From 87b81b24f51f6618d201bd30b221fbbfec890709 Mon Sep 17 00:00:00 2001
From: Krzysztof Sasiak <k.sasiak@samsung.com>
Date: Thu, 27 Nov 2014 11:02:44 +0100
Subject: [PATCH] Add security-manager policy for user types

Change-Id: I1c5ea026fe3b69ec0d2ba1338ded1033ad5db6b2
---
 packaging/security-manager.spec | 14 ++++++++++
 policy/usertype-admin.profile   | 60 +++++++++++++++++++++++++++++++++++++++++
 policy/usertype-guest.profile   | 60 +++++++++++++++++++++++++++++++++++++++++
 policy/usertype-normal.profile  | 60 +++++++++++++++++++++++++++++++++++++++++
 policy/usertype-system.profile  | 60 +++++++++++++++++++++++++++++++++++++++++
 5 files changed, 254 insertions(+)
 create mode 100644 policy/usertype-admin.profile
 create mode 100644 policy/usertype-guest.profile
 create mode 100644 policy/usertype-normal.profile
 create mode 100644 policy/usertype-system.profile

diff --git a/packaging/security-manager.spec b/packaging/security-manager.spec
index cd68faa..817bc3d 100644
--- a/packaging/security-manager.spec
+++ b/packaging/security-manager.spec
@@ -44,6 +44,14 @@ Requires:   libsecurity-manager-client = %{version}-%{release}
 %description -n libsecurity-manager-client-devel
 Development files needed for using the security manager client
 
+%package -n security-manager-policy
+Summary:    Security manager policy
+Group:      Security/Development
+Requires:   security-manager = %{version}-%{release}
+
+%description -n security-manager-policy
+Set of security rules that constitute security policy in the system
+
 %prep
 %setup -q
 cp %{SOURCE1} .
@@ -73,6 +81,8 @@ cp LICENSE %{buildroot}/usr/share/license/%{name}
 cp LICENSE %{buildroot}/usr/share/license/libsecurity-manager-client
 mkdir -p %{buildroot}/%{TZ_SYS_SMACK}
 cp app-rules-template.smack %{buildroot}/%{TZ_SYS_SMACK}
+mkdir -p %{buildroot}/usr/share/security-manager
+cp -rf policy %{buildroot}/usr/share/security-manager
 %make_install
 
 mkdir -p %{buildroot}/%{_unitdir}/multi-user.target.wants
@@ -144,3 +154,7 @@ fi
 %{_libdir}/libsecurity-manager-commons.so
 %{_includedir}/security-manager/security-manager.h
 %{_libdir}/pkgconfig/security-manager.pc
+
+%files -n security-manager-policy
+%manifest %{name}.manifest
+/usr/share/security-manager/policy
diff --git a/policy/usertype-admin.profile b/policy/usertype-admin.profile
new file mode 100644
index 0000000..40c43e1
--- /dev/null
+++ b/policy/usertype-admin.profile
@@ -0,0 +1,60 @@
+'Admin usertype permissions
+'app	permission
+*	http://tizen.org/privilege/account.read
+*	http://tizen.org/privilege/account.write
+*	http://tizen.org/privilege/alarm.get
+*	http://tizen.org/privilege/alarm.set
+*	http://tizen.org/privilege/appmanager.kill
+*	http://tizen.org/privilege/appmanager.launch
+*	http://tizen.org/privilege/bluetooth
+*	http://tizen.org/privilege/bluetooth.admin
+*	http://tizen.org/privilege/bookmark.admin
+*	http://tizen.org/privilege/calendar.read
+*	http://tizen.org/privilege/calendar.write
+*	http://tizen.org/privilege/call
+*	http://tizen.org/privilege/callhistory.read
+*	http://tizen.org/privilege/callhistory.write
+*	http://tizen.org/privilege/camera
+*	http://tizen.org/privilege/contact.read
+*	http://tizen.org/privilege/contact.write
+*	http://tizen.org/privilege/content.write
+*	http://tizen.org/privilege/datasharing
+*	http://tizen.org/privilege/display
+*	http://tizen.org/privilege/download
+*	http://tizen.org/privilege/email
+*	http://tizen.org/privilege/email.admin
+*	http://tizen.org/privilege/externalstorage
+*	http://tizen.org/privilege/externalstorage.appdata
+*	http://tizen.org/privilege/haptic
+*	http://tizen.org/privilege/internet
+*	http://tizen.org/privilege/keymanager
+*	http://tizen.org/privilege/keymanager.admin
+*	http://tizen.org/privilege/led
+*	http://tizen.org/privilege/location
+*	http://tizen.org/privilege/location.enable
+*	http://tizen.org/privilege/mediastorage
+*	http://tizen.org/privilege/message.read
+*	http://tizen.org/privilege/message.write
+*	http://tizen.org/privilege/network.get
+*	http://tizen.org/privilege/network.profile
+*	http://tizen.org/privilege/network.set
+*	http://tizen.org/privilege/nfc
+*	http://tizen.org/privilege/nfc.admin
+*	http://tizen.org/privilege/nfc.cardemulation
+*	http://tizen.org/privilege/notification
+*	http://tizen.org/privilege/packagemanager.admin
+*	http://tizen.org/privilege/packagemanager.info
+*	http://tizen.org/privilege/power
+*	http://tizen.org/privilege/push
+*	http://tizen.org/privilege/recorder
+*	http://tizen.org/privilege/screenshot
+*	http://tizen.org/privilege/shortcut
+*	http://tizen.org/privilege/systemsettings
+*	http://tizen.org/privilege/systemsettings.admin
+*	http://tizen.org/privilege/telephony
+*	http://tizen.org/privilege/telephony.admin
+*	http://tizen.org/privilege/tethering.admin
+*	http://tizen.org/privilege/volume.set
+*	http://tizen.org/privilege/web-history.admin
+*	http://tizen.org/privilege/wifidirect
+*	http://tizen.org/privilege/window.priority.set
diff --git a/policy/usertype-guest.profile b/policy/usertype-guest.profile
new file mode 100644
index 0000000..3d40722
--- /dev/null
+++ b/policy/usertype-guest.profile
@@ -0,0 +1,60 @@
+'Guest usertype permissions
+'app	permission
+*	http://tizen.org/privilege/account.read
+*	http://tizen.org/privilege/account.write
+*	http://tizen.org/privilege/alarm.get
+*	http://tizen.org/privilege/alarm.set
+*	http://tizen.org/privilege/appmanager.kill
+*	http://tizen.org/privilege/appmanager.launch
+*	http://tizen.org/privilege/bluetooth
+*	http://tizen.org/privilege/bluetooth.admin
+*	http://tizen.org/privilege/bookmark.admin
+*	http://tizen.org/privilege/calendar.read
+*	http://tizen.org/privilege/calendar.write
+*	http://tizen.org/privilege/call
+*	http://tizen.org/privilege/callhistory.read
+*	http://tizen.org/privilege/callhistory.write
+*	http://tizen.org/privilege/camera
+*	http://tizen.org/privilege/contact.read
+*	http://tizen.org/privilege/contact.write
+*	http://tizen.org/privilege/content.write
+*	http://tizen.org/privilege/datasharing
+*	http://tizen.org/privilege/display
+*	http://tizen.org/privilege/download
+*	http://tizen.org/privilege/email
+*	http://tizen.org/privilege/email.admin
+*	http://tizen.org/privilege/externalstorage
+*	http://tizen.org/privilege/externalstorage.appdata
+*	http://tizen.org/privilege/haptic
+*	http://tizen.org/privilege/internet
+*	http://tizen.org/privilege/keymanager
+*	http://tizen.org/privilege/keymanager.admin
+*	http://tizen.org/privilege/led
+*	http://tizen.org/privilege/location
+*	http://tizen.org/privilege/location.enable
+*	http://tizen.org/privilege/mediastorage
+*	http://tizen.org/privilege/message.read
+*	http://tizen.org/privilege/message.write
+*	http://tizen.org/privilege/network.get
+*	http://tizen.org/privilege/network.profile
+*	http://tizen.org/privilege/network.set
+*	http://tizen.org/privilege/nfc
+*	http://tizen.org/privilege/nfc.admin
+*	http://tizen.org/privilege/nfc.cardemulation
+*	http://tizen.org/privilege/notification
+*	http://tizen.org/privilege/packagemanager.admin
+*	http://tizen.org/privilege/packagemanager.info
+*	http://tizen.org/privilege/power
+*	http://tizen.org/privilege/push
+*	http://tizen.org/privilege/recorder
+*	http://tizen.org/privilege/screenshot
+*	http://tizen.org/privilege/shortcut
+*	http://tizen.org/privilege/systemsettings
+*	http://tizen.org/privilege/systemsettings.admin
+*	http://tizen.org/privilege/telephony
+*	http://tizen.org/privilege/telephony.admin
+*	http://tizen.org/privilege/tethering.admin
+*	http://tizen.org/privilege/volume.set
+*	http://tizen.org/privilege/web-history.admin
+*	http://tizen.org/privilege/wifidirect
+*	http://tizen.org/privilege/window.priority.set
diff --git a/policy/usertype-normal.profile b/policy/usertype-normal.profile
new file mode 100644
index 0000000..365b3f2
--- /dev/null
+++ b/policy/usertype-normal.profile
@@ -0,0 +1,60 @@
+'Normal usertype permissions
+'app	permission
+*	http://tizen.org/privilege/account.read
+*	http://tizen.org/privilege/account.write
+*	http://tizen.org/privilege/alarm.get
+*	http://tizen.org/privilege/alarm.set
+*	http://tizen.org/privilege/appmanager.kill
+*	http://tizen.org/privilege/appmanager.launch
+*	http://tizen.org/privilege/bluetooth
+*	http://tizen.org/privilege/bluetooth.admin
+*	http://tizen.org/privilege/bookmark.admin
+*	http://tizen.org/privilege/calendar.read
+*	http://tizen.org/privilege/calendar.write
+*	http://tizen.org/privilege/call
+*	http://tizen.org/privilege/callhistory.read
+*	http://tizen.org/privilege/callhistory.write
+*	http://tizen.org/privilege/camera
+*	http://tizen.org/privilege/contact.read
+*	http://tizen.org/privilege/contact.write
+*	http://tizen.org/privilege/content.write
+*	http://tizen.org/privilege/datasharing
+*	http://tizen.org/privilege/display
+*	http://tizen.org/privilege/download
+*	http://tizen.org/privilege/email
+*	http://tizen.org/privilege/email.admin
+*	http://tizen.org/privilege/externalstorage
+*	http://tizen.org/privilege/externalstorage.appdata
+*	http://tizen.org/privilege/haptic
+*	http://tizen.org/privilege/internet
+*	http://tizen.org/privilege/keymanager
+*	http://tizen.org/privilege/keymanager.admin
+*	http://tizen.org/privilege/led
+*	http://tizen.org/privilege/location
+*	http://tizen.org/privilege/location.enable
+*	http://tizen.org/privilege/mediastorage
+*	http://tizen.org/privilege/message.read
+*	http://tizen.org/privilege/message.write
+*	http://tizen.org/privilege/network.get
+*	http://tizen.org/privilege/network.profile
+*	http://tizen.org/privilege/network.set
+*	http://tizen.org/privilege/nfc
+*	http://tizen.org/privilege/nfc.admin
+*	http://tizen.org/privilege/nfc.cardemulation
+*	http://tizen.org/privilege/notification
+*	http://tizen.org/privilege/packagemanager.admin
+*	http://tizen.org/privilege/packagemanager.info
+*	http://tizen.org/privilege/power
+*	http://tizen.org/privilege/push
+*	http://tizen.org/privilege/recorder
+*	http://tizen.org/privilege/screenshot
+*	http://tizen.org/privilege/shortcut
+*	http://tizen.org/privilege/systemsettings
+*	http://tizen.org/privilege/systemsettings.admin
+*	http://tizen.org/privilege/telephony
+*	http://tizen.org/privilege/telephony.admin
+*	http://tizen.org/privilege/tethering.admin
+*	http://tizen.org/privilege/volume.set
+*	http://tizen.org/privilege/web-history.admin
+*	http://tizen.org/privilege/wifidirect
+*	http://tizen.org/privilege/window.priority.set
diff --git a/policy/usertype-system.profile b/policy/usertype-system.profile
new file mode 100644
index 0000000..2cd6360
--- /dev/null
+++ b/policy/usertype-system.profile
@@ -0,0 +1,60 @@
+'System usertype permissions
+'app	permission
+*	http://tizen.org/privilege/account.read
+*	http://tizen.org/privilege/account.write
+*	http://tizen.org/privilege/alarm.get
+*	http://tizen.org/privilege/alarm.set
+*	http://tizen.org/privilege/appmanager.kill
+*	http://tizen.org/privilege/appmanager.launch
+*	http://tizen.org/privilege/bluetooth
+*	http://tizen.org/privilege/bluetooth.admin
+*	http://tizen.org/privilege/bookmark.admin
+*	http://tizen.org/privilege/calendar.read
+*	http://tizen.org/privilege/calendar.write
+*	http://tizen.org/privilege/call
+*	http://tizen.org/privilege/callhistory.read
+*	http://tizen.org/privilege/callhistory.write
+*	http://tizen.org/privilege/camera
+*	http://tizen.org/privilege/contact.read
+*	http://tizen.org/privilege/contact.write
+*	http://tizen.org/privilege/content.write
+*	http://tizen.org/privilege/datasharing
+*	http://tizen.org/privilege/display
+*	http://tizen.org/privilege/download
+*	http://tizen.org/privilege/email
+*	http://tizen.org/privilege/email.admin
+*	http://tizen.org/privilege/externalstorage
+*	http://tizen.org/privilege/externalstorage.appdata
+*	http://tizen.org/privilege/haptic
+*	http://tizen.org/privilege/internet
+*	http://tizen.org/privilege/keymanager
+*	http://tizen.org/privilege/keymanager.admin
+*	http://tizen.org/privilege/led
+*	http://tizen.org/privilege/location
+*	http://tizen.org/privilege/location.enable
+*	http://tizen.org/privilege/mediastorage
+*	http://tizen.org/privilege/message.read
+*	http://tizen.org/privilege/message.write
+*	http://tizen.org/privilege/network.get
+*	http://tizen.org/privilege/network.profile
+*	http://tizen.org/privilege/network.set
+*	http://tizen.org/privilege/nfc
+*	http://tizen.org/privilege/nfc.admin
+*	http://tizen.org/privilege/nfc.cardemulation
+*	http://tizen.org/privilege/notification
+*	http://tizen.org/privilege/packagemanager.admin
+*	http://tizen.org/privilege/packagemanager.info
+*	http://tizen.org/privilege/power
+*	http://tizen.org/privilege/push
+*	http://tizen.org/privilege/recorder
+*	http://tizen.org/privilege/screenshot
+*	http://tizen.org/privilege/shortcut
+*	http://tizen.org/privilege/systemsettings
+*	http://tizen.org/privilege/systemsettings.admin
+*	http://tizen.org/privilege/telephony
+*	http://tizen.org/privilege/telephony.admin
+*	http://tizen.org/privilege/tethering.admin
+*	http://tizen.org/privilege/volume.set
+*	http://tizen.org/privilege/web-history.admin
+*	http://tizen.org/privilege/wifidirect
+*	http://tizen.org/privilege/window.priority.set
-- 
2.7.4