Security/Tizen 2.X Privileges

From Tizen Wiki
Jump to: navigation, search

Privilege

In mandatory access control system, an application which accesses sensitive resources should acquire proper permissions from the system. In Tizen 2.X, permissions can be granted by loading proper Smack rules. For efficiency, rules are grouped by their purposes, such as getting permissions to retrieve contacts information or send text messages, and those grouped rule set with specific purpose are called privilege in Tizen(To get detailed information about Smack rule files, see Smack and smack-privilege-config). By declaring privileges in spec file, such as config.xml or tizen-manifest.xml, an application can ask a grant for the permission set they requires.

How to use privileges

Tizen provides API-level access control for security-sensitive operations which, if not used correctly, can harm user privacy and system stability. Therefore, applications that use such sensitive APIs must declare the required privileges in the tizen-manifest.xml in native application or config.xml in Web application.

Privilege Categorization

There are two types of privileges, core privileges and wrt privileges. Native privilege a.k.a. core privilege is for native application(no OSP privileges in Tizen 2.3) and Web privilege a.k.a. WRT privilege is for Web application. We can categorize privileges in different perspectives.

  1. Privileges can be divided into product and non-product privileges.
    • Product privilege: Stands for product APIs. (http://[manufacturer_specific_url]/tizen/privilege/{name.of.privilege})
    • Non-product: Required by both product and non-product APIs. (http://tizen.org/privilege/{name.of.privilege})
  2. Privileges can be divided according to its hierarchy.
    • Platform: Privileges for platform applications.
    • Partner: Privileges for platform and partner applications.
    • Public: Privileges for platform, partner and public applications. Public is minimum level of application developed by using SDK.
    • NP(Non-privilege): It refers to a default Smack rule set, such as EFL.smack or WRT.smack, for any native/web application(To get more information about EFL.smack and WRT.smack, see smack-privilege-config). NP rules are applied to any application including preloaded app without any declared privileges.

List of Privileges

Native Privileges

The tables below show native privileges in Tizen platform. Product privileges are not described in following tables.

Native Privileges for Mobile Profile

The latest release version of mobile profile is 2.4.

Privilege Level Since Display Name Description
http://tizen.org/privilege/account.read Public 2.3 Reading accounts This application can read accounts.
http://tizen.org/privilege/account.write Public 2.3 Managing accounts This application can create, edit, and delete accounts.
http://tizen.org/privilege/alarm.get Public 2.3 Retrieving alarms This application can read information about your saved alarms.
http://tizen.org/privilege/alarm.set Public 2.3 Setting alarms This application can set alarms and wake the device up at scheduled times.
http://tizen.org/privilege/apphistory.read Public 2.4 Reading application usage statistics This application can read the statistics of application usage, such as which applications have been used frequently or recently.
http://tizen.org/privilege/appmanager.kill Platform 2.3 Closing applications This application can close other applications.
http://tizen.org/privilege/appmanager.kill.bgapp Public 2.4 Closing background applications This application can request to close applications running in the background.
http://tizen.org/privilege/appmanager.launch Public 2.3 Opening and resuming applications This application can open other applications.
http://tizen.org/privilege/bluetooth Public 2.3 Using unrestricted Bluetooth services This application can perform unrestricted actions using Bluetooth, such as scanning for and connecting to other devices.
http://tizen.org/privilege/bluetooth.admin Platform 2.3 Changing Bluetooth settings This application can change Bluetooth settings, such as turning Bluetooth on or off, setting the device name, and enabling or disabling AV remote control.
http://tizen.org/privilege/bookmark.admin Platform 2.3 Accessing Internet bookmarks This application can retrieve, create, edit, and delete Internet bookmarks.
http://tizen.org/privilege/calendar.read Public 2.3 Reading calendar This application can read events and tasks.
http://tizen.org/privilege/calendar.write Public 2.3 Managing calendar This application can create, update, and delete events and tasks.
http://tizen.org/privilege/call Public 2.3 Making phone calls This application can make phone calls to numbers when they are tapped without further confirmation. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/callhistory.read Public 2.3 Reading call logs This application can read call log items.
http://tizen.org/privilege/callhistory.write Public 2.3 Managing call logs This application can create, update, and delete call log items.
http://tizen.org/privilege/camera Public 2.3 Using camera This application can take pictures and turn the camera flash on and off while using Camera.
http://tizen.org/privilege/contact.read Public 2.3 Reading contacts This application can read your profile, contacts, and contact history. Contact history can include social network activity.
http://tizen.org/privilege/contact.write Public 2.3 Managing contacts This application can create, update, and delete your profile, contacts, and any contact history that is related to this application. Contact history can include social network activity.
http://tizen.org/privilege/content.write Public 2.3 Managing content This application can change media information. This information can be used by other applications.
http://tizen.org/privilege/datasharing Public 2.3 Sharing data between applications This application can share data with other applications.
http://tizen.org/privilege/display Public 2.3 Managing display settings This application can manage display settings, such as the brightness. This may increase battery consumption.
http://tizen.org/privilege/download Public 2.3 Downloading via HTTP This application can manage HTTP downloads. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/email Public 2.3 Managing email accounts, mailboxes, and emails This application can manage your email accounts, including your folders and emails, POP3 and IMAP downloads, and SMTP uploads. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/email.admin Platform 2.3 Managing email configurations This application can manage the settings of email applications.
http://tizen.org/privilege/externalstorage Public 2.3 Accessing external storage This application can read and write files that are saved to external storage, such as SD cards.
http://tizen.org/privilege/externalstorage.appdata Public 2.3 Accessing application data in external storage This application can read and write its own files in external storage, such as SD cards.
http://tizen.org/privilege/haptic Public 2.3 Managing vibration feedback This application can control vibration feedback.
http://tizen.org/privilege/healthinfo Public 2.3.1 Reading health information This application can read health information gathered by the device sensors, such as the pedometer and the heart rate monitor.
http://tizen.org/privilege/ime Public 2.4 Providing input methods This application can provide users with a way to enter characters and symbols into an associated text field.
http://tizen.org/privilege/imemanager Public 2.4 Managing input methods This application can manage installed input methods.
http://tizen.org/privilege/inputgenerator Platform 2.4 Generating touch and key events This application can simulate keys being pressed and touch interactions with the screen.
http://tizen.org/privilege/internet Public 2.3 Accessing Internet This application can access the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/keygrab Platform 2.4 Capturing special key events This application can read actions involving special keys, such as the volume keys on this or other devices (e.g. TV remote controls), even when it is running in the background.
http://tizen.org/privilege/keymanager Public 2.3 Using secure repository This application can save keys, certificates, and data to, and retrieve and delete them from, password-protected storage. Checking the statuses of certificates while connected to a mobile network may result in additional charges depending on your payment plan.
http://tizen.org/privilege/keymanager.admin Platform 2.3 Locking/unlocking secure repository This application can lock and unlock password-protected storage, and manage password changes for it. Deprecated since 2.4.
http://tizen.org/privilege/led Public 2.3 Managing LEDs This application can turn LEDs on or off, such as the LED on the front of the device and the camera flash.
http://tizen.org/privilege/location Public 2.3 Using user location This application can use your location data.
http://tizen.org/privilege/location.enable Platform 2.3 Managing location settings This application can control your location service settings.
http://tizen.org/privilege/mapservice Public 2.4 Using map services This application can use map services such as Geocoder, Places, and Route (Direction).
http://tizen.org/privilege/mediacontroller.client Public 2.4 Controlling media player This application can receive information about currently playing media from applications that are allowed to send it, and can control those applications remotely.
http://tizen.org/privilege/mediacontroller.server Public 2.4 Accepting remote controls This application can send information about currently playing media to applications that are allowed to receive it, and can be controlled remotely by those applications.
http://tizen.org/privilege/mediahistory.read Public 2.4 Reading media playback statistics This application can read the statistics concerning the music and videos played on the device, such as the peak times for playing music or videos.
http://tizen.org/privilege/mediastorage Public 2.3 Accessing media folders This application can read and write files in media folders.
http://tizen.org/privilege/message.read Public 2.3 Reading text and multimedia messages and related information This application can read text and multimedia messages, and any information related to them.
http://tizen.org/privilege/message.write Public 2.3 Sending text and multimedia messages and updating their statuses This application can write, send, delete, and move text and multimedia messages, download multimedia messages, and change the settings and statuses of messages, such as read or unread. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/minicontrol.provider Public 2.4 Showing toolbar This application can show a small toolbar on the notification panel or lock screen while it is open.
http://tizen.org/privilege/network.get Public 2.3 Reading network information This application can retrieve network information such as the status of each network, its type, and detailed network profile information.
http://tizen.org/privilege/network.profile Public 2.3 Managing network profiles This application can add, remove, and edit network profiles.
http://tizen.org/privilege/network.set Public 2.3 Managing network connections This application can turn Wi-Fi on and off, and connect to and disconnect from Wi-Fi and mobile networks. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/nfc Public 2.3 Using basic NFC services This application can read and write NFC tag information, and send NFC messages to other devices.
http://tizen.org/privilege/nfc.admin Platform 2.3 Managing NFC general settings This application can change NFC settings, such as turning NFC on or off.
http://tizen.org/privilege/nfc.cardemulation Public 2.3 Using NFC card emulation mode This application can access smart card details, such as credit card details, and allow users to make payments via NFC.
http://tizen.org/privilege/notification Public 2.3 Providing notifications This application can show and hide its own notifications and badges.
http://tizen.org/privilege/packagemanager.admin Platform 2.3 Installing/uninstalling application packages This application can install and uninstall application packages.
http://tizen.org/privilege/packagemanager.clearcache Public 2.4 Clearing other applications' caches This application can clear other applications' caches.
http://tizen.org/privilege/packagemanager.info Public 2.3 Retrieving detailed package information This application can retrieve detailed application package information.
http://tizen.org/privilege/power Public 2.3 Managing power This application can control power-related settings, such as dimming the screen.
http://tizen.org/privilege/push Public 2.3 Receiving push notifications This application can receive notifications via the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/reboot Platform 2.3.1 Restarting device This application can restart the device.
http://tizen.org/privilege/recorder Public 2.3 Recording video and audio This application can record video and audio.
http://tizen.org/privilege/screenshot Platform 2.3 Capturing device screen This application can capture screenshots.
http://tizen.org/privilege/secureelement Public 2.3.1 Accessing secure elements This application can access secure smart card chips such as UICC/SIM, embedded secure elements, and secure SD cards.
http://tizen.org/privilege/shortcut Public 2.3 Managing shortcuts This application can create and delete shortcuts.
http://tizen.org/privilege/systemmonitor Public 2.4 Monitoring system resources This application can read system information, including information from the CPU and RAM.
http://tizen.org/privilege/systemsettings Public 2.3 Managing unrestricted system settings This application can read and write unrestricted system settings. Deprecated since 2.3.1.
http://tizen.org/privilege/systemsettings.admin Platform 2.3 Managing all system settings This application can read and write all system settings.
http://tizen.org/privilege/telephony Public 2.3 Accessing telephony information This application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the statuses of calls.
http://tizen.org/privilege/telephony.admin Platform 2.3 Managing telephony settings This application can manage telephony settings, such as those for incoming and outgoing calls, forwarding and holding calls, networks, and SIM cards.
http://tizen.org/privilege/tethering.admin Platform 2.3 Accessing tethering services This application can enable and disable tethering services. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/volume.set Public 2.3 Adjusting volume This application can adjust the volume for different features, such as notification alerts, ringtones, and media.
http://tizen.org/privilege/web-history.admin Platform 2.3 Managing Internet history This application can manage your Internet history.
http://tizen.org/privilege/widget.viewer Public 2.3.1 Showing widgets This application can show widgets, and information from their associated applications, on the home screen.
http://tizen.org/privilege/wifidirect Public 2.3 Managing Wi-Fi Direct information This application can enable and disable Wi-Fi Direct, manage Wi-Fi Direct connections, and change Wi-Fi Direct settings.
http://tizen.org/privilege/window.priority.set Public 2.3 Displaying windows on top of other applications and screens This application can appear on top of other windows and screens, including the lock screen, according to the order of priority of the windows. This may prevent you from interacting with other applications or screens until the window for this application is closed.

Native Privileges for Wearable Profile

The latest release version of wearable profile is 2.3.1.

Privilege Level Since Display Name Description
http://tizen.org/privilege/alarm.get Public 2.3.1 Retrieving alarms This application can read information about your saved alarms.
http://tizen.org/privilege/alarm.set Public 2.3.1 Setting alarms This application can set alarms and wake up the device at scheduled times.
http://tizen.org/privilege/appmanager.kill Platform 2.3.1 Closing applications This application can close other applications.
http://tizen.org/privilege/appmanager.launch Public 2.3.1 Opening and resuming applications This application can open other applications.
http://tizen.org/privilege/bluetooth Public 2.3.1 Using unrestricted Bluetooth services This application can perform unrestricted actions using Bluetooth, such as scanning for and connecting to other devices.
http://tizen.org/privilege/bluetooth.admin Platform 2.3.1 Changing Bluetooth settings This application can change Bluetooth settings, such as turning Bluetooth on or off, setting the device name, and turning AV remote control on or off.
http://tizen.org/privilege/call Public 2.3.1 Making phone calls This application can make phone calls to numbers when they are tapped without further confirmation. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/callhistory.read Public 2.3.1 Reading call logs This application can read call log items.
http://tizen.org/privilege/callhistory.write Public 2.3.1 Managing call logs This application can create, update, and delete call log items.
http://tizen.org/privilege/camera Public 2.3.1 Using camera This application can take pictures and turn the camera flash on and off while using Camera.
http://tizen.org/privilege/content.write Public 2.3.1 Managing content This application can change media information. This information can be used by other applications.
http://tizen.org/privilege/datasharing Public 2.3.1 Sharing data between applications This application can share data with other applications.
http://tizen.org/privilege/display Public 2.3.1 Managing display settings This application can manage display settings, such as brightness. This may increase battery consumption.
http://tizen.org/privilege/download Public 2.3.1 Downloading via HTTP This application can manage HTTP downloads. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/externalstorage Public 2.3.1 Accessing external storage This application can read and write files that are saved to external storage, such as SD cards.
http://tizen.org/privilege/externalstorage.appdata Public 2.3.1 Accessing application data in external storage This application can read and write its own files in external storage, such as SD cards.
http://tizen.org/privilege/haptic Public 2.3.1 Managing vibration feedback This application can control vibration feedback.
http://tizen.org/privilege/healthinfo Public 2.3.1 Reading health information This application can read health information gathered by the device sensors, such as the pedometer and the heart rate monitor.
http://tizen.org/privilege/internet Public 2.3.1 Accessing Internet This application can access the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/keymanager Public 2.3.1 Using secure repository This application can save keys, certificates, and data to, and retrieve and delete them from, password-protected storage. Checking the statuses of certificates while connected to a mobile network may result in additional charges depending on your payment plan.
http://tizen.org/privilege/keymanager.admin Platform 2.3.1 Locking/unlocking secure repository This application can lock and unlock password-protected storage, and manage password changes for it. Deprecated since 2.4.
http://tizen.org/privilege/led Public 2.3.1 Managing LEDs This application can turn LEDs on or off, such as the LED on the front of the device and the camera flash.
http://tizen.org/privilege/location Public 2.3.1 Using user location This application can use your location data.
http://tizen.org/privilege/location.enable Platform 2.3.1 Managing location settings This application can control your location service settings.
http://tizen.org/privilege/mediastorage Public 2.3.1 Accessing media folders This application can read and write files in media folders.
http://tizen.org/privilege/message.read Public 2.3.1 Reading text and multimedia messages, as well as related information This application can read text and multimedia messages, and any information related to them.
http://tizen.org/privilege/message.write Public 2.3.1 Sending text and multimedia messages, and updating their status This application can write, send, delete, and move text and multimedia messages, download multimedia messages, and change the settings and status of messages, such as read or unread. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/network.get Public 2.3.1 Reading network information This application can retrieve network information such as the status of each network, its type, and detailed network profile information.
http://tizen.org/privilege/network.profile Public 2.3.1 Managing network profiles This application can add, remove, and edit network profiles.
http://tizen.org/privilege/network.set Public 2.3.1 Managing network connections This application can turn Wi-Fi on and off, and connect to and disconnect from Wi-Fi and mobile networks. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/nfc Public 2.3.1 Using basic NFC services This application can read and write NFC tag information, and send NFC messages to other devices.
http://tizen.org/privilege/nfc.admin Platform 2.3.1 Managing NFC general settings This application can change NFC settings, such as turning NFC on or off.
http://tizen.org/privilege/nfc.cardemulation Public 2.3.1 Using NFC card emulation mode This application can access smart card details, such as credit card details, and allow users to make payments via NFC.
http://tizen.org/privilege/notification Public 2.3.1 Providing notifications This application can show and hide its own notifications and badges.
http://tizen.org/privilege/packagemanager.admin Platform 2.3.1 Installing/uninstalling application packages This application can install and uninstall application packages.
http://tizen.org/privilege/packagemanager.info Public 2.3.1 Retrieving detailed package information This application can retrieve detailed application package information.
http://tizen.org/privilege/power Public 2.3.1 Managing power This application can control power-related settings, such as dimming the screen.
http://tizen.org/privilege/push Public 2.3.1 Receiving push notifications This application can receive notifications via the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/reboot Platform 2.3.1 Restarting device This application can restart the device.
http://tizen.org/privilege/recorder Public 2.3.1 Recording audio and video This application can record audio and video.
http://tizen.org/privilege/screenshot Platform 2.3.1 Capturing device screen This application can capture screenshots.
http://tizen.org/privilege/secureelement Public 2.3.1 Accessing secure elements This application can access secure smart card chips such as UICC/SIM, embedded secure elements, and secure SD cards.
http://tizen.org/privilege/systemsettings.admin Platform 2.3.1 Managing all system settings This application can read and write all system settings.
http://tizen.org/privilege/telephony Public 2.3.1 Accessing telephony information This application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the status of calls.
http://tizen.org/privilege/telephony.admin Platform 2.3.1 Managing telephony settings This application can manage telephony settings, such as incoming and outgoing calls, forwarding and holding calls, networks, and SIM cards.
http://tizen.org/privilege/volume.set Public 2.3.1 Adjusting volume This application can adjust the volume for different features, such as notification alerts, ringtones, and media.
http://tizen.org/privilege/widget.viewer Public 2.3.1 Showing widgets This application can show widgets, and information from their associated applications, on the Home screen.
http://tizen.org/privilege/window.priority.set Public 2.3.1 Showing windows on top of other applications and screens This application can appear on top of other windows and screens, including the lock screen, according to the order of priority of the windows. This may prevent you from interacting with other applications or screens until the window for this application is closed.

Web Privileges

The tables below show web privileges in Tizen platform. Product privileges are not described in following tables.

Web Privileges for Mobile Profile

The latest release version of mobile profile is 2.4.

Privilege Level Since Display Name Description
http://tizen.org/privilege/account.read Public 2.3 Reading accounts This application can read accounts.
http://tizen.org/privilege/account.write Public 2.3 Managing accounts This application can create, edit, and delete accounts.
http://tizen.org/privilege/alarm Public 1.0 Managing alarms This application can manage alarms by retrieving saved alarms and waking the device up at scheduled times.
http://tizen.org/privilege/application.info Public 2.2 Retrieving application information This application can retrieve information related to other applications.
http://tizen.org/privilege/application.launch Public 1.0 Opening applications This application can open other applications using the application ID or application control.
http://tizen.org/privilege/appmanager.certificate Partner 2.1 Getting application certificates This application can retrieve specified application certificates.
http://tizen.org/privilege/appmanager.kill Partner 2.1 Closing applications This application can close other applications.
http://tizen.org/privilege/bluetooth Public 2.4 Using unrestricted Bluetooth services This application can perform unrestricted actions using Bluetooth, such as scanning for and connecting to other devices.
http://tizen.org/privilege/bluetooth.admin Public 1.0 Changing Bluetooth settings This application can change Bluetooth settings, such as turning Bluetooth on or off, setting the device name, and turning AV remote control on or off. Deprecated since 2.4.
http://tizen.org/privilege/bluetooth.gap Public 1.0 Using Bluetooth GAP This application can use the Bluetooth Generic Access Profile (GAP) to scan for and pair with devices, for example. Deprecated since 2.4.
http://tizen.org/privilege/bluetooth.health Public 2.2 Using Bluetooth HDP This application can use the Bluetooth Health Device Profile (HDP) to send health information, for example. Deprecated since 2.4.
http://tizen.org/privilege/bluetooth.spp Public 1.0 Using Bluetooth SPP This application can use the Bluetooth Serial Port Profile (SPP) to send serial data, for example. Deprecated since 2.4.
http://tizen.org/privilege/bluetoothmanager Platform 2.1 Managing Bluetooth system settings This application can change Bluetooth system settings related to privacy and security, such as the visibility mode.
http://tizen.org/privilege/bookmark.read Platform 2.1 Reading bookmarks This application can read bookmarks.
http://tizen.org/privilege/bookmark.write Platform 2.1 Managing bookmarks This application can create, edit, and delete bookmarks.
http://tizen.org/privilege/calendar.read Public 1.0 Reading calendar This application can read events and tasks.
http://tizen.org/privilege/calendar.write Public 1.0 Managing calendar This application can create, update, and delete events and tasks.
http://tizen.org/privilege/call Public 2.3 Making phone calls This application can make phone calls to numbers when they are tapped without further confirmation. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/callhistory.read Public 2.0 Reading call logs This application can read call log items.
http://tizen.org/privilege/callhistory.write Public 2.0 Managing call logs This application can create, update, and delete call log items.
http://tizen.org/privilege/contact.read Public 1.0 Reading contacts This application can read your profile, contacts, and contact history. Contact history can include social network activity.
http://tizen.org/privilege/contact.write Public 1.0 Managing contacts This application can create, update, and delete your profile, contacts, and any contact history that is related to this application. Contact history can include social network activity.
http://tizen.org/privilege/content.read Public 2.0 Reading content This application can read media content information.
http://tizen.org/privilege/content.write Public 2.0 Managing content This application can change media information. This information can be used by other applications.
http://tizen.org/privilege/datacontrol.consumer Public 2.1 Accessing exported data This application can read data exported by data control providers.
http://tizen.org/privilege/datasync Public 2.1 Syncing device data This application can sync device data, such as contacts and calendar events, using the OMA DS 1.2 protocol. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/download Public 2.0 Downloading via HTTP This application can manage HTTP downloads. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/filesystem.read Public 1.0 Reading file systems This application can read file systems.
http://tizen.org/privilege/filesystem.write Public 1.0 Writing to file systems This application can write to file systems.
http://tizen.org/privilege/fullscreen Public 2.1 Using full screen view This application can use full screen view.
http://tizen.org/privilege/healthinfo Public 2.3 Reading health information This application can read health information gathered by the device sensors, such as the pedometer and the heart rate monitor.
http://tizen.org/privilege/internet Public 2.3 Accessing Internet This application can access the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/ime Public 2.4 Providing input methods This application can provide users with a way to enter characters and symbols into an associated text field.
http://tizen.org/privilege/led Public 2.4 Managing LEDs This application can turn LEDs on or off, such as the LED on the front of the device and the camera flash.
http://tizen.org/privilege/location Public 2.1 Using user location This application can use your location data.
http://tizen.org/privilege/mediacapture Public 2.1 Capturing media data This application can capture video and audio data.
http://tizen.org/privilege/mediacontroller.client Public 2.4 Controlling media player This application can receive information about currently playing media from applications that are allowed to send it, and can control those applications remotely.
http://tizen.org/privilege/mediacontroller.server Public 2.4 Accepting remote controls This application can send information about currently playing media to applications that are allowed to receive it, and can be controlled remotely by those applications.
http://tizen.org/privilege/messaging.read Public 1.0 Accessing messages This application can retrieve email, text messages, and multimedia messages from the server or receive them directly. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/messaging.write Public 1.0 Writing messages This application can write text messages, multimedia messages, and email. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/networkbearerselection Partner 2.1 Selecting network connection This application can restrict the device so some specific domains can only be accessed via mobile networks. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/nfc.admin Public 2.0 Managing NFC general settings This application can change NFC settings, such as turning NFC on or off.
http://tizen.org/privilege/nfc.cardemulation Public 2.3 Using NFC card emulation mode This application can access smart card details, such as credit card details, and allow users to make payments via NFC.
http://tizen.org/privilege/nfc.common Public 2.0 Using NFC common features This application can use NFC common features.
http://tizen.org/privilege/nfc.p2p Public 1.0 Pushing NFC messages This application can push NFC messages to other devices.
http://tizen.org/privilege/nfc.tag Public 1.0 Reading/writing to NFC tags This application can read and write NFC tag information.
http://tizen.org/privilege/notification Public 2.1 Providing notifications This application can show and hide its own notifications and badges.
http://tizen.org/privilege/package.info Public 2.1 Receiving package information This application can receive package information.
http://tizen.org/privilege/packagemanager.install Platform 2.1 Managing packages This application can install and uninstall application packages.
http://tizen.org/privilege/power Public 2.0 Managing power This application can control power-related settings, such as dimming the screen.
http://tizen.org/privilege/push Public 2.1 Receiving push notifications This application can receive notifications via the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/secureelement Public 2.1 Accessing secure elements This application can access secure smart card chips such as UICC/SIM, embedded secure elements, and secure SD cards.
http://tizen.org/privilege/setting Public 2.0 Accessing user settings This application can change and read user settings.
http://tizen.org/privilege/system Public 2.1 Reading system information This application can read system information.
http://tizen.org/privilege/systemmanager Partner 2.1 Reading secure system information This application can read secure system information. Deprecated since 2.3.1. Use http://tizen.org/privilege/telephony instead of it.
http://tizen.org/privilege/telephony Public 2.3.1 Accessing telephony information This application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the status of calls.
http://tizen.org/privilege/unlimitedstorage Public 2.1 Accessing unlimited storage This application can save its content to your device storage or external storage locations, such as SD cards, with no limit on the content's size.
http://tizen.org/privilege/volume.set Public 2.3 Adjusting volume This application can adjust the volume for different features, such as notification alerts, ringtones, and media.
http://tizen.org/privilege/websetting Public 2.2 Managing Web application settings This application can change its web application settings, including deleting its cookies. Deprecated since 2.4.

Web Privileges for Wearable Profile

The latest release version of wearable profile is 2.3.1.

Privilege Level Since Display Name Description
http://tizen.org/privilege/alarm Public 1.0 Managing alarms This application can manage alarms by retrieving saved alarms and waking the device up at scheduled times.
http://tizen.org/privilege/application.info Public 2.2 Retrieving application information This application can retrieve information related to other applications.
http://tizen.org/privilege/application.launch Public 1.0 Opening applications This application can open other applications using the application ID or application control.
http://tizen.org/privilege/appmanager.certificate Partner 2.1 Getting application certificates This application can retrieve specified application certificates.
http://tizen.org/privilege/appmanager.kill Partner 2.1 Closing applications This application can close other applications.
http://tizen.org/privilege/audiorecorder Public 2.3 Recording audio This application can manage audio recordings.
http://tizen.org/privilege/bluetooth.admin Public 2.3.1 Changing Bluetooth settings This application can change Bluetooth settings, such as turning Bluetooth on or off, setting the device name, and turning AV remote control on or off. Deprecated since 2.4.
http://tizen.org/privilege/bluetooth.gap Public 2.3.1 Using Bluetooth GAP This application can use the Bluetooth Generic Access Profile (GAP) to scan for and pair with devices, for example. Deprecated since 2.4.
http://tizen.org/privilege/bluetooth.health Public 2.3.1 Using Bluetooth HDP This application can use the Bluetooth Health Device Profile (HDP) to send health information, for example. Deprecated since 2.4.
http://tizen.org/privilege/bluetooth.spp Public 2.3.1 Using Bluetooth SPP This application can use the Bluetooth Serial Port Profile (SPP) to send serial data, for example. Deprecated since 2.4.
http://tizen.org/privilege/bluetoothmanager Platform 2.3.1 Managing Bluetooth system settings This application can change Bluetooth system settings related to privacy and security, such as the visibility mode.
http://tizen.org/privilege/call Public 2.3 Making phone calls This application can make phone calls to numbers when they are tapped without further confirmation. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/camera Public 2.3 Using camera This application can take pictures and turn the camera flash on and off while using Camera.
http://tizen.org/privilege/content.read Public 2.0 Reading content This application can read media content information.
http://tizen.org/privilege/content.write Public 2.0 Managing content This application can change media information. This information can be used by other applications.
http://tizen.org/privilege/download Public 2.0 Downloading via HTTP This application can manage HTTP downloads. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/filesystem.read Public 1.0 Reading file systems This application can read file systems.
http://tizen.org/privilege/filesystem.write Public 1.0 Writing to file systems This application can write to file systems.
http://tizen.org/privilege/healthinfo Public 2.3 Reading health information This application can read health information gathered by the device sensors, such as the pedometer and the heart rate monitor.
http://tizen.org/privilege/internet Public 2.3 Accessing Internet This application can access the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/location Public 2.1 Using user location This application can use your location data.
http://tizen.org/privilege/mediacapture Public 2.1 Capturing media data This application can capture video and audio data.
http://tizen.org/privilege/nfc.admin Public 2.3.1 Managing NFC general settings This application can change NFC settings, such as turning NFC on or off.
http://tizen.org/privilege/nfc.cardemulation Public 2.3.1 Using NFC card emulation mode This application can access smart card details, such as credit card details, and allow users to make payments via NFC.
http://tizen.org/privilege/nfc.common Public 2.3.1 Using NFC common features This application can use NFC common features.
http://tizen.org/privilege/nfc.p2p Public 2.3.1 Pushing NFC messages This application can push NFC messages to other devices.
http://tizen.org/privilege/nfc.tag Public 2.3.1 Reading/writing to NFC tags This application can read and write NFC tag information.
http://tizen.org/privilege/notification Public 2.1 Providing notifications This application can show and hide its own notifications and badges.
http://tizen.org/privilege/package.info Public 2.1 Receiving package information This application can receive package information.
http://tizen.org/privilege/packagemanager.install Platform 2.1 Managing packages This application can install and uninstall application packages.
http://tizen.org/privilege/power Public 2.0 Managing power This application can control power-related settings, such as dimming the screen.
http://tizen.org/privilege/push Public 2.3.1 Receiving push notifications This application can receive notifications via the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/secureelement Public 2.3.1 Accessing secure elements This application can access secure smart card chips such as UICC/SIM, embedded secure elements, and secure SD cards.
http://tizen.org/privilege/setting Public 2.0 Accessing user settings This application can change and read user settings.
http://tizen.org/privilege/system Public 2.1 Reading system information This application can read system information.
http://tizen.org/privilege/systemmanager Partner 2.1 Reading secure system information This application can read secure system information. Deprecated since 2.3.1. Use http://tizen.org/privilege/telephony instead of it.
http://tizen.org/privilege/telephony Public 2.3.1 Accessing telephony information This application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the status of calls.
http://tizen.org/privilege/unlimitedstorage Public 2.1 Accessing unlimited storage This application can save its content to your device storage or external storage locations, such as SD cards, with no limit on the content's size.
http://tizen.org/privilege/volume.set Public 2.3 Adjusting volume This application can adjust the volume for different features, such as notification alerts, ringtones, and media.

Adding custom privileges

Each manufacturer can define its own service and asset by its business requirements, so there is a strong requirement to support defining of custom privileges into specific Tizen devices. In Tizen 2.X, it's relatively easy to define a new privilege and protect from unauthorized access. However, defining a new privilege is very important for security and requires great caution. The manufacturer is responsible for any security breaches from incorrect design and implementation of custom privilege.

Following sub section is the recommended process to define custom privileges for a specific Tizen device.

API selection

Most of the Tizen privileges are mapped to corresponding API. This is not because Tizen security is implemented on API layer but because of application development convenience. Some of the privileges such as http://tizen.org/privilege/internet or http://tizen.org/privilege/mediastorage don't have mapped API because they are purely resource based privileges. List for those privileges. This step will be straightforward for the manufacturer because the custom privilege will be required based on their business requirement.

Resource finding & definition

Once you selected APIs need to protect, you have to find out the resources which are accessed by the API call. Since Tizen 2.X uses Smack for the access control mechanism, finding resource is very important. Resources can be any of the resources that Smack can recognize (such as file, socket, device, signal) or service daemon.

After finding the resources you should define the granularity of the resources to be protected. You can group everything to a single privilege, or you can divide them into multiple groups to provide more fine grained access control. For example, you can define either access_protected_resource, or divide into read_protected_resource and write_protected_resource. This procedure is very important because once you release the custom privileges into public, there is no way to revert back and you have to support the developers until the product is available in market.

If the resource you found is already exist and already defined for other privilege, there is no need to define a new privilege because there is no way to separate existing and newly defined privilege. If you still want to separate the privilege, you have to separate the resource first. There is no work-around on this issue.


Note

Note: If you don't have any specific resource for the APIs, it does not make sense to define a new privilege because there is nothing to protect.


Note

Note: You have to find out all the possible resources that can be accessed by the APIs. If you miss some of them, then your privilege cannot protect all the assets or your API may not work properly.


Access control mechanism selection & enforcement

Once you found and defined the resources to protect, you should select proper access control mechanism. Tizen supports Smack, user-space access control, and security server.

If you select the mechanism, you should enforce the access control mechanism. You should define a new Smack label for the resource, label them, and you should communicate with related developers to aware of new policy added to make additional Smack rules on related modules Smack manifest or rule files.

Privilege information defining

After you finished access control enforcement, you should define the privilege name, level and information. You should follow the naming rule and privilege level defined above. As well, you should define privilege information and display name to show the privilege during installation and application management setting. This is done by privilege-info, so you should modify it.

This step is also very important that released privilege name must be remained until you deprecate the APIs, and privilege information should be clear to be understood by normal user.

smack-to-privilege modification

After you finish to define privilege name and information, you should modify smack-privilege-config to allow application to access the resource.

Integration with SDK & documentation

Once you finish everything above, you have to integrate the new privilege and APIs into your extension of SDK, as well as API documentation to allow application developer aware about the privilege. However, this step is out of scope of the Tizen security.