1 <policy-set id="Tizen-Policy" combine="first-matching-target">
2 <policy id="Tizen-Policy-Trusted" description="Tizen's policy for trusted domain" combine="permit-overrides">
3 <!-- This is finger-print of certificate for TIZEN SDK (tizen.root.preproduction.cert.pem) -->
6 <subject-match attr="distributor-key-root-fingerprint" func="equal">
7 sha-1 AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E
11 <rule effect="permit">
12 <condition combine="or">
13 <resource-match attr="device-cap" func="equal" match="tizen" />
17 <!-- access to alarm -->
18 <rule effect="permit">
19 <condition combine="or">
20 <resource-match attr="device-cap" func="equal" match="alarm" />
21 <resource-match attr="device-cap" func="equal" match="alarm.read" />
22 <resource-match attr="device-cap" func="equal" match="alarm.write" />
26 <!-- access to application -->
27 <rule effect="permit">
28 <condition combine="or">
29 <resource-match attr="device-cap" func="equal" match="application" />
30 <resource-match attr="device-cap" func="equal" match="application.kill" />
31 <resource-match attr="device-cap" func="equal" match="application.launch" />
32 <resource-match attr="device-cap" func="equal" match="application.read" />
33 <resource-match attr="device-cap" func="equal" match="application.manager" />
34 <resource-match attr="device-cap" func="equal" match="application.service" />
38 <!-- access to bluetooth -->
39 <rule effect="permit">
40 <condition combine="or">
41 <resource-match attr="device-cap" func="equal" match="bluetooth" />
42 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
43 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
44 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
48 <!-- access to calendar -->
49 <rule effect="permit">
50 <condition combine="or">
51 <resource-match attr="device-cap" func="equal" match="calendar" />
52 <resource-match attr="device-cap" func="equal" match="calendar.read" />
53 <resource-match attr="device-cap" func="equal" match="calendar.write" />
57 <!-- access to call history -->
58 <rule effect="permit">
59 <condition combine="or">
60 <resource-match attr="device-cap" func="equal" match="call" />
61 <resource-match attr="device-cap" func="equal" match="call.history" />
62 <resource-match attr="device-cap" func="equal" match="call.history.read" />
63 <resource-match attr="device-cap" func="equal" match="call.history.write" />
64 <resource-match attr="device-cap" func="equal" match="call.state" />
68 <!-- access to contact -->
69 <rule effect="permit">
70 <condition combine="or">
71 <resource-match attr="device-cap" func="equal" match="contact" />
72 <resource-match attr="device-cap" func="equal" match="contact.read" />
73 <resource-match attr="device-cap" func="equal" match="contact.write" />
77 <!-- access to filesystem -->
78 <rule effect="permit">
79 <condition combine="or">
80 <resource-match attr="device-cap" func="equal" match="filesystem" />
81 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
82 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
86 <!-- access to geo coder -->
87 <rule effect="permit">
88 <condition combine="or">
89 <resource-match attr="device-cap" func="equal" match="geocoder" />
93 <!-- access to mediacontent -->
94 <rule effect="permit">
95 <condition combine="or">
96 <resource-match attr="device-cap" func="equal" match="mediacontent" />
97 <resource-match attr="device-cap" func="equal" match="mediacontent.read" />
98 <resource-match attr="device-cap" func="equal" match="mediacontent.write" />
102 <!-- access to Messaging -->
103 <rule effect="permit">
104 <condition combine="or">
105 <resource-match attr="device-cap" func="equal" match="messaging" />
106 <resource-match attr="device-cap" func="equal" match="messaging.read" />
107 <resource-match attr="device-cap" func="equal" match="messaging.write" />
108 <resource-match attr="device-cap" func="equal" match="messaging.send" />
112 <!-- access to NFC -->
113 <rule effect="permit">
114 <condition combine="or">
115 <resource-match attr="device-cap" func="equal" match="nfc" />
116 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
117 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
118 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
122 <!-- access to Sensors -->
123 <rule effect="permit">
124 <condition combine="or">
125 <resource-match attr="device-cap" func="equal" match="sensors" />
129 <!-- access to systeminfo -->
130 <rule effect="permit">
131 <condition combine="or">
132 <resource-match attr="device-cap" func="equal" match="systeminfo" />
136 <!-- access to timeutil -->
137 <rule effect="permit">
138 <condition combine="or">
139 <resource-match attr="device-cap" func="equal" match="time" />
140 <resource-match attr="device-cap" func="equal" match="time.read" />
141 <resource-match attr="device-cap" func="equal" match="time.write" />
145 <!-- access to lbs -->
146 <rule effect="permit">
147 <condition combine="or">
148 <resource-match attr="device-cap" func="equal" match="lbs" />
152 <!-- access to map -->
153 <rule effect="permit">
154 <condition combine="or">
155 <resource-match attr="device-cap" func="equal" match="map" />
159 <!-- access to poi -->
160 <rule effect="permit">
161 <condition combine="or">
162 <resource-match attr="device-cap" func="equal" match="poi" />
163 <resource-match attr="device-cap" func="equal" match="poi.read" />
164 <resource-match attr="device-cap" func="equal" match="poi.write" />
168 <!-- access to route -->
169 <rule effect="permit">
170 <condition combine="or">
171 <resource-match attr="device-cap" func="equal" match="route" />
175 <!-- access to external network -->
176 <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
177 <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
178 <rule effect="permit">
179 <condition combine="or">
180 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
181 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
185 <!-- access to external network on roaming status -->
186 <rule effect="permit">
187 <condition combine="and">
188 <condition combine="or">
189 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
190 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
192 <environment-match attr="roaming" match="true" />
196 <!-- access to power feature -->
197 <rule effect="permit">
198 <condition combine="or">
199 <resource-match attr="device-cap" func="equal" match="power" />
203 <!-- access to download feature -->
204 <rule effect="permit">
205 <condition combine="or">
206 <resource-match attr="device-cap" func="equal" match="download" />
210 <!-- access to notification feature -->
211 <rule effect="permit">
212 <condition combine="or">
213 <resource-match attr="device-cap" func="equal" match="notification" />
216 <rule effect="permit" />
219 <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="deny-overrides">
220 <!-- Specific Untrusted Policy for Tizen -->
222 <rule effect="permit">
223 <condition combine="or">
224 <resource-match attr="device-cap" func="equal" match="tizen" />
228 <!-- access to alarm -->
229 <rule effect="permit">
230 <condition combine="or">
231 <resource-match attr="device-cap" func="equal" match="alarm" />
232 <resource-match attr="device-cap" func="equal" match="alarm.read" />
233 <resource-match attr="device-cap" func="equal" match="alarm.write" />
237 <!-- access to application -->
238 <rule effect="permit">
239 <condition combine="or">
240 <resource-match attr="device-cap" func="equal" match="application" />
241 <resource-match attr="device-cap" func="equal" match="application.kill" />
242 <resource-match attr="device-cap" func="equal" match="application.launch" />
243 <resource-match attr="device-cap" func="equal" match="application.read" />
244 <resource-match attr="device-cap" func="equal" match="application.manager" />
245 <resource-match attr="device-cap" func="equal" match="application.service" />
249 <!-- access to bluetooth -->
250 <rule effect="permit">
251 <condition combine="or">
252 <resource-match attr="device-cap" func="equal" match="bluetooth" />
253 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
254 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
255 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
259 <!-- access to calendar -->
260 <rule effect="permit">
261 <condition combine="or">
262 <resource-match attr="device-cap" func="equal" match="calendar" />
263 <resource-match attr="device-cap" func="equal" match="calendar.read" />
264 <resource-match attr="device-cap" func="equal" match="calendar.write" />
268 <!-- access to call history -->
269 <rule effect="permit">
270 <condition combine="or">
271 <resource-match attr="device-cap" func="equal" match="call" />
272 <resource-match attr="device-cap" func="equal" match="call.history" />
273 <resource-match attr="device-cap" func="equal" match="call.history.read" />
274 <resource-match attr="device-cap" func="equal" match="call.history.write" />
275 <resource-match attr="device-cap" func="equal" match="call.state" />
279 <!-- access to contact -->
280 <rule effect="permit">
281 <condition combine="or">
282 <resource-match attr="device-cap" func="equal" match="contact" />
283 <resource-match attr="device-cap" func="equal" match="contact.read" />
284 <resource-match attr="device-cap" func="equal" match="contact.write" />
288 <!-- access to filesystem -->
289 <rule effect="permit">
290 <condition combine="or">
291 <resource-match attr="device-cap" func="equal" match="filesystem" />
292 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
293 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
297 <!-- access to geo coder -->
298 <rule effect="permit">
299 <condition combine="or">
300 <resource-match attr="device-cap" func="equal" match="geocoder" />
304 <!-- access to mediacontent -->
305 <rule effect="permit">
306 <condition combine="or">
307 <resource-match attr="device-cap" func="equal" match="mediacontent" />
308 <resource-match attr="device-cap" func="equal" match="mediacontent.read" />
309 <resource-match attr="device-cap" func="equal" match="mediacontent.write" />
313 <!-- access to Messaging -->
314 <rule effect="permit">
315 <condition combine="or">
316 <resource-match attr="device-cap" func="equal" match="messaging" />
317 <resource-match attr="device-cap" func="equal" match="messaging.read" />
318 <resource-match attr="device-cap" func="equal" match="messaging.write" />
319 <resource-match attr="device-cap" func="equal" match="messaging.send" />
323 <!-- access to NFC -->
324 <rule effect="permit">
325 <condition combine="or">
326 <resource-match attr="device-cap" func="equal" match="nfc" />
327 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
328 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
329 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
333 <!-- access to Sensors -->
334 <rule effect="permit">
335 <condition combine="or">
336 <resource-match attr="device-cap" func="equal" match="sensors" />
340 <!-- access to systeminfo -->
341 <rule effect="permit">
342 <condition combine="or">
343 <resource-match attr="device-cap" func="equal" match="systeminfo" />
347 <!-- access to timeutil -->
348 <rule effect="permit">
349 <condition combine="or">
350 <resource-match attr="device-cap" func="equal" match="time" />
351 <resource-match attr="device-cap" func="equal" match="time.read" />
352 <resource-match attr="device-cap" func="equal" match="time.write" />
356 <!-- access to lbs -->
357 <rule effect="permit">
358 <condition combine="or">
359 <resource-match attr="device-cap" func="equal" match="lbs" />
363 <!-- access to map -->
364 <rule effect="permit">
365 <condition combine="or">
366 <resource-match attr="device-cap" func="equal" match="map" />
370 <!-- access to poi -->
371 <rule effect="permit">
372 <condition combine="or">
373 <resource-match attr="device-cap" func="equal" match="poi" />
374 <resource-match attr="device-cap" func="equal" match="poi.read" />
375 <resource-match attr="device-cap" func="equal" match="poi.write" />
379 <!-- access to route -->
380 <rule effect="permit">
381 <condition combine="or">
382 <resource-match attr="device-cap" func="equal" match="route" />
386 <!-- access to external network -->
387 <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
388 <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
389 <rule effect="permit">
390 <condition combine="or">
391 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
392 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
396 <!-- access to external network on roaming status -->
397 <rule effect="permit">
398 <condition combine="and">
399 <condition combine="or">
400 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
401 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
403 <environment-match attr="roaming" match="true" />
407 <!-- access to power feature -->
408 <rule effect="permit">
409 <condition combine="or">
410 <resource-match attr="device-cap" func="equal" match="power" />
414 <!-- access to download feature -->
415 <rule effect="permit">
416 <condition combine="or">
417 <resource-match attr="device-cap" func="equal" match="download" />
421 <!-- access to notification feature -->
422 <rule effect="permit">
423 <condition combine="or">
424 <resource-match attr="device-cap" func="equal" match="notification" />