Security/Tizen 2.X tizen-security-policy

From Tizen Wiki
Jump to: navigation, search

Introduction

To differentiate root CA certificates for each project, we moved some resources from wrt-security and named it as tizen-security-policy. tizen-security-policy package contains resource (certificates and policy xml files) only.
All resources are listed up by release mode.

  • emulator
  • engineer
  • user


Resource users

Root CA Certificates

Installation destination

  • /usr/share/cert-svc/certs/code-signing/[tizen|wac]/ in target device.

Root CA Certificates are used by shell script(add-fingerprint.sh) in package itself.

Device Capability Policy

Installation destination

  • TizenPolicy.xml : /usr/etc/ace/
  • fingerprint_list.xml : /usr/share/wrt-engine/


TizenPolicy.xml

  • Privilege level of device capability are defined.
  • All definitions are categorized by subject([None|Public|Partner|Platform]).
  • Subject of web application are determined by root CA certificate fingerprint of application signer.
  • Fingerprints in Subject tag are added in package install time by shell script 'add-fingerprint-wrt.sh'
  • Used by wrt-security-daemon(in wrt-security package)

Tizen 2.x security policy file.PNG

fingerprint_list.xml

  • Fingerprints and privilege level of Root CA certificates(in package itself) are defined.
  • Privilege level of web application is determined by information defined here.
  • Contents are filled in package install time by shell script 'add-fingerprint.sh'
  • Used by wrt-security-daemon(in wrt-security package)

Tizen 2.x security policy fingerprint list.PNG