Security:Tizen 3.0 Core Privileges

From Tizen Wiki
Jump to: navigation, search


Tizen 3.0 Core privileges

This page contains information about abstract set of strings, known as privileges, that will identify permissions assigned to Tizen 3.0 (and beyond) applications.

Why this list?

In Tizen 3.0 we decided that desired way to perform some sensitive actions on behalf of application is to introduce client-service model. We chose to check if access to such service is allowed by performing a user-space access check with Cynara module. Because of this, we need to define abstract names for functionalities that Tizen OS will expose - applications will be granted permissions with granularity defined by this list of privileges.

Where these privileges will be used and how?

Most importantly, privileges from list below will be used during each new app installation procedure. Each new app in the system should be properly registered with its set of privileges - for example, each Tizen 3.0 web app will get installed by Crosswalk installer, meaning that Crosswalk installer should properly parse applications manifest and setup privileges for Cynara using Security-Manager's API (details on relation between Security-Manager and Cynara can be found here).

Privileges will be also used in places like email service, bluetooth service, contacts service, Crosswalk's browser process, etc. - anywhere in Tizen where a service is performing privileged action on behalf of an application. If a service performs actions defined as privileged, then it must be able to associate a privilege with each of its API and make a Cynara check with proper arguments. Alternative is to provide a DBus/Cynara xml configuration that will map DBus method calls to privileges so that DBus daemon will perform the Cynara check. Work on DBus+Cynara patches is in progress and should be published on the [Dev] mailing list soon.

What about different types of applications? Backward compatibility?

Different types of applications will probably want to define their own custom-privileges to support the same application packages on many OSes. It should be applications framework duty to properly translate these specific privileges to Core privileges upon installation.

Tizen 3.0 will supports traditional native and web privileges like just it had been before. If an app with native or web privileges is installed, the application framework (compiled & working in newest version of Tizen) should match those privileges that came with applications manifest to currently supported privileges that underlying system understands.

The Core privileges list

Privileges are categorized into 3 levels according to the required certificate signature. The public level is the minimum privilege level, which means that any application developed using the Tizen Studio can use these privileges. The partner level privileges require at least a partner-signed certificate which is granted to developers who have a business relationship with the vendor. The platform level is the highest privilege level, and an application that needs these privileges requires at least a platform-signed certificate, which is granted to vendor developers. For user notification of the privilege, "Display Name" and "Description" are used. "Display Name" provides privilege information in a simple present participle form and "Description" provides detailed information on permissions, including accessible resources and functionality, that the application can get with the privilege. Detailed information also contains notification related to billing or device performance, such as cost or increase battery consumption.


Privilege Level Display Name Description
http://tizen.org/privilege/account.read Public Reading accounts This application can read accounts.
http://tizen.org/privilege/account.write Public Managing accounts This application can create, edit, and delete accounts.
http://tizen.org/privilege/alarm.get Public Retrieving alarms This application can read information about your saved alarms.
http://tizen.org/privilege/alarm.set Public Setting alarms This application can set alarms and wake up the device at scheduled times.
http://tizen.org/privilege/antivirus.admin Platform Managing antivirus programs and detected malware This application can enable or disable antivirus programs and manage detected malware.
http://tizen.org/privilege/antivirus.scan Partner Scanning for viruses This application can request to scan files in any other applications or on the device to detect harmful content.
http://tizen.org/privilege/antivirus.webprotect Partner Checking for web address reputation This application can check the reputation of a web address and determine whether or not accessing it could put your device at risk.
http://tizen.org/privilege/appdir.shareddata Public Creating files in shared data directory This application can create a shared directory and files within it, which all other applications can read.
http://tizen.org/privilege/apphistory.read Public Reading application usage statistics This application can read the statistics of application usage, such as which applications have been used frequently or recently.
http://tizen.org/privilege/appmanager.kill Platform Closing applications This application can close other applications.
http://tizen.org/privilege/appmanager.kill.bgapp Public Closing background applications This application can request to close applications running in the background.
http://tizen.org/privilege/appmanager.launch Public Opening and resuming applications This application can open other applications.
http://tizen.org/privilege/bluetooth Public Using unrestricted Bluetooth services This application can perform unrestricted actions using Bluetooth, such as scanning for and connecting to other devices.
http://tizen.org/privilege/bluetooth.admin Platform Changing Bluetooth settings This application can change Bluetooth settings, such as turning Bluetooth on or off, setting the device name, and turning AV remote control on or off.
http://tizen.org/privilege/bookmark.admin Platform Accessing Internet bookmarks This application can retrieve, create, edit, and delete Internet bookmarks.
http://tizen.org/privilege/calendar.read Public Reading calendar This application can read events and tasks.
http://tizen.org/privilege/calendar.write Public Managing calendar This application can create, update, and delete events and tasks.
http://tizen.org/privilege/call Public Making phone calls This application can make phone calls to numbers when they are tapped without further confirmation. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/callhistory.read Public Reading call logs This application can read call log items.
http://tizen.org/privilege/callhistory.write Public Managing call logs This application can create, update, and delete call log items.
http://tizen.org/privilege/camera Public Using camera This application can take pictures and turn the camera flash on and off while using Camera.
http://tizen.org/privilege/contact.read Public Reading contacts This application can read your profile, contacts, and contact history. Contact history can include social network activity.
http://tizen.org/privilege/contact.write Public Managing contacts This application can create, update, and delete your profile, contacts, and any contact history that is related to this application. Contact history can include social network activity.
http://tizen.org/privilege/content.write Public Managing content This application can change media information. This information can be used by other applications.
http://tizen.org/privilege/d2d.datasharing Public Sharing data with other devices This application can share data with other devices.
http://tizen.org/privilege/datasharing Public Sharing data between applications This application can share data with other applications.
http://tizen.org/privilege/display Public Managing display settings This application can manage display settings, such as brightness. This may increase battery consumption.
http://tizen.org/privilege/download Public Downloading via HTTP This application can manage HTTP downloads. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/dpm.bluetooth Partner Restricting Bluetooth connections This application can restrict Bluetooth connections. This may prevent applications that use Bluetooth from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.browser Partner Preventing web browser use This application can prevent the use of browser applications. This may prevent applications that use browser applications from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.camera Partner Restricting camera usage This application can restrict the use of the camera. This may prevent applications that use the camera from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.clipboard Partner Restricting clipboard access This application can restrict the use of the clipboard. This may prevent applications that use the clipboard from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.debugging Partner Restricting debugging This application can restrict the use of debugging. This may prevent applications that use debugging from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.email Partner Restricting POP and IMAP email access This application can restrict POP and IMAP email access. This may prevent applications that use email services from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.location Partner Restricting location functions This application can restrict the use of location functions. This may prevent applications that use location functions from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.lock Partner Locking device This application can lock the device. Allowed to licensed partners.
http://tizen.org/privilege/dpm.message Partner Restricting SMS, MMS, and chat messaging This application can restrict the use of text, multimedia, and chat messaging services. This may prevent applications that use messaging services from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.microphone Partner Restricting microphone usage This application can restrict the use of the microphone. This may prevent applications that use the microphone from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.password Partner Managing password policies This application can manage password policies and reset the passwords used to unlock the phone and recover data. Allowed to licensed partners.
http://tizen.org/privilege/dpm.security Partner Managing security policies This application can change security settings such as those for certificate installation, data encryption, and factory data resets. Allowed to licensed partners.
http://tizen.org/privilege/dpm.storage Partner Preventing access to external storage This application can prevent the use of external storage such as SD cards and USB storage devices. This may prevent applications that use external storage from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.usb Partner Restricting USB connections This application can prevent USB connections, including the use of USB tethering. This may prevent applications that use USB connections from working properly. Allowed to licensed partners.
http://tizen.org/privilege/dpm.wifi Partner Restricting Wi-Fi access This application can restrict the use of Wi-Fi networks and mobile hotspots. If the phone can't connect to a Wi-Fi network, it may connect to a mobile network. This may result in additional charges depending on your payment plan. Allowed to licensed partners.
http://tizen.org/privilege/dpm.wipe Partner Erasing data and resetting device This application can erase all data from your device and reset your device to its factory default settings. Allowed to licensed partners.
http://tizen.org/privilege/dpm.zone Partner Managing containers This application can create and remove containers. Containers are private workspaces which provide separate app runtime environments and data storage. Allowed to licensed partners.
http://tizen.org/privilege/email Public Managing email accounts, mailboxes, and email This application can manage your email accounts, including your folders and emails, POP3 and IMAP downloads, and SMTP uploads. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/email.admin Platform Managing email configurations This application can manage the settings of email applications.
http://tizen.org/privilege/externalstorage Public Accessing external storage This application can read and write files that are saved to external storage, such as SD cards.
http://tizen.org/privilege/externalstorage.appdata Public Accessing application data in external storage This application can read and write its own files in external storage, such as SD cards.
http://tizen.org/privilege/fido.client Public Using FIDO client APIs This application can trigger authenticators in your device and it may request to use your PIN or biometrics (fingerprints or irises) for authentication.
http://tizen.org/privilege/haptic Public Managing vibration feedback This application can control vibration feedback.
http://tizen.org/privilege/healthinfo Public Reading health information This application can read health information gathered by the device sensors, such as the pedometer and the heart rate monitor.
http://tizen.org/privilege/ime Public Providing input methods This application can provide users with a way to enter characters and symbols into an associated text field.
http://tizen.org/privilege/imemanager Public Managing input methods This application can manage installed input methods.
http://tizen.org/privilege/inputgenerator Platform Generating touch and key events This application can simulate keys being pressed and touch interactions with the screen.
http://tizen.org/privilege/internet Public Accessing Internet This application can access the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/keygrab Platform Capturing special key events This application can read actions involving special keys, such as the volume keys on this or other devices (e.g. TV remote controls), even when it is running in the background.
http://tizen.org/privilege/keymanager Public Using secure repository This application can save keys, certificates, and data to, and retrieve and delete them from, password-protected storage. Checking the statuses of certificates while connected to a mobile network may result in additional charges depending on your payment plan.
http://tizen.org/privilege/led Public Managing LEDs This application can turn LEDs on or off, such as the LED on the front of the device and the camera flash.
http://tizen.org/privilege/location Public Using user location This application can use your location data.
http://tizen.org/privilege/location.coarse Public Determining approximate location This application can determine your approximate location including your device's Cell ID, LAC (Location Area Code), and TAC (Tracking Area Code).
http://tizen.org/privilege/location.enable Platform Managing location settings This application can control your location service settings.
http://tizen.org/privilege/mapservice Public Using map services This application can use map services such as Geocoder, Places, and Route (Direction).
http://tizen.org/privilege/mediacontroller.client Public Controlling media player This application can receive information about currently playing media from applications that are allowed to send it, and can control those applications remotely.
http://tizen.org/privilege/mediacontroller.server Public Accepting remote controls This application can send information about currently playing media to applications that are allowed to receive it, and can be controlled remotely by those applications.
http://tizen.org/privilege/mediahistory.read Public Reading media playback statistics This application can read the statistics concerning the music and videos played on the device, such as the peak times for playing music or videos.
http://tizen.org/privilege/mediastorage Public Accessing media folders This application can read and write files in media folders.
http://tizen.org/privilege/message.read Public Reading text and multimedia messages, as well as related information This application can read text and multimedia messages, and any information related to them.
http://tizen.org/privilege/message.write Public Sending text and multimedia messages, and updating their status This application can write, send, delete, and move text and multimedia messages, download multimedia messages, and change the settings and status of messages, such as read or unread. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/minicontrol.provider Public Showing toolbar This application can show a small toolbar on the notification panel or lock screen while it is open.
http://tizen.org/privilege/network.get Public Reading network information This application can retrieve network information such as the status of each network, its type, and detailed network profile information.
http://tizen.org/privilege/network.profile Public Managing network profiles This application can add, remove, and edit network profiles.
http://tizen.org/privilege/network.set Public Managing network connections This application can turn Wi-Fi on and off, and connect to and disconnect from Wi-Fi and mobile networks. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/nfc Public Using basic NFC services This application can read and write NFC tag information, and send NFC messages to other devices.
http://tizen.org/privilege/nfc.admin Platform Managing NFC general settings This application can change NFC settings, such as turning NFC on or off.
http://tizen.org/privilege/nfc.cardemulation Public Using NFC card emulation mode This application can access smart card details, such as credit card details, and allow users to make payments via NFC.
http://tizen.org/privilege/notification Public Providing notifications This application can show and hide its own notifications and badges.
http://tizen.org/privilege/packagemanager.admin Platform Installing/uninstalling application packages This application can install and uninstall application packages.
http://tizen.org/privilege/packagemanager.clearcache Public Clearing other applications' caches This application can clear other applications' caches.
http://tizen.org/privilege/packagemanager.info Public Retrieving detailed package information This application can retrieve detailed application package information.
http://tizen.org/privilege/power Public Managing power This application can control power-related settings, such as dimming the screen.
http://tizen.org/privilege/push Public Receiving push notifications This application can receive notifications via the Internet. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/reboot Platform Restarting device This application can restart the device.
http://tizen.org/privilege/recorder Public Recording audio and video This application can record audio and video.
http://tizen.org/privilege/screenshot Platform Capturing device screen This application can capture screenshots.
http://tizen.org/privilege/secureelement Public Accessing secure elements This application can access secure smart card chips such as UICC/SIM, embedded secure elements, and secure SD cards.
http://tizen.org/privilege/shortcut Public Managing shortcuts This application can create and delete shortcuts.
http://tizen.org/privilege/systemmonitor Public Monitoring system resources This application can read system information, including information from the CPU and RAM.
http://tizen.org/privilege/systemsettings.admin Platform Managing all system settings This application can read and write all system settings.
http://tizen.org/privilege/telephony Public Accessing telephony information This application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the status of calls.
http://tizen.org/privilege/telephony.admin Platform Managing telephony settings This application can manage telephony settings, such as incoming and outgoing calls, forwarding and holding calls, networks, and SIM cards.
http://tizen.org/privilege/tethering.admin Platform Accessing tethering services This application can turn tethering services on and off. This may result in additional charges depending on your payment plan.
http://tizen.org/privilege/use_ir Public Using infrared transmitter This application can use the infrared transmitter.
http://tizen.org/privilege/volume.set Public Adjusting volume This application can adjust the volume for different features, such as notification alerts, ringtones, and media.
http://tizen.org/privilege/vpnservice Public Managing VPN (virtual private network) This application can manage the VPN (virtual private network) and change its settings.
http://tizen.org/privilege/web-history.admin Platform Managing Internet history This application can manage your Internet history.
http://tizen.org/privilege/widget.viewer Public Showing widgets This application can show widgets, and information from their associated applications, on the Home screen.
http://tizen.org/privilege/wifidirect Public Managing Wi-Fi Direct information This application can turn Wi-Fi Direct on or off, manage Wi-Fi Direct connections, and change Wi-Fi Direct settings.
http://tizen.org/privilege/window.priority.set Public Showing windows on top of other applications and screens This application can appear on top of other windows and screens, including the lock screen, according to the order of priority of the windows. This may prevent you from interacting with other applications or screens until the window for this application is closed.

The internal privilege list

To elaborate access control policies and support backward compatibility, internal privileges are introduced. Privileges in following table are never declared on application manifest file but are used for internal privilege checks. Internal privileges are generally mapped and granted to the application during installation time according to the their mapping condition.

Privilege Granted by Purpose
http://tizen.org/privilege/internal/buxton
http://tizen.org/privilege/internal/buxton/account.read
  • Native/Web :
    • http://tizen.org/privilege/account.read
    • http://tizen.org/privilege/account.write
read permission of account buxton key
http://tizen.org/privilege/internal/buxton/camcorder
  • Native :
    • http://tizen.org/privilege/camera
    • http://tizen.org/privilege/recorder
  • Web :
    • http://tizen.org/privilege/audiorecorder
    • http://tizen.org/privilege/camera
    • http://tizen.org/privilege/mediacapture
write permission of camcorder buxton key
http://tizen.org/privilege/internal/buxton/contact.read
  • Native :
    • http://tizen.org/privilege/contact.read
    • http://tizen.org/privilege/contact.write
read permission of contact buxton key
http://tizen.org/privilege/internal/buxton/location
  • Before 2.4
    • Native/Web application with public/partner/platform signatured certificate
  • Since 2.4
    • Native :
      • http://tizen.org/privilege/location
      • http://tizen.org/privilege/location.enable
    • Web :
      • http://tizen.org/privilege/location
read permission of location buxton key
http://tizen.org/privilege/internal/buxton/message.read
  • Native :
    • http://tizen.org/privilege/message.read
  • Web :
    • http://tizen.org/privilege/messaging.read
    • http://tizen.org/privilege/messaging.write
read permission of message buxton key
http://tizen.org/privilege/internal/buxton/network.get
  • Native :
    • http://tizen.org/privilege/network.get
    • http://tizen.org/privilege/network.set
  • Web : Any web application with public/partner/platform signatured certificate
read permission of network buxton key
http://tizen.org/privilege/internal/buxton/nfc
  • Native :
    • http://tizen.org/privilege/nfc
    • http://tizen.org/privilege/nfc.admin
  • Web :
    • http://tizen.org/privilege/nfc.admin
    • http://tizen.org/privilege/nfc.common
    • http://tizen.org/privilege/nfc.p2p
    • http://tizen.org/privilege/nfc.tag
read permission of nfc buxton key
http://tizen.org/privilege/internal/buxton/nfc.cardemulation
  • Native/Web :
    • http://tizen.org/privilege/nfc.admin
    • http://tizen.org/privilege/nfc.cardemulation
read permission of nfc buxton key
http://tizen.org/privilege/internal/buxton/readonly
  • No mapped Native/Web privilege and not granted by default
for buxton keys write access by application is not allowed (display/location/message/wifidirect)
http://tizen.org/privilege/internal/buxton/telephony
  • Native :
    • http://tizen.org/privilege/telephony.admin
  • Web : Any web application with public/partner/platform signatured certificate
read permission of telephony buxton key
http://tizen.org/privilege/internal/dbus
http://tizen.org/privilege/internal/default/partner
  • Native/Web application with partner/platform signatured certificate
http://tizen.org/privilege/internal/default/platform
  • Native/Web application with platform signatured certificate
http://tizen.org/privilege/internal/default/public
  • Native/Web application with public/partner/platform signatured certificate
http://tizen.org/privilege/internal/inputdevice.block
http://tizen.org/privilege/internal/usermanagement user management permission for admin user type
http://tizen.org/privilege/internal/appdebugging permission for app debugging mode. when specific option is set, app-installers will add this privilege to app privilege list

Disclaimer

The published list is work in progress needed to start configuring Tizen services with Cynara checks and to provide Crosswalk with proper security configuration. Feel free to comment and point out any missing privileges or things that should be removed. If in doubt, always ask on the [Dev] mailing list first.

Links