[Dev] Tizen 3.0 Core privilege list

Bumjin Im bj.im at samsung.com
Thu Oct 30 08:24:25 GMT 2014


mediacapture is equivalent to http://tizen.org/privilege/recorder. The name is somewhat different, but they behave same.
unlimitedstorage doesn't make sense to native perspective because the privilege allows to create a file which can be bigger than some pre-defined(maybe 5MB?) size. In native, you can create and write files with open(), and write().
For fullscreen, it applies the same sense as unlimitedstorage. We only manages window priority, but don't care about size of the window. If this does matter for any security reason, we may add fullscreen privilege for next revision.


------- Original Message -------
Sender : Zhang, Xu U<xu.u.zhang at intel.com>
Date : 2014-10-29 16:04 (GMT+09:00)
Title : Re: [Dev] Tizen 3.0 Core privilege list


Thanks for summarize Tizen 3.0 core privilege list.  I noticed there are some different between the list https://wiki.tizen.org/wiki/Security:Tizen_3.0_Core_Privileges and compliance spec. (Because there is no compliance spec for Tizen 3.0, I refer Tizen 2.2.1 spec https://source.tizen.org/sites/default/files/page/tizen-2.2.1-compliance-specification-for-mobile-profile-v1.0.pdf).
In Tizen compliance, the privileges are composed of 3 parts: 
1.       W3C/HTML5 API related Privileges
2.       Supplementary API related Privileges
3.       Tizen Web Device API related Privileges
I can’t find below privileges from core list:
l  http://tizen.org/privilege/mediacapture (W3C/HTML5 API related Privileges)
l  http://tizen.org/privilege/unlimitedstorage (W3C/HTML5 API related Privileges)
l  http://tizen.org/privilege/fullscreen (Supplementary API related Privileges)

What do you think of above privileges? Are they missed or skipped in Tizen 3.0?

Zhang Xu
From: Dev [mailto:dev-bounces at lists.tizen.org] On Behalf Of Tomasz Swierczek
Sent: Wednesday, October 29, 2014 12:38 AM
To: dev at lists.tizen.org
Subject: [Dev] Tizen 3.0 Core privilege list

Hi All,

As part of our work on privilege-based access control model with Cynara in Tizen 3.0, we’ve gathered Tizen 3.0 Core privileges in one place: https://wiki.tizen.org/wiki/Security:Tizen_3.0_Core_Privileges

On last F2F security workshop in Vannes Intel and Samsung teams decided that this is the privileges set we will start our work with when implementing security checks. These privileges will be used to check application’s access to any of Tizen OS services/functionalities. This is the list of privileges that Security Manager will expect to get from application installers and this is the set of privileges that Cynara will be asked for.

Aside from the list itself, I’ve added comments on what exactly these privileges mean to the system and how/by who should be used. The list is not strictly closed, it is rather an effort to document what we will use later (within a month I guess) when configuring Tizen access control mechanisms.

Best Regards,

Tomasz ?wierczek
Samsung R&D Institute Poland
Samsung Electronics
Office +48 22 377 95 59
Cell +48 503 135 021
t.swierczek at samsung.com

More information about the Dev mailing list