projects / platform / framework / web / wrt-security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Change MessagePort privilege level
[platform/framework/web/wrt-security.git] / ace / configuration / TizenPolicy.xml
1 <policy-set id="Tizen-Policy" combine="first-matching-target">
2     <policy id="Tizen-Policy-Plaform-API" description="Plaform API" combine="permit-overrides">
3         <!-- Plaform API. This is finger-print of  -->
4         <target>
5             <subject>
6                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
7                     sha-1 B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF
8                 </subject-match>
9             </subject>
10             <subject>
11                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
12                     sha-1 2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0
13                 </subject-match>
14             </subject>
15             <!-- Plaform API. This is finger-print of tizen-platform-class-developer-root.pem-->
16             <subject>
17                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
18                     sha-1 92:05:15:EE:A4:7A:EC:36:ED:41:9D:F8:F6:46:00:F4:A4:FB:16:74
19                 </subject-match>
20             </subject>
21             <!-- Plaform API. This is finger-print of tizen-platform-class-root-authority.pem-->
22             <subject>
23                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
24                     sha-1 76:9F:5B:68:84:D0:21:92:5D:0C:1E:94:40:EC:D5:4E:21:2F:5A:43
25                 </subject-match>
26             </subject>
27         </target>
28
29         <rule effect="permit">
30             <condition combine="or">
31                 <resource-match attr="device-cap" func="equal" match="tizen" />
32             </condition>
33         </rule>
34
35         <rule effect="permit">
36             <condition combine="or">
37                 <resource-match attr="device-cap" func="equal" match="alarm" />
38             </condition>
39         </rule>
40
41         <!-- access to application -->
42         <rule effect="permit">
43             <condition combine="or">
44                 <resource-match attr="device-cap" func="equal" match="application.launch" />
45                 <resource-match attr="device-cap" func="equal" match="appmanager.kill" />
46                 <resource-match attr="device-cap" func="equal" match="appmanager.certificate" />
47             </condition>
48         </rule>
49
50         <!-- access to bookmark -->
51         <rule effect="permit">
52             <condition combine="or">
53                 <resource-match attr="device-cap" func="equal" match="bookmark.read" />
54                 <resource-match attr="device-cap" func="equal" match="bookmark.write" />
55             </condition>
56         </rule>
57
58         <!-- access to package -->
59         <rule effect="permit">
60             <condition combine="or">
61                 <resource-match attr="device-cap" func="equal" match="packagemanager.install" />
62                 <resource-match attr="device-cap" func="equal" match="package.info" />
63             </condition>
64         </rule>
65
66         <!-- access to bluetooth -->
67         <rule effect="permit">
68             <condition combine="or">
69                 <resource-match attr="device-cap" func="equal" match="bluetoothmanager" />
70                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
71                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
72                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
73             </condition>
74         </rule>
75
76         <!-- access to calendar -->
77         <rule effect="permit">
78             <condition combine="or">
79                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
80                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
81             </condition>
82         </rule>
83
84         <!-- access to call history -->
85         <rule effect="permit">
86             <condition combine="or">
87                 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
88                 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
89             </condition>
90         </rule>
91
92         <!-- access to contact -->
93         <rule effect="permit">
94             <condition combine="or">
95                 <resource-match attr="device-cap" func="equal" match="contact.read" />
96                 <resource-match attr="device-cap" func="equal" match="contact.write" />
97             </condition>
98         </rule>
99
100         <!-- access to content -->
101         <rule effect="permit">
102             <condition combine="or">
103                 <resource-match attr="device-cap" func="equal" match="content.read" />
104                 <resource-match attr="device-cap" func="equal" match="content.write" />
105             </condition>
106         </rule>
107
108         <rule effect="permit">
109             <condition combine="or">
110                 <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
111             </condition>
112         </rule>
113
114         <!-- access to download feature -->
115         <rule effect="permit">
116             <condition combine="or">
117                 <resource-match attr="device-cap" func="equal" match="download" />
118             </condition>
119         </rule>
120
121         <rule effect="permit">
122             <condition combine="or">
123                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
124                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
125             </condition>
126         </rule>
127
128         <rule effect="permit">
129             <condition combine="or">
130                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
131                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
132                 <!-- keep -->
133                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
134             </condition>
135         </rule>
136
137         <rule effect="permit">
138             <condition combine="or">
139                 <resource-match attr="device-cap" func="equal" match="messageport" />
140             </condition>
141         </rule>
142
143         <rule effect="permit">
144             <condition combine="or">
145                 <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
146             </condition>
147         </rule>
148
149         <!-- access to NFC -->
150         <rule effect="permit">
151             <condition combine="or">
152                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
153                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
154                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
155                 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
156                 <resource-match attr="device-cap" func="equal" match="nfc.common" />
157             </condition>
158         </rule>
159
160         <rule effect="permit">
161             <condition combine="or">
162                 <resource-match attr="device-cap" func="equal" match="notification" />
163             </condition>
164         </rule>
165
166         <!-- access to power feature -->
167         <rule effect="permit">
168             <condition combine="or">
169                 <resource-match attr="device-cap" func="equal" match="power" />
170             </condition>
171         </rule>
172
173         <!-- access to datasync -->
174         <rule effect="permit">
175             <condition combine="or">
176                 <resource-match attr="device-cap" func="equal" match="datasync" />
177             </condition>
178         </rule>
179
180         <!-- access to push feature -->
181         <rule effect="permit">
182             <condition combine="or">
183                 <resource-match attr="device-cap" func="equal" match="push" />
184             </condition>
185         </rule>
186
187         <!-- access to system setting -->
188         <rule effect="permit">
189             <condition combine="or">
190                 <resource-match attr="device-cap" func="equal" match="setting" />
191             </condition>
192         </rule>
193
194         <!-- access to systeminfo -->
195         <rule effect="permit">
196             <condition combine="or">
197                 <resource-match attr="device-cap" func="equal" match="system.info" />
198                 <resource-match attr="device-cap" func="equal" match="systemmanager.info" />
199             </condition>
200         </rule>
201
202         <rule effect="permit">
203             <condition combine="or">
204                 <resource-match attr="device-cap" func="equal" match="secureelement" />
205                 <resource-match attr="device-cap" func="equal" match="se" />
206             </condition>
207         </rule>
208
209 <!-- Belows will be removed -->
210         <!-- access to timeutil -->
211         <rule effect="permit">
212             <condition combine="or">
213                 <resource-match attr="device-cap" func="equal" match="time" />
214             </condition>
215         </rule>
216
217         <rule effect="permit">
218             <condition combine="or">
219                 <resource-match attr="device-cap" func="equal" match="log" />
220             </condition>
221         </rule>
222
223         <rule effect="permit">
224             <condition combine="or">
225                 <resource-match attr="device-cap" func="equal" match="account.read" />
226                 <resource-match attr="device-cap" func="equal" match="account.write" />
227             </condition>
228         </rule>
229
230         <rule effect="permit">
231             <condition combine="or">
232                 <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
233             </condition>
234         </rule>
235         
236         <!-- access to external network -->
237         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
238         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
239         <rule effect="permit">
240             <condition combine="or">
241                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
242                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
243             </condition>
244         </rule>
245
246         <!-- access to external network on roaming status -->
247         <rule effect="permit">
248             <condition combine="and">
249                 <condition combine="or">
250                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
251                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
252                 </condition>
253                 <environment-match attr="roaming" match="true" />
254             </condition>
255         </rule>
256         
257         <rule effect="deny" />
258
259     </policy>
260     <policy id="Tizen-Policy-Partner-API" description="Partner API" combine="permit-overrides">
261         <!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
262         <target>
263             <subject>
264                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
265                     sha-1 67:37:DE:B7:B9:9D:D2:DB:A5:2C:42:DE:CB:2F:2C:3E:33:97:E1:85
266                 </subject-match>
267             </subject>
268             <!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
269             <subject>
270                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
271                     sha-1 94:A1:ED:C3:2F:CB:FD:6A:EE:3E:7E:1A:53:F1:55:34:36:01:E9:3F
272                 </subject-match>
273             </subject>
274             <!-- Partner API. This is finger-print of tizen-partner-class-developer-root.pem -->
275             <subject>
276                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
277                     sha-1 DE:F9:4F:17:12:3A:CD:0D:42:7B:A2:C8:95:42:67:2B:50:8F:B6:FF
278                 </subject-match>
279             </subject>
280         </target>
281
282         <rule effect="permit">
283             <condition combine="or">
284                 <resource-match attr="device-cap" func="equal" match="tizen" />
285             </condition>
286         </rule>
287
288         <rule effect="permit">
289             <condition combine="or">
290                 <resource-match attr="device-cap" func="equal" match="alarm" />
291             </condition>
292         </rule>
293
294         <!-- access to application -->
295         <rule effect="permit">
296             <condition combine="or">
297                 <resource-match attr="device-cap" func="equal" match="application.launch" />
298                 <resource-match attr="device-cap" func="equal" match="appmanager.kill" />
299                 <resource-match attr="device-cap" func="equal" match="appmanager.certificate" />
300             </condition>
301         </rule>
302
303         <!-- access to package -->
304         <rule effect="permit">
305             <condition combine="or">
306                 <resource-match attr="device-cap" func="equal" match="package.info" />
307             </condition>
308         </rule>
309
310         <!-- access to bluetooth -->
311         <rule effect="permit">
312             <condition combine="or">
313                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
314                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
315                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
316             </condition>
317         </rule>
318
319         <!-- access to calendar -->
320         <rule effect="permit">
321             <condition combine="or">
322                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
323                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
324             </condition>
325         </rule>
326
327         <!-- access to call history -->
328         <rule effect="permit">
329             <condition combine="or">
330                 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
331                 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
332             </condition>
333         </rule>
334
335         <!-- access to contact -->
336         <rule effect="permit">
337             <condition combine="or">
338                 <resource-match attr="device-cap" func="equal" match="contact.read" />
339                 <resource-match attr="device-cap" func="equal" match="contact.write" />
340             </condition>
341         </rule>
342
343         <!-- access to content -->
344         <rule effect="permit">
345             <condition combine="or">
346                 <resource-match attr="device-cap" func="equal" match="content.read" />
347                 <resource-match attr="device-cap" func="equal" match="content.write" />
348             </condition>
349         </rule>
350
351         <rule effect="permit">
352             <condition combine="or">
353                 <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
354             </condition>
355         </rule>
356
357         <!-- access to download feature -->
358         <rule effect="permit">
359             <condition combine="or">
360                 <resource-match attr="device-cap" func="equal" match="download" />
361             </condition>
362         </rule>
363
364         <rule effect="permit">
365             <condition combine="or">
366                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
367                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
368             </condition>
369         </rule>
370
371         <rule effect="permit">
372             <condition combine="or">
373                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
374                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
375                 <!-- keep -->
376                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
377             </condition>
378         </rule>
379
380         <rule effect="permit">
381             <condition combine="or">
382                 <resource-match attr="device-cap" func="equal" match="messageport" />
383             </condition>
384         </rule>
385
386         <rule effect="permit">
387             <condition combine="or">
388                 <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
389             </condition>
390         </rule>
391
392         <!-- access to NFC -->
393         <rule effect="permit">
394             <condition combine="or">
395                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
396                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
397                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
398                 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
399                 <resource-match attr="device-cap" func="equal" match="nfc.common" />
400             </condition>
401         </rule>
402
403         <rule effect="permit">
404             <condition combine="or">
405                 <resource-match attr="device-cap" func="equal" match="notification" />
406             </condition>
407         </rule>
408
409         <!-- access to power feature -->
410         <rule effect="permit">
411             <condition combine="or">
412                 <resource-match attr="device-cap" func="equal" match="power" />
413             </condition>
414         </rule>
415
416         <!-- access to datasync -->
417         <rule effect="permit">
418             <condition combine="or">
419                 <resource-match attr="device-cap" func="equal" match="datasync" />
420             </condition>
421         </rule>
422
423         <!-- access to push feature -->
424         <rule effect="permit">
425             <condition combine="or">
426                 <resource-match attr="device-cap" func="equal" match="push" />
427             </condition>
428         </rule>
429
430         <!-- access to system setting -->
431         <rule effect="permit">
432             <condition combine="or">
433                 <resource-match attr="device-cap" func="equal" match="setting" />
434             </condition>
435         </rule>
436
437         <!-- access to systeminfo -->
438         <rule effect="permit">
439             <condition combine="or">
440                 <resource-match attr="device-cap" func="equal" match="system.info" />
441                 <resource-match attr="device-cap" func="equal" match="systemmanager.info" />
442             </condition>
443         </rule>
444
445         <rule effect="permit">
446             <condition combine="or">
447                 <resource-match attr="device-cap" func="equal" match="secureelement" />
448                 <resource-match attr="device-cap" func="equal" match="se" />
449             </condition>
450         </rule>
451
452 <!-- Belows will be removed -->
453         <!-- access to timeutil -->
454         <rule effect="permit">
455             <condition combine="or">
456                 <resource-match attr="device-cap" func="equal" match="time" />
457             </condition>
458         </rule>
459
460         <rule effect="permit">
461             <condition combine="or">
462                 <resource-match attr="device-cap" func="equal" match="log" />
463             </condition>
464         </rule>
465
466         <rule effect="permit">
467             <condition combine="or">
468                 <resource-match attr="device-cap" func="equal" match="account.read" />
469                 <resource-match attr="device-cap" func="equal" match="account.write" />
470             </condition>
471         </rule>
472
473         <rule effect="permit">
474             <condition combine="or">
475                 <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
476             </condition>
477         </rule>
478         
479         <!-- access to external network -->
480         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
481         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
482         <rule effect="permit">
483             <condition combine="or">
484                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
485                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
486             </condition>
487         </rule>
488
489         <!-- access to external network on roaming status -->
490         <rule effect="permit">
491             <condition combine="and">
492                 <condition combine="or">
493                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
494                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
495                 </condition>
496                 <environment-match attr="roaming" match="true" />
497             </condition>
498         </rule>
499         
500         <rule effect="deny" />
501
502     </policy>
503     <policy id="Tizen-Policy-Public-API" description="Public API" combine="permit-overrides">
504         <target>
505                         <!-- Plaform API. This is finger-print of tizen-distributor-root-ca-public.pem-->
506             <subject>
507                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
508                     sha-1 04:C5:A6:1D:75:BB:F5:5C:0F:A2:66:F6:09:4D:9B:2B:5F:3B:44:AE
509                 </subject-match>
510             </subject>
511             <!-- Plaform API. This is finger-print of tizen-public-class-root-authority.pem-->
512             <subject>
513                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
514                     sha-1 A1:3F:15:2E:93:EB:80:36:F5:E0:BD:DA:8E:A5:4B:38:8A:6A:EB:E6
515                 </subject-match>
516             </subject>
517             <subject>
518                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
519                     sha-1 5A:C1:18:AC:6E:C7:EA:27:59:7D:5F:5A:1D:19:85:3D:A2:95:D5:18
520                 </subject-match>
521             </subject>
522         </target> 
523
524         <rule effect="permit">
525             <condition combine="or">
526                 <resource-match attr="device-cap" func="equal" match="tizen" />
527             </condition>
528         </rule>
529
530         <rule effect="permit">
531             <condition combine="or">
532                 <resource-match attr="device-cap" func="equal" match="alarm" />
533             </condition>
534         </rule>
535
536         <!-- access to application -->
537         <rule effect="permit">
538             <condition combine="or">
539                 <resource-match attr="device-cap" func="equal" match="application.launch" />
540             </condition>
541         </rule>
542
543         <!-- access to package -->
544         <rule effect="permit">
545             <condition combine="or">
546                 <resource-match attr="device-cap" func="equal" match="package.info" />
547             </condition>
548         </rule>
549
550         <!-- access to bluetooth -->
551         <rule effect="permit">
552             <condition combine="or">
553                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
554                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
555                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
556             </condition>
557         </rule>
558
559         <!-- access to calendar -->
560         <rule effect="permit">
561             <condition combine="or">
562                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
563                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
564             </condition>
565         </rule>
566
567         <!-- access to call history -->
568         <rule effect="permit">
569             <condition combine="or">
570                 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
571                 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
572             </condition>
573         </rule>
574
575         <!-- access to contact -->
576         <rule effect="permit">
577             <condition combine="or">
578                 <resource-match attr="device-cap" func="equal" match="contact.read" />
579                 <resource-match attr="device-cap" func="equal" match="contact.write" />
580             </condition>
581         </rule>
582
583         <!-- access to content -->
584         <rule effect="permit">
585             <condition combine="or">
586                 <resource-match attr="device-cap" func="equal" match="content.read" />
587                 <resource-match attr="device-cap" func="equal" match="content.write" />
588             </condition>
589         </rule>
590
591         <!-- access to download feature -->
592         <rule effect="permit">
593             <condition combine="or">
594                 <resource-match attr="device-cap" func="equal" match="download" />
595             </condition>
596         </rule>
597
598         <rule effect="permit">
599             <condition combine="or">
600                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
601                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
602             </condition>
603         </rule>
604
605         <rule effect="permit">
606             <condition combine="or">
607                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
608                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
609                 <!-- keep -->
610                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
611             </condition>
612         </rule>
613
614         <rule effect="permit">
615             <condition combine="or">
616                 <resource-match attr="device-cap" func="equal" match="messageport" />
617             </condition>
618         </rule>
619
620         <!-- access to NFC -->
621         <rule effect="permit">
622             <condition combine="or">
623                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
624                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
625                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
626                 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
627                 <resource-match attr="device-cap" func="equal" match="nfc.common" />
628             </condition>
629         </rule>
630
631         <rule effect="permit">
632             <condition combine="or">
633                 <resource-match attr="device-cap" func="equal" match="notification" />
634             </condition>
635         </rule>
636
637         <!-- access to power feature -->
638         <rule effect="permit">
639             <condition combine="or">
640                 <resource-match attr="device-cap" func="equal" match="power" />
641             </condition>
642         </rule>
643
644         <!-- access to datasync -->
645         <rule effect="permit">
646             <condition combine="or">
647                 <resource-match attr="device-cap" func="equal" match="datasync" />
648             </condition>
649         </rule>
650
651         <!-- access to push feature -->
652         <rule effect="permit">
653             <condition combine="or">
654                 <resource-match attr="device-cap" func="equal" match="push" />
655             </condition>
656         </rule>
657
658         <!-- access to system setting -->
659         <rule effect="permit">
660             <condition combine="or">
661                 <resource-match attr="device-cap" func="equal" match="setting" />
662             </condition>
663         </rule>
664
665         <!-- access to systeminfo -->
666         <rule effect="permit">
667             <condition combine="or">
668                 <resource-match attr="device-cap" func="equal" match="system.info" />
669             </condition>
670         </rule>
671
672 <!-- Belows will be removed -->
673         <!-- access to timeutil -->
674         <rule effect="permit">
675             <condition combine="or">
676                 <resource-match attr="device-cap" func="equal" match="time" />
677             </condition>
678         </rule>
679
680         <rule effect="permit">
681             <condition combine="or">
682                 <resource-match attr="device-cap" func="equal" match="log" />
683             </condition>
684         </rule>
685
686         <rule effect="permit">
687             <condition combine="or">
688                 <resource-match attr="device-cap" func="equal" match="account.read" />
689                 <resource-match attr="device-cap" func="equal" match="account.write" />
690             </condition>
691         </rule>
692
693         <rule effect="permit">
694             <condition combine="or">
695                 <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
696             </condition>
697         </rule>
698         
699         <!-- access to external network -->
700         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
701         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
702         <rule effect="permit">
703             <condition combine="or">
704                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
705                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
706             </condition>
707         </rule>
708
709         <!-- access to external network on roaming status -->
710         <rule effect="permit">
711             <condition combine="and">
712                 <condition combine="or">
713                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
714                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
715                 </condition>
716                 <environment-match attr="roaming" match="true" />
717             </condition>
718         </rule>
719         
720         <rule effect="deny" />
721
722     </policy>
723     <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="permit-overrides">
724         <!-- Specific Untrusted Policy for Tizen -->
725
726         <rule effect="permit">
727             <condition combine="or">
728                 <resource-match attr="device-cap" func="equal" match="tizen" />
729             </condition>
730         </rule>
731
732         <rule effect="permit">
733             <condition combine="or">
734                 <resource-match attr="device-cap" func="equal" match="alarm" />
735             </condition>
736         </rule>
737
738         <!-- access to application -->
739         <rule effect="permit">
740             <condition combine="or">
741                 <resource-match attr="device-cap" func="equal" match="application.launch" />
742             </condition>
743         </rule>
744
745         <!-- access to package -->
746         <rule effect="permit">
747             <condition combine="or">
748                 <!-- packagemanager.install (platform) -->
749                 <!--<resource-match attr="device-cap" func="equal" match="packagemanager.install" />-->
750                 <resource-match attr="device-cap" func="equal" match="package.info" />
751             </condition>
752         </rule>
753
754         <!-- access to bluetooth -->
755         <rule effect="permit">
756             <condition combine="or">
757                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
758                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
759                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
760             </condition>
761         </rule>
762
763         <!-- access to calendar -->
764         <rule effect="permit">
765             <condition combine="or">
766                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
767                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
768             </condition>
769         </rule>
770
771         <!-- access to call history -->
772         <rule effect="permit">
773             <condition combine="or">
774                 <resource-match attr="device-cap" func="equal" match="callhistory.read" />
775                 <resource-match attr="device-cap" func="equal" match="callhistory.write" />
776             </condition>
777         </rule>
778
779         <!-- access to contact -->
780         <rule effect="permit">
781             <condition combine="or">
782                 <resource-match attr="device-cap" func="equal" match="contact.read" />
783                 <resource-match attr="device-cap" func="equal" match="contact.write" />
784             </condition>
785         </rule>
786
787         <!-- access to content -->
788         <rule effect="permit">
789             <condition combine="or">
790                 <resource-match attr="device-cap" func="equal" match="content.read" />
791                 <resource-match attr="device-cap" func="equal" match="content.write" />
792             </condition>
793         </rule>
794
795         <!-- access to download feature -->
796         <rule effect="permit">
797             <condition combine="or">
798                 <resource-match attr="device-cap" func="equal" match="download" />
799             </condition>
800         </rule>
801
802         <rule effect="permit">
803             <condition combine="or">
804                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
805                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
806             </condition>
807         </rule>
808
809         <rule effect="permit">
810             <condition combine="or">
811                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
812                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
813                 <!-- keep -->
814                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
815             </condition>
816         </rule>
817
818         <rule effect="permit">
819             <condition combine="or">
820                 <resource-match attr="device-cap" func="equal" match="messageport" />
821             </condition>
822         </rule>
823
824         <!-- access to NFC -->
825         <rule effect="permit">
826             <condition combine="or">
827                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
828                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
829                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
830                 <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
831                 <resource-match attr="device-cap" func="equal" match="nfc.common" />
832             </condition>
833         </rule>
834
835         <rule effect="permit">
836             <condition combine="or">
837                 <resource-match attr="device-cap" func="equal" match="notification" />
838             </condition>
839         </rule>
840
841         <!-- access to power feature -->
842         <rule effect="permit">
843             <condition combine="or">
844                 <resource-match attr="device-cap" func="equal" match="power" />
845             </condition>
846         </rule>
847
848         <!-- access to datasync -->
849         <rule effect="permit">
850             <condition combine="or">
851                 <resource-match attr="device-cap" func="equal" match="datasync" />
852             </condition>
853         </rule>
854
855         <!-- access to push feature -->
856         <rule effect="permit">
857             <condition combine="or">
858                 <resource-match attr="device-cap" func="equal" match="push" />
859             </condition>
860         </rule>
861
862         <!-- access to system setting -->
863         <rule effect="permit">
864             <condition combine="or">
865                 <resource-match attr="device-cap" func="equal" match="setting" />
866             </condition>
867         </rule>
868
869         <!-- access to systeminfo -->
870         <rule effect="permit">
871             <condition combine="or">
872                 <resource-match attr="device-cap" func="equal" match="system.info" />
873             </condition>
874         </rule>
875
876 <!-- Belows will be removed -->
877         <!-- access to timeutil -->
878         <rule effect="permit">
879             <condition combine="or">
880                 <resource-match attr="device-cap" func="equal" match="time" />
881             </condition>
882         </rule>
883
884         <rule effect="permit">
885             <condition combine="or">
886                 <resource-match attr="device-cap" func="equal" match="log" />
887             </condition>
888         </rule>
889
890         <rule effect="permit">
891             <condition combine="or">
892                 <resource-match attr="device-cap" func="equal" match="account.read" />
893                 <resource-match attr="device-cap" func="equal" match="account.write" />
894             </condition>
895         </rule>
896
897         <rule effect="permit">
898             <condition combine="or">
899                 <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
900             </condition>
901         </rule>
902         
903         <!-- access to external network -->
904         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
905         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
906         <rule effect="permit">
907             <condition combine="or">
908                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
909                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
910             </condition>
911         </rule>
912
913         <!-- access to external network on roaming status -->
914         <rule effect="permit">
915             <condition combine="and">
916                 <condition combine="or">
917                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
918                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
919                 </condition>
920                 <environment-match attr="roaming" match="true" />
921             </condition>
922         </rule>
923         
924         <rule effect="deny" />
925     </policy>
926 </policy-set>
Domain: Web Framework / Uncategorized;