1 <policy-set id="Tizen-Policy" combine="first-matching-target">
2 <policy id="Tizen-Policy-Partner-API" description="Partner API" combine="permit-overrides">
3 <!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
6 <subject-match attr="distributor-key-root-fingerprint" func="equal">
7 sha-1 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85
12 <rule effect="permit">
13 <condition combine="or">
14 <resource-match attr="device-cap" func="equal" match="tizen" />
18 <!-- access to application -->
19 <rule effect="permit">
20 <condition combine="or">
21 <resource-match attr="device-cap" func="equal" match="application.kill" />
22 <resource-match attr="device-cap" func="equal" match="application.launch" />
23 <resource-match attr="device-cap" func="equal" match="application.read" />
27 <!-- access to bluetooth -->
28 <rule effect="permit">
29 <condition combine="or">
30 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
31 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
32 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
36 <!-- access to calendar -->
37 <rule effect="permit">
38 <condition combine="or">
39 <resource-match attr="device-cap" func="equal" match="calendar.read" />
40 <resource-match attr="device-cap" func="equal" match="calendar.write" />
44 <!-- access to call history -->
45 <rule effect="permit">
46 <condition combine="or">
47 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
48 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
52 <!-- access to contact -->
53 <rule effect="permit">
54 <condition combine="or">
55 <resource-match attr="device-cap" func="equal" match="contact.read" />
56 <resource-match attr="device-cap" func="equal" match="contact.write" />
60 <!-- access to content -->
61 <rule effect="permit">
62 <condition combine="or">
63 <resource-match attr="device-cap" func="equal" match="content.read" />
64 <resource-match attr="device-cap" func="equal" match="content.write" />
68 <!-- access to NFC -->
69 <rule effect="permit">
70 <condition combine="or">
71 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
72 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
73 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
74 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
75 <resource-match attr="device-cap" func="equal" match="nfc.common" />
79 <!-- access to systeminfo -->
80 <rule effect="permit">
81 <condition combine="or">
82 <resource-match attr="device-cap" func="equal" match="systeminfo" />
86 <!-- access to system setting -->
87 <rule effect="permit">
88 <condition combine="or">
89 <resource-match attr="device-cap" func="equal" match="setting" />
93 <!-- access to download feature -->
94 <rule effect="permit">
95 <condition combine="or">
96 <resource-match attr="device-cap" func="equal" match="download" />
100 <!-- access to power feature -->
101 <rule effect="permit">
102 <condition combine="or">
103 <resource-match attr="device-cap" func="equal" match="power" />
107 <!-- access to push feature -->
108 <rule effect="permit">
109 <condition combine="or">
110 <resource-match attr="device-cap" func="equal" match="push" />
114 <!-- access to timeutil -->
115 <rule effect="permit">
116 <condition combine="or">
117 <resource-match attr="device-cap" func="equal" match="time" />
121 <!-- access to external network -->
122 <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
123 <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
124 <rule effect="permit">
125 <condition combine="or">
126 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
127 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
131 <!-- access to external network on roaming status -->
132 <rule effect="permit">
133 <condition combine="and">
134 <condition combine="or">
135 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
136 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
138 <environment-match attr="roaming" match="true" />
142 <rule effect="permit">
143 <condition combine="or">
144 <resource-match attr="device-cap" func="equal" match="alarm" />
148 <rule effect="permit">
149 <condition combine="or">
150 <resource-match attr="device-cap" func="equal" match="log" />
154 <rule effect="permit">
155 <condition combine="or">
156 <resource-match attr="device-cap" func="equal" match="messaging.read" />
157 <resource-match attr="device-cap" func="equal" match="messaging.write" />
158 <resource-match attr="device-cap" func="equal" match="messaging.send" />
162 <rule effect="permit">
163 <condition combine="or">
164 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
165 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
169 <rule effect="permit">
170 <condition combine="or">
171 <resource-match attr="device-cap" func="equal" match="notification.read" />
172 <resource-match attr="device-cap" func="equal" match="notification.write" />
176 <rule effect="permit">
177 <condition combine="or">
178 <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
182 <rule effect="permit">
183 <condition combine="or">
184 <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
188 <rule effect="permit">
189 <condition combine="or">
190 <resource-match attr="device-cap" func="equal" match="se" />
194 <rule effect="permit">
195 <condition combine="or">
196 <resource-match attr="device-cap" func="equal" match="account.read" />
197 <resource-match attr="device-cap" func="equal" match="account.write" />
201 <rule effect="deny" />
203 <policy id="Tizen-Policy-Trusted" description="Tizen's policy for trusted domain" combine="permit-overrides">
204 <!-- This is finger-print of certificate for TIZEN SDK (tizen.root.preproduction.cert.pem) -->
207 <subject-match attr="distributor-key-root-fingerprint" func="equal">
208 sha-1 AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E
213 <rule effect="permit">
214 <condition combine="or">
215 <resource-match attr="device-cap" func="equal" match="tizen" />
219 <!-- access to application -->
220 <rule effect="permit">
221 <condition combine="or">
222 <resource-match attr="device-cap" func="equal" match="application.launch" />
223 <resource-match attr="device-cap" func="equal" match="application.read" />
227 <!-- access to bluetooth -->
228 <rule effect="permit">
229 <condition combine="or">
230 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
231 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
232 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
236 <!-- access to calendar -->
237 <rule effect="permit">
238 <condition combine="or">
239 <resource-match attr="device-cap" func="equal" match="calendar.read" />
240 <resource-match attr="device-cap" func="equal" match="calendar.write" />
244 <!-- access to call history -->
245 <rule effect="permit">
246 <condition combine="or">
247 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
248 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
252 <!-- access to contact -->
253 <rule effect="permit">
254 <condition combine="or">
255 <resource-match attr="device-cap" func="equal" match="contact.read" />
256 <resource-match attr="device-cap" func="equal" match="contact.write" />
260 <!-- access to content -->
261 <rule effect="permit">
262 <condition combine="or">
263 <resource-match attr="device-cap" func="equal" match="content.read" />
264 <resource-match attr="device-cap" func="equal" match="content.write" />
268 <!-- access to NFC -->
269 <rule effect="permit">
270 <condition combine="or">
271 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
272 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
273 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
274 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
275 <resource-match attr="device-cap" func="equal" match="nfc.common" />
279 <!-- access to systeminfo -->
280 <rule effect="permit">
281 <condition combine="or">
282 <resource-match attr="device-cap" func="equal" match="systeminfo" />
286 <!-- access to system setting -->
287 <rule effect="permit">
288 <condition combine="or">
289 <resource-match attr="device-cap" func="equal" match="setting" />
293 <!-- access to download feature -->
294 <rule effect="permit">
295 <condition combine="or">
296 <resource-match attr="device-cap" func="equal" match="download" />
300 <!-- access to power feature -->
301 <rule effect="permit">
302 <condition combine="or">
303 <resource-match attr="device-cap" func="equal" match="power" />
307 <!-- access to push feature -->
308 <rule effect="permit">
309 <condition combine="or">
310 <resource-match attr="device-cap" func="equal" match="push" />
314 <!-- access to timeutil -->
315 <rule effect="permit">
316 <condition combine="or">
317 <resource-match attr="device-cap" func="equal" match="time" />
321 <!-- access to external network -->
322 <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
323 <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
324 <rule effect="permit">
325 <condition combine="or">
326 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
327 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
331 <!-- access to external network on roaming status -->
332 <rule effect="permit">
333 <condition combine="and">
334 <condition combine="or">
335 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
336 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
338 <environment-match attr="roaming" match="true" />
342 <rule effect="permit">
343 <condition combine="or">
344 <resource-match attr="device-cap" func="equal" match="alarm" />
348 <rule effect="permit">
349 <condition combine="or">
350 <resource-match attr="device-cap" func="equal" match="log" />
354 <rule effect="permit">
355 <condition combine="or">
356 <resource-match attr="device-cap" func="equal" match="messaging.read" />
357 <resource-match attr="device-cap" func="equal" match="messaging.write" />
358 <resource-match attr="device-cap" func="equal" match="messaging.send" />
362 <rule effect="permit">
363 <condition combine="or">
364 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
365 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
369 <rule effect="permit">
370 <condition combine="or">
371 <resource-match attr="device-cap" func="equal" match="notification.read" />
372 <resource-match attr="device-cap" func="equal" match="notification.write" />
376 <rule effect="deny" />
379 <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="permit-overrides">
380 <!-- Specific Untrusted Policy for Tizen -->
382 <rule effect="permit">
383 <condition combine="or">
384 <resource-match attr="device-cap" func="equal" match="tizen" />
388 <!-- access to application -->
389 <rule effect="permit">
390 <condition combine="or">
391 <resource-match attr="device-cap" func="equal" match="application.launch" />
392 <resource-match attr="device-cap" func="equal" match="application.read" />
396 <!-- access to bluetooth -->
397 <rule effect="permit">
398 <condition combine="or">
399 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
400 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
401 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
405 <!-- access to calendar -->
406 <rule effect="permit">
407 <condition combine="or">
408 <resource-match attr="device-cap" func="equal" match="calendar.read" />
409 <resource-match attr="device-cap" func="equal" match="calendar.write" />
413 <!-- access to call history -->
414 <rule effect="permit">
415 <condition combine="or">
416 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
417 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
421 <!-- access to contact -->
422 <rule effect="permit">
423 <condition combine="or">
424 <resource-match attr="device-cap" func="equal" match="contact.read" />
425 <resource-match attr="device-cap" func="equal" match="contact.write" />
429 <!-- access to content -->
430 <rule effect="permit">
431 <condition combine="or">
432 <resource-match attr="device-cap" func="equal" match="content.read" />
433 <resource-match attr="device-cap" func="equal" match="content.write" />
437 <!-- access to NFC -->
438 <rule effect="permit">
439 <condition combine="or">
440 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
441 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
442 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
443 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
444 <resource-match attr="device-cap" func="equal" match="nfc.common" />
448 <!-- access to systeminfo -->
449 <rule effect="permit">
450 <condition combine="or">
451 <resource-match attr="device-cap" func="equal" match="systeminfo" />
455 <!-- access to system setting -->
456 <rule effect="permit">
457 <condition combine="or">
458 <resource-match attr="device-cap" func="equal" match="setting" />
462 <!-- access to download feature -->
463 <rule effect="permit">
464 <condition combine="or">
465 <resource-match attr="device-cap" func="equal" match="download" />
469 <!-- access to power feature -->
470 <rule effect="permit">
471 <condition combine="or">
472 <resource-match attr="device-cap" func="equal" match="power" />
476 <!-- access to push feature -->
477 <rule effect="permit">
478 <condition combine="or">
479 <resource-match attr="device-cap" func="equal" match="push" />
483 <!-- access to timeutil -->
484 <rule effect="permit">
485 <condition combine="or">
486 <resource-match attr="device-cap" func="equal" match="time" />
490 <!-- access to external network -->
491 <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
492 <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
493 <rule effect="permit">
494 <condition combine="or">
495 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
496 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
500 <!-- access to external network on roaming status -->
501 <rule effect="permit">
502 <condition combine="and">
503 <condition combine="or">
504 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
505 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
507 <environment-match attr="roaming" match="true" />
511 <rule effect="permit">
512 <condition combine="or">
513 <resource-match attr="device-cap" func="equal" match="alarm" />
517 <rule effect="permit">
518 <condition combine="or">
519 <resource-match attr="device-cap" func="equal" match="log" />
523 <rule effect="permit">
524 <condition combine="or">
525 <resource-match attr="device-cap" func="equal" match="messaging.read" />
526 <resource-match attr="device-cap" func="equal" match="messaging.write" />
527 <resource-match attr="device-cap" func="equal" match="messaging.send" />
531 <rule effect="permit">
532 <condition combine="or">
533 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
534 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
538 <rule effect="permit">
539 <condition combine="or">
540 <resource-match attr="device-cap" func="equal" match="notification.read" />
541 <resource-match attr="device-cap" func="equal" match="notification.write" />
545 <rule effect="deny" />