diff options
| author | brianjjones <brian.j.jones@intel.com> | 2014-03-31 15:10:30 -0700 |
|---|---|---|
| committer | brianjjones <brian.j.jones@intel.com> | 2014-03-31 15:14:04 -0700 |
| commit | 00c4acd2a3607f8b2e6884dc1b85f111b18ddef5 (patch) | |
| tree | d683544f98630ef30373a33af47eef17d7d1f60b | |
| parent | d72e51c3bae516ef2ff86a56be41002113bee3f3 (diff) | |
| download | wrt-security-accepted/tizen_ivi.tar.gz wrt-security-accepted/tizen_ivi.tar.bz2 wrt-security-accepted/tizen_ivi.zip | |
Further changes needed to fix TIVI-2937submit/tizen_ivi_release/20140331.232156submit/tizen/20140331.232212accepted/tizen/ivi/release/20140331.231902accepted/tizen/ivi/panda/20140331.232001accepted/tizen/ivi/20140401.174335accepted/tizen/generic/20140402.145943accepted/tizen_ivi_pandaaccepted/tizen_iviaccepted/tizen_generic
Change-Id: I8e01d0bcbe375372f5cdcbdcfced34ef9db07d61
Signed-off-by: brianjjones <brian.j.jones@intel.com>
| -rw-r--r-- | ace/configuration/TizenPolicy.xml | 82 | ||||
| -rw-r--r-- | packaging/wrt-security.changes | 3 |
2 files changed, 78 insertions, 7 deletions
diff --git a/ace/configuration/TizenPolicy.xml b/ace/configuration/TizenPolicy.xml index ffaa9f8..dd02e58 100644 --- a/ace/configuration/TizenPolicy.xml +++ b/ace/configuration/TizenPolicy.xml @@ -84,6 +84,14 @@ </condition> </rule> + <!-- access to package --> + <rule effect="permit"> + <condition combine="or"> + <resource-match attr="device-cap" func="equal" match="packagemanager.install" /> + <resource-match attr="device-cap" func="equal" match="package.info" /> + </condition> + </rule> + <!-- access to bluetooth --> <rule effect="permit"> <condition combine="or"> @@ -260,7 +268,7 @@ <resource-match attr="device-cap" func="equal" match="contentmanager.write" /> </condition> </rule> - + <!-- access to external network --> <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp --> <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC --> @@ -282,7 +290,7 @@ <environment-match attr="roaming" match="true" /> </condition> </rule> - --> + --> <rule effect="deny" /> @@ -540,7 +548,7 @@ <resource-match attr="device-cap" func="equal" match="contentmanager.write" /> </condition> </rule> - + <!-- access to external network --> <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp --> <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC --> @@ -563,7 +571,7 @@ </condition> </rule> --> - + <rule effect="deny" /> </policy> @@ -586,7 +594,7 @@ sha-1 5A:C1:18:AC:6E:C7:EA:27:59:7D:5F:5A:1D:19:85:3D:A2:95:D5:18 </subject-match> </subject> - </target> + </target> <rule effect="permit"> <condition combine="or"> @@ -795,7 +803,7 @@ <resource-match attr="device-cap" func="equal" match="contentmanager.write" /> </condition> </rule> - + <!-- access to external network --> <!-- XMLHttpRequestTizen and externalNetworkAccessTizen defined for Tizen Webapp --> <!-- Function of two capabilities are same to XMLHttpRequest and externalNetworkAccess of WAC --> @@ -818,13 +826,73 @@ </condition> </rule> --> - + <rule effect="deny" /> </policy> <policy id="Tizen-Policy-Untrusted" description="Tizen's policy for untrusted domain" combine="permit-overrides"> <!-- Specific Untrusted Policy for Tizen --> + <rule effect="permit"> + <condition combine="or"> + <resource-match attr="device-cap" func="equal" match="tizen" /> + </condition> + </rule> + + <rule effect="permit"> + <condition combine="or"> + <resource-match attr="device-cap" func="equal" match="speech" /> + </condition> + </rule> + + <!-- access to application --> + <rule effect="permit"> + <condition combine="or"> + <resource-match attr="device-cap" func="equal" match="application.launch" /> + <resource-match attr="device-cap" func="equal" match="application.info" /> + </condition> + </rule> + + <!-- access to package --> + <rule effect="permit"> + <condition combine="or"> + <resource-match attr="device-cap" func="equal" match="packagemanager.install" /> + <resource-match attr="device-cap" func="equal" match="package.info" /> + </condition> + </rule> + + <!-- access to bluetooth --> + <rule effect="permit"> + <condition combine="or"> + <resource-match attr="device-cap" func="equal" match="bluetooth.admin" /> + <resource-match attr="device-cap" func="equal" match="bluetooth.gap" /> + <resource-match attr="device-cap" func="equal" match="bluetooth.spp" /> + <resource-match attr="device-cap" func="equal" match="bluetooth.health" /> + </condition> + </rule> + + <!-- access to content --> + <rule effect="permit"> + <condition combine="or"> + <resource-match attr="device-cap" func="equal" match="content.read" /> + <resource-match attr="device-cap" func="equal" match="content.write" /> + </condition> + </rule> + + <!-- access to download feature --> + + <rule effect="permit"> + <condition combine="or"> + <resource-match attr="device-cap" func="equal" match="download" /> + </condition> + </rule> + + <rule effect="permit"> + <condition combine="or"> + <resource-match attr="device-cap" func="equal" match="filesystem.read" /> + <resource-match attr="device-cap" func="equal" match="filesystem.write" /> + </condition> + </rule> <rule effect="deny" /> </policy> diff --git a/packaging/wrt-security.changes b/packaging/wrt-security.changes index 51c54fe..7af167c 100644 --- a/packaging/wrt-security.changes +++ b/packaging/wrt-security.changes @@ -1,3 +1,6 @@ +* Mon Mar 31 2014 brianjjones <brian.j.jones@intel.com> accepted/tizen/ivi/20140328.205938@8643daf +- Further changes needed to fix TIVI-2937 + * Wed Oct 23 2013 Hyunwoo Kim <hwlove.kim@samsung.com> - Delete corresponding application data (AceAcceptedFeature, AceRequestedDevCaps) in ace DB when the application is deleted. |