Security and API Privileges
To effectively protect the device system and user private data, the Tizen security architecture is based on privileges and application signing of the Linux basic security model, which includes process isolation and mandatory access control. Since Tizen, as an open mobile platform, provides a wide range of features and experiences for users with a variety of applications, the users must be able to grant privileges for security-sensitive operations.
Tizen provides API-level access control for security-sensitive operations which, if not used correctly, can harm user privacy and system stability. Therefore, applications that use such sensitive APIs must declare the required privileges in the manifest.xml file. Privileges have a level according to their hierarchy. The public level is the minimum privilege level, and any application developed by using the SDK can use these privileges. The platform level is the highest privilege level, and an application that needs theses privileges requires a platform-signed certificate.
If an application invokes a privileged API, the Tizen system checks whether the privilege is present in the manifest.xml file. If the privilege is not present in the file, the system prohibits the application execution.
The Tizen IDE also provides privilege checker tools to check whether the Tizen application source code contains any privilege violations. For more information, see API and Privilege Checker.
The following tables list the API privileges, which you must to declare when using security-sensitive API modules.
| Privilege | Level | Display name | Description |
|---|---|---|---|
http://tizen.org/privilege/account.read |
public |
Reading accounts |
The application can read accounts. |
http://tizen.org/privilege/account.write |
public |
Managing accounts |
The application can create, edit, and delete accounts. |
http://tizen.org/privilege/alarm.get |
public |
Retrieving alarms |
The application can read information about the saved alarms. |
http://tizen.org/privilege/alarm.set |
public |
Setting alarms |
The application can set alarms and wake the device up at scheduled times. |
http://tizen.org/privilege/appmanager.kill |
platform |
Closing applications |
The application can close other applications.. |
http://tizen.org/privilege/appmanager.launch |
public |
Launching application |
The application can open other applications. |
http://tizen.org/privilege/bluetooth |
public |
Using unrestricted Bluetooth services |
The application can perform unrestricted actions using Bluetooth, such as scanning for and connecting to other devices. |
http://tizen.org/privilege/bluetooth.admin |
platform |
Changing Bluetooth settings |
The application can change Bluetooth settings, such as turning Bluetooth on or off, set the device name, and enable or disable the AV remote control. |
http://tizen.org/privilege/bookmark.admin |
platform |
Accessing Internet bookmarks |
The application can retrieve, create, edit, and delete Internet bookmarks. |
http://tizen.org/privilege/calendar.read |
public |
Reading calendar |
The application can read events and tasks. |
http://tizen.org/privilege/calendar.write |
public |
Managing calendar |
The application can create, update, and delete events and tasks. |
http://tizen.org/privilege/call |
public |
Making phone calls |
The application can make phone calls to numbers when they are tapped without further confirmation. |
http://tizen.org/privilege/callhistory.read |
public |
Reading call logs |
The application can read call log items. |
http://tizen.org/privilege/callhistory.write |
public |
Managing call logs |
The application can create, update, and delete call log items. |
http://tizen.org/privilege/camera |
public |
Using camera |
The application can take and preview pictures. |
http://tizen.org/privilege/contact.read |
public |
Reading contacts |
The application can read your profile, contacts, and contact history. Contact history can include social network activity. |
http://tizen.org/privilege/contact.write |
public |
Managing contacts |
The application can create, update, and delete your profile, contacts, and any contact history that is related to this application. The contact history can include social network activity. |
http://tizen.org/privilege/content.write |
public |
Managing content |
The application can change media information. This information can be used by other applications. |
http://tizen.org/privilege/datasharing |
public |
Sharing data between applications |
The application can share data with other applications. |
http://tizen.org/privilege/display |
public |
Managing display settings |
The application can manage display settings, such as the brightness. This can increase battery consumption. |
http://tizen.org/privilege/download |
public |
Downloading through HTTP |
The application can manage HTTP downloads. This can result in additional charges depending on the user's payment plan. |
http://tizen.org/privilege/email |
public |
Managing email accounts, mailboxes, and emails |
The application can manage your email accounts, including your folders and emails. |
http://tizen.org/privilege/email.admin |
platform |
Managing email configurations |
The application can manage the email application settings. |
http://tizen.org/privilege/haptic |
public |
Managing vibration feedback |
The application can control vibration feedback. |
http://tizen.org/privilege/healthinfo |
public |
Reading health information |
The application can read health information gathered by the device sensors, such as the pedometer and heart rate monitor. |
http://tizen.org/privilege/keymanager |
public |
Using secure repository |
The application can save keys, certificates, and data to, and retrieve and delete them from password-protected storage. |
http://tizen.org/privilege/keymanager.admin |
platform |
Locking/unlocking secure repository |
The application can lock and unlock a password-protected storage, and manage password changes for it. |
http://tizen.org/privilege/led |
public |
Managing LEDs |
The application can turn LEDs on or off, such as the LED on the front of the device and the camera flash. |
http://tizen.org/privilege/location |
public |
Using user location |
The application can read your location information. |
http://tizen.org/privilege/location.enable |
platform |
Managing location settings |
The application can control your location service settings. |
http://tizen.org/privilege/message.read |
public |
Reading text and multimedia messages and related information |
The application can read text and multimedia messages, and any information related to them. |
http://tizen.org/privilege/message.write |
public |
Sending text and multimedia messages and updating their statuses |
The application can write, send, delete, and move text and multimedia messages, and change the settings and statuses of the messages, such as read or unread. |
http://tizen.org/privilege/network.get |
public |
Reading network information |
The application can retrieve network information such as the status of each network, its type, and detailed network profile information. |
http://tizen.org/privilege/network.profile |
public |
Managing network profiles |
The application can add, remove, and edit network profiles. |
http://tizen.org/privilege/network.set |
public |
Managing network connections |
The application can turn Wi-Fi on and off, and connect to and disconnect from Wi-Fi and mobile networks. |
http://tizen.org/privilege/nfc |
public |
Using basic NFC services |
The application can read and write NFC tag information, and send NFC messages to other devices. |
http://tizen.org/privilege/nfc.admin |
platform |
Managing NFC general settings |
The application can change NFC settings, such as turning NFC on or off. |
http://tizen.org/privilege/nfc.cardemulation |
public |
Using NFC card emulation mode |
The application can access smart card details, such as credit card details, and allow users to make payments via NFC. |
http://tizen.org/privilege/notification |
public |
Providing notifications |
The application can show and hide its own notifications and badges. |
http://tizen.org/privilege/packagemanager.admin |
platform |
Installing/and uninstalling application packages and clearing caches |
The application can install and uninstall application packages, and clear application caches. |
http://tizen.org/privilege/packagemanager.info |
public |
Retrieving detailed package information |
The application can retrieve detailed application package information. |
http://tizen.org/privilege/power |
public |
Managing power |
The application can control power-related settings, such as dimming the screen. |
http://tizen.org/privilege/push |
public |
Receiving push notifications |
The application can receive notifications from the Internet. |
http://tizen.org/privilege/reboot |
platform |
Restarting device |
The application can restart the device. |
http://tizen.org/privilege/recorder |
public |
Recording video and audio |
The application can record video and audio. |
http://tizen.org/privilege/screenshot |
platform |
Capturing device screen |
The application can capture screenshots. |
http://tizen.org/privilege/secureelement |
public |
Accessing secure elements |
The application can access secure smart card chips, such as UICC/SIM, embedded secure elements, and secure SD cards. |
http://tizen.org/privilege/shortcut |
public |
Managing shortcuts |
The application can create and delete shortcuts. |
http://tizen.org/privilege/systemsettings |
public |
Managing unrestricted system settings |
The application can read and write unrestricted system settings. Deprecated since 2.3.1. |
http://tizen.org/privilege/systemsettings.admin |
platform |
Managing all system settings |
The application can read and write all system settings. |
http://tizen.org/privilege/telephony |
public |
Accessing telephony information |
The application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the statuses of calls. |
http://tizen.org/privilege/telephony.admin |
platform |
Managing telephony settings |
The application can manage telephony settings, such as those for incoming and outgoing calls, forwarding and holding calls, networks, and SIM cards. |
http://tizen.org/privilege/tethering.admin |
platform |
Accessing tethering services |
The application can enable and disable tethering services. |
http://tizen.org/privilege/volume.set |
public |
Adjusting volume |
The application can adjust the volume for different features, such as notification alerts, ringtones, and media. |
http://tizen.org/privilege/web-history.admin |
platform |
Managing Internet history |
The application can manage your Internet history. |
http://tizen.org/privilege/widget.viewer |
public |
Showing widgets |
The application can show widgets, and information from their associated applications, on the home screen. |
http://tizen.org/privilege/wifidirect |
public |
Managing Wi-Fi Direct information |
The application can enable and disable Wi-Fi Direct, manage Wi-Fi Direct connections, and change Wi-Fi Direct settings. |
http://tizen.org/privilege/window.priority.set |
public |
Displaying windows on top of other applications and screen |
The application can appear on top of other windows and screens, including the lock screen, according to the order of priority of the windows. This may prevent you from interacting with other applications or screens until the window for the application is closed. |
| Privilege | Level | Display name | Description |
|---|---|---|---|
http://tizen.org/privilege/alarm.get |
public |
Retrieving alarms |
The application can read information about the saved alarms. |
http://tizen.org/privilege/alarm.set |
public |
Setting alarms |
The application can set alarms and wake the device up at scheduled times. |
http://tizen.org/privilege/appmanager.kill |
platform |
Closing applications |
The application can close other applications. |
http://tizen.org/privilege/appmanager.launch |
public |
Launching application |
The application can open other applications. |
http://tizen.org/privilege/bluetooth |
public |
Using unrestricted Bluetooth services |
The application can perform unrestricted actions using Bluetooth, such as scanning for and connecting to other devices. |
http://tizen.org/privilege/bluetooth.admin |
platform |
Changing Bluetooth settings |
The application can change Bluetooth settings, such as turning Bluetooth on or off, set the device name, and enable or disable the AV remote control. |
http://tizen.org/privilege/call |
public |
Making phone calls |
The application can make phone calls to numbers when they are tapped without further confirmation. |
http://tizen.org/privilege/callhistory.read |
public |
Reading call logs |
The application can read call log items. |
http://tizen.org/privilege/callhistory.write |
public |
Managing call logs |
The application can create, update, and delete call log items. |
http://tizen.org/privilege/camera |
public |
Using camera |
The application can take and preview pictures. |
http://tizen.org/privilege/content.write |
public |
Managing content |
The application can change media information. This information can be used by other applications. |
http://tizen.org/privilege/datasharing |
public |
Sharing data between applications |
The application can share data with other applications. |
http://tizen.org/privilege/display |
public |
Managing display settings |
The application can manage display settings, such as the brightness. This can increase battery consumption. |
http://tizen.org/privilege/download |
public |
Downloading through HTTP |
The application can manage HTTP downloads. This can result in additional charges depending on the user's payment plan. |
http://tizen.org/privilege/haptic |
public |
Managing vibration feedback |
The application can control vibration feedback. |
http://tizen.org/privilege/healthinfo |
public |
Reading health information |
The application can read health information gathered by the device sensors, such as the pedometer and heart rate monitor. |
http://tizen.org/privilege/keymanager |
public |
Using secure repository |
The application can save keys, certificates, and data to, and retrieve and delete them from password-protected storage. |
http://tizen.org/privilege/keymanager.admin |
platform |
Locking/unlocking secure repository |
The application can lock and unlock a password-protected storage, and manage password changes for it. |
http://tizen.org/privilege/led |
public |
Managing LEDs |
The application can turn LEDs on or off, such as the LED on the front of the device and the camera flash. |
http://tizen.org/privilege/location |
public |
Using user location |
The application can read your location information. |
http://tizen.org/privilege/location.enable |
platform |
Managing location settings |
The application can control your location service settings. |
http://tizen.org/privilege/message.read |
public |
Reading text and multimedia messages and related information |
The application can read text and multimedia messages, and any information related to them. |
http://tizen.org/privilege/message.write |
public |
Sending text and multimedia messages and updating their statuses |
The application can write, send, delete, and move text and multimedia messages, and change the settings and statuses of the messages, such as read or unread. |
http://tizen.org/privilege/network.get |
public |
Reading network information |
The application can retrieve network information such as the status of each network, its type, and detailed network profile information. |
http://tizen.org/privilege/network.profile |
public |
Managing network profiles |
The application can add, remove, and edit network profiles. |
http://tizen.org/privilege/network.set |
public |
Managing network connections |
The application can turn Wi-Fi on and off, and connect to and disconnect from Wi-Fi and mobile networks. |
|
http://tizen.org/privilege/nfc |
public |
Using basic NFC services |
The application can read and write NFC tag information, and send NFC messages to other devices. |
http://tizen.org/privilege/nfc.admin |
platform |
Managing NFC general settings |
The application can change NFC settings, such as turning NFC on or off. |
http://tizen.org/privilege/nfc.cardemulation |
public |
Using NFC card emulation mode |
The application can access smart card details, such as credit card details, and allow users to make payments via NFC. |
http://tizen.org/privilege/notification |
public |
Providing notifications |
The application can show and hide its own notifications and badges. |
http://tizen.org/privilege/packagemanager.admin |
platform |
Installing/uninstalling application packages and clearing caches |
The application can install and uninstall application packages, and clear application caches. |
http://tizen.org/privilege/packagemanager.info |
public |
Retrieving detailed package information |
The application can retrieve detailed application package information. |
http://tizen.org/privilege/power |
public |
Managing power |
The application can control power-related settings, such as dimming the screen. |
http://tizen.org/privilege/push |
public |
Receiving push notifications |
The application can receive notifications from the Internet. |
http://tizen.org/privilege/reboot |
platform |
Restarting device |
The application can restart the device. |
http://tizen.org/privilege/recorder |
public |
Recording video and audio |
The application can record video and audio. |
http://tizen.org/privilege/screenshot |
platform |
Capturing device screen |
The application can capture screenshots. |
http://tizen.org/privilege/secureelement |
public |
Accessing secure elements |
The application can access secure smart card chips, such as UICC/SIM, embedded secure elements, and secure SD cards. |
http://tizen.org/privilege/systemsettings.admin |
platform |
Managing all system settings |
The application can read and write all system settings. |
http://tizen.org/privilege/telephony |
public |
Accessing telephony information |
The application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the statuses of calls. |
http://tizen.org/privilege/telephony.admin |
platform |
Managing telephony settings |
The application can manage telephony settings, such as those for incoming and outgoing calls, forwarding and holding calls, networks, and SIM cards. |
http://tizen.org/privilege/volume.set |
public |
Adjusting volume |
The application can adjust the volume for different features, such as notification alerts, ringtones, and media. |
http://tizen.org/privilege/widget.viewer |
public |
Showing widgets |
The application can show widgets, and information from their associated applications, on the home screen. |
http://tizen.org/privilege/window.priority.set |
public |
Displaying windows on top of other applications and screen |
The application can appear on top of other windows and screens, including the lock screen, according to the order of priority of the windows. This may prevent you from interacting with other applications or screens until the window for the application is closed. |
Non-API Bound Privileges
Tizen application privileges are loosely bound to APIs, so most of the privileges can be identified by the APIs that the application calls. However, there are some privileges that are not coupled with the Tizen APIs. To allow easy identification, those privileges are mapped to corresponding system resources - same as other privileges.
The following table lists the non-API bound privileges.
| Privilege | Level | Display name | Description |
|---|---|---|---|
http://tizen.org/privilege/internet |
public |
Internet |
Most of the mobile and wearable devices use a cellular network for IP communication. However, the cellular network can cause data costs and an application that sends data through the Internet can be crucial for user privacy. Due to the importance of the functionality, a privilege for controlling application Internet access has been added. The new privilege is coupled with IP addresses of the destination and source of the IP packets. If your socket is connecting to or listening for any IP address except 127.0.0.1, this privilege is required to communicate properly. If your application does not have this privilege, the connection is blocked in the kernel layer and returns an error in the connect() function as the permission is denied. If you are listening to a socket, you never receive any packets from the outside without errors on the socket functions. If you are using the listen() and connect() functions between the local loopback interface (127.0.0.1), you cannot connect to a random application (due to sandboxing) no matter how you add this privilege. However, you can connect between multiple processes of the same application binary. |
http://tizen.org/privilege/mediastorage |
public |
Media storage |
When you connect the device to a computer (Windows or Mac) through USB, you can access a dedicated media storage area shown as massive media storage. This region of the storage is called media storage and is usually used for multimedia files, such as photos, videos, and music files. Since this storage area is used for user private data, access to it must be protected with a privilege. If your application does not have this privilege, no file operations into the media storage area succeed and you receive a permission denied error. If you have this privilege, you can read and write directories and files, create new files, and delete files in the storage area. |
http://tizen.org/privilege/externalstorage |
public |
External storage |
Similar to the media storage, many devices support external storages, such as MicroSD card or USB memory. As with the media storage, the access to an external storage must be protected with a privilege. You can find the absolute path of the external storage with the Storage API functions, such as storage_get_root_directory(). If your application does not have this privilege, all file operations fail with a permission denied error. If you have this privilege, you have full access to the external storage. |
http://tizen.org/privilege/externalstorage.appdata |
public |
External storage application data |
Many devices support external storages, such as MicroSD card or USB memory. As with the media storage, the access to an external storage must be protected with a privilege. If your application does not have this privilege, no file operations with the application data stored in the external storage area succeed and you receive a permission denied error. If you have this privilege, you can store data in the application-specific directory of the external storage. You can find the path for storing data in the external storage with, for example, the app_get_external_data_path(), app_get_external_cache_path(), and app_get_external_shared_data_path() functions. |
