1 <policy-set id="WAC-Policy" combine="first-matching-target">
2 <policy id="WAC-Policy-Trusted" description="WAC's policy for trusted domain" combine="permit-overrides">
5 <!-- This is finger-print of certificate for WAC Test Widget (operator.root.cert.pem) -->
6 <subject-match attr="distributor-key-root-fingerprint" func="equal">
7 sha-1 4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38
11 <!-- This is finger-print of certificate for WAC Publish ID (wac.publisher.pem) -->
12 <subject-match attr="author-key-root-fingerprint" func="equal">
13 sha-1 A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2
17 <!-- This is finger-print of certificate for WAC Production (wac.root.production.pem) -->
18 <subject-match attr="distributor-key-root-fingerprint" func="equal">
19 sha-1 A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1
23 <!-- This is finger-print of certificate for WAC Preproduction (wac.root.preproduction.pem) -->
24 <subject-match attr="distributor-key-root-fingerprint" func="equal">
25 sha-1 8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A
30 <!-- access to external network -->
31 <rule effect="permit">
32 <condition combine="and">
33 <condition combine="or">
34 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
35 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
36 <resource-match attr="device-cap" func="equal" match="messaging.send" />
38 <environment-match attr="roaming" match="true" />
41 <rule effect="permit" />
44 <policy id="WAC-Policy-Untrusted" description="WAC's policy for untrusted domain" combine="deny-overrides">
45 <!-- Specific Untrusted Policy for WAC -->
46 <!-- access to accelerometer -->
47 <rule effect="permit">
48 <condition combine="or">
49 <resource-match attr="device-cap" func="equal" match="accelerometer" />
53 <!-- access to calendar -->
54 <rule effect="permit">
55 <condition combine="or">
56 <resource-match attr="device-cap" func="equal" match="pim.calendar.read" />
57 <resource-match attr="device-cap" func="equal" match="pim.calendar.write" />
61 <!-- access to camera -->
62 <rule effect="permit">
63 <condition combine="or">
64 <resource-match attr="device-cap" func="equal" match="camera.show" />
67 <rule effect="permit">
68 <condition combine="or">
69 <resource-match attr="device-cap" func="equal" match="camera.capture" />
73 <!-- access to contact -->
74 <rule effect="permit">
75 <condition combine="or">
76 <resource-match attr="device-cap" func="equal" match="pim.contact.read" />
77 <resource-match attr="device-cap" func="equal" match="pim.contact.write" />
81 <!-- access to device-interaction -->
82 <rule effect="permit">
83 <condition combine="or">
84 <resource-match attr="device-cap" func="equal" match="deviceinteraction" />
88 <!-- access to device-status -->
89 <rule effect="permit">
90 <condition combine="or">
91 <resource-match attr="device-cap" func="equal" match="devicestatus.deviceinfo" />
92 <resource-match attr="device-cap" func="equal" match="devicestatus.networkinfo" />
96 <!-- access to filesystem -->
97 <rule effect="permit">
98 <condition combine="and">
99 <condition combine="or">
100 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
101 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
103 <condition combine="or">
104 <resource-match attr="param:location" func="equal">wgt-private</resource-match>
105 <resource-match attr="param:location" func="equal">wgt-private-tmp</resource-match>
106 <resource-match attr="param:location" func="equal">wgt-package</resource-match>
111 <!-- access to messaging -->
112 <rule effect="permit">
113 <condition combine="or">
114 <resource-match attr="device-cap" func="equal" match="messaging.find" />
115 <resource-match attr="device-cap" func="equal" match="messaging.subscribe" />
116 <resource-match attr="device-cap" func="equal" match="messaging.write" />
120 <!-- access to message send on roaming status -->
122 <condition combine="and">
123 <resource-match attr="device-cap" func="equal" match="messaging.send" />
124 <environment-match attr="roaming" match="true" />
128 <!-- access to geolocation -->
129 <rule effect="permit">
130 <condition combine="or">
131 <resource-match attr="device-cap" func="equal" match="geolocation" />
135 <!-- access to orientation -->
136 <rule effect="permit">
137 <condition combine="or">
138 <resource-match attr="device-cap" func="equal" match="orientation" />
142 <!-- access to task -->
143 <rule effect="permit">
144 <condition combine="or">
145 <resource-match attr="device-cap" func="equal" match="pim.task.read" />
146 <resource-match attr="device-cap" func="equal" match="pim.task.write" />
149 <!-- access to external network -->
150 <rule effect="permit">
151 <condition combine="or">
152 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
153 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
157 <!-- access to external network on roaming status -->
158 <rule effect="permit">
159 <condition combine="and">
160 <condition combine="or">
161 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
162 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
164 <environment-match attr="roaming" match="true" />
projects / framework / security / security-server.git / blob