<policy-set id="Tizen-Policy" combine="first-matching-target">
+ <policy id="Tizen-Policy-Platorm1-API" description="Platform API" combine="permit-overrides">
+ <!-- Platorm API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
+ <target>
+ <subject>
+ <subject-match attr="distributor-key-root-fingerprint" func="equal">
+ sha-1 2A:74:E8:CF:9E:0F:C3:D9:80:48:8B:E7:86:F7:83:49:91:11:E1:E0
+ </subject-match>
+ </subject>
+ </target>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="tizen" />
+ </condition>
+ </rule>
+
+ <!-- access to application -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="appmanager.certificate" />
+ <resource-match attr="device-cap" func="equal" match="appmanager.kill" />
+ <resource-match attr="device-cap" func="equal" match="application.launch" />
+ </condition>
+ </rule>
+
+ <!-- access to bluetooth -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
+ <resource-match attr="device-cap" func="equal" match="bluetoothmanager" />
+ </condition>
+ </rule>
+
+ <!-- access to bookmark -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="bookmark.read" />
+ <resource-match attr="device-cap" func="equal" match="bookmark.write" />
+ </condition>
+ </rule>
+
+ <!-- access to calendar -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="calendar.read" />
+ <resource-match attr="device-cap" func="equal" match="calendar.write" />
+ </condition>
+ </rule>
+
+ <!-- access to call history -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="callhistory.read" />
+ <resource-match attr="device-cap" func="equal" match="callhistory.write" />
+ </condition>
+ </rule>
+
+ <!-- access to contact -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="contact.read" />
+ <resource-match attr="device-cap" func="equal" match="contact.write" />
+ </condition>
+ </rule>
+
+ <!-- access to content -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="content.read" />
+ <resource-match attr="device-cap" func="equal" match="content.write" />
+ </condition>
+ </rule>
+
+ <!-- access to datasync -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="datasync" />
+ </condition>
+ </rule>
+
+ <!-- access to NFC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="nfc.admin" />
+ <resource-match attr="device-cap" func="equal" match="nfc.tag" />
+ <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
+ <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
+ <resource-match attr="device-cap" func="equal" match="nfc.common" />
+ </condition>
+ </rule>
+
+ <!-- access to systeminfo -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="system.info" />
+ <resource-match attr="device-cap" func="equal" match="systemmanager.info" />
+ </condition>
+ </rule>
+
+ <!-- access to system setting -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="setting" />
+ </condition>
+ </rule>
+
+ <!-- access to download feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="download" />
+ </condition>
+ </rule>
+
+ <!-- access to power feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="power" />
+ </condition>
+ </rule>
+
+ <!-- access to push feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="push" />
+ </condition>
+ </rule>
+
+ <!-- access to timeutil -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="time" />
+ </condition>
+ </rule>
+
+ <!-- access to external network -->
+ <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
+ <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ </rule>
+
+ <!-- access to external network on roaming status -->
+ <rule effect="permit">
+ <condition combine="and">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ <environment-match attr="roaming" match="true" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="alarm" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="log" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messaging.read" />
+ <resource-match attr="device-cap" func="equal" match="messaging.write" />
+ <resource-match attr="device-cap" func="equal" match="messaging.send" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messageport" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="filesystem.read" />
+ <resource-match attr="device-cap" func="equal" match="filesystem.write" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="notification" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="se" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="account.read" />
+ <resource-match attr="device-cap" func="equal" match="account.write" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="packagemanager.install" />
+ <resource-match attr="device-cap" func="equal" match="package.info" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
+ </condition>
+ </rule>
+
+ <rule effect="deny" />
+
+ </policy>
+ <policy id="Tizen-Policy-Platorm2-API" description="Platorm API" combine="permit-overrides">
+ <!-- Platorm API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
+ <target>
+ <subject>
+ <subject-match attr="distributor-key-root-fingerprint" func="equal">
+ sha-1 B0:5F:40:43:71:1F:11:BC:9A:6A:62:FA:DA:92:54:79:92:16:11:DF
+ </subject-match>
+ </subject>
+ </target>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="tizen" />
+ </condition>
+ </rule>
+
+ <!-- access to application -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="appmanager.certificate" />
+ <resource-match attr="device-cap" func="equal" match="appmanager.kill" />
+ <resource-match attr="device-cap" func="equal" match="application.launch" />
+ </condition>
+ </rule>
+
+ <!-- access to bluetooth -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
+ <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
+ <resource-match attr="device-cap" func="equal" match="bluetoothmanager" />
+ </condition>
+ </rule>
+
+ <!-- access to bookmark -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="bookmark.read" />
+ <resource-match attr="device-cap" func="equal" match="bookmark.write" />
+ </condition>
+ </rule>
+
+ <!-- access to calendar -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="calendar.read" />
+ <resource-match attr="device-cap" func="equal" match="calendar.write" />
+ </condition>
+ </rule>
+
+ <!-- access to call history -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="callhistory.read" />
+ <resource-match attr="device-cap" func="equal" match="callhistory.write" />
+ </condition>
+ </rule>
+
+ <!-- access to contact -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="contact.read" />
+ <resource-match attr="device-cap" func="equal" match="contact.write" />
+ </condition>
+ </rule>
+
+ <!-- access to content -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="content.read" />
+ <resource-match attr="device-cap" func="equal" match="content.write" />
+ </condition>
+ </rule>
+
+ <!-- access to datasync -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="datasync" />
+ </condition>
+ </rule>
+
+ <!-- access to NFC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="nfc.admin" />
+ <resource-match attr="device-cap" func="equal" match="nfc.tag" />
+ <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
+ <resource-match attr="device-cap" func="equal" match="nfc.cardemulation" />
+ <resource-match attr="device-cap" func="equal" match="nfc.common" />
+ </condition>
+ </rule>
+
+ <!-- access to systeminfo -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="system.info" />
+ <resource-match attr="device-cap" func="equal" match="systemmanager.info" />
+ </condition>
+ </rule>
+
+ <!-- access to system setting -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="setting" />
+ </condition>
+ </rule>
+
+ <!-- access to download feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="download" />
+ </condition>
+ </rule>
+
+ <!-- access to power feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="power" />
+ </condition>
+ </rule>
+
+ <!-- access to push feature -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="push" />
+ </condition>
+ </rule>
+
+ <!-- access to timeutil -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="time" />
+ </condition>
+ </rule>
+
+ <!-- access to external network -->
+ <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
+ <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ </rule>
+
+ <!-- access to external network on roaming status -->
+ <rule effect="permit">
+ <condition combine="and">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
+ <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
+ </condition>
+ <environment-match attr="roaming" match="true" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="alarm" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="log" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messaging.read" />
+ <resource-match attr="device-cap" func="equal" match="messaging.write" />
+ <resource-match attr="device-cap" func="equal" match="messaging.send" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="messageport" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="filesystem.read" />
+ <resource-match attr="device-cap" func="equal" match="filesystem.write" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="notification" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="networkbearerselection" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="datacontrol.consumer" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="se" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="account.read" />
+ <resource-match attr="device-cap" func="equal" match="account.write" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="packagemanager.install" />
+ <resource-match attr="device-cap" func="equal" match="package.info" />
+ </condition>
+ </rule>
+
+ <rule effect="permit">
+ <condition combine="or">
+ <resource-match attr="device-cap" func="equal" match="contentmanager.write" />
+ </condition>
+ </rule>
+
+ <rule effect="deny" />
+
+ </policy>
<policy id="Tizen-Policy-Partner-API" description="Partner API" combine="permit-overrides">
<!-- Partner API. This is finger-print of tizen-distributor-root-ca-partner.pem -->
<target>
<rule effect="permit">
<condition combine="or">
- <resource-match attr="device-cap" func="equal" match="messagport" />
+ <resource-match attr="device-cap" func="equal" match="messageport" />
</condition>
</rule>
projects / platform / framework / web / wrt-security.git / commitdiff