X-Git-Url: https://gerrit.automotivelinux.org/gerrit/gitweb?a=blobdiff_plain;f=docs%2F4_APIs_and_Services%2F4.2_Application_Framework%2F4_permissions.md;fp=docs%2F4_APIs_and_Services%2F4.2_Application_Framework%2F4_permissions.md;h=0000000000000000000000000000000000000000;hb=eefc3ab6cbb8a5901632f46d99e13c8d90b2415d;hp=b4038e381c3a4cb4e054fe28f400fd2bd1bc7493;hpb=4aad369c9728061c97b3de792286e743ee884b09;p=AGL%2Fdocumentation.git

diff --git a/docs/4_APIs_and_Services/4.2_Application_Framework/4_permissions.md b/docs/4_APIs_and_Services/4.2_Application_Framework/4_permissions.md
deleted file mode 100644
index b4038e3..0000000
--- a/docs/4_APIs_and_Services/4.2_Application_Framework/4_permissions.md
+++ /dev/null
@@ -1,138 +0,0 @@
----
-edit_link: ''
-title: Permissions
-origin_url: >-
-  https://git.automotivelinux.org/src/app-framework-main/plain/docs/3-permissions.md?h=master
----
-
-<!-- WARNING: This file is generated by fetch_docs.js using /home/boron/Documents/AGL/docs-webtemplate/site/_data/tocs/apis_services/master/app-framework-main-developer-guides-api-services-book.yml -->
-
-# The permissions
-
-## Permission's names
-
-The proposal here is to specify a naming scheme for permissions
-that allows the system to be as stateless as possible.  
-The current specification includes in the naming of permissions either
-the name of the bound binding when existing and the level of the
-permission itself.  
-Doing this, there is no real need for the
-framework to keep installed permissions in a database.
-
-The permission names are [URN][URN] of the form:
-
-```bash
-    urn:AGL:permission:<api>:<level>:<hierarchical-name>
-```
-
-where "AGL" is the NID (the namespace identifier) dedicated to AGL.  
-(note: a RFC should be produced to standardize this name space)
-
-The permission names are made of NSS (the namespace specific string)
-starting with "permission:" and followed by colon separated
-fields.  
-The 2 first fields are `<api>` and `<level>` and the remaining
-fields are grouped to form the `<hierarchical-name>`.
-
-```bash
-    <api> ::= [ <pname> ]
-
-    <pname> ::= 1*<pchars>
-
-    <pchars> ::= <upper> | <lower> | <number> | <extra>
-
-    <extra> ::= "-" | "." | "_" | "@"
-```
-
-The field `<api>` can be made of any valid character for NSS except
-the characters colon and star (:*).  
-This field designates the api providing the permission.  
-This scheme is used to deduce binding requirements
-from permission requirements.  
-The field `<api>` can be the empty string when the permission
-is defined by the AGL system itself.
-
-[PROPOSAL 1] The field `<api>` if starting with the character "@" represents
-a transversal/cross permission not bound to any binding.
-
-[PROPOSAL 2]The field `<api>` if starting with the 2 characters "@@"
-in addition to a permission not bound to any binding, represents a
-permission that must be set at installation and that can not be
-revoked later.
-
-    <level> ::= 1*<lower>
-
-The field `<level>` is made only of letters in lower case.  
-The field `<level>` can only take some predefined values:
-
-- system
-- platform
-- partner
-- tiers
-- owner
-- public
-
-The field `<hierarchical-name>` is made of `<pname>` separated
-by colons.
-
-    <hierarchical-name> ::= <pname> 0*(":" <pname>)
-
-The names at left are hierarchically grouping the
-names at right.  
-This hierarchical behaviour is intended to
-be used to request permissions using hierarchical grouping.
-
-## Permission value
-
-In some case, it could be worth to add a value to a permission.
-
-Currently, the framework allows it for permissions linked to
-systemd.  
-But this not currently used.
-
-Conversely, permissions linked to cynara can't carry data
-except in their name.
-
-Thus to have a simple and cleaner model, it is better to forbid
-attachment of value to permission.
-
-## Example of permissions
-
-Here is a list of some possible permissions.  
-These permissions are available the 21th of May 2019.
-
-- urn:AGL:permission::platform:no-oom  
-  Set OOMScoreAdjust=-500 to keep the out-of-memory
-  killer away.
-- urn:AGL:permission::partner:real-time  
-  Set IOSchedulingClass=realtime to give to the process
-  realtime scheduling.  
-  Conversely, not having this permission set RestrictRealtime=on
-  to forbid realtime features.
-- urn:AGL:permission::public:display  
-  Adds the group "display" to the list of supplementary groups
-  of the process.
-- urn:AGL:permission::public:syscall:clock  
-  Without this permission SystemCallFilter=~@clock is set to
-  forfid call to clock.
-- urn:AGL:permission::public:no-htdocs  
-  The http directory served is not "htdocs" but "."
-- urn:AGL:permission::public:applications:read  
-  Allows to read data of installed applications (and to
-  access icons).
-- urn:AGL:permission::partner:service:no-ws  
-  Forbids services to provide its API through websocket.
-- urn:AGL:permission::partner:service:no-dbus  
-  Forbids services to provide its API through D-Bus.
-- urn:AGL:permission::system:run-by-default  
-  Starts automatically the application. Example: home-screen.
-- urn:AGL:permission::partner:scope-platform
-  Install the service at the scope of the platform.
-- urn:AGL:permission::system:capability:keep-all
-  Keep all capabilities for the service. Note that implementing
-  that permission is not mandatory or can be adapted for the given
-  system.
-- <http://tizen.org/privilege/internal/dbus>
-  Permission to use D-Bus.
-
-[URN]: https://tools.ietf.org/rfc/rfc2141.txt "RFC 2141: URN Syntax"