projects / framework / web / wrt-security.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Update wrt-security_0.0.42
[framework/web/wrt-security.git] / ace / configuration / TizenPolicy.xml
1 <policy-set id="Tizen-Policy" combine="first-matching-target">
2    <policy id="Tizen-Policy-Trusted" description="Tizen's policy for trusted domain" combine="permit-overrides">
3         <!-- This is finger-print of certificate for TIZEN SDK (tizen.root.preproduction.cert.pem) --> 
4         <target>
5             <subject>
6                 <subject-match attr="distributor-key-root-fingerprint" func="equal">
7                     sha-1 AD:A1:44:89:6A:35:6D:17:01:E9:6F:46:C6:00:7B:78:BE:2E:D9:4E
8                 </subject-match>
9             </subject>
10         </target> 
11         <rule effect="permit">
12             <condition combine="or">
13                 <resource-match attr="device-cap" func="equal" match="tizen" />
14             </condition>
15         </rule>
16
17         <!-- access to alarm -->
18         <rule effect="permit">
19             <condition combine="or">
20                 <resource-match attr="device-cap" func="equal" match="alarm" />
21                 <resource-match attr="device-cap" func="equal" match="alarm.read" />
22                 <resource-match attr="device-cap" func="equal" match="alarm.write" />
23             </condition>
24         </rule>
25
26         <!-- access to application -->
27         <rule effect="permit">
28             <condition combine="or">
29                 <resource-match attr="device-cap" func="equal" match="application" />
30                 <resource-match attr="device-cap" func="equal" match="application.kill" />
31                 <resource-match attr="device-cap" func="equal" match="application.launch" />
32                 <resource-match attr="device-cap" func="equal" match="application.read" />
33                 <resource-match attr="device-cap" func="equal" match="application.manager" />
34                 <resource-match attr="device-cap" func="equal" match="application.service" />
35             </condition>
36         </rule>
37
38         <!-- access to bluetooth -->
39         <rule effect="permit">
40             <condition combine="or">
41                 <resource-match attr="device-cap" func="equal" match="bluetooth" />
42                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
43                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
44                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
45             </condition>
46         </rule>
47
48         <!-- access to calendar -->
49         <rule effect="permit">
50             <condition combine="or">
51                 <resource-match attr="device-cap" func="equal" match="calendar" />
52                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
53                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
54             </condition>
55         </rule>
56
57         <!-- access to call history -->
58         <rule effect="permit">
59             <condition combine="or">
60                 <resource-match attr="device-cap" func="equal" match="call" />
61                 <resource-match attr="device-cap" func="equal" match="call.history" />
62                 <resource-match attr="device-cap" func="equal" match="call.history.read" />
63                 <resource-match attr="device-cap" func="equal" match="call.history.write" />
64                 <resource-match attr="device-cap" func="equal" match="call.state" />
65             </condition>
66         </rule>
67
68         <!-- access to contact -->
69         <rule effect="permit">
70             <condition combine="or">
71                 <resource-match attr="device-cap" func="equal" match="contact" />
72                 <resource-match attr="device-cap" func="equal" match="contact.read" />
73                 <resource-match attr="device-cap" func="equal" match="contact.write" />
74             </condition>
75         </rule>
76
77         <!-- access to filesystem -->
78         <rule effect="permit">
79             <condition combine="or">
80                 <resource-match attr="device-cap" func="equal" match="filesystem" />
81                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
82                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
83             </condition>
84         </rule>
85
86         <!-- access to geo coder -->
87         <rule effect="permit">
88             <condition combine="or">
89                 <resource-match attr="device-cap" func="equal" match="geocoder" />
90             </condition>
91         </rule>
92
93         <!-- access to mediacontent -->
94         <rule effect="permit">
95             <condition combine="or">
96                 <resource-match attr="device-cap" func="equal" match="mediacontent" />
97                 <resource-match attr="device-cap" func="equal" match="mediacontent.read" />
98                                 <resource-match attr="device-cap" func="equal" match="mediacontent.write" />
99             </condition>
100         </rule>
101
102         <!-- access to Messaging -->
103         <rule effect="permit">
104             <condition combine="or">
105                 <resource-match attr="device-cap" func="equal" match="messaging" />
106                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
107                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
108                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
109             </condition>
110         </rule>
111
112         <!-- access to NFC -->
113         <rule effect="permit">
114             <condition combine="or">
115                 <resource-match attr="device-cap" func="equal" match="nfc" />
116                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
117                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
118                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
119             </condition>
120         </rule>
121
122         <!-- access to Sensors -->
123         <rule effect="permit">
124             <condition combine="or">
125                 <resource-match attr="device-cap" func="equal" match="sensors" />
126             </condition>
127         </rule>
128
129         <!-- access to systeminfo -->
130         <rule effect="permit">
131             <condition combine="or">
132                 <resource-match attr="device-cap" func="equal" match="systeminfo" />
133             </condition>
134         </rule>
135
136         <!-- access to timeutil -->
137         <rule effect="permit">
138             <condition combine="or">
139                 <resource-match attr="device-cap" func="equal" match="time" />
140                 <resource-match attr="device-cap" func="equal" match="time.read" />
141                 <resource-match attr="device-cap" func="equal" match="time.write" />
142             </condition>
143         </rule>
144
145         <!-- access to lbs -->
146         <rule effect="permit">
147             <condition combine="or">
148                 <resource-match attr="device-cap" func="equal" match="lbs" />
149             </condition>
150         </rule>
151
152         <!-- access to map -->
153         <rule effect="permit">
154             <condition combine="or">
155                 <resource-match attr="device-cap" func="equal" match="map" />
156             </condition>
157         </rule>
158
159         <!-- access to poi -->
160         <rule effect="permit">
161             <condition combine="or">
162                 <resource-match attr="device-cap" func="equal" match="poi" />
163                 <resource-match attr="device-cap" func="equal" match="poi.read" />
164                 <resource-match attr="device-cap" func="equal" match="poi.write" />
165             </condition>
166         </rule>
167
168         <!-- access to route -->
169         <rule effect="permit">
170             <condition combine="or">
171                 <resource-match attr="device-cap" func="equal" match="route" />
172             </condition>
173         </rule>
174
175         <!-- access to external network -->
176         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
177         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
178         <rule effect="permit">
179             <condition combine="or">
180                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
181                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
182             </condition>
183         </rule>
184
185         <!-- access to external network on roaming status -->
186         <rule effect="permit">
187             <condition combine="and">
188                 <condition combine="or">
189                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
190                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
191                 </condition>
192                 <environment-match attr="roaming" match="true" />
193             </condition>
194         </rule>
195
196         <!-- access to power feature -->
197         <rule effect="permit">
198             <condition combine="or">
199                 <resource-match attr="device-cap" func="equal" match="power" />
200             </condition>
201         </rule>
202
203         <!-- access to download feature -->
204         <rule effect="permit">
205             <condition combine="or">
206                 <resource-match attr="device-cap" func="equal" match="download" />
207             </condition>
208         </rule>
209
210         <!-- access to notification feature -->
211         <rule effect="permit">
212             <condition combine="or">
213                 <resource-match attr="device-cap" func="equal" match="notification" />
214             </condition>
215         </rule>
216         <rule effect="permit" />
217     </policy>
218
219     <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="deny-overrides">
220         <!-- Specific Untrusted Policy for Tizen -->
221
222         <rule effect="permit">
223             <condition combine="or">
224                 <resource-match attr="device-cap" func="equal" match="tizen" />
225             </condition>
226         </rule>
227
228         <!-- access to alarm -->
229         <rule effect="permit">
230             <condition combine="or">
231                 <resource-match attr="device-cap" func="equal" match="alarm" />
232                 <resource-match attr="device-cap" func="equal" match="alarm.read" />
233                 <resource-match attr="device-cap" func="equal" match="alarm.write" />
234             </condition>
235         </rule>
236
237         <!-- access to application -->
238         <rule effect="permit">
239             <condition combine="or">
240                 <resource-match attr="device-cap" func="equal" match="application" />
241                 <resource-match attr="device-cap" func="equal" match="application.kill" />
242                 <resource-match attr="device-cap" func="equal" match="application.launch" />
243                 <resource-match attr="device-cap" func="equal" match="application.read" />
244                 <resource-match attr="device-cap" func="equal" match="application.manager" />
245                 <resource-match attr="device-cap" func="equal" match="application.service" />
246             </condition>
247         </rule>
248
249         <!-- access to bluetooth -->
250         <rule effect="permit">
251             <condition combine="or">
252                 <resource-match attr="device-cap" func="equal" match="bluetooth" />
253                 <resource-match attr="device-cap" func="equal" match="bluetooth.admin" />
254                 <resource-match attr="device-cap" func="equal" match="bluetooth.gap" />
255                 <resource-match attr="device-cap" func="equal" match="bluetooth.spp" />
256             </condition>
257         </rule>
258
259         <!-- access to calendar -->
260         <rule effect="permit">
261             <condition combine="or">
262                 <resource-match attr="device-cap" func="equal" match="calendar" />
263                 <resource-match attr="device-cap" func="equal" match="calendar.read" />
264                 <resource-match attr="device-cap" func="equal" match="calendar.write" />
265             </condition>
266         </rule>
267
268         <!-- access to call history -->
269         <rule effect="permit">
270             <condition combine="or">
271                 <resource-match attr="device-cap" func="equal" match="call" />
272                 <resource-match attr="device-cap" func="equal" match="call.history" />
273                 <resource-match attr="device-cap" func="equal" match="call.history.read" />
274                 <resource-match attr="device-cap" func="equal" match="call.history.write" />
275                 <resource-match attr="device-cap" func="equal" match="call.state" />
276             </condition>
277         </rule>
278
279         <!-- access to contact -->
280         <rule effect="permit">
281             <condition combine="or">
282                 <resource-match attr="device-cap" func="equal" match="contact" />
283                 <resource-match attr="device-cap" func="equal" match="contact.read" />
284                 <resource-match attr="device-cap" func="equal" match="contact.write" />
285             </condition>
286         </rule>
287
288         <!-- access to filesystem -->
289         <rule effect="permit">
290             <condition combine="or">
291                 <resource-match attr="device-cap" func="equal" match="filesystem" />
292                 <resource-match attr="device-cap" func="equal" match="filesystem.read" />
293                 <resource-match attr="device-cap" func="equal" match="filesystem.write" />
294             </condition>
295         </rule>
296
297         <!-- access to geo coder -->
298         <rule effect="permit">
299             <condition combine="or">
300                 <resource-match attr="device-cap" func="equal" match="geocoder" />
301             </condition>
302         </rule>
303
304         <!-- access to mediacontent -->
305         <rule effect="permit">
306             <condition combine="or">
307                 <resource-match attr="device-cap" func="equal" match="mediacontent" />
308                 <resource-match attr="device-cap" func="equal" match="mediacontent.read" />
309                 <resource-match attr="device-cap" func="equal" match="mediacontent.write" />
310             </condition>
311         </rule>
312
313         <!-- access to Messaging -->
314         <rule effect="permit">
315             <condition combine="or">
316                 <resource-match attr="device-cap" func="equal" match="messaging" />
317                 <resource-match attr="device-cap" func="equal" match="messaging.read" />
318                 <resource-match attr="device-cap" func="equal" match="messaging.write" />
319                 <resource-match attr="device-cap" func="equal" match="messaging.send" />
320             </condition>
321         </rule>
322
323         <!-- access to NFC -->
324         <rule effect="permit">
325             <condition combine="or">
326                 <resource-match attr="device-cap" func="equal" match="nfc" />
327                 <resource-match attr="device-cap" func="equal" match="nfc.tag" />
328                 <resource-match attr="device-cap" func="equal" match="nfc.p2p" />
329                 <resource-match attr="device-cap" func="equal" match="nfc.admin" />
330             </condition>
331         </rule>
332
333         <!-- access to Sensors -->
334         <rule effect="permit">
335             <condition combine="or">
336                 <resource-match attr="device-cap" func="equal" match="sensors" />
337             </condition>
338         </rule>
339
340         <!-- access to systeminfo -->
341         <rule effect="permit">
342             <condition combine="or">
343                 <resource-match attr="device-cap" func="equal" match="systeminfo" />
344             </condition>
345         </rule>
346
347         <!-- access to timeutil -->
348         <rule effect="permit">
349             <condition combine="or">
350                 <resource-match attr="device-cap" func="equal" match="time" />
351                 <resource-match attr="device-cap" func="equal" match="time.read" />
352                 <resource-match attr="device-cap" func="equal" match="time.write" />
353             </condition>
354         </rule>
355
356         <!-- access to lbs -->
357         <rule effect="permit">
358             <condition combine="or">
359                 <resource-match attr="device-cap" func="equal" match="lbs" />
360             </condition>
361         </rule>
362
363         <!-- access to map -->
364         <rule effect="permit">
365             <condition combine="or">
366                 <resource-match attr="device-cap" func="equal" match="map" />
367             </condition>
368         </rule>
369
370         <!-- access to poi -->
371         <rule effect="permit">
372             <condition combine="or">
373                 <resource-match attr="device-cap" func="equal" match="poi" />
374                 <resource-match attr="device-cap" func="equal" match="poi.read" />
375                 <resource-match attr="device-cap" func="equal" match="poi.write" />
376             </condition>
377         </rule>
378
379         <!-- access to route -->
380         <rule effect="permit">
381             <condition combine="or">
382                 <resource-match attr="device-cap" func="equal" match="route" />
383             </condition>
384         </rule>
385
386         <!-- access to external network -->
387         <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp -->
388         <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC -->
389         <rule effect="permit">
390             <condition combine="or">
391                 <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
392                 <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
393             </condition>
394         </rule>
395
396         <!-- access to external network on roaming status -->
397         <rule effect="permit">
398             <condition combine="and">
399                 <condition combine="or">
400                     <resource-match attr="device-cap" func="equal" match="XMLHttpRequest" />
401                     <resource-match attr="device-cap" func="equal" match="externalNetworkAccess" />
402                 </condition>
403                 <environment-match attr="roaming" match="true" />
404             </condition>
405         </rule>
406
407         <!-- access to power feature -->
408         <rule effect="permit">
409             <condition combine="or">
410                 <resource-match attr="device-cap" func="equal" match="power" />
411             </condition>
412         </rule>
413
414         <!-- access to download feature -->
415         <rule effect="permit">
416             <condition combine="or">
417                 <resource-match attr="device-cap" func="equal" match="download" />
418             </condition>
419         </rule>
420
421         <!-- access to notification feature -->
422         <rule effect="permit">
423             <condition combine="or">
424                 <resource-match attr="device-cap" func="equal" match="notification" />
425             </condition>
426         </rule>
427
428     </policy>
429 </policy-set>
Domain: Web Framework / Uncategorized;