projects / platform / framework / web / wrt-security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge branch 'tizen_2.2' of ssh://review.tizendev.org:29418/framework/web/wrt-securit...
[platform/framework/web/wrt-security.git] / ace / configuration / TizenPolicy.xml
1 <policy-set id="Tizen-Policy" combine="first-matching-target">
2     <policy id="Tizen-Policy-Plaform-API" description="Plaform API" combine="permit-overrides">
3         <!-- Plaform API. This is finger-print of  -->
4         <target>
5             <subject>
6                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
7                     sha-1 B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF
8                 </subject-match>
9             </subject>
10             <subject>
11                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
12                     sha-1 2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0
13                 </subject-match>
14             </subject>
15             <!-- Plaform API. This is finger-print of tizen-platform-class-developer-root.pem-->
16             <subject>
17                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
18                     sha-1 92:05:15:EE:A4:7A:EC:36:ED:41:9D:F8:F6:46:00:F4:A4:FB:16:74
19                 </subject-match>
20             </subject>
21             <!-- Plaform API. This is finger-print of tizen-platform-class-root-authority.pem-->
22             <subject>
23                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
24                     sha-1 76:9F:5B:68:84:D0:21:92:5D:0C:1E:94:40:EC:D5:4E:21:2F:5A:43
25                 </subject-match>
26             </subject>
27         </target>
28
29         <rule effect="permit">
30             <condition combine="or">
31                 <resource-match attr="device-cap" func="equal" match="tizen" />
32             </condition>
33         </rule>
34
35         <rule effect="permit">
36             <condition combine="or">
37                 <resource-match attr="device-cap" func="equal" match="alarm" />
38             </condition>
39         </rule>
40
41         <!-- access to application -->
42         <rule effect="permit">
43             <condition combine="or">
44                 <resource-match attr="device-cap" func="equal" match="application.launch" />
45                 <resource-match attr="device-cap" func="equal" match="appmanager.kill" />
46                 <resource-match attr="device-cap" func="equal" match="application.info" />
47                 <resource-match attr="device-cap" func="equal" match="appmanager.certificate" />
48             </condition>
49         </rule>
50
51         <!-- access to vehicle -->
52         <rule effect="permit">
53             <condition combine="or">
54                 <resource-match attr="device-cap" func="equal" match="vehicle" />
55             </condition>
56         </rule>
57
58         <!-- access to speech -->
59         <rule effect="permit">
60             <condition combine="or">
61                 <resource-match attr="device-cap" func="equal" match="speech" />
62             </condition>
63         </rule>
64
65         <!-- access to bookmark -->
66         <rule effect="permit">
67             <condition combine="or">
68                 <resource-match attr="device-cap" func="equal" match="bookmark.read" />
69                 <resource-match attr="device-cap" func="equal" match="bookmark.write" />
70             </condition>
71         </rule>
72
73         <!-- access to package -->
74         <rule effect="permit">
75             <condition combine="or">
76                 <resource-match attr="device-cap" func="equal" match="packagemanager.install" />
77                 <resource-match attr="device-cap" func="equal" match="package.info" />
78             </condition>
79         </rule>
80
81         <!-- access to bluetooth -->
82         <rule effect="permit">
83             <condition combine="or">
84                 <resource-match attr="device-cap" func="equal" match="bluetoothmanager" />
85                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
86                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
87                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
88                 <resource-match attr="device-cap" func="equal" match="bluetooth.health" />
89             </condition>
90         </rule>
91
92         <!-- access to calendar -->
93         <rule effect="permit">
94             <condition combine="or">
95                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
96                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
97             </condition>
98         </rule>
99
100         <!-- access to call history -->
101         <rule effect="permit">
102             <condition combine="or">
103                 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
104                 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
105             </condition>
106         </rule>
107
108         <!-- access to contact -->
109         <rule effect="permit">
110             <condition combine="or">
111                 <resource-match attr="device-cap" func="equal" match="contact.read" />
112                 <resource-match attr="device-cap" func="equal" match="contact.write" />
113             </condition>
114         </rule>
115
116         <!-- access to content -->
117         <rule effect="permit">
118             <condition combine="or">
119                 <resource-match attr="device-cap" func="equal" match="content.read" />
120                 <resource-match attr="device-cap" func="equal" match="content.write" />
121             </condition>
122         </rule>
123
124         <rule effect="permit">
125             <condition combine="or">
126                 <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
127             </condition>
128         </rule>
129
130         <!-- access to download feature -->
131         <rule effect="permit">
132             <condition combine="or">
133                 <resource-match attr="device-cap" func="equal" match="download" />
134             </condition>
135         </rule>
136
137         <rule effect="permit">
138             <condition combine="or">
139                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
140                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
141             </condition>
142         </rule>
143
144         <rule effect="permit">
145             <condition combine="or">
146                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
147                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
148                 <!-- keep -->
149                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
150             </condition>
151         </rule>
152
153         <rule effect="permit">
154             <condition combine="or">
155                 <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
156             </condition>
157         </rule>
158
159         <!-- access to NFC -->
160         <rule effect="permit">
161             <condition combine="or">
162                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
163                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
164                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
165                 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
166                 <resource-match attr="device-cap" func="equal" match="nfc.common" />
167             </condition>
168         </rule>
169
170         <rule effect="permit">
171             <condition combine="or">
172                 <resource-match attr="device-cap" func="equal" match="notification" />
173             </condition>
174         </rule>
175
176         <!-- access to power feature -->
177         <rule effect="permit">
178             <condition combine="or">
179                 <resource-match attr="device-cap" func="equal" match="power" />
180             </condition>
181         </rule>
182
183         <!-- access to datasync -->
184         <rule effect="permit">
185             <condition combine="or">
186                 <resource-match attr="device-cap" func="equal" match="datasync" />
187             </condition>
188         </rule>
189
190         <!-- access to push feature -->
191         <rule effect="permit">
192             <condition combine="or">
193                 <resource-match attr="device-cap" func="equal" match="push" />
194             </condition>
195         </rule>
196
197         <!-- access to system setting -->
198         <rule effect="permit">
199             <condition combine="or">
200                 <resource-match attr="device-cap" func="equal" match="setting" />
201             </condition>
202         </rule>
203
204         <!-- access to systeminfo -->
205         <rule effect="permit">
206             <condition combine="or">
207                 <resource-match attr="device-cap" func="equal" match="system.info" />
208                 <resource-match attr="device-cap" func="equal" match="systemmanager.info" />
209             </condition>
210         </rule>
211
212         <rule effect="permit">
213             <condition combine="or">
214                 <resource-match attr="device-cap" func="equal" match="secureelement" />
215                 <resource-match attr="device-cap" func="equal" match="se" />
216             </condition>
217         </rule>
218
219         <rule effect="permit">
220             <condition combine="or">
221                 <resource-match attr="device-cap" func="equal" match="websetting" />
222             </condition>
223         </rule>
224
225         <rule effect="permit">
226             <condition combine="or">
227                 <resource-match attr="device-cap" func="equal" match="testautomation" />
228             </condition>
229         </rule>
230
231 <!-- Belows will be removed -->
232         <!-- access to timeutil -->
233         <rule effect="permit">
234             <condition combine="or">
235                 <resource-match attr="device-cap" func="equal" match="time" />
236             </condition>
237         </rule>
238
239         <rule effect="permit">
240             <condition combine="or">
241                 <resource-match attr="device-cap" func="equal" match="log" />
242             </condition>
243         </rule>
244
245         <rule effect="permit">
246             <condition combine="or">
247                 <resource-match attr="device-cap" func="equal" match="account.read" />
248                 <resource-match attr="device-cap" func="equal" match="account.write" />
249             </condition>
250         </rule>
251
252         <rule effect="permit">
253             <condition combine="or">
254                 <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
255             </condition>
256         </rule>
257         
258         <!-- access to external network -->
259         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
260         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
261         <rule effect="permit">
262             <condition combine="or">
263                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
264                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
265             </condition>
266         </rule>
267
268         <!-- access to external network on roaming status -->
269         <!--
270         <rule effect="permit">
271             <condition combine="and">
272                 <condition combine="or">
273                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
274                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
275                 </condition>
276                 <environment-match attr="roaming" match="true" />
277             </condition>
278         </rule>
279         --> 
280
281         <rule effect="deny" />
282
283     </policy>
284     <policy id="Tizen-Policy-Partner-API" description="Partner API" combine="permit-overrides">
285         <!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
286         <target>
287             <subject>
288                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
289                     sha-1 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85
290                 </subject-match>
291             </subject>
292             <!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
293             <subject>
294                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
295                     sha-1 94:A1:ED:C3:2F:CB:FD:6A:EE:3E:7E:1A:53:F1:55:34:36:01:E9:3F
296                 </subject-match>
297             </subject>
298             <!-- Partner API. This is finger-print of tizen-partner-class-developer-root.pem -->
299             <subject>
300                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
301                     sha-1 DE:F9:4F:17:12:3A:CD:0D:42:7B:A2:C8:95:42:67:2B:50:8F:B6:FF
302                 </subject-match>
303             </subject>
304         </target>
305
306         <rule effect="permit">
307             <condition combine="or">
308                 <resource-match attr="device-cap" func="equal" match="tizen" />
309             </condition>
310         </rule>
311
312         <rule effect="permit">
313             <condition combine="or">
314                 <resource-match attr="device-cap" func="equal" match="alarm" />
315             </condition>
316         </rule>
317
318         <rule effect="permit">
319             <condition combine="or">
320                 <resource-match attr="device-cap" func="equal" match="vehicle" />
321             </condition>
322         </rule>
323
324         <rule effect="permit">
325             <condition combine="or">
326                 <resource-match attr="device-cap" func="equal" match="speech" />
327             </condition>
328         </rule>
329
330         <!-- access to application -->
331         <rule effect="permit">
332             <condition combine="or">
333                 <resource-match attr="device-cap" func="equal" match="application.launch" />
334                 <resource-match attr="device-cap" func="equal" match="appmanager.kill" />
335                 <resource-match attr="device-cap" func="equal" match="appmanager.certificate" />
336                 <resource-match attr="device-cap" func="equal" match="application.info" />
337             </condition>
338         </rule>
339
340         <!-- access to package -->
341         <rule effect="permit">
342             <condition combine="or">
343                 <resource-match attr="device-cap" func="equal" match="package.info" />
344             </condition>
345         </rule>
346
347         <!-- access to bluetooth -->
348         <rule effect="permit">
349             <condition combine="or">
350                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
351                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
352                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
353                 <resource-match attr="device-cap" func="equal" match="bluetooth.health" />
354             </condition>
355         </rule>
356
357         <!-- access to calendar -->
358         <rule effect="permit">
359             <condition combine="or">
360                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
361                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
362             </condition>
363         </rule>
364
365         <!-- access to call history -->
366         <rule effect="permit">
367             <condition combine="or">
368                 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
369                 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
370             </condition>
371         </rule>
372
373         <!-- access to contact -->
374         <rule effect="permit">
375             <condition combine="or">
376                 <resource-match attr="device-cap" func="equal" match="contact.read" />
377                 <resource-match attr="device-cap" func="equal" match="contact.write" />
378             </condition>
379         </rule>
380
381         <!-- access to content -->
382         <rule effect="permit">
383             <condition combine="or">
384                 <resource-match attr="device-cap" func="equal" match="content.read" />
385                 <resource-match attr="device-cap" func="equal" match="content.write" />
386             </condition>
387         </rule>
388
389         <rule effect="permit">
390             <condition combine="or">
391                 <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
392             </condition>
393         </rule>
394
395         <!-- access to download feature -->
396         <rule effect="permit">
397             <condition combine="or">
398                 <resource-match attr="device-cap" func="equal" match="download" />
399             </condition>
400         </rule>
401
402         <rule effect="permit">
403             <condition combine="or">
404                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
405                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
406             </condition>
407         </rule>
408
409         <rule effect="permit">
410             <condition combine="or">
411                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
412                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
413                 <!-- keep -->
414                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
415             </condition>
416         </rule>
417
418         <rule effect="permit">
419             <condition combine="or">
420                 <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
421             </condition>
422         </rule>
423
424         <!-- access to NFC -->
425         <rule effect="permit">
426             <condition combine="or">
427                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
428                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
429                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
430                 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
431                 <resource-match attr="device-cap" func="equal" match="nfc.common" />
432             </condition>
433         </rule>
434
435         <rule effect="permit">
436             <condition combine="or">
437                 <resource-match attr="device-cap" func="equal" match="notification" />
438             </condition>
439         </rule>
440
441         <!-- access to power feature -->
442         <rule effect="permit">
443             <condition combine="or">
444                 <resource-match attr="device-cap" func="equal" match="power" />
445             </condition>
446         </rule>
447
448         <!-- access to datasync -->
449         <rule effect="permit">
450             <condition combine="or">
451                 <resource-match attr="device-cap" func="equal" match="datasync" />
452             </condition>
453         </rule>
454
455         <!-- access to push feature -->
456         <rule effect="permit">
457             <condition combine="or">
458                 <resource-match attr="device-cap" func="equal" match="push" />
459             </condition>
460         </rule>
461
462         <!-- access to system setting -->
463         <rule effect="permit">
464             <condition combine="or">
465                 <resource-match attr="device-cap" func="equal" match="setting" />
466             </condition>
467         </rule>
468
469         <!-- access to systeminfo -->
470         <rule effect="permit">
471             <condition combine="or">
472                 <resource-match attr="device-cap" func="equal" match="system.info" />
473                 <resource-match attr="device-cap" func="equal" match="systemmanager.info" />
474             </condition>
475         </rule>
476
477         <rule effect="permit">
478             <condition combine="or">
479                 <resource-match attr="device-cap" func="equal" match="secureelement" />
480                 <resource-match attr="device-cap" func="equal" match="se" />
481             </condition>
482         </rule>
483
484         <rule effect="permit">
485             <condition combine="or">
486                 <resource-match attr="device-cap" func="equal" match="websetting" />
487             </condition>
488         </rule>
489
490 <!-- Belows will be removed -->
491         <!-- access to timeutil -->
492         <rule effect="permit">
493             <condition combine="or">
494                 <resource-match attr="device-cap" func="equal" match="time" />
495             </condition>
496         </rule>
497
498         <rule effect="permit">
499             <condition combine="or">
500                 <resource-match attr="device-cap" func="equal" match="log" />
501             </condition>
502         </rule>
503
504         <rule effect="permit">
505             <condition combine="or">
506                 <resource-match attr="device-cap" func="equal" match="account.read" />
507                 <resource-match attr="device-cap" func="equal" match="account.write" />
508             </condition>
509         </rule>
510
511         <rule effect="permit">
512             <condition combine="or">
513                 <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
514             </condition>
515         </rule>
516         
517         <!-- access to external network -->
518         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
519         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
520         <rule effect="permit">
521             <condition combine="or">
522                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
523                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
524             </condition>
525         </rule>
526
527         <!-- access to external network on roaming status -->
528         <!--
529         <rule effect="permit">
530             <condition combine="and">
531                 <condition combine="or">
532                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
533                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
534                 </condition>
535                 <environment-match attr="roaming" match="true" />
536             </condition>
537         </rule>
538         -->
539         
540         <rule effect="deny" />
541
542     </policy>
543     <policy id="Tizen-Policy-Public-API" description="Public API" combine="permit-overrides">
544         <target>
545                         <!-- Plaform API. This is finger-print of tizen-distributor-root-ca-public.pem-->
546             <subject>
547                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
548                     sha-1 04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE
549                 </subject-match>
550             </subject>
551             <!-- Plaform API. This is finger-print of tizen-public-class-root-authority.pem-->
552             <subject>
553                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
554                     sha-1 A1:3F:15:2E:93:EB:80:36:F5:E0:BD:DA:8E:A5:4B:38:8A:6A:EB:E6
555                 </subject-match>
556             </subject>
557             <subject>
558                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
559                     sha-1 5A:C1:18:AC:6E:C7:EA:27:59:7D:5F:5A:1D:19:85:3D:A2:95:D5:18
560                 </subject-match>
561             </subject>
562         </target> 
563
564         <rule effect="permit">
565             <condition combine="or">
566                 <resource-match attr="device-cap" func="equal" match="tizen" />
567             </condition>
568         </rule>
569
570         <rule effect="permit">
571             <condition combine="or">
572                 <resource-match attr="device-cap" func="equal" match="alarm" />
573             </condition>
574         </rule>
575
576         <rule effect="permit">
577             <condition combine="or">
578                 <resource-match attr="device-cap" func="equal" match="vehicle" />
579             </condition>
580         </rule>
581
582         <rule effect="permit">
583             <condition combine="or">
584                 <resource-match attr="device-cap" func="equal" match="speech" />
585             </condition>
586         </rule>
587
588         <!-- access to application -->
589         <rule effect="permit">
590             <condition combine="or">
591                 <resource-match attr="device-cap" func="equal" match="application.launch" />
592                 <resource-match attr="device-cap" func="equal" match="application.info" />
593             </condition>
594         </rule>
595
596         <!-- access to package -->
597         <rule effect="permit">
598             <condition combine="or">
599                 <resource-match attr="device-cap" func="equal" match="package.info" />
600             </condition>
601         </rule>
602
603         <!-- access to bluetooth -->
604         <rule effect="permit">
605             <condition combine="or">
606                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
607                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
608                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
609                 <resource-match attr="device-cap" func="equal" match="bluetooth.health" />
610             </condition>
611         </rule>
612
613         <!-- access to calendar -->
614         <rule effect="permit">
615             <condition combine="or">
616                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
617                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
618             </condition>
619         </rule>
620
621         <!-- access to call history -->
622         <rule effect="permit">
623             <condition combine="or">
624                 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
625                 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
626             </condition>
627         </rule>
628
629         <!-- access to contact -->
630         <rule effect="permit">
631             <condition combine="or">
632                 <resource-match attr="device-cap" func="equal" match="contact.read" />
633                 <resource-match attr="device-cap" func="equal" match="contact.write" />
634             </condition>
635         </rule>
636
637         <!-- access to content -->
638         <rule effect="permit">
639             <condition combine="or">
640                 <resource-match attr="device-cap" func="equal" match="content.read" />
641                 <resource-match attr="device-cap" func="equal" match="content.write" />
642             </condition>
643         </rule>
644
645         <!-- access to download feature -->
646         <rule effect="permit">
647             <condition combine="or">
648                 <resource-match attr="device-cap" func="equal" match="download" />
649             </condition>
650         </rule>
651
652         <rule effect="permit">
653             <condition combine="or">
654                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
655                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
656             </condition>
657         </rule>
658
659         <rule effect="permit">
660             <condition combine="or">
661                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
662                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
663                 <!-- keep -->
664                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
665             </condition>
666         </rule>
667
668         <!-- access to NFC -->
669         <rule effect="permit">
670             <condition combine="or">
671                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
672                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
673                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
674                 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
675                 <resource-match attr="device-cap" func="equal" match="nfc.common" />
676             </condition>
677         </rule>
678
679         <rule effect="permit">
680             <condition combine="or">
681                 <resource-match attr="device-cap" func="equal" match="notification" />
682             </condition>
683         </rule>
684
685         <!-- access to power feature -->
686         <rule effect="permit">
687             <condition combine="or">
688                 <resource-match attr="device-cap" func="equal" match="power" />
689             </condition>
690         </rule>
691
692         <!-- access to datasync -->
693         <rule effect="permit">
694             <condition combine="or">
695                 <resource-match attr="device-cap" func="equal" match="datasync" />
696             </condition>
697         </rule>
698
699         <!-- access to push feature -->
700         <rule effect="permit">
701             <condition combine="or">
702                 <resource-match attr="device-cap" func="equal" match="push" />
703             </condition>
704         </rule>
705
706         <!-- access to system setting -->
707         <rule effect="permit">
708             <condition combine="or">
709                 <resource-match attr="device-cap" func="equal" match="setting" />
710             </condition>
711         </rule>
712
713         <!-- access to systeminfo -->
714         <rule effect="permit">
715             <condition combine="or">
716                 <resource-match attr="device-cap" func="equal" match="system.info" />
717             </condition>
718         </rule>
719
720         <rule effect="permit">
721             <condition combine="or">
722                 <resource-match attr="device-cap" func="equal" match="secureelement" />
723                 <resource-match attr="device-cap" func="equal" match="se" />
724             </condition>
725         </rule>
726
727         <rule effect="permit">
728             <condition combine="or">
729                 <resource-match attr="device-cap" func="equal" match="websetting" />
730             </condition>
731         </rule>
732
733 <!-- Belows will be removed -->
734         <!-- access to timeutil -->
735         <rule effect="permit">
736             <condition combine="or">
737                 <resource-match attr="device-cap" func="equal" match="time" />
738             </condition>
739         </rule>
740
741         <rule effect="permit">
742             <condition combine="or">
743                 <resource-match attr="device-cap" func="equal" match="log" />
744             </condition>
745         </rule>
746
747         <rule effect="permit">
748             <condition combine="or">
749                 <resource-match attr="device-cap" func="equal" match="account.read" />
750                 <resource-match attr="device-cap" func="equal" match="account.write" />
751             </condition>
752         </rule>
753
754         <rule effect="permit">
755             <condition combine="or">
756                 <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
757             </condition>
758         </rule>
759         
760         <!-- access to external network -->
761         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
762         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
763         <rule effect="permit">
764             <condition combine="or">
765                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
766                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
767             </condition>
768         </rule>
769
770         <!-- access to external network on roaming status -->
771         <!--
772         <rule effect="permit">
773             <condition combine="and">
774                 <condition combine="or">
775                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
776                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
777                 </condition>
778                 <environment-match attr="roaming" match="true" />
779             </condition>
780         </rule>
781         -->
782         
783         <rule effect="deny" />
784
785     </policy>
786     <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="permit-overrides">
787         <!-- Specific Untrusted Policy for Tizen -->
788
789         <rule effect="permit">
790             <condition combine="or">
791                 <resource-match attr="device-cap" func="equal" match="tizen" />
792             </condition>
793         </rule>
794
795         <rule effect="permit">
796             <condition combine="or">
797                 <resource-match attr="device-cap" func="equal" match="alarm" />
798             </condition>
799         </rule>
800
801         <rule effect="permit">
802             <condition combine="or">
803                 <resource-match attr="device-cap" func="equal" match="vehicle" />
804             </condition>
805         </rule>
806
807         <rule effect="permit">
808             <condition combine="or">
809                 <resource-match attr="device-cap" func="equal" match="speech" />
810             </condition>
811         </rule>
812
813         <!-- access to application -->
814         <rule effect="permit">
815             <condition combine="or">
816                 <resource-match attr="device-cap" func="equal" match="application.launch" />
817                 <resource-match attr="device-cap" func="equal" match="application.info" />
818             </condition>
819         </rule>
820
821         <!-- access to package -->
822         <rule effect="permit">
823             <condition combine="or">
824                 <!-- packagemanager.install (platform) -->
825                 <!--<resource-match attr="device-cap" func="equal" match="packagemanager.install" />-->
826                 <resource-match attr="device-cap" func="equal" match="package.info" />
827             </condition>
828         </rule>
829
830         <!-- access to bluetooth -->
831         <rule effect="permit">
832             <condition combine="or">
833                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
834                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
835                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
836                 <resource-match attr="device-cap" func="equal" match="bluetooth.health" />
837             </condition>
838         </rule>
839
840         <!-- access to calendar -->
841         <rule effect="permit">
842             <condition combine="or">
843                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
844                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
845             </condition>
846         </rule>
847
848         <!-- access to call history -->
849         <rule effect="permit">
850             <condition combine="or">
851                 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
852                 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
853             </condition>
854         </rule>
855
856         <!-- access to contact -->
857         <rule effect="permit">
858             <condition combine="or">
859                 <resource-match attr="device-cap" func="equal" match="contact.read" />
860                 <resource-match attr="device-cap" func="equal" match="contact.write" />
861             </condition>
862         </rule>
863
864         <!-- access to content -->
865         <rule effect="permit">
866             <condition combine="or">
867                 <resource-match attr="device-cap" func="equal" match="content.read" />
868                 <resource-match attr="device-cap" func="equal" match="content.write" />
869             </condition>
870         </rule>
871
872         <!-- access to download feature -->
873         <rule effect="permit">
874             <condition combine="or">
875                 <resource-match attr="device-cap" func="equal" match="download" />
876             </condition>
877         </rule>
878
879         <rule effect="permit">
880             <condition combine="or">
881                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
882                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
883             </condition>
884         </rule>
885
886         <rule effect="permit">
887             <condition combine="or">
888                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
889                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
890                 <!-- keep -->
891                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
892             </condition>
893         </rule>
894
895         <!-- access to NFC -->
896         <rule effect="permit">
897             <condition combine="or">
898                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
899                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
900                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
901                 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
902                 <resource-match attr="device-cap" func="equal" match="nfc.common" />
903             </condition>
904         </rule>
905
906         <rule effect="permit">
907             <condition combine="or">
908                 <resource-match attr="device-cap" func="equal" match="notification" />
909             </condition>
910         </rule>
911
912         <!-- access to power feature -->
913         <rule effect="permit">
914             <condition combine="or">
915                 <resource-match attr="device-cap" func="equal" match="power" />
916             </condition>
917         </rule>
918
919         <!-- access to datasync -->
920         <rule effect="permit">
921             <condition combine="or">
922                 <resource-match attr="device-cap" func="equal" match="datasync" />
923             </condition>
924         </rule>
925
926         <!-- access to push feature -->
927         <rule effect="permit">
928             <condition combine="or">
929                 <resource-match attr="device-cap" func="equal" match="push" />
930             </condition>
931         </rule>
932
933         <!-- access to system setting -->
934         <rule effect="permit">
935             <condition combine="or">
936                 <resource-match attr="device-cap" func="equal" match="setting" />
937             </condition>
938         </rule>
939
940         <!-- access to systeminfo -->
941         <rule effect="permit">
942             <condition combine="or">
943                 <resource-match attr="device-cap" func="equal" match="system.info" />
944             </condition>
945         </rule>
946
947         <rule effect="permit">
948             <condition combine="or">
949                 <resource-match attr="device-cap" func="equal" match="websetting" />
950             </condition>
951         </rule>
952
953 <!-- Belows will be removed -->
954         <!-- access to timeutil -->
955         <rule effect="permit">
956             <condition combine="or">
957                 <resource-match attr="device-cap" func="equal" match="time" />
958             </condition>
959         </rule>
960
961         <rule effect="permit">
962             <condition combine="or">
963                 <resource-match attr="device-cap" func="equal" match="log" />
964             </condition>
965         </rule>
966
967         <rule effect="permit">
968             <condition combine="or">
969                 <resource-match attr="device-cap" func="equal" match="account.read" />
970                 <resource-match attr="device-cap" func="equal" match="account.write" />
971             </condition>
972         </rule>
973
974         <rule effect="permit">
975             <condition combine="or">
976                 <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
977             </condition>
978         </rule>
979         
980         <!-- access to external network -->
981         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
982         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
983         <rule effect="permit">
984             <condition combine="or">
985                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
986                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
987             </condition>
988         </rule>
989
990         <!-- access to external network on roaming status -->
991         <!--
992         <rule effect="permit">
993             <condition combine="and">
994                 <condition combine="or">
995                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
996                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
997                 </condition>
998                 <environment-match attr="roaming" match="true" />
999             </condition>
1000         </rule>
1001         -->
1002         
1003         <rule effect="deny" />
1004     </policy>
1005 </policy-set>
Domain: Web Framework / Uncategorized;