5 https://git.automotivelinux.org/src/app-framework-main/plain/docs/3-permissions.md?h=master
8 <!-- WARNING: This file is generated by fetch_docs.js using /home/boron/Documents/AGL/docs-webtemplate/site/_data/tocs/apis_services/master/app-framework-main-developer-guides-api-services-book.yml -->
14 The proposal here is to specify a naming scheme for permissions
15 that allows the system to be as stateless as possible.
16 The current specification includes in the naming of permissions either
17 the name of the bound binding when existing and the level of the
19 Doing this, there is no real need for the
20 framework to keep installed permissions in a database.
22 The permission names are [URN][URN] of the form:
25 urn:AGL:permission:<api>:<level>:<hierarchical-name>
28 where "AGL" is the NID (the namespace identifier) dedicated to AGL.
29 (note: a RFC should be produced to standardize this name space)
31 The permission names are made of NSS (the namespace specific string)
32 starting with "permission:" and followed by colon separated
34 The 2 first fields are `<api>` and `<level>` and the remaining
35 fields are grouped to form the `<hierarchical-name>`.
40 <pname> ::= 1*<pchars>
42 <pchars> ::= <upper> | <lower> | <number> | <extra>
44 <extra> ::= "-" | "." | "_" | "@"
47 The field `<api>` can be made of any valid character for NSS except
48 the characters colon and star (:*).
49 This field designates the api providing the permission.
50 This scheme is used to deduce binding requirements
51 from permission requirements.
52 The field `<api>` can be the empty string when the permission
53 is defined by the AGL system itself.
55 [PROPOSAL 1] The field `<api>` if starting with the character "@" represents
56 a transversal/cross permission not bound to any binding.
58 [PROPOSAL 2]The field `<api>` if starting with the 2 characters "@@"
59 in addition to a permission not bound to any binding, represents a
60 permission that must be set at installation and that can not be
65 The field `<level>` is made only of letters in lower case.
66 The field `<level>` can only take some predefined values:
75 The field `<hierarchical-name>` is made of `<pname>` separated
78 <hierarchical-name> ::= <pname> 0*(":" <pname>)
80 The names at left are hierarchically grouping the
82 This hierarchical behaviour is intended to
83 be used to request permissions using hierarchical grouping.
87 In some case, it could be worth to add a value to a permission.
89 Currently, the framework allows it for permissions linked to
91 But this not currently used.
93 Conversely, permissions linked to cynara can't carry data
96 Thus to have a simple and cleaner model, it is better to forbid
97 attachment of value to permission.
99 ## Example of permissions
101 Here is a list of some possible permissions.
102 These permissions are available the 21th of May 2019.
104 - urn:AGL:permission::platform:no-oom
105 Set OOMScoreAdjust=-500 to keep the out-of-memory
107 - urn:AGL:permission::partner:real-time
108 Set IOSchedulingClass=realtime to give to the process
110 Conversely, not having this permission set RestrictRealtime=on
111 to forbid realtime features.
112 - urn:AGL:permission::public:display
113 Adds the group "display" to the list of supplementary groups
115 - urn:AGL:permission::public:syscall:clock
116 Without this permission SystemCallFilter=~@clock is set to
117 forfid call to clock.
118 - urn:AGL:permission::public:no-htdocs
119 The http directory served is not "htdocs" but "."
120 - urn:AGL:permission::public:applications:read
121 Allows to read data of installed applications (and to
123 - urn:AGL:permission::partner:service:no-ws
124 Forbids services to provide its API through websocket.
125 - urn:AGL:permission::partner:service:no-dbus
126 Forbids services to provide its API through D-Bus.
127 - urn:AGL:permission::system:run-by-default
128 Starts automatically the application. Example: home-screen.
129 - urn:AGL:permission::partner:scope-platform
130 Install the service at the scope of the platform.
131 - urn:AGL:permission::system:capability:keep-all
132 Keep all capabilities for the service. Note that implementing
133 that permission is not mandatory or can be adapted for the given
135 - <http://tizen.org/privilege/internal/dbus>
136 Permission to use D-Bus.
138 [URN]: https://tools.ietf.org/rfc/rfc2141.txt "RFC 2141: URN Syntax"