ace/configuration/TizenPolicy.xml

   1 <policy-set id="Tizen-Policy" combine="first-matching-target">
   2    <policy id="Tizen-Policy-Trusted" description="Tizen's policy for trusted domain" combine="permit-overrides">
   3         <!-- This is finger-print of certificate for TIZEN SDK (tizen.root.preproduction.cert.pem) -->
   4         <target>
   5             <subject>
   6                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
   7                     sha-1 AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E
   8                 </subject-match>
   9             </subject>
  10         </target>
  11
  12         <!-- access to NFC -->
  13         <rule effect="permit">
  14             <condition combine="or">
  15                 <resource-match attr="device-cap" func="equal" match="nfc.se" />
  16             </condition>
  17         </rule>
  18
  19         <rule effect="permit">
  20             <condition combine="and">
  21                 <condition combine="or">
  22                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
  23                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
  24                     <resource-match attr="device-cap" func="equal" match="messaging.send" />
  25                 </condition>
  26                 <environment-match attr="roaming" match="true" />
  27             </condition>
  28         </rule>
  29         <rule effect="permit" />
  30     </policy>
  31
  32     <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="deny-overrides">
  33         <!-- Specific Untrusted Policy for Tizen -->
  34
  35         <rule effect="permit">
  36             <condition combine="or">
  37                 <resource-match attr="device-cap" func="equal" match="tizen" />
  38             </condition>
  39         </rule>
  40
  41         <!-- access to alarm -->
  42         <rule effect="permit">
  43             <condition combine="or">
  44                 <resource-match attr="device-cap" func="equal" match="alarm" />
  45                 <resource-match attr="device-cap" func="equal" match="alarm.read" />
  46                 <resource-match attr="device-cap" func="equal" match="alarm.write" />
  47             </condition>
  48         </rule>
  49
  50         <!-- access to application -->
  51         <rule effect="permit">
  52             <condition combine="or">
  53                 <resource-match attr="device-cap" func="equal" match="application" />
  54                 <resource-match attr="device-cap" func="equal" match="application.kill" />
  55                 <resource-match attr="device-cap" func="equal" match="application.launch" />
  56                 <resource-match attr="device-cap" func="equal" match="application.read" />
  57                 <resource-match attr="device-cap" func="equal" match="application.manager" />
  58                 <resource-match attr="device-cap" func="equal" match="application.service" />
  59             </condition>
  60         </rule>
  61
  62         <!-- access to bluetooth -->
  63         <rule effect="permit">
  64             <condition combine="or">
  65                 <resource-match attr="device-cap" func="equal" match="bluetooth" />
  66                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
  67                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
  68                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
  69             </condition>
  70         </rule>
  71
  72         <!-- access to calendar -->
  73         <rule effect="permit">
  74             <condition combine="or">
  75                 <resource-match attr="device-cap" func="equal" match="calendar" />
  76                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
  77                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
  78             </condition>
  79         </rule>
  80
  81         <!-- access to call history -->
  82         <rule effect="permit">
  83             <condition combine="or">
  84                 <resource-match attr="device-cap" func="equal" match="call" />
  85                 <resource-match attr="device-cap" func="equal" match="call.history" />
  86                 <resource-match attr="device-cap" func="equal" match="call.history.read" />
  87                 <resource-match attr="device-cap" func="equal" match="call.history.write" />
  88                 <resource-match attr="device-cap" func="equal" match="call.state" />
  89             </condition>
  90         </rule>
  91
  92         <!-- access to contact -->
  93         <rule effect="permit">
  94             <condition combine="or">
  95                 <resource-match attr="device-cap" func="equal" match="contact" />
  96                 <resource-match attr="device-cap" func="equal" match="contact.read" />
  97                 <resource-match attr="device-cap" func="equal" match="contact.write" />
  98             </condition>
  99         </rule>
 100
 101         <!-- access to filesystem -->
 102         <rule effect="permit">
 103             <condition combine="or">
 104                 <resource-match attr="device-cap" func="equal" match="filesystem" />
 105                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
 106                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
 107             </condition>
 108         </rule>
 109
 110         <!-- access to geo coder -->
 111         <rule effect="permit">
 112             <condition combine="or">
 113                 <resource-match attr="device-cap" func="equal" match="geocoder" />
 114             </condition>
 115         </rule>
 116
 117         <!-- access to mediacontent -->
 118         <rule effect="permit">
 119             <condition combine="or">
 120                 <resource-match attr="device-cap" func="equal" match="mediacontent" />
 121                 <resource-match attr="device-cap" func="equal" match="mediacontent.read" />
 122             </condition>
 123         </rule>
 124
 125         <!-- access to Messaging -->
 126         <rule effect="permit">
 127             <condition combine="or">
 128                 <resource-match attr="device-cap" func="equal" match="messaging" />
 129                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
 130                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
 131                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
 132             </condition>
 133         </rule>
 134
 135         <!-- access to message send on roaming status -->
 136         <rule effect="deny">
 137             <condition combine="and">
 138                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
 139                 <environment-match attr="roaming" match="true" />
 140             </condition>
 141         </rule>
 142
 143         <!-- access to NFC -->
 144         <rule effect="permit">
 145             <condition combine="or">
 146                 <resource-match attr="device-cap" func="equal" match="nfc" />
 147                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
 148                 <resource-match attr="device-cap" func="equal" match="nfs.p2p" />
 149                 <resource-match attr="device-cap" func="equal" match="nfc.se" />
 150             </condition>
 151         </rule>
 152
 153         <!-- access to Sensors -->
 154         <rule effect="permit">
 155             <condition combine="or">
 156                 <resource-match attr="device-cap" func="equal" match="sensors" />
 157             </condition>
 158         </rule>
 159
 160         <!-- access to systeminfo -->
 161         <rule effect="permit">
 162             <condition combine="or">
 163                 <resource-match attr="device-cap" func="equal" match="systeminfo" />
 164             </condition>
 165         </rule>
 166
 167         <!-- access to timeutil -->
 168         <rule effect="permit">
 169             <condition combine="or">
 170                 <resource-match attr="device-cap" func="equal" match="time" />
 171                 <resource-match attr="device-cap" func="equal" match="time.read" />
 172                 <resource-match attr="device-cap" func="equal" match="time.write" />
 173             </condition>
 174         </rule>
 175
 176         <!-- access to lbs -->
 177         <rule effect="permit">
 178             <condition combine="or">
 179                 <resource-match attr="device-cap" func="equal" match="lbs" />
 180             </condition>
 181         </rule>
 182
 183         <!-- access to map -->
 184         <rule effect="permit">
 185             <condition combine="or">
 186                 <resource-match attr="device-cap" func="equal" match="map" />
 187             </condition>
 188         </rule>
 189
 190         <!-- access to poi -->
 191         <rule effect="permit">
 192             <condition combine="or">
 193                 <resource-match attr="device-cap" func="equal" match="poi" />
 194                 <resource-match attr="device-cap" func="equal" match="poi.read" />
 195                 <resource-match attr="device-cap" func="equal" match="poi.write" />
 196             </condition>
 197         </rule>
 198
 199         <!-- access to route -->
 200         <rule effect="permit">
 201             <condition combine="or">
 202                 <resource-match attr="device-cap" func="equal" match="route" />
 203             </condition>
 204         </rule>
 205
 206         <!-- access to external network -->
 207         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
 208         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
 209         <rule effect="permit">
 210             <condition combine="or">
 211                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
 212                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
 213             </condition>
 214         </rule>
 215
 216         <!-- access to external network on roaming status -->
 217         <rule effect="permit">
 218             <condition combine="and">
 219                 <condition combine="or">
 220                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
 221                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
 222                 </condition>
 223                 <environment-match attr="roaming" match="true" />
 224             </condition>
 225         </rule>
 226
 227         <!-- access to orientation feature -->
 228         <rule effect="permit">
 229             <condition combine="or">
 230                 <resource-match attr="device-cap" func="equal" match="orientation" />
 231             </condition>
 232         </rule>
 233
 234     </policy>
 235 </policy-set>