From 2c566e2dc9df934fb3884f9d4a9ad7ffc73a4aab Mon Sep 17 00:00:00 2001 From: José Bollo Date: Fri, 17 Mar 2017 23:43:41 +0100 Subject: Provide unit in config.xml and documentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit remove urn:AGL:widget:provided-application in favour of urn:AGL:widget:provided-unit. In the same time, the feature urn:AGL:widget:provided-api must be attached to a unit. This will enable to export more than one API for a unit if needed. Change-Id: I17ade3651db2cd61402875333d063ee05cf57a10 Signed-off-by: José Bollo --- docs/permissions.md | 78 ++++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 77 insertions(+), 1 deletion(-) (limited to 'docs/permissions.md') diff --git a/docs/permissions.md b/docs/permissions.md index 09f68a3..0c18180 100644 --- a/docs/permissions.md +++ b/docs/permissions.md @@ -37,9 +37,15 @@ the characters colon and star (:*). This field designates the api providing the permission. This scheme is used to deduce binding requirements from permission requirements. The field `` can be the empty string when the permission is defined by the AGL system itself. -The field `` if starting with the character "@" represents + +[PROPOSAL 1] The field `` if starting with the character "@" represents a transversal/cross permission not bound to any binding. +[PROPOSAL 2]The field `` if starting with the 2 characters "@@" +in addition to a permission not bound to any binding, represents a +permission that must be set at installation and that can not be +revoked later. + ::= 1* The field `` is made only of letters in lower case. @@ -62,5 +68,75 @@ names at right. This hierarchical behaviour is intended to be used to request permissions using hierarchical grouping. +Permission value +---------------- + +In some case, it could be worth to add a value to a permission. + +Currently, the framework allows it for permissions linked to +systemd. But this not currently used. + +Conversely, permissions linked to cynara can't carry data +except in their name. + +Thus to have a simple and cleaner model, it is better to forbid +attachement of value to permission. + + +Example of permissions +---------------------- + +Here is a list of some possible permissions. These +permissions are available the 17th of March 2017. + + - urn:AGL:permission::platform:no-oom + + Set OOMScoreAdjust=-500 to keep the out-of-memory + killer away. + + - urn:AGL:permission::partner:real-time + + Set IOSchedulingClass=realtime to give to the process + realtime scheduling. + + Conversely, not having this permission set RestrictRealtime=on + to forbid realtime features. + + - urn:AGL:permission::public:display + + Adds the group "display" to the list of supplementary groups + of the process. + + - urn:AGL:permission::public:syscall:clock + + Without this permission SystemCallFilter=~@clock is set to + forfid call to clock. + + - urn:AGL:permission::public:no-htdocs + + The http directory served is not "htdocs" but "." + + - urn:AGL:permission::public:applications:read + + Allows to read data of installed applications (and to + access icons). + + - urn:AGL:permission::partner:service:no-ws + + Forbids services to provide its API through websocket. + + - urn:AGL:permission::partner:service:no-dbus + + Forbids services to provide its API through D-Bus. + + - urn:AGL:permission::system:run-by-default + + Starts automatically the application. Example: home-screen. + + - http://tizen.org/privilege/internal/dbus + + Permission to use D-Bus. + + [URN]: https://tools.ietf.org/rfc/rfc2141.txt "RFC 2141: URN Syntax" -- cgit 1.2.3-korg