1 <policy-set id="WAC-Policy" combine="first-matching-target">
2 <policy id="WAC-Policy-Trusted" description="WAC's policy for trusted domain" combine="permit-overrides">
5 <!-- This is finger-print of certificate for WAC Test Widget (operator.root.cert.pem) -->
6 <subject-match attr="distributor-key-root-fingerprint" func="equal">
7 sha-1 4A:9D:7A:4B:3B:29:D4:69:0A:70:B3:80:EC:A9:44:6B:03:7C:9A:38
11 <!-- This is finger-print of certificate for WAC Publish ID (wac.publisher.pem) -->
12 <subject-match attr="author-key-root-fingerprint" func="equal">
13 sha-1 A6:00:BC:53:AC:37:5B:6A:03:C3:7A:8A:E0:1B:87:8B:82:94:9B:C2
17 <!-- This is finger-print of certificate for WAC Production (wac.root.production.pem) -->
18 <subject-match attr="distributor-key-root-fingerprint" func="equal">
19 sha-1 A0:59:D3:37:E8:C8:2E:7F:38:84:7D:21:A9:9E:19:A9:8E:EC:EB:E1
23 <!-- This is finger-print of certificate for WAC Preproduction (wac.root.preproduction.pem) -->
24 <subject-match attr="distributor-key-root-fingerprint" func="equal">
25 sha-1 8D:1F:CB:31:68:11:DA:22:59:26:58:13:6C:C6:72:C9:F0:DE:84:2A
30 <!-- access to external network -->
32 <rule effect="permit">
33 <condition combine="and">
34 <condition combine="or">
35 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
36 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
37 <resource-match attr="device-cap" func="equal" match="messaging.send" />
39 <environment-match attr="roaming" match="true" />
43 <rule effect="permit" />
46 <policy id="WAC-Policy-Untrusted" description="WAC's policy for untrusted domain" combine="deny-overrides">
47 <!-- Specific Untrusted Policy for WAC -->
48 <!-- access to accelerometer -->
49 <rule effect="permit">
50 <condition combine="or">
51 <resource-match attr="device-cap" func="equal" match="accelerometer" />
55 <!-- access to calendar -->
56 <rule effect="permit">
57 <condition combine="or">
58 <resource-match attr="device-cap" func="equal" match="pim.calendar.read" />
59 <resource-match attr="device-cap" func="equal" match="pim.calendar.write" />
63 <!-- access to camera -->
64 <rule effect="permit">
65 <condition combine="or">
66 <resource-match attr="device-cap" func="equal" match="camera.show" />
69 <rule effect="permit">
70 <condition combine="or">
71 <resource-match attr="device-cap" func="equal" match="camera.capture" />
75 <!-- access to contact -->
76 <rule effect="permit">
77 <condition combine="or">
78 <resource-match attr="device-cap" func="equal" match="pim.contact.read" />
79 <resource-match attr="device-cap" func="equal" match="pim.contact.write" />
83 <!-- access to device-interaction -->
84 <rule effect="permit">
85 <condition combine="or">
86 <resource-match attr="device-cap" func="equal" match="deviceinteraction" />
90 <!-- access to device-status -->
91 <rule effect="permit">
92 <condition combine="or">
93 <resource-match attr="device-cap" func="equal" match="devicestatus.deviceinfo" />
94 <resource-match attr="device-cap" func="equal" match="devicestatus.networkinfo" />
98 <!-- access to filesystem -->
99 <rule effect="permit">
100 <condition combine="and">
101 <condition combine="or">
102 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
103 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
105 <condition combine="or">
106 <resource-match attr="param:location" func="equal">wgt-private</resource-match>
107 <resource-match attr="param:location" func="equal">wgt-private-tmp</resource-match>
108 <resource-match attr="param:location" func="equal">wgt-package</resource-match>
113 <!-- access to messaging -->
114 <rule effect="permit">
115 <condition combine="or">
116 <resource-match attr="device-cap" func="equal" match="messaging.find" />
117 <resource-match attr="device-cap" func="equal" match="messaging.subscribe" />
118 <resource-match attr="device-cap" func="equal" match="messaging.write" />
122 <!-- access to message send on roaming status -->
125 <condition combine="and">
126 <resource-match attr="device-cap" func="equal" match="messaging.send" />
127 <environment-match attr="roaming" match="true" />
132 <!-- access to geolocation -->
133 <rule effect="permit">
134 <condition combine="or">
135 <resource-match attr="device-cap" func="equal" match="geolocation" />
139 <!-- access to orientation -->
140 <rule effect="permit">
141 <condition combine="or">
142 <resource-match attr="device-cap" func="equal" match="orientation" />
146 <!-- access to task -->
147 <rule effect="permit">
148 <condition combine="or">
149 <resource-match attr="device-cap" func="equal" match="pim.task.read" />
150 <resource-match attr="device-cap" func="equal" match="pim.task.write" />
153 <!-- access to external network -->
154 <rule effect="permit">
155 <condition combine="or">
156 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
157 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
161 <!-- access to external network on roaming status -->
163 <rule effect="permit">
164 <condition combine="and">
165 <condition combine="or">
166 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
167 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
169 <environment-match attr="roaming" match="true" />