory and is tagged as output.
      • +
    • +PARTIAL_INOUT - The Parameter is a TeecRegisteredMemory that refers to a part of SharedMemory and is tagged as both input and output.
      • +
    +
    +
    +
    +

    1.5. TeecSharedMemoryFlags

    +
    + This type denotes SharedMemory access direction. +
    +
      enum TeecSharedMemoryFlags {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    + +
    +
    +
    +

    1.6. TeecUuid

    +
    + This type contains a Universally Unique Resource Identifier (UUID) type as defined in RFC 4122. +These UUID values are used to identify Trusted Applications. +Example UUID strig representation: f81d4fae-7dec-11d0-a765-00a0c91e6bf6 +
    +
      typedef DOMString TeecUuid;
    +

    + Since: + 4.0 +

    +
    +
    +

    1.7. TeecTaskId

    +
    + Background process id. +
    +
      typedef unsigned long TeecTaskId;
    +

    + Since: + 4.0 +

    +
    +
    +
    +

    2. Interfaces

    +
    +

    2.1. LibTeecManagerObject

    +
    + The LibTeecObject interface gives access to the LibTeec API from the tizen.teec object. +
    +
      [NoInterfaceObject] interface LibTeecManagerObject {
+    readonly attribute LibTeecManager teec;
+  };
    +
       implements LibTeecManagerObject;
    +

    + Since: + 4.0 +

    +
    +
    +

    2.2. LibTeecManager

    +
    + The LibTeecManager interface provides methods to access Context and Session for GlobalPlatform libteec. +
    +
      [NoInterfaceObject] interface LibTeecManager {
+
+    TeecContext getContext(optional DOMString? name) raises ();
+  };
    +

    + Since: + 4.0 +

    +
    +

    +Once a context object is obtained, it is possible to open a session to Trusted Application (TA) . +

    +
    +
    +

    Methods

    +
    +
    +getContext +
    +
    +
    + Get TEE context by name. +
    +
    TeecContext getContext(optional DOMString? name);
+
    +

    + Since: + 4.0 +

    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +name [optional] [nullable]: + describes the TEE to connect to, when not given (or null) connects to default TEE. +
      • +
    +
    +
    +

    Return value:

    + Context The created TeecContext
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext(); /* Get default TEE context */
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +
    +
    +
    +

    2.3. TeecContext

    +
    + This type denotes a TEE Context, the main logical container linking a Client Application with a particular TEE. +
    +
      [NoInterfaceObject] interface TeecContext {
+    TeecTaskId openSession(TeecUuid taUUID,
+                           TeecLoginMethod loginMethod,
+                           unsigned long? connectionData,
+                           TeecParameter[] params,
+                           TeecOpenSuccessCallback successCallback,
+                           optional ? errorCallback) raises ();
+
+    void revokeCommand(TeecTaskId id) raises ();
+
+    TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    void releaseSharedMemory(TeecSharedMemory shm) raises ();
+  };
    +
    +

    Methods

    +
    +
    +openSession +
    +
    +
    + Open session with TA. +
    +
    TeecTaskId openSession(TeecUuid taUUID, TeecLoginMethod loginMethod, unsigned long? connectionData, TeecParameter[] params, TeecOpenSuccessCallback successCallback, optional ? errorCallback);
+
    +

    + Since: + 4.0 +

    +
    +

    +The ErrorCallback() is launched with these error types: +

    +
      +
    • +InvalidValuesError - If any of the input parameters contain an invalid value as decided by TA.
      • +
    • +OperationCanceledError - If it fails due to request cancellation
      • +
    • +AbortError - If any other error occurs.
      • +
    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +taUUID: + the UUID of destination TA. +
      • +
    • +loginMethod: + the authentication algorithm see TeecLoginMethod. +
      • +
    • +connectionData [nullable]: + the value required for login method or null. +
      • +
    • +params: + the array of parameters (note. max is 4 items). +
      • +
    • +successCallback: + callback function triggered when sucessfully done. +
      • +
    • +errorCallback [optional] [nullable]: + callback function triggered when error occured. +
      • +
    +
    +
    +

    Return value:

    + TeecTaskId The id of scheduled task which can be used to revoke (see revokeCommand). +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     console.log("session opened");
+     /* ... */
+     session.close();
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var ctx = tizen.teec.getContext();
+   ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +revokeCommand +
    +
    +
    + Revoke last operation identified by id. +
    +
    void revokeCommand(TeecTaskId id);
+
    +

    + Since: + 4.0 +

    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +id: + the identifier of scheduled task see openSession, invokeCommand +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   function commandSuccess(cmd, params)
+   {
+     console.log("command " + cmd + ": ", params);
+   }
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     var data = [1,2,3,4,45,6,7,7,7];
+     var p1 = new TeecValue(10, 100);    /* Command parameter 1 */
+     var p2 = new TeecTempMemory(data);  /* Command parameter 2 */
+     var id = session.invokeCommand(1, [p1, p2], commandSuccess);
+     ctx.revokeCommand(id); /* Cancel above command */
+     session.close();
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+   /* The cid can be used to revoke openSession request */
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +allocateSharedMemory +
    +
    +
    TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags);
+
    +

    + Since: + 4.0 +

    +
    +

    +Allocate shared memory. +

    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +size: + the size of memory block to be allocated +
      • +
    • +flags: + the access flags see SharedMemoryFlags +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   var shm = ctx.allocateSharedMemory(1024*1024, TeecSharedMemoryFlags.INOUT);
+   ctx.releaseSharedMemory(shm);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +registerSharedMemory +
    +
    +
    TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags);
+
    +

    + Since: + 4.0 +

    +
    +

    +Register shared memory. +

    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +addr: + the address of memory block to share +
      • +
    • +size: + the size of memory block to be allocated +
      • +
    • +flags: + the access flags see SharedMemoryFlags +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   var shm = ctx.registerSharedMemory(0x1234567, 1024*1024, TeecSharedMemoryFlags.INOUT);
+   ctx.releaseSharedMemory(shm);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +releaseSharedMemory +
    +
    +
    void releaseSharedMemory(TeecSharedMemory shm);
+
    +

    + Since: + 4.0 +

    +
    +

    +Release shared memory, previously allocated or registered. +

    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +shm: + the shared memory description object +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   var shm = ctx.allocateSharedMemory(1024*1024, TeecSharedMemoryFlags.INOUT);
+   ctx.releaseSharedMemory(shm);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +
    +
    +
    +

    2.4. TeecSession

    +
    + This type denotes a TEE Session, the logical link between Client Application and a particular Trusted Application. +
    +
      [NoInterfaceObject] interface TeecSession {
+    void close() raises ();
+
+    TeecTaskId invokeCommand(long cmd,
+                             TeecParameter[] params,
+                             TeecCommandSuccessCallback successCallback,
+                             optional ? errorCallback) raises ();
+  };
    +
    +

    Methods

    +
    +
    +close +
    +
    +
    + Close session with TA. +
    +
    void close();
+
    +

    + Since: + 4.0 +

    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     session.close();
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var ctx = tizen.teec.getContext();
+   val cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+   /* Call to openSession can be revoked also */
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +invokeCommand +
    +
    +
    + Send command to TA. +
    +
    TeecTaskId invokeCommand(long cmd, TeecParameter[] params, TeecCommandSuccessCallback successCallback, optional ? errorCallback);
+
    +

    + Since: + 4.0 +

    +
    +

    +The ErrorCallback() is launched with these error types: +

    +
      +
    • +NotSupportedError - If the requested operation is not supported
      • +
    • +InvalidValuesError - If any of the input parameters contain an invalid value as decided by TA.
      • +
    • +OperationCanceledError - If it fails due to request cancellation
      • +
    • +AbortError - If any other error occurs.
      • +
    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +cmd: + the command. +
      • +
    • +params: + the array of parameters (max 4 items). +
      • +
    • +successCallback: + callback function triggered when sucessfully done. +
      • +
    • +errorCallback [optional] [nullable]: + callback function triggered when error occured. +
      • +
    +
    +
    +

    Return value:

    + TeecTaskId The id of scheduled task which can be used to revoke (see revokeCommand). +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid, like +params contains more then 4 elements. +

        • +

      • + with error type TypeMismatchError, if the input parameter +is not compatible with the expected type for that parameter. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var gSession;
+   function commandError(err)
+   {
+     gSession.close();
+   }
+   function commandSuccess(cmd, params)
+   {
+     console.log("command " + cmd + ": ", params);
+     gSession.close();
+   }
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     gSession = session;
+     var data = [1,2,3,4,45,6,7,7,7];
+     var p1 = new TeecValue(10, 100);    /* Command parameter 1 */
+     var p2 = new TeecTempMemory(data);  /* Command parameter 2 */
+     session.invokeCommand(1, [p1, p2], commandSuccess, commandError);
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var ctx = tizen.teec.getContext();
+   val cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +
    +
    +
    +

    2.5. TeecSharedMemory

    +
    + Shared memory reference object. +Instance of this object can be obtained from TeecSession with one of methods: +allocateSharedMemory or registerSharedMemory
    +
      [NoInterfaceObject] interface TeecSharedMemory {
+    readonly attribute unsigned long long size;
+
+    void setData(byte[] data, unsigned long long offset) raises ();
+
+    void getData(byte[] data, unsigned long long offset) raises ();
+  };
    +

    + Since: + 4.0 +

    +
    +

    Attributes

    +
    • + readonly +unsigned long long size
      + Size of this shared memory block. +
      +

      + Since: + 4.0 +

      +
    +
    +
    +

    Methods

    +
    +
    +setData +
    +
    +
    + Convenient method to set some bytes in shared memory. +
    +
    void setData(byte[] data, unsigned long long offset);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • +data: + sequence of bytes (buffer size is data.length) +
      • +
    • +offset: + offset in shared memory to start writing +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException

      • + with error type TypeMismatchError, if a parameter has incorrect type. +

      +
    +
    +
    +
    +getData +
    +
    +
    + Convenient method to get some bytes from shared memory. +
    +
    void getData(byte[] data, unsigned long long offset);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • +data: + buffer for bytes (buffer size is data.length) +
      • +
    • +offset: + offset in shared memory to start reading +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException

      • + with error type TypeMismatchError, if a parameter has incorrect type. +

      +
    +
    +
    +
    +
    +
    +
    +

    2.6. TeecParameter

    +
    + Abstract parameter type. +
    +
      [NoInterfaceObject] interface TeecParameter {
+    attribute DOMString type;
+  };
    +

    + Since: + 4.0 +

    +
    +

    Attributes

    +
    • +DOMString type
      + The type of parameter - abstract class for all parameteres. +This can be one of TeecValueType, TeecTempMemoryType, TeecRegisteredMemoryType +
      +

      + Since: + 4.0 +

      +
    +
    +
    +
    +

    2.7. TeecRegisteredMemory

    +
    + Registered memory parameter. +
    +
      [Constructor(TeecSharedMemory memory, unsigned long long offset, unsigned long long size)]
+  interface TeecRegisteredMemory : TeecParameter {
+    attribute TeecSharedMemory shm;
+
+    attribute unsigned long long offset;
+
+    attribute unsigned long long size;
+  };
    +

    + Since: + 4.0 +

    + +
    +

    Constructors

    +
    TeecRegisteredMemory(TeecSharedMemory memory, unsigned long long offset, unsigned long long size);
    +
    +
    +

    Attributes

    +
      +
    • +TeecSharedMemory shm
      + Referred shared memory. +
      +

      + Since: + 4.0 +

      +
      • +
    • +unsigned long long offset
      + Offset in shared memory (start of accessed block). +
      +

      + Since: + 4.0 +

      +
      • +
    • +unsigned long long size
      + Size of block in shared memory (length of the block). +
      +

      + Since: + 4.0 +

      +
      • +
    +
    +
    +
    +

    2.8. TeecTempMemory

    +
    + Temporary memory parameter. +
    +
      [Constructor(byte[] mem)]
+  interface TeecTempMemory : TeecParameter {
+    attribute byte[] mem;
+  };
    +

    + Since: + 4.0 +

    + +
    +

    Constructors

    +
    TeecTempMemory(byte[] mem);
    +
    +
    +

    Attributes

    +
    • +byte[] + mem
      + Local memory block. +
      +

      + Since: + 4.0 +

      +
    +
    +
    +
    +

    2.9. TeecValue

    +
    + Value parameter. +
    +
      [Constructor(long a, long b)]
+  interface TeecValue : TeecParameter {
+    attribute long a;
+    attribute long b;
+  };
    +

    + Since: + 4.0 +

    + +
    +

    Constructors

    +
    TeecValue(long a, long b);
    +
    +
    +

    Attributes

    +
      +
    • +long a
      + Integer number to be delivered. +
      +

      + Since: + 4.0 +

      +
      • +
    • +long b
      + Integer number to be delivered. +
      +

      + Since: + 4.0 +

      +
      • +
    +
    +
    +
    +

    2.10. TeecOpenSuccessCallback

    +
    + The success callback to be invoked when session was opened. +
    +
      [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecOpenSuccessCallback {
+    void onsuccess(TeecSession session);
+  };
    +

    + Since: + 4.0 +

    +
    +

    Methods

    +
    +
    +onsuccess +
    +
    +
    + Called when the session is opened successfully. +
    +
    void onsuccess(TeecSession session);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • +session: + TeecSession object +
      • +
    +
    +
    +
    +
    +
    +
    +

    2.11. TeecCommandSuccessCallback

    +
    + The success callback to be invoked when command performed on TA is finished. +
    +
      [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecCommandSuccessCallback {
+    void onsuccess(long cmd, TeecParameter[] params);
+  };
    +

    + Since: + 4.0 +

    +
    +

    Methods

    +
    +
    +onsuccess +
    +
    +
    + Called when the command is done successfully. +
    +
    void onsuccess(long cmd, TeecParameter[] params);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • cmd
      • +
    • +params: + array of TeecParam objects +
      • +
    +
    +
    +
    +
    +
    +
    +

    3. Related Feature

    +
    + You can check if this API is supported with tizen.systeminfo.getCapability() and decide enable/disable codes that need this API. +
    +

    +

    +To guarantee that the CA is running on a device with TrustZone support, declare following feature in the config. +

    +

    +
  • http://tizen.org/feature/security.tee
    • +
    +

    + For more information, see Application Filtering. +
    +

    4. Full WebIDL

    +
    module LibTeec {
+
+
+  enum TeecLoginMethod {
+    "PUBLIC",
+    "USER",
+    "GROUP",
+    "APPLICATION"
+  };
+
+  enum TeecValueType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
+
+  enum TeecTempMemoryType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
+
+  enum TeecRegisteredMemoryType {
+    "WHOLE",
+    "PARTIAL_INPUT",
+    "PARTIAL_OUTPUT",
+    "PARTIAL_INOUT"
+  };
+
+  enum TeecSharedMemoryFlags {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
+
+  typedef DOMString TeecUuid;
+
+  typedef unsigned long TeecTaskId;
+
+  [NoInterfaceObject] interface LibTeecManagerObject {
+    readonly attribute LibTeecManager teec;
+  };
+   implements LibTeecManagerObject;
+
+  [NoInterfaceObject] interface LibTeecManager {
+
+    TeecContext getContext(optional DOMString? name) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecContext {
+    TeecTaskId openSession(TeecUuid taUUID,
+                           TeecLoginMethod loginMethod,
+                           unsigned long? connectionData,
+                           TeecParameter[] params,
+                           TeecOpenSuccessCallback successCallback,
+                           optional ? errorCallback) raises ();
+
+    void revokeCommand(TeecTaskId id) raises ();
+
+    TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    void releaseSharedMemory(TeecSharedMemory shm) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecSession {
+    void close() raises ();
+
+    TeecTaskId invokeCommand(long cmd,
+                             TeecParameter[] params,
+                             TeecCommandSuccessCallback successCallback,
+                             optional ? errorCallback) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecSharedMemory {
+    readonly attribute unsigned long long size;
+
+    void setData(byte[] data, unsigned long long offset) raises ();
+
+    void getData(byte[] data, unsigned long long offset) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecParameter {
+    attribute DOMString type;
+  };
+
+  [Constructor(TeecSharedMemory memory, unsigned long long offset, unsigned long long size)]
+  interface TeecRegisteredMemory : TeecParameter {
+    attribute TeecSharedMemory shm;
+
+    attribute unsigned long long offset;
+
+    attribute unsigned long long size;
+  };
+
+  [Constructor(byte[] mem)]
+  interface TeecTempMemory : TeecParameter {
+    attribute byte[] mem;
+  };
+
+  [Constructor(long a, long b)]
+  interface TeecValue : TeecParameter {
+    attribute long a;
+    attribute long b;
+  };
+
+  [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecOpenSuccessCallback {
+    void onsuccess(TeecSession session);
+  };
+
+  [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecCommandSuccessCallback {
+    void onsuccess(long cmd, TeecParameter[] params);
+  };
+
+};
    + +
    +
    + Except as noted, this content - excluding the Code Examples - is licensed under Creative Commons Attribution 3.0 and all of the Code Examples contained herein are licensed under BSD-3-Clause.
    For details, see the Content License. +
    + +
    + + diff --git a/org.tizen.web.apireference/html/device_api/mobile/tizen/systeminfo_capability_keys.html b/org.tizen.web.apireference/html/device_api/mobile/tizen/systeminfo_capability_keys.html index 921f721..4d3e8be 100755 --- a/org.tizen.web.apireference/html/device_api/mobile/tizen/systeminfo_capability_keys.html +++ b/org.tizen.web.apireference/html/device_api/mobile/tizen/systeminfo_capability_keys.html @@ -47,6 +47,7 @@ Tizen-->
  • Graphics
  • Input
  • Led
    • +
  • LibTeec
  • Location
  • Multimedia transcoder
  • Microphone
    • @@ -446,6 +447,28 @@ Tizen-->
    +

    The following table lists the libteec feature key.

    + + + + + + + + + + + + + + + + +
    + Table: LibTeec feature keys +
    KeyTypeDescriptionVersion
    http://tizen.org/feature/security.teebooleanThe platform returns true for this key, if the device supports libteec.4.0
    + +

    The following table lists the location feature keys.

    + + + + + +
    diff --git a/org.tizen.web.apireference/html/device_api/tv/index.html b/org.tizen.web.apireference/html/device_api/tv/index.html index 22b64cb..393721e 100755 --- a/org.tizen.web.apireference/html/device_api/tv/index.html +++ b/org.tizen.web.apireference/html/device_api/tv/index.html @@ -145,6 +145,13 @@
    This API provides a secure repository for keys, certificates, and sensitive data of users and/or their applications. 2.4
    + LibTeecThis API provides interfaces and methods (LibTeec API) for a Trust Zone4.0
    diff --git a/org.tizen.web.apireference/html/device_api/tv/tizen/libteec.html b/org.tizen.web.apireference/html/device_api/tv/tizen/libteec.html new file mode 100755 index 0000000..b636b96 --- /dev/null +++ b/org.tizen.web.apireference/html/device_api/tv/tizen/libteec.html @@ -0,0 +1,1509 @@ + + + + + +LibTeec API + + +
    +

    LibTeec API

    +
    + The LibTeec API provides functionality to communicate with application executed in trusted environment. +
    +
    +

    +Libteec can be understood as a universal API for communication with trusted execution environment (TEE). +This API follows GlobalPlatform (GP) specification.
    The original documentation (TEE_Client_API_Specification-xxx.pdf) +is available to download from GlobalPlatform.org under Device section. +

    +

    +The Libteec provides a set of functions for executing application in TrustZone and communicating with it. +This way we have, so called, two worlds: rich world (like Linux) with Client Application (CA) and +secure world with Trusted Application (TA). +

    +
    +

    Table of Contents

    + +
    +

    Summary of Interfaces and Methods

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    InterfaceMethod
    LibTeecManagerObject
    LibTeecManager
    +TeecContext getContext (optional DOMString? name)
    TeecContext +
    +TeecTaskId openSession (TeecUuid taUUID, TeecLoginMethod loginMethod, unsigned long? connectionData, TeecParameter[] params, TeecOpenSuccessCallback successCallback, optional ? errorCallback)
    + + +
    +TeecSharedMemory registerSharedMemory (unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags)
    + +
    TeecSession +
    void close ()
    +
    +TeecTaskId invokeCommand (long cmd, TeecParameter[] params, TeecCommandSuccessCallback successCallback, optional ? errorCallback)
    +
    TeecSharedMemory +
    void setData (byte[] data, unsigned long long offset)
    +
    void getData (byte[] data, unsigned long long offset)
    +
    TeecParameter
    TeecRegisteredMemory
    TeecTempMemory
    TeecValue
    TeecOpenSuccessCallback
    void onsuccess (TeecSession session)
    TeecCommandSuccessCallback
    void onsuccess (long cmd, TeecParameter[] params)
    +
    +

    1. Type Definitions

    +
    +

    1.1. TeecLoginMethod

    +
    + This type denotes Session Login Method used in OpenSession. +
    +
      enum TeecLoginMethod {
+    "PUBLIC",
+    "USER",
+    "GROUP",
+    "APPLICATION"
+  };
    +

    + Since: + 4.0 +

    +
    +

    +The following methods are supported: +

    +
      +
    • +PUBLIC - No login data is provided.
      • +
    • +USER - Login data about the user running the Client Application process is provided.
      • +
    • +GROUP - Login data about the group running the Client Application process is provided.
      • +
    • +APPLICATION - Login data about the running Client Application itself is provided.
      • +
    +
    +
    +
    +

    1.2. TeecValueType

    +
    + This type denotes Value parameter. +
    +
      enum TeecValueType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    +
      +
    • +INPUT - The Parameter is a TeecValue tagged as input.
      • +
    • +OUTPUT - The Parameter is a TeecValue tagged as output.
      • +
    • +INOUT - The Parameter is a TeecValue tagged as both input and output.
      • +
    +
    +
    +
    +

    1.3. TeecTempMemoryType

    +
    + This type denotes TempMemory parameter. +
    +
      enum TeecTempMemoryType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    + +
    +
    +
    +

    1.4. TeecRegisteredMemoryType

    +
    + This type denotes RegisteredMemory parameter. +
    +
      enum TeecRegisteredMemoryType {
+    "WHOLE",
+    "PARTIAL_INPUT",
+    "PARTIAL_OUTPUT",
+    "PARTIAL_INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    +
      +
    • +WHOLE - The Parameter is a TeecRegisteredMemory that refers to the entire Shared Memory block.
      • +
    • +PARTIAL_INPUT - The Parameter is a TeecRegisteredMemory that refers to a part of SharedMemory and is tagged as input.
      • +
    • +PARTIAL_OUTPUT - The Parameter is a TeecRegisteredMemory that refers to a part of SharedMemory and is tagged as output.
      • +
    • +PARTIAL_INOUT - The Parameter is a TeecRegisteredMemory that refers to a part of SharedMemory and is tagged as both input and output.
      • +
    +
    +
    +
    +

    1.5. TeecSharedMemoryFlags

    +
    + This type denotes SharedMemory access direction. +
    +
      enum TeecSharedMemoryFlags {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    + +
    +
    +
    +

    1.6. TeecUuid

    +
    + This type contains a Universally Unique Resource Identifier (UUID) type as defined in RFC 4122. +These UUID values are used to identify Trusted Applications. +Example UUID strig representation: f81d4fae-7dec-11d0-a765-00a0c91e6bf6 +
    +
      typedef DOMString TeecUuid;
    +

    + Since: + 4.0 +

    +
    +
    +

    1.7. TeecTaskId

    +
    + Background process id. +
    +
      typedef unsigned long TeecTaskId;
    +

    + Since: + 4.0 +

    +
    +
    +
    +

    2. Interfaces

    +
    +

    2.1. LibTeecManagerObject

    +
    + The LibTeecObject interface gives access to the LibTeec API from the tizen.teec object. +
    +
      [NoInterfaceObject] interface LibTeecManagerObject {
+    readonly attribute LibTeecManager teec;
+  };
    +
       implements LibTeecManagerObject;
    +

    + Since: + 4.0 +

    +
    +
    +

    2.2. LibTeecManager

    +
    + The LibTeecManager interface provides methods to access Context and Session for GlobalPlatform libteec. +
    +
      [NoInterfaceObject] interface LibTeecManager {
+
+    TeecContext getContext(optional DOMString? name) raises ();
+  };
    +

    + Since: + 4.0 +

    +
    +

    +Once a context object is obtained, it is possible to open a session to Trusted Application (TA) . +

    +
    +
    +

    Methods

    +
    +
    +getContext +
    +
    +
    + Get TEE context by name. +
    +
    TeecContext getContext(optional DOMString? name);
+
    +

    + Since: + 4.0 +

    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +name [optional] [nullable]: + describes the TEE to connect to, when not given (or null) connects to default TEE. +
      • +
    +
    +
    +

    Return value:

    + Context The created TeecContext
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext(); /* Get default TEE context */
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +
    +
    +
    +

    2.3. TeecContext

    +
    + This type denotes a TEE Context, the main logical container linking a Client Application with a particular TEE. +
    +
      [NoInterfaceObject] interface TeecContext {
+    TeecTaskId openSession(TeecUuid taUUID,
+                           TeecLoginMethod loginMethod,
+                           unsigned long? connectionData,
+                           TeecParameter[] params,
+                           TeecOpenSuccessCallback successCallback,
+                           optional ? errorCallback) raises ();
+
+    void revokeCommand(TeecTaskId id) raises ();
+
+    TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    void releaseSharedMemory(TeecSharedMemory shm) raises ();
+  };
    +
    +

    Methods

    +
    +
    +openSession +
    +
    +
    + Open session with TA. +
    +
    TeecTaskId openSession(TeecUuid taUUID, TeecLoginMethod loginMethod, unsigned long? connectionData, TeecParameter[] params, TeecOpenSuccessCallback successCallback, optional ? errorCallback);
+
    +

    + Since: + 4.0 +

    +
    +

    +The ErrorCallback() is launched with these error types: +

    +
      +
    • +InvalidValuesError - If any of the input parameters contain an invalid value as decided by TA.
      • +
    • +OperationCanceledError - If it fails due to request cancellation
      • +
    • +AbortError - If any other error occurs.
      • +
    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +taUUID: + the UUID of destination TA. +
      • +
    • +loginMethod: + the authentication algorithm see TeecLoginMethod. +
      • +
    • +connectionData [nullable]: + the value required for login method or null. +
      • +
    • +params: + the array of parameters (note. max is 4 items). +
      • +
    • +successCallback: + callback function triggered when sucessfully done. +
      • +
    • +errorCallback [optional] [nullable]: + callback function triggered when error occured. +
      • +
    +
    +
    +

    Return value:

    + TeecTaskId The id of scheduled task which can be used to revoke (see revokeCommand). +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     console.log("session opened");
+     /* ... */
+     session.close();
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var ctx = tizen.teec.getContext();
+   ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +revokeCommand +
    +
    +
    + Revoke last operation identified by id. +
    +
    void revokeCommand(TeecTaskId id);
+
    +

    + Since: + 4.0 +

    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +id: + the identifier of scheduled task see openSession, invokeCommand +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   function commandSuccess(cmd, params)
+   {
+     console.log("command " + cmd + ": ", params);
+   }
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     var data = [1,2,3,4,45,6,7,7,7];
+     var p1 = new TeecValue(10, 100);    /* Command parameter 1 */
+     var p2 = new TeecTempMemory(data);  /* Command parameter 2 */
+     var id = session.invokeCommand(1, [p1, p2], commandSuccess);
+     ctx.revokeCommand(id); /* Cancel above command */
+     session.close();
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+   /* The cid can be used to revoke openSession request */
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +allocateSharedMemory +
    +
    +
    TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags);
+
    +

    + Since: + 4.0 +

    +
    +

    +Allocate shared memory. +

    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +size: + the size of memory block to be allocated +
      • +
    • +flags: + the access flags see SharedMemoryFlags +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   var shm = ctx.allocateSharedMemory(1024*1024, TeecSharedMemoryFlags.INOUT);
+   ctx.releaseSharedMemory(shm);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +registerSharedMemory +
    +
    +
    TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags);
+
    +

    + Since: + 4.0 +

    +
    +

    +Register shared memory. +

    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +addr: + the address of memory block to share +
      • +
    • +size: + the size of memory block to be allocated +
      • +
    • +flags: + the access flags see SharedMemoryFlags +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   var shm = ctx.registerSharedMemory(0x1234567, 1024*1024, TeecSharedMemoryFlags.INOUT);
+   ctx.releaseSharedMemory(shm);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +releaseSharedMemory +
    +
    +
    void releaseSharedMemory(TeecSharedMemory shm);
+
    +

    + Since: + 4.0 +

    +
    +

    +Release shared memory, previously allocated or registered. +

    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +shm: + the shared memory description object +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   var shm = ctx.allocateSharedMemory(1024*1024, TeecSharedMemoryFlags.INOUT);
+   ctx.releaseSharedMemory(shm);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +
    +
    +
    +

    2.4. TeecSession

    +
    + This type denotes a TEE Session, the logical link between Client Application and a particular Trusted Application. +
    +
      [NoInterfaceObject] interface TeecSession {
+    void close() raises ();
+
+    TeecTaskId invokeCommand(long cmd,
+                             TeecParameter[] params,
+                             TeecCommandSuccessCallback successCallback,
+                             optional ? errorCallback) raises ();
+  };
    +
    +

    Methods

    +
    +
    +close +
    +
    +
    + Close session with TA. +
    +
    void close();
+
    +

    + Since: + 4.0 +

    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     session.close();
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var ctx = tizen.teec.getContext();
+   val cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+   /* Call to openSession can be revoked also */
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +invokeCommand +
    +
    +
    + Send command to TA. +
    +
    TeecTaskId invokeCommand(long cmd, TeecParameter[] params, TeecCommandSuccessCallback successCallback, optional ? errorCallback);
+
    +

    + Since: + 4.0 +

    +
    +

    +The ErrorCallback() is launched with these error types: +

    +
      +
    • +NotSupportedError - If the requested operation is not supported
      • +
    • +InvalidValuesError - If any of the input parameters contain an invalid value as decided by TA.
      • +
    • +OperationCanceledError - If it fails due to request cancellation
      • +
    • +AbortError - If any other error occurs.
      • +
    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +cmd: + the command. +
      • +
    • +params: + the array of parameters (max 4 items). +
      • +
    • +successCallback: + callback function triggered when sucessfully done. +
      • +
    • +errorCallback [optional] [nullable]: + callback function triggered when error occured. +
      • +
    +
    +
    +

    Return value:

    + TeecTaskId The id of scheduled task which can be used to revoke (see revokeCommand). +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid, like +params contains more then 4 elements. +

        • +

      • + with error type TypeMismatchError, if the input parameter +is not compatible with the expected type for that parameter. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var gSession;
+   function commandError(err)
+   {
+     gSession.close();
+   }
+   function commandSuccess(cmd, params)
+   {
+     console.log("command " + cmd + ": ", params);
+     gSession.close();
+   }
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     gSession = session;
+     var data = [1,2,3,4,45,6,7,7,7];
+     var p1 = new TeecValue(10, 100);    /* Command parameter 1 */
+     var p2 = new TeecTempMemory(data);  /* Command parameter 2 */
+     session.invokeCommand(1, [p1, p2], commandSuccess, commandError);
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var ctx = tizen.teec.getContext();
+   val cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +
    +
    +
    +

    2.5. TeecSharedMemory

    +
    + Shared memory reference object. +Instance of this object can be obtained from TeecSession with one of methods: +allocateSharedMemory or registerSharedMemory
    +
      [NoInterfaceObject] interface TeecSharedMemory {
+    readonly attribute unsigned long long size;
+
+    void setData(byte[] data, unsigned long long offset) raises ();
+
+    void getData(byte[] data, unsigned long long offset) raises ();
+  };
    +

    + Since: + 4.0 +

    +
    +

    Attributes

    +
    • + readonly +unsigned long long size
      + Size of this shared memory block. +
      +

      + Since: + 4.0 +

      +
    +
    +
    +

    Methods

    +
    +
    +setData +
    +
    +
    + Convenient method to set some bytes in shared memory. +
    +
    void setData(byte[] data, unsigned long long offset);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • +data: + sequence of bytes (buffer size is data.length) +
      • +
    • +offset: + offset in shared memory to start writing +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException

      • + with error type TypeMismatchError, if a parameter has incorrect type. +

      +
    +
    +
    +
    +getData +
    +
    +
    + Convenient method to get some bytes from shared memory. +
    +
    void getData(byte[] data, unsigned long long offset);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • +data: + buffer for bytes (buffer size is data.length) +
      • +
    • +offset: + offset in shared memory to start reading +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException

      • + with error type TypeMismatchError, if a parameter has incorrect type. +

      +
    +
    +
    +
    +
    +
    +
    +

    2.6. TeecParameter

    +
    + Abstract parameter type. +
    +
      [NoInterfaceObject] interface TeecParameter {
+    attribute DOMString type;
+  };
    +

    + Since: + 4.0 +

    +
    +

    Attributes

    +
    • +DOMString type
      + The type of parameter - abstract class for all parameteres. +This can be one of TeecValueType, TeecTempMemoryType, TeecRegisteredMemoryType +
      +

      + Since: + 4.0 +

      +
    +
    +
    +
    +

    2.7. TeecRegisteredMemory

    +
    + Registered memory parameter. +
    +
      [Constructor(TeecSharedMemory memory, unsigned long long offset, unsigned long long size)]
+  interface TeecRegisteredMemory : TeecParameter {
+    attribute TeecSharedMemory shm;
+
+    attribute unsigned long long offset;
+
+    attribute unsigned long long size;
+  };
    +

    + Since: + 4.0 +

    + +
    +

    Constructors

    +
    TeecRegisteredMemory(TeecSharedMemory memory, unsigned long long offset, unsigned long long size);
    +
    +
    +

    Attributes

    +
      +
    • +TeecSharedMemory shm
      + Referred shared memory. +
      +

      + Since: + 4.0 +

      +
      • +
    • +unsigned long long offset
      + Offset in shared memory (start of accessed block). +
      +

      + Since: + 4.0 +

      +
      • +
    • +unsigned long long size
      + Size of block in shared memory (length of the block). +
      +

      + Since: + 4.0 +

      +
      • +
    +
    +
    +
    +

    2.8. TeecTempMemory

    +
    + Temporary memory parameter. +
    +
      [Constructor(byte[] mem)]
+  interface TeecTempMemory : TeecParameter {
+    attribute byte[] mem;
+  };
    +

    + Since: + 4.0 +

    + +
    +

    Constructors

    +
    TeecTempMemory(byte[] mem);
    +
    +
    +

    Attributes

    +
    • +byte[] + mem
      + Local memory block. +
      +

      + Since: + 4.0 +

      +
    +
    +
    +
    +

    2.9. TeecValue

    +
    + Value parameter. +
    +
      [Constructor(long a, long b)]
+  interface TeecValue : TeecParameter {
+    attribute long a;
+    attribute long b;
+  };
    +

    + Since: + 4.0 +

    + +
    +

    Constructors

    +
    TeecValue(long a, long b);
    +
    +
    +

    Attributes

    +
      +
    • +long a
      + Integer number to be delivered. +
      +

      + Since: + 4.0 +

      +
      • +
    • +long b
      + Integer number to be delivered. +
      +

      + Since: + 4.0 +

      +
      • +
    +
    +
    +
    +

    2.10. TeecOpenSuccessCallback

    +
    + The success callback to be invoked when session was opened. +
    +
      [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecOpenSuccessCallback {
+    void onsuccess(TeecSession session);
+  };
    +

    + Since: + 4.0 +

    +
    +

    Methods

    +
    +
    +onsuccess +
    +
    +
    + Called when the session is opened successfully. +
    +
    void onsuccess(TeecSession session);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • +session: + TeecSession object +
      • +
    +
    +
    +
    +
    +
    +
    +

    2.11. TeecCommandSuccessCallback

    +
    + The success callback to be invoked when command performed on TA is finished. +
    +
      [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecCommandSuccessCallback {
+    void onsuccess(long cmd, TeecParameter[] params);
+  };
    +

    + Since: + 4.0 +

    +
    +

    Methods

    +
    +
    +onsuccess +
    +
    +
    + Called when the command is done successfully. +
    +
    void onsuccess(long cmd, TeecParameter[] params);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • cmd
      • +
    • +params: + array of TeecParam objects +
      • +
    +
    +
    +
    +
    +
    +
    +

    3. Related Feature

    +
    + You can check if this API is supported with tizen.systeminfo.getCapability() and decide enable/disable codes that need this API. +
    +

    +

    +To guarantee that the CA is running on a device with TrustZone support, declare following feature in the config. +

    +

    +
  • http://tizen.org/feature/security.tee
    • +
    +

    + For more information, see Application Filtering. +
    +

    4. Full WebIDL

    +
    module LibTeec {
+
+
+  enum TeecLoginMethod {
+    "PUBLIC",
+    "USER",
+    "GROUP",
+    "APPLICATION"
+  };
+
+  enum TeecValueType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
+
+  enum TeecTempMemoryType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
+
+  enum TeecRegisteredMemoryType {
+    "WHOLE",
+    "PARTIAL_INPUT",
+    "PARTIAL_OUTPUT",
+    "PARTIAL_INOUT"
+  };
+
+  enum TeecSharedMemoryFlags {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
+
+  typedef DOMString TeecUuid;
+
+  typedef unsigned long TeecTaskId;
+
+  [NoInterfaceObject] interface LibTeecManagerObject {
+    readonly attribute LibTeecManager teec;
+  };
+   implements LibTeecManagerObject;
+
+  [NoInterfaceObject] interface LibTeecManager {
+
+    TeecContext getContext(optional DOMString? name) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecContext {
+    TeecTaskId openSession(TeecUuid taUUID,
+                           TeecLoginMethod loginMethod,
+                           unsigned long? connectionData,
+                           TeecParameter[] params,
+                           TeecOpenSuccessCallback successCallback,
+                           optional ? errorCallback) raises ();
+
+    void revokeCommand(TeecTaskId id) raises ();
+
+    TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    void releaseSharedMemory(TeecSharedMemory shm) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecSession {
+    void close() raises ();
+
+    TeecTaskId invokeCommand(long cmd,
+                             TeecParameter[] params,
+                             TeecCommandSuccessCallback successCallback,
+                             optional ? errorCallback) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecSharedMemory {
+    readonly attribute unsigned long long size;
+
+    void setData(byte[] data, unsigned long long offset) raises ();
+
+    void getData(byte[] data, unsigned long long offset) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecParameter {
+    attribute DOMString type;
+  };
+
+  [Constructor(TeecSharedMemory memory, unsigned long long offset, unsigned long long size)]
+  interface TeecRegisteredMemory : TeecParameter {
+    attribute TeecSharedMemory shm;
+
+    attribute unsigned long long offset;
+
+    attribute unsigned long long size;
+  };
+
+  [Constructor(byte[] mem)]
+  interface TeecTempMemory : TeecParameter {
+    attribute byte[] mem;
+  };
+
+  [Constructor(long a, long b)]
+  interface TeecValue : TeecParameter {
+    attribute long a;
+    attribute long b;
+  };
+
+  [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecOpenSuccessCallback {
+    void onsuccess(TeecSession session);
+  };
+
+  [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecCommandSuccessCallback {
+    void onsuccess(long cmd, TeecParameter[] params);
+  };
+
+};
    +
    +
    +
    + Except as noted, this content - excluding the Code Examples - is licensed under Creative Commons Attribution 3.0 and all of the Code Examples contained herein are licensed under BSD-3-Clause.
    For details, see the Content License. +
    + +
    + + diff --git a/org.tizen.web.apireference/html/device_api/wearable/index.html b/org.tizen.web.apireference/html/device_api/wearable/index.html index 232fb93..f469a8b 100644 --- a/org.tizen.web.apireference/html/device_api/wearable/index.html +++ b/org.tizen.web.apireference/html/device_api/wearable/index.html @@ -236,6 +236,14 @@ 3.0 Mandatory Yes + + + + LibTeec + This API provides interfaces and methods (LibTeec API) for a Trust Zone + 4.0 + Mandatory + Yes

    Social

    diff --git a/org.tizen.web.apireference/html/device_api/wearable/tizen/libteec.html b/org.tizen.web.apireference/html/device_api/wearable/tizen/libteec.html new file mode 100644 index 0000000..960f756 --- /dev/null +++ b/org.tizen.web.apireference/html/device_api/wearable/tizen/libteec.html @@ -0,0 +1,1510 @@ + + + + + +LibTeec API + + +
    +
    +

    LibTeec API

    +
    + The LibTeec API provides functionality to communicate with application executed in trusted environment. +
    +
    +

    +Libteec can be understood as a universal API for communication with trusted execution environment (TEE). +This API follows GlobalPlatform (GP) specification.
    The original documentation (TEE_Client_API_Specification-xxx.pdf) +is available to download from GlobalPlatform.org under Device section. +

    +

    +The Libteec provides a set of functions for executing application in TrustZone and communicating with it. +This way we have, so called, two worlds: rich world (like Linux) with Client Application (CA) and +secure world with Trusted Application (TA). +

    +
    +

    Table of Contents

    + +
    +

    Summary of Interfaces and Methods

    +
    APIDescriptionVersion (Since)WearableSupported on
    Wearable Emulator
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    InterfaceMethod
    LibTeecManagerObject
    LibTeecManager
    +TeecContext getContext (optional DOMString? name)
    TeecContext +
    +TeecTaskId openSession (TeecUuid taUUID, TeecLoginMethod loginMethod, unsigned long? connectionData, TeecParameter[] params, TeecOpenSuccessCallback successCallback, optional ? errorCallback)
    + + +
    +TeecSharedMemory registerSharedMemory (unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags)
    + +
    TeecSession +
    void close ()
    +
    +TeecTaskId invokeCommand (long cmd, TeecParameter[] params, TeecCommandSuccessCallback successCallback, optional ? errorCallback)
    +
    TeecSharedMemory +
    void setData (byte[] data, unsigned long long offset)
    +
    void getData (byte[] data, unsigned long long offset)
    +
    TeecParameter
    TeecRegisteredMemory
    TeecTempMemory
    TeecValue
    TeecOpenSuccessCallback
    void onsuccess (TeecSession session)
    TeecCommandSuccessCallback
    void onsuccess (long cmd, TeecParameter[] params)
    +
    +

    1. Type Definitions

    +
    +

    1.1. TeecLoginMethod

    +
    + This type denotes Session Login Method used in OpenSession. +
    +
      enum TeecLoginMethod {
+    "PUBLIC",
+    "USER",
+    "GROUP",
+    "APPLICATION"
+  };
    +

    + Since: + 4.0 +

    +
    +

    +The following methods are supported: +

    +
      +
    • +PUBLIC - No login data is provided.
      • +
    • +USER - Login data about the user running the Client Application process is provided.
      • +
    • +GROUP - Login data about the group running the Client Application process is provided.
      • +
    • +APPLICATION - Login data about the running Client Application itself is provided.
      • +
    +
    +
    +
    +

    1.2. TeecValueType

    +
    + This type denotes Value parameter. +
    +
      enum TeecValueType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    +
      +
    • +INPUT - The Parameter is a TeecValue tagged as input.
      • +
    • +OUTPUT - The Parameter is a TeecValue tagged as output.
      • +
    • +INOUT - The Parameter is a TeecValue tagged as both input and output.
      • +
    +
    +
    +
    +

    1.3. TeecTempMemoryType

    +
    + This type denotes TempMemory parameter. +
    +
      enum TeecTempMemoryType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    + +
    +
    +
    +

    1.4. TeecRegisteredMemoryType

    +
    + This type denotes RegisteredMemory parameter. +
    +
      enum TeecRegisteredMemoryType {
+    "WHOLE",
+    "PARTIAL_INPUT",
+    "PARTIAL_OUTPUT",
+    "PARTIAL_INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    +
      +
    • +WHOLE - The Parameter is a TeecRegisteredMemory that refers to the entire Shared Memory block.
      • +
    • +PARTIAL_INPUT - The Parameter is a TeecRegisteredMemory that refers to a part of SharedMemory and is tagged as input.
      • +
    • +PARTIAL_OUTPUT - The Parameter is a TeecRegisteredMemory that refers to a part of SharedMemory and is tagged as output.
      • +
    • +PARTIAL_INOUT - The Parameter is a TeecRegisteredMemory that refers to a part of SharedMemory and is tagged as both input and output.
      • +
    +
    +
    +
    +

    1.5. TeecSharedMemoryFlags

    +
    + This type denotes SharedMemory access direction. +
    +
      enum TeecSharedMemoryFlags {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
    +

    + Since: + 4.0 +

    +
    + +
    +
    +
    +

    1.6. TeecUuid

    +
    + This type contains a Universally Unique Resource Identifier (UUID) type as defined in RFC 4122. +These UUID values are used to identify Trusted Applications. +Example UUID strig representation: f81d4fae-7dec-11d0-a765-00a0c91e6bf6 +
    +
      typedef DOMString TeecUuid;
    +

    + Since: + 4.0 +

    +
    +
    +

    1.7. TeecTaskId

    +
    + Background process id. +
    +
      typedef unsigned long TeecTaskId;
    +

    + Since: + 4.0 +

    +
    +
    +
    +

    2. Interfaces

    +
    +

    2.1. LibTeecManagerObject

    +
    + The LibTeecObject interface gives access to the LibTeec API from the tizen.teec object. +
    +
      [NoInterfaceObject] interface LibTeecManagerObject {
+    readonly attribute LibTeecManager teec;
+  };
    +
       implements LibTeecManagerObject;
    +

    + Since: + 4.0 +

    +
    +
    +

    2.2. LibTeecManager

    +
    + The LibTeecManager interface provides methods to access Context and Session for GlobalPlatform libteec. +
    +
      [NoInterfaceObject] interface LibTeecManager {
+
+    TeecContext getContext(optional DOMString? name) raises ();
+  };
    +

    + Since: + 4.0 +

    +
    +

    +Once a context object is obtained, it is possible to open a session to Trusted Application (TA) . +

    +
    +
    +

    Methods

    +
    +
    +getContext +
    +
    +
    + Get TEE context by name. +
    +
    TeecContext getContext(optional DOMString? name);
+
    +

    + Since: + 4.0 +

    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +name [optional] [nullable]: + describes the TEE to connect to, when not given (or null) connects to default TEE. +
      • +
    +
    +
    +

    Return value:

    + Context The created TeecContext
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext(); /* Get default TEE context */
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +
    +
    +
    +

    2.3. TeecContext

    +
    + This type denotes a TEE Context, the main logical container linking a Client Application with a particular TEE. +
    +
      [NoInterfaceObject] interface TeecContext {
+    TeecTaskId openSession(TeecUuid taUUID,
+                           TeecLoginMethod loginMethod,
+                           unsigned long? connectionData,
+                           TeecParameter[] params,
+                           TeecOpenSuccessCallback successCallback,
+                           optional ? errorCallback) raises ();
+
+    void revokeCommand(TeecTaskId id) raises ();
+
+    TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    void releaseSharedMemory(TeecSharedMemory shm) raises ();
+  };
    +
    +

    Methods

    +
    +
    +openSession +
    +
    +
    + Open session with TA. +
    +
    TeecTaskId openSession(TeecUuid taUUID, TeecLoginMethod loginMethod, unsigned long? connectionData, TeecParameter[] params, TeecOpenSuccessCallback successCallback, optional ? errorCallback);
+
    +

    + Since: + 4.0 +

    +
    +

    +The ErrorCallback() is launched with these error types: +

    +
      +
    • +InvalidValuesError - If any of the input parameters contain an invalid value as decided by TA.
      • +
    • +OperationCanceledError - If it fails due to request cancellation
      • +
    • +AbortError - If any other error occurs.
      • +
    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +taUUID: + the UUID of destination TA. +
      • +
    • +loginMethod: + the authentication algorithm see TeecLoginMethod. +
      • +
    • +connectionData [nullable]: + the value required for login method or null. +
      • +
    • +params: + the array of parameters (note. max is 4 items). +
      • +
    • +successCallback: + callback function triggered when sucessfully done. +
      • +
    • +errorCallback [optional] [nullable]: + callback function triggered when error occured. +
      • +
    +
    +
    +

    Return value:

    + TeecTaskId The id of scheduled task which can be used to revoke (see revokeCommand). +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     console.log("session opened");
+     /* ... */
+     session.close();
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var ctx = tizen.teec.getContext();
+   ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +revokeCommand +
    +
    +
    + Revoke last operation identified by id. +
    +
    void revokeCommand(TeecTaskId id);
+
    +

    + Since: + 4.0 +

    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +id: + the identifier of scheduled task see openSession, invokeCommand +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   function commandSuccess(cmd, params)
+   {
+     console.log("command " + cmd + ": ", params);
+   }
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     var data = [1,2,3,4,45,6,7,7,7];
+     var p1 = new TeecValue(10, 100);    /* Command parameter 1 */
+     var p2 = new TeecTempMemory(data);  /* Command parameter 2 */
+     var id = session.invokeCommand(1, [p1, p2], commandSuccess);
+     ctx.revokeCommand(id); /* Cancel above command */
+     session.close();
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+   /* The cid can be used to revoke openSession request */
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +allocateSharedMemory +
    +
    +
    TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags);
+
    +

    + Since: + 4.0 +

    +
    +

    +Allocate shared memory. +

    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +size: + the size of memory block to be allocated +
      • +
    • +flags: + the access flags see SharedMemoryFlags +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   var shm = ctx.allocateSharedMemory(1024*1024, TeecSharedMemoryFlags.INOUT);
+   ctx.releaseSharedMemory(shm);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +registerSharedMemory +
    +
    +
    TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags);
+
    +

    + Since: + 4.0 +

    +
    +

    +Register shared memory. +

    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +addr: + the address of memory block to share +
      • +
    • +size: + the size of memory block to be allocated +
      • +
    • +flags: + the access flags see SharedMemoryFlags +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   var shm = ctx.registerSharedMemory(0x1234567, 1024*1024, TeecSharedMemoryFlags.INOUT);
+   ctx.releaseSharedMemory(shm);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +releaseSharedMemory +
    +
    +
    void releaseSharedMemory(TeecSharedMemory shm);
+
    +

    + Since: + 4.0 +

    +
    +

    +Release shared memory, previously allocated or registered. +

    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +shm: + the shared memory description object +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var ctx = tizen.teec.getContext();
+   var shm = ctx.allocateSharedMemory(1024*1024, TeecSharedMemoryFlags.INOUT);
+   ctx.releaseSharedMemory(shm);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +
    +
    +
    +

    2.4. TeecSession

    +
    + This type denotes a TEE Session, the logical link between Client Application and a particular Trusted Application. +
    +
      [NoInterfaceObject] interface TeecSession {
+    void close() raises ();
+
+    TeecTaskId invokeCommand(long cmd,
+                             TeecParameter[] params,
+                             TeecCommandSuccessCallback successCallback,
+                             optional ? errorCallback) raises ();
+  };
    +
    +

    Methods

    +
    +
    +close +
    +
    +
    + Close session with TA. +
    +
    void close();
+
    +

    + Since: + 4.0 +

    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     session.close();
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var ctx = tizen.teec.getContext();
+   val cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+   /* Call to openSession can be revoked also */
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +invokeCommand +
    +
    +
    + Send command to TA. +
    +
    TeecTaskId invokeCommand(long cmd, TeecParameter[] params, TeecCommandSuccessCallback successCallback, optional ? errorCallback);
+
    +

    + Since: + 4.0 +

    +
    +

    +The ErrorCallback() is launched with these error types: +

    +
      +
    • +NotSupportedError - If the requested operation is not supported
      • +
    • +InvalidValuesError - If any of the input parameters contain an invalid value as decided by TA.
      • +
    • +OperationCanceledError - If it fails due to request cancellation
      • +
    • +AbortError - If any other error occurs.
      • +
    +
    +

    + Privilege level: + partner +

    +

    + Privilege: + http://tizen.org/privilege/tee.client +

    +
    +

    Parameters:

    +
      +
    • +cmd: + the command. +
      • +
    • +params: + the array of parameters (max 4 items). +
      • +
    • +successCallback: + callback function triggered when sucessfully done. +
      • +
    • +errorCallback [optional] [nullable]: + callback function triggered when error occured. +
      • +
    +
    +
    +

    Return value:

    + TeecTaskId The id of scheduled task which can be used to revoke (see revokeCommand). +
    +
    +

    Exceptions:

    +
    • WebAPIException
        +

      • + with error type SecurityError, if application does not have privilege to access this method. +

        • +

      • + with error type NotSupportedError, if required feature is not supported. +

        • +

      • + with error type InvalidValuesError, if any of input arguments is invalid, like +params contains more then 4 elements. +

        • +

      • + with error type TypeMismatchError, if the input parameter +is not compatible with the expected type for that parameter. +

        • +
      +
    +
    +
    +

    Code example:

     try
+ {
+   var gSession;
+   function commandError(err)
+   {
+     gSession.close();
+   }
+   function commandSuccess(cmd, params)
+   {
+     console.log("command " + cmd + ": ", params);
+     gSession.close();
+   }
+   function sessionSuccess(session)
+   {
+     /* Session opened, now can communicate with TA */
+     gSession = session;
+     var data = [1,2,3,4,45,6,7,7,7];
+     var p1 = new TeecValue(10, 100);    /* Command parameter 1 */
+     var p2 = new TeecTempMemory(data);  /* Command parameter 2 */
+     session.invokeCommand(1, [p1, p2], commandSuccess, commandError);
+   }
+   function sessionError(err)
+   {
+     console.log("openSession: " + err.name + ":" + err.message);
+   }
+   var ta = "123e4567-e89b-12d3-a456-426655440000";
+   var ctx = tizen.teec.getContext();
+   val cid = ctx.openSession(ta, TeecLoginMethod.PUBLIC, null, null, sessionSuccess, sessionError);
+ }
+ catch (err)
+ {
+   console.log(err.name + ": " + err.message);
+ }
+
    +
    +
    +
    +
    +
    +
    +

    2.5. TeecSharedMemory

    +
    + Shared memory reference object. +Instance of this object can be obtained from TeecSession with one of methods: +allocateSharedMemory or registerSharedMemory
    +
      [NoInterfaceObject] interface TeecSharedMemory {
+    readonly attribute unsigned long long size;
+
+    void setData(byte[] data, unsigned long long offset) raises ();
+
+    void getData(byte[] data, unsigned long long offset) raises ();
+  };
    +

    + Since: + 4.0 +

    +
    +

    Attributes

    +
    • + readonly +unsigned long long size
      + Size of this shared memory block. +
      +

      + Since: + 4.0 +

      +
    +
    +
    +

    Methods

    +
    +
    +setData +
    +
    +
    + Convenient method to set some bytes in shared memory. +
    +
    void setData(byte[] data, unsigned long long offset);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • +data: + sequence of bytes (buffer size is data.length) +
      • +
    • +offset: + offset in shared memory to start writing +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException

      • + with error type TypeMismatchError, if a parameter has incorrect type. +

      +
    +
    +
    +
    +getData +
    +
    +
    + Convenient method to get some bytes from shared memory. +
    +
    void getData(byte[] data, unsigned long long offset);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • +data: + buffer for bytes (buffer size is data.length) +
      • +
    • +offset: + offset in shared memory to start reading +
      • +
    +
    +
    +

    Exceptions:

    +
    • WebAPIException

      • + with error type TypeMismatchError, if a parameter has incorrect type. +

      +
    +
    +
    +
    +
    +
    +
    +

    2.6. TeecParameter

    +
    + Abstract parameter type. +
    +
      [NoInterfaceObject] interface TeecParameter {
+    attribute DOMString type;
+  };
    +

    + Since: + 4.0 +

    +
    +

    Attributes

    +
    • +DOMString type
      + The type of parameter - abstract class for all parameteres. +This can be one of TeecValueType, TeecTempMemoryType, TeecRegisteredMemoryType +
      +

      + Since: + 4.0 +

      +
    +
    +
    +
    +

    2.7. TeecRegisteredMemory

    +
    + Registered memory parameter. +
    +
      [Constructor(TeecSharedMemory memory, unsigned long long offset, unsigned long long size)]
+  interface TeecRegisteredMemory : TeecParameter {
+    attribute TeecSharedMemory shm;
+
+    attribute unsigned long long offset;
+
+    attribute unsigned long long size;
+  };
    +

    + Since: + 4.0 +

    + +
    +

    Constructors

    +
    TeecRegisteredMemory(TeecSharedMemory memory, unsigned long long offset, unsigned long long size);
    +
    +
    +

    Attributes

    +
      +
    • +TeecSharedMemory shm
      + Referred shared memory. +
      +

      + Since: + 4.0 +

      +
      • +
    • +unsigned long long offset
      + Offset in shared memory (start of accessed block). +
      +

      + Since: + 4.0 +

      +
      • +
    • +unsigned long long size
      + Size of block in shared memory (length of the block). +
      +

      + Since: + 4.0 +

      +
      • +
    +
    +
    +
    +

    2.8. TeecTempMemory

    +
    + Temporary memory parameter. +
    +
      [Constructor(byte[] mem)]
+  interface TeecTempMemory : TeecParameter {
+    attribute byte[] mem;
+  };
    +

    + Since: + 4.0 +

    + +
    +

    Constructors

    +
    TeecTempMemory(byte[] mem);
    +
    +
    +

    Attributes

    +
    • +byte[] + mem
      + Local memory block. +
      +

      + Since: + 4.0 +

      +
    +
    +
    +
    +

    2.9. TeecValue

    +
    + Value parameter. +
    +
      [Constructor(long a, long b)]
+  interface TeecValue : TeecParameter {
+    attribute long a;
+    attribute long b;
+  };
    +

    + Since: + 4.0 +

    + +
    +

    Constructors

    +
    TeecValue(long a, long b);
    +
    +
    +

    Attributes

    +
      +
    • +long a
      + Integer number to be delivered. +
      +

      + Since: + 4.0 +

      +
      • +
    • +long b
      + Integer number to be delivered. +
      +

      + Since: + 4.0 +

      +
      • +
    +
    +
    +
    +

    2.10. TeecOpenSuccessCallback

    +
    + The success callback to be invoked when session was opened. +
    +
      [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecOpenSuccessCallback {
+    void onsuccess(TeecSession session);
+  };
    +

    + Since: + 4.0 +

    +
    +

    Methods

    +
    +
    +onsuccess +
    +
    +
    + Called when the session is opened successfully. +
    +
    void onsuccess(TeecSession session);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • +session: + TeecSession object +
      • +
    +
    +
    +
    +
    +
    +
    +

    2.11. TeecCommandSuccessCallback

    +
    + The success callback to be invoked when command performed on TA is finished. +
    +
      [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecCommandSuccessCallback {
+    void onsuccess(long cmd, TeecParameter[] params);
+  };
    +

    + Since: + 4.0 +

    +
    +

    Methods

    +
    +
    +onsuccess +
    +
    +
    + Called when the command is done successfully. +
    +
    void onsuccess(long cmd, TeecParameter[] params);
+
    +

    + Since: + 4.0 +

    +
    +

    Parameters:

    +
      +
    • cmd
      • +
    • +params: + array of TeecParam objects +
      • +
    +
    +
    +
    +
    +
    +
    +

    3. Related Feature

    +
    + You can check if this API is supported with tizen.systeminfo.getCapability() and decide enable/disable codes that need this API. +
    +

    +

    +To guarantee that the CA is running on a device with TrustZone support, declare following feature in the config. +

    +

    +
  • http://tizen.org/feature/security.tee
    • +
    +

    + For more information, see Application Filtering. +
    +

    4. Full WebIDL

    +
    module LibTeec {
+
+
+  enum TeecLoginMethod {
+    "PUBLIC",
+    "USER",
+    "GROUP",
+    "APPLICATION"
+  };
+
+  enum TeecValueType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
+
+  enum TeecTempMemoryType {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
+
+  enum TeecRegisteredMemoryType {
+    "WHOLE",
+    "PARTIAL_INPUT",
+    "PARTIAL_OUTPUT",
+    "PARTIAL_INOUT"
+  };
+
+  enum TeecSharedMemoryFlags {
+    "INPUT",
+    "OUTPUT",
+    "INOUT"
+  };
+
+  typedef DOMString TeecUuid;
+
+  typedef unsigned long TeecTaskId;
+
+  [NoInterfaceObject] interface LibTeecManagerObject {
+    readonly attribute LibTeecManager teec;
+  };
+   implements LibTeecManagerObject;
+
+  [NoInterfaceObject] interface LibTeecManager {
+
+    TeecContext getContext(optional DOMString? name) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecContext {
+    TeecTaskId openSession(TeecUuid taUUID,
+                           TeecLoginMethod loginMethod,
+                           unsigned long? connectionData,
+                           TeecParameter[] params,
+                           TeecOpenSuccessCallback successCallback,
+                           optional ? errorCallback) raises ();
+
+    void revokeCommand(TeecTaskId id) raises ();
+
+    TeecSharedMemory allocateSharedMemory(unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    TeecSharedMemory registerSharedMemory(unsigned long long addr, unsigned long size, TeecSharedMemoryFlags flags) raises ();
+
+    void releaseSharedMemory(TeecSharedMemory shm) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecSession {
+    void close() raises ();
+
+    TeecTaskId invokeCommand(long cmd,
+                             TeecParameter[] params,
+                             TeecCommandSuccessCallback successCallback,
+                             optional ? errorCallback) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecSharedMemory {
+    readonly attribute unsigned long long size;
+
+    void setData(byte[] data, unsigned long long offset) raises ();
+
+    void getData(byte[] data, unsigned long long offset) raises ();
+  };
+
+  [NoInterfaceObject] interface TeecParameter {
+    attribute DOMString type;
+  };
+
+  [Constructor(TeecSharedMemory memory, unsigned long long offset, unsigned long long size)]
+  interface TeecRegisteredMemory : TeecParameter {
+    attribute TeecSharedMemory shm;
+
+    attribute unsigned long long offset;
+
+    attribute unsigned long long size;
+  };
+
+  [Constructor(byte[] mem)]
+  interface TeecTempMemory : TeecParameter {
+    attribute byte[] mem;
+  };
+
+  [Constructor(long a, long b)]
+  interface TeecValue : TeecParameter {
+    attribute long a;
+    attribute long b;
+  };
+
+  [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecOpenSuccessCallback {
+    void onsuccess(TeecSession session);
+  };
+
+  [Callback=FunctionOnly, NoInterfaceObject]
+  interface TeecCommandSuccessCallback {
+    void onsuccess(long cmd, TeecParameter[] params);
+  };
+
+};
    + +
    +
    + Except as noted, this content - excluding the Code Examples - is licensed under Creative Commons Attribution 3.0 and all of the Code Examples contained herein are licensed under BSD-3-Clause.
    For details, see the Content License. +
    + +
    + + diff --git a/org.tizen.web.apireference/html/index.htm b/org.tizen.web.apireference/html/index.htm index 6fa8462..029d1df 100644 --- a/org.tizen.web.apireference/html/index.htm +++ b/org.tizen.web.apireference/html/index.htm @@ -87,6 +87,7 @@
  • Security
  • Social @@ -181,6 +182,7 @@
  • Security
  • System @@ -246,6 +248,7 @@
  • Security
  • System -- 2.7.4