Security:Tizen 3.0 Core Privileges
Contents
Tizen 3.0 Core privileges
This page contains information about abstract set of strings, known as privileges, that will identify permissions assigned to Tizen 3.0 (and beyond) applications.
Why this list?
In Tizen 3.0 we decided that desired way to perform some sensitive actions on behalf of application is to introduce client-service model. We chose to check if access to such service is allowed by performing a user-space access check with Cynara module. Because of this, we need to define abstract names for functionalities that Tizen OS will expose - applications will be granted permissions with granularity defined by this list of privileges.
Where these privileges will be used and how?
Most importantly, privileges from list below will be used during each new app installation procedure. Each new app in the system should be properly registered with its set of privileges - for example, each Tizen 3.0 web app will get installed by Crosswalk installer, meaning that Crosswalk installer should properly parse applications manifest and setup privileges for Cynara using Security-Manager's API (details on relation between Security-Manager and Cynara can be found here).
Privileges will be also used in places like email service, bluetooth service, contacts service, Crosswalk's browser process, etc. - anywhere in Tizen where a service is performing privileged action on behalf of an application. If a service performs actions defined as privileged, then it must be able to associate a privilege with each of its API and make a Cynara check with proper arguments. Alternative is to provide a DBus/Cynara xml configuration that will map DBus method calls to privileges so that DBus daemon will perform the Cynara check. Work on DBus+Cynara patches is in progress and should be published on the [Dev] mailing list soon.
What about different types of applications? Backward compatibility?
Different types of applications will probably want to define their own custom-privileges to support the same application packages on many OSes. It should be applications framework duty to properly translate these specific privileges to Core privileges upon installation.
Tizen 3.0 will supports traditional native and web privileges like just it had been before. If an app with native or web privileges is installed, the application framework (compiled & working in newest version of Tizen) should match those privileges that came with applications manifest to currently supported privileges that underlying system understands.
The Core privileges list
Privileges are categorized into 3 levels according to the required certificate signature. The public level is the minimum privilege level, which means that any application developed using the Tizen Studio can use these privileges. The partner level privileges require at least a partner-signed certificate which is granted to developers who have a business relationship with the vendor. The platform level is the highest privilege level, and an application that needs these privileges requires at least a platform-signed certificate, which is granted to vendor developers. For user notification of the privilege, "Display Name" and "Description" are used. "Display Name" provides privilege information in a simple present participle form and "Description" provides detailed information on permissions, including accessible resources and functionality, that the application can get with the privilege. Detailed information also contains notification related to billing or device performance, such as cost or increase battery consumption.
Privilege | Level | Display Name | Description |
---|---|---|---|
http://tizen.org/privilege/account.read | Public | Reading accounts | This application can read accounts. |
http://tizen.org/privilege/account.write | Public | Managing accounts | This application can create, edit, and delete accounts. |
http://tizen.org/privilege/alarm.get | Public | Retrieving alarms | This application can read information about your saved alarms. |
http://tizen.org/privilege/alarm.set | Public | Setting alarms | This application can set alarms and wake up the device at scheduled times. |
http://tizen.org/privilege/antivirus.admin | Platform | Managing antivirus programs and detected malware | This application can enable or disable antivirus programs and manage detected malware. |
http://tizen.org/privilege/antivirus.scan | Partner | Scanning for viruses | This application can request to scan files in any other applications or on the device to detect harmful content. |
http://tizen.org/privilege/antivirus.webprotect | Partner | Checking for web address reputation | This application can check the reputation of a web address and determine whether or not accessing it could put your device at risk. |
http://tizen.org/privilege/appdir.shareddata | Public | Creating files in shared data directory | This application can create a shared directory and files within it, which all other applications can read. |
http://tizen.org/privilege/apphistory.read | Public | Reading application usage statistics | This application can read the statistics of application usage, such as which applications have been used frequently or recently. |
http://tizen.org/privilege/appmanager.kill | Platform | Closing applications | This application can close other applications. |
http://tizen.org/privilege/appmanager.kill.bgapp | Public | Closing background applications | This application can request to close applications running in the background. |
http://tizen.org/privilege/appmanager.launch | Public | Opening and resuming applications | This application can open other applications. |
http://tizen.org/privilege/bluetooth | Public | Using unrestricted Bluetooth services | This application can perform unrestricted actions using Bluetooth, such as scanning for and connecting to other devices. |
http://tizen.org/privilege/bluetooth.admin | Platform | Changing Bluetooth settings | This application can change Bluetooth settings, such as turning Bluetooth on or off, setting the device name, and turning AV remote control on or off. |
http://tizen.org/privilege/bookmark.admin | Platform | Accessing Internet bookmarks | This application can retrieve, create, edit, and delete Internet bookmarks. |
http://tizen.org/privilege/calendar.read | Public | Reading calendar | This application can read events and tasks. |
http://tizen.org/privilege/calendar.write | Public | Managing calendar | This application can create, update, and delete events and tasks. |
http://tizen.org/privilege/call | Public | Making phone calls | This application can make phone calls to numbers when they are tapped without further confirmation. This may result in additional charges depending on your payment plan. |
http://tizen.org/privilege/callhistory.read | Public | Reading call logs | This application can read call log items. |
http://tizen.org/privilege/callhistory.write | Public | Managing call logs | This application can create, update, and delete call log items. |
http://tizen.org/privilege/camera | Public | Using camera | This application can take pictures and turn the camera flash on and off while using Camera. |
http://tizen.org/privilege/contact.read | Public | Reading contacts | This application can read your profile, contacts, and contact history. Contact history can include social network activity. |
http://tizen.org/privilege/contact.write | Public | Managing contacts | This application can create, update, and delete your profile, contacts, and any contact history that is related to this application. Contact history can include social network activity. |
http://tizen.org/privilege/content.write | Public | Managing content | This application can change media information. This information can be used by other applications. |
http://tizen.org/privilege/d2d.datasharing | Public | Sharing data with other devices | This application can share data with other devices. |
http://tizen.org/privilege/datasharing | Public | Sharing data between applications | This application can share data with other applications. |
http://tizen.org/privilege/display | Public | Managing display settings | This application can manage display settings, such as brightness. This may increase battery consumption. |
http://tizen.org/privilege/download | Public | Downloading via HTTP | This application can manage HTTP downloads. This may result in additional charges depending on your payment plan. |
http://tizen.org/privilege/dpm.bluetooth | Partner | Restricting Bluetooth connections | This application can restrict Bluetooth connections. This may prevent applications that use Bluetooth from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.browser | Partner | Preventing web browser use | This application can prevent the use of browser applications. This may prevent applications that use browser applications from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.camera | Partner | Restricting camera usage | This application can restrict the use of the camera. This may prevent applications that use the camera from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.clipboard | Partner | Restricting clipboard access | This application can restrict the use of the clipboard. This may prevent applications that use the clipboard from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.debugging | Partner | Restricting debugging | This application can restrict the use of debugging. This may prevent applications that use debugging from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.email | Partner | Restricting POP and IMAP email access | This application can restrict POP and IMAP email access. This may prevent applications that use email services from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.location | Partner | Restricting location functions | This application can restrict the use of location functions. This may prevent applications that use location functions from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.lock | Partner | Locking device | This application can lock the device. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.message | Partner | Restricting SMS, MMS, and chat messaging | This application can restrict the use of text, multimedia, and chat messaging services. This may prevent applications that use messaging services from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.microphone | Partner | Restricting microphone usage | This application can restrict the use of the microphone. This may prevent applications that use the microphone from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.password | Partner | Managing password policies | This application can manage password policies and reset the passwords used to unlock the phone and recover data. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.security | Partner | Managing security policies | This application can change security settings such as those for certificate installation, data encryption, and factory data resets. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.storage | Partner | Preventing access to external storage | This application can prevent the use of external storage such as SD cards and USB storage devices. This may prevent applications that use external storage from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.usb | Partner | Restricting USB connections | This application can prevent USB connections, including the use of USB tethering. This may prevent applications that use USB connections from working properly. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.wifi | Partner | Restricting Wi-Fi access | This application can restrict the use of Wi-Fi networks and mobile hotspots. If the phone can't connect to a Wi-Fi network, it may connect to a mobile network. This may result in additional charges depending on your payment plan. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.wipe | Partner | Erasing data and resetting device | This application can erase all data from your device and reset your device to its factory default settings. Allowed to licensed partners. |
http://tizen.org/privilege/dpm.zone | Partner | Managing containers | This application can create and remove containers. Containers are private workspaces which provide separate app runtime environments and data storage. Allowed to licensed partners. |
http://tizen.org/privilege/email | Public | Managing email accounts, mailboxes, and email | This application can manage your email accounts, including your folders and emails, POP3 and IMAP downloads, and SMTP uploads. This may result in additional charges depending on your payment plan. |
http://tizen.org/privilege/email.admin | Platform | Managing email configurations | This application can manage the settings of email applications. |
http://tizen.org/privilege/externalstorage | Public | Accessing external storage | This application can read and write files that are saved to external storage, such as SD cards. |
http://tizen.org/privilege/externalstorage.appdata | Public | Accessing application data in external storage | This application can read and write its own files in external storage, such as SD cards. |
http://tizen.org/privilege/fido.client | Public | Using FIDO client APIs | This application can trigger authenticators in your device and it may request to use your PIN or biometrics (fingerprints or irises) for authentication. |
http://tizen.org/privilege/haptic | Public | Managing vibration feedback | This application can control vibration feedback. |
http://tizen.org/privilege/healthinfo | Public | Reading health information | This application can read health information gathered by the device sensors, such as the pedometer and the heart rate monitor. |
http://tizen.org/privilege/ime | Public | Providing input methods | This application can provide users with a way to enter characters and symbols into an associated text field. |
http://tizen.org/privilege/imemanager | Public | Managing input methods | This application can manage installed input methods. |
http://tizen.org/privilege/inputgenerator | Platform | Generating touch and key events | This application can simulate keys being pressed and touch interactions with the screen. |
http://tizen.org/privilege/internet | Public | Accessing Internet | This application can access the Internet. This may result in additional charges depending on your payment plan. |
http://tizen.org/privilege/keygrab | Platform | Capturing special key events | This application can read actions involving special keys, such as the volume keys on this or other devices (e.g. TV remote controls), even when it is running in the background. |
http://tizen.org/privilege/keymanager | Public | Using secure repository | This application can save keys, certificates, and data to, and retrieve and delete them from, password-protected storage. Checking the statuses of certificates while connected to a mobile network may result in additional charges depending on your payment plan. |
http://tizen.org/privilege/led | Public | Managing LEDs | This application can turn LEDs on or off, such as the LED on the front of the device and the camera flash. |
http://tizen.org/privilege/location | Public | Using user location | This application can use your location data. |
http://tizen.org/privilege/location.coarse | Public | Determining approximate location | This application can determine your approximate location including your device's Cell ID, LAC (Location Area Code), and TAC (Tracking Area Code). |
http://tizen.org/privilege/location.enable | Platform | Managing location settings | This application can control your location service settings. |
http://tizen.org/privilege/mapservice | Public | Using map services | This application can use map services such as Geocoder, Places, and Route (Direction). |
http://tizen.org/privilege/mediacontroller.client | Public | Controlling media player | This application can receive information about currently playing media from applications that are allowed to send it, and can control those applications remotely. |
http://tizen.org/privilege/mediacontroller.server | Public | Accepting remote controls | This application can send information about currently playing media to applications that are allowed to receive it, and can be controlled remotely by those applications. |
http://tizen.org/privilege/mediahistory.read | Public | Reading media playback statistics | This application can read the statistics concerning the music and videos played on the device, such as the peak times for playing music or videos. |
http://tizen.org/privilege/mediastorage | Public | Accessing media folders | This application can read and write files in media folders. |
http://tizen.org/privilege/message.read | Public | Reading text and multimedia messages, as well as related information | This application can read text and multimedia messages, and any information related to them. |
http://tizen.org/privilege/message.write | Public | Sending text and multimedia messages, and updating their status | This application can write, send, delete, and move text and multimedia messages, download multimedia messages, and change the settings and status of messages, such as read or unread. This may result in additional charges depending on your payment plan. |
http://tizen.org/privilege/minicontrol.provider | Public | Showing toolbar | This application can show a small toolbar on the notification panel or lock screen while it is open. |
http://tizen.org/privilege/network.get | Public | Reading network information | This application can retrieve network information such as the status of each network, its type, and detailed network profile information. |
http://tizen.org/privilege/network.profile | Public | Managing network profiles | This application can add, remove, and edit network profiles. |
http://tizen.org/privilege/network.set | Public | Managing network connections | This application can turn Wi-Fi on and off, and connect to and disconnect from Wi-Fi and mobile networks. This may result in additional charges depending on your payment plan. |
http://tizen.org/privilege/nfc | Public | Using basic NFC services | This application can read and write NFC tag information, and send NFC messages to other devices. |
http://tizen.org/privilege/nfc.admin | Platform | Managing NFC general settings | This application can change NFC settings, such as turning NFC on or off. |
http://tizen.org/privilege/nfc.cardemulation | Public | Using NFC card emulation mode | This application can access smart card details, such as credit card details, and allow users to make payments via NFC. |
http://tizen.org/privilege/notification | Public | Providing notifications | This application can show and hide its own notifications and badges. |
http://tizen.org/privilege/packagemanager.admin | Platform | Installing/uninstalling application packages | This application can install and uninstall application packages. |
http://tizen.org/privilege/packagemanager.clearcache | Public | Clearing other applications' caches | This application can clear other applications' caches. |
http://tizen.org/privilege/packagemanager.info | Public | Retrieving detailed package information | This application can retrieve detailed application package information. |
http://tizen.org/privilege/power | Public | Managing power | This application can control power-related settings, such as dimming the screen. |
http://tizen.org/privilege/push | Public | Receiving push notifications | This application can receive notifications via the Internet. This may result in additional charges depending on your payment plan. |
http://tizen.org/privilege/reboot | Platform | Restarting device | This application can restart the device. |
http://tizen.org/privilege/recorder | Public | Recording audio and video | This application can record audio and video. |
http://tizen.org/privilege/screenshot | Platform | Capturing device screen | This application can capture screenshots. |
http://tizen.org/privilege/secureelement | Public | Accessing secure elements | This application can access secure smart card chips such as UICC/SIM, embedded secure elements, and secure SD cards. |
http://tizen.org/privilege/shortcut | Public | Managing shortcuts | This application can create and delete shortcuts. |
http://tizen.org/privilege/systemmonitor | Public | Monitoring system resources | This application can read system information, including information from the CPU and RAM. |
http://tizen.org/privilege/systemsettings.admin | Platform | Managing all system settings | This application can read and write all system settings. |
http://tizen.org/privilege/telephony | Public | Accessing telephony information | This application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the status of calls. |
http://tizen.org/privilege/telephony.admin | Platform | Managing telephony settings | This application can manage telephony settings, such as incoming and outgoing calls, forwarding and holding calls, networks, and SIM cards. |
http://tizen.org/privilege/tethering.admin | Platform | Accessing tethering services | This application can turn tethering services on and off. This may result in additional charges depending on your payment plan. |
http://tizen.org/privilege/use_ir | Public | Using infrared transmitter | This application can use the infrared transmitter. |
http://tizen.org/privilege/volume.set | Public | Adjusting volume | This application can adjust the volume for different features, such as notification alerts, ringtones, and media. |
http://tizen.org/privilege/vpnservice | Public | Managing VPN (virtual private network) | This application can manage the VPN (virtual private network) and change its settings. |
http://tizen.org/privilege/web-history.admin | Platform | Managing Internet history | This application can manage your Internet history. |
http://tizen.org/privilege/widget.viewer | Public | Showing widgets | This application can show widgets, and information from their associated applications, on the Home screen. |
http://tizen.org/privilege/wifidirect | Public | Managing Wi-Fi Direct information | This application can turn Wi-Fi Direct on or off, manage Wi-Fi Direct connections, and change Wi-Fi Direct settings. |
http://tizen.org/privilege/window.priority.set | Public | Showing windows on top of other applications and screens | This application can appear on top of other windows and screens, including the lock screen, according to the order of priority of the windows. This may prevent you from interacting with other applications or screens until the window for this application is closed. |
The internal privilege list
To elaborate access control policies and support backward compatibility, internal privileges are introduced. Privileges in following table are never declared on application manifest file but are used for internal privilege checks. Internal privileges are generally mapped and granted to the application during installation time according to the their mapping condition.
Privilege | Granted by | Purpose | |
---|---|---|---|
http://tizen.org/privilege/internal/buxton | |||
http://tizen.org/privilege/internal/buxton/account.read |
|
read permission of account buxton key | |
http://tizen.org/privilege/internal/buxton/camcorder |
|
write permission of camcorder buxton key | |
http://tizen.org/privilege/internal/buxton/contact.read |
|
read permission of contact buxton key | |
http://tizen.org/privilege/internal/buxton/location |
|
read permission of location buxton key | |
http://tizen.org/privilege/internal/buxton/message.read |
|
read permission of message buxton key | |
http://tizen.org/privilege/internal/buxton/network.get |
|
read permission of network buxton key | |
http://tizen.org/privilege/internal/buxton/nfc |
|
read permission of nfc buxton key | |
http://tizen.org/privilege/internal/buxton/nfc.cardemulation |
|
read permission of nfc buxton key | |
http://tizen.org/privilege/internal/buxton/readonly |
|
for buxton keys write access by application is not allowed (display/location/message/wifidirect) | |
http://tizen.org/privilege/internal/buxton/telephony |
|
read permission of telephony buxton key | |
http://tizen.org/privilege/internal/dbus | |||
http://tizen.org/privilege/internal/default/partner |
|
||
http://tizen.org/privilege/internal/default/platform |
|
||
http://tizen.org/privilege/internal/default/public |
|
||
http://tizen.org/privilege/internal/inputdevice.block | |||
http://tizen.org/privilege/internal/usermanagement | user management permission for admin user type | ||
http://tizen.org/privilege/internal/appdebugging | permission for app debugging mode. when specific option is set, app-installers will add this privilege to app privilege list |
Disclaimer
The published list is work in progress needed to start configuring Tizen services with Cynara checks and to provide Crosswalk with proper security configuration. Feel free to comment and point out any missing privileges or things that should be removed. If in doubt, always ask on the [Dev] mailing list first.
Links
- Security/Tizen_3.0_security_porting_guide - information about porting services to Tizen 3.0 security architecture
- Security:Cynara:DBus_integration - article about securing D-Bus services
- Security/User_and_group_ID_assignment_policy - UID/GID assignment policy and in particular relationship between privileges and groups