Security and API Privileges
To effectively protect the device system and user private data, the Tizen security architecture is based on privileges and application signing of the Linux basic security model, which includes process isolation and mandatory access control. Since Tizen, as an open mobile platform, provides a wide range of features and experiences for users with a variety of applications, the users must be able to grant privileges for security-sensitive operations.
Tizen provides API-level access control for security-sensitive operations which, if not used correctly, can harm user privacy and system stability. Therefore, applications that use such sensitive APIs must declare the required privileges in the config.xml file.
If an application invokes a privileged API, the Tizen system checks whether the privilege is present in the config.xml file. If the privilege is not present in the file, the system prohibits the application execution.
The Tizen IDE also provides privilege checker tools to check whether the Tizen application source code contains any privilege violations. For more information, see Privilege Checker.
The following tables list the API privileges, which you must to declare when using security-sensitive API modules.
| Privilege | Level | Display name | Description |
|---|---|---|---|
| http://tizen.org/privilege/account.read | public | Reading accounts | The application can read accounts. |
| http://tizen.org/privilege/account.write | public | Managing accounts | The application can create, edit, and delete accounts. |
| http://tizen.org/privilege/alarm | public | Setting alarms | The application can set alarms and wake up the device at scheduled times. |
| http://tizen.org/privilege/application.info | public | Retrieving application information | The application can retrieve information related to other applications. |
| http://tizen.org/privilege/application.launch | public | Opening applications | The application can open other applications using the application ID or application control. |
| http://tizen.org/privilege/appmanager.certificate | partner | Getting application certificates | The application can retrieve specified application certificates. |
| http://tizen.org/privilege/appmanager.kill | partner | Closing applications | The application can close other applications. |
| http://tizen.org/privilege/bluetooth | public | Using unrestricted Bluetooth services | The application can perform unrestricted actions using Bluetooth, such as scanning for and connecting to other devices. |
| http://tizen.org/privilege/bluetooth.admin | public | Managing Bluetooth general settings | The application can change Bluetooth settings, such as turning Bluetooth on or off and setting the device name. Deprecated since 2.4. Use http://tizen.org/privilege/bluetooth instead. |
| http://tizen.org/privilege/bluetooth.gap | public | Using Bluetooth GAP | The application can use the Bluetooth Generic Access Profile (GAP) to, for example, scan for and pair with devices. Deprecated since 2.4. Use http://tizen.org/privilege/bluetooth instead. |
| http://tizen.org/privilege/bluetooth.health | public | Using Bluetooth HDP | The application can use the Bluetooth Health Device Profile (HDP) to, for example, send health information. Deprecated since 2.4. Use http://tizen.org/privilege/bluetooth instead. |
| http://tizen.org/privilege/bluetooth.spp | public | Using Bluetooth SPP | The application can use the Bluetooth Serial Port Profile (SPP) to, for example, send serial data. Deprecated since 2.4. Use http://tizen.org/privilege/bluetooth instead. |
| http://tizen.org/privilege/bluetoothmanager | platform | Managing Bluetooth system settings | The application can change Bluetooth system settings related to privacy and security, such as the visibility mode. |
| http://tizen.org/privilege/bookmark.read | platform | Reading bookmarks | The application can read bookmarks. |
| http://tizen.org/privilege/bookmark.write | platform | Managing bookmarks | The application can create, edit, and delete bookmarks. |
| http://tizen.org/privilege/calendar.read | public | Reading calendar | The application can read events and tasks. |
| http://tizen.org/privilege/calendar.write | public | Managing calendar | The application can create, update, and delete events and tasks. |
| http://tizen.org/privilege/call | public | Making phone calls | The application can make phone calls to numbers when they are tapped without further confirmation. |
| http://tizen.org/privilege/callhistory.read | public | Reading call logs | The application can read call log items. |
| http://tizen.org/privilege/callhistory.write | public | Managing call logs | The application can create, update, and delete call log items. |
| http://tizen.org/privilege/contact.read | public | Reading contacts | The application can read your profile, contacts, and contact history. Contact history can include social network activity. |
| http://tizen.org/privilege/contact.write | public | Managing contacts | The application can create, update, and delete your profile, contacts, and any contact history that is related to this application. Contact history can include social network activity. |
| http://tizen.org/privilege/content.read | public | Reading contents | The application can read media content information. |
| http://tizen.org/privilege/content.write | public | Managing contents | The application can create, update, and delete media content information. |
| http://tizen.org/privilege/datacontrol.consumer | public | Accessing exported data | The application can read data exported by data control providers. |
| http://tizen.org/privilege/datasync | public | Syncing device data | The application can synchronize device data, such as contacts and calendar events, using the OMA DS 1.2 protocol. |
| http://tizen.org/privilege/download | public | Downloading via HTTP | The application can manage HTTP downloads. |
| http://tizen.org/privilege/filesystem.read | public | Reading file systems | The application can read file systems. |
| http://tizen.org/privilege/filesystem.write | public | Writing to file systems | The application can write to file systems. |
| http://tizen.org/privilege/healthinfo | public | Reading health related information | The application can read the user's health information gathered by device sensors, such as pedometer or heart rate monitor. |
| http://tizen.org/privilege/ime | public | Providing input methods | The application can provide users with a way to enter characters and symbols into an associated text field. |
| http://tizen.org/privilege/led | public | Managing LEDs | The application can turn LEDs on or off, such as the LED on the front of the device and the camera flash. |
| http://tizen.org/privilege/location | public | Using user location | The application can read the user's location information. |
| http://tizen.org/privilege/mediacontroller.client | public | Controlling media player | The application can receive information about currently playing media from applications that are allowed to send it, and can control those applications remotely. |
| http://tizen.org/privilege/mediacontroller.server | public | Accepting remote controls | The application can send information about currently playing media to applications that are allowed to receive it, and can be controlled remotely by those applications. |
| http://tizen.org/privilege/messaging.read | public | Accessing messages | The application can retrieve messages from message boxes or receive messages. |
| http://tizen.org/privilege/messaging.write | public | Writing messages | The application can write, send, sync, and remove text messages, multimedia messages, and emails. |
| http://tizen.org/privilege/networkbearerselection | partner | Selecting network connection | The application can request and release a specific network connection. |
| http://tizen.org/privilege/nfc.admin | public | Managing NFC general settings | The application can change NFC settings, such as turning NFC on or off. |
| http://tizen.org/privilege/nfc.cardemulation | public | Using NFC card emulation mode | The application can access smart card details, such as credit card details, and allow users to make payments via NFC. |
| http://tizen.org/privilege/nfc.common | public | Using NFC common features | The application can use NFC common features. |
| http://tizen.org/privilege/nfc.p2p | public | Pushing NFC messages | The application can push NFC messages to other devices. |
| http://tizen.org/privilege/nfc.tag | public | Reading/writing to NFC tags | The application can read and write NFC tag information. |
| http://tizen.org/privilege/notification | public | Providing notifications | The application can show and hide its own notifications and badges. |
| http://tizen.org/privilege/package.info | public | Receiving package information | The application can retrieve information about installed packages. |
| http://tizen.org/privilege/packagemanager.install | platform | Managing packages | The application can install or uninstall application packages. |
| http://tizen.org/privilege/power | public | Managing power | The application can control power-related settings, such as dimming the screen. |
| http://tizen.org/privilege/push | public | Receiving push notifications | The application can receive notifications from the Internet. |
| http://tizen.org/privilege/secureelement | public | Accessing secure elements | The application can access secure smart card chips, such as UICC/SIM, embedded secure elements, and secure SD cards. |
| http://tizen.org/privilege/setting | public | Accessing user settings | The application can change and read user settings. |
| http://tizen.org/privilege/system | public | Reading system information | The application can read system information. |
| http://tizen.org/privilege/systemmanager | partner | Reading secure system information | The application can read secure system information. Deprecated since 2.3.1. Use http://tizen.org/privilege/telephony instead. |
| http://tizen.org/privilege/telephony | public | Accessing telephony information | The application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the statuses of calls. |
| http://tizen.org/privilege/volume.set | public | Adjusting volume | The application can adjust the volume for different features, such as notification alerts, ringtones, and media. |
| http://tizen.org/privilege/websetting | public | Managing web application settings | The application can change its Web application settings, including deleting cookies. Deprecated since 2.4. |
| Privilege | Level | Description |
|---|---|---|
| http://tizen.org/privilege/internet | public | The application can access the Internet using the WebSocket, XMLHttpRequest Level 2, Server-Sent Events, HTML5 Application caches, and Cross-Origin Resource Sharing APIs. |
| http://tizen.org/privilege/mediacapture | public | The application can manipulate streams from cameras and microphones using the getUserMedia API.
Privilege behavior:
|
| http://tizen.org/privilege/unlimitedstorage | public | The application can use the storage with unlimited size with the File API: Directories and System, File API: Writer, Indexed Database, and Web SQL Database APIs.
Privilege behavior:
|
| http://tizen.org/privilege/notification | public | The application can display simple notifications using the Web Notifications API.
Privilege behavior:
|
| http://tizen.org/privilege/location | public | The application can access geographic locations using the Geolocation API.
Privilege behavior:
|
| Privilege | Level | Description |
|---|---|---|
| http://tizen.org/privilege/fullscreen | public | The application can display in the full-screen mode using the FullScreen API - Mozilla API.
Privilege behavior:
|
| Privilege | Level | Display name | Description |
|---|---|---|---|
| http://tizen.org/privilege/alarm | public | Setting alarms | The application can set alarms and wake up the device at scheduled times. |
| http://tizen.org/privilege/application.info | public | Retrieving application information | The application can retrieve information related to other applications. |
| http://tizen.org/privilege/application.launch | public | Opening applications | The application can open other applications using the application ID or application control. |
| http://tizen.org/privilege/appmanager.certificate | partner | Getting application certificates | The application can retrieve specified application certificates. |
| http://tizen.org/privilege/appmanager.kill | partner | Closing applications | The application can close other applications. |
| http://tizen.org/privilege/bluetooth | public | Using unrestricted Bluetooth services | The application can perform unrestricted actions using Bluetooth, such as scanning for and connecting to other devices. |
| http://tizen.org/privilege/bluetooth.admin | public | Managing Bluetooth general settings | The application can change Bluetooth settings, such as turning Bluetooth on or off and setting the device name. Deprecated since 2.4. Use http://tizen.org/privilege/bluetooth instead. |
| http://tizen.org/privilege/bluetooth.gap | public | Using Bluetooth GAP | The application can use the Bluetooth Generic Access Profile (GAP) to, for example, scan for and pair with devices. Deprecated since 2.4. Use http://tizen.org/privilege/bluetooth instead. |
| http://tizen.org/privilege/bluetooth.health | public | Using Bluetooth HDP | The application can use the Bluetooth Health Device Profile (HDP) to, for example, send health information. Deprecated since 2.4. Use http://tizen.org/privilege/bluetooth instead. |
| http://tizen.org/privilege/bluetooth.spp | public | Using Bluetooth SPP | The application can use the Bluetooth Serial Port Profile (SPP) to, for example, send serial data. Deprecated since 2.4. Use http://tizen.org/privilege/bluetooth instead. |
| http://tizen.org/privilege/bluetoothmanager | platform | Managing Bluetooth system settings | The application can change Bluetooth system settings related to privacy and security, such as the visibility mode. |
| http://tizen.org/privilege/call | public | Making phone calls | The application can make phone calls to numbers when they are tapped without further confirmation. |
| http://tizen.org/privilege/content.read | public | Reading contents | The application can read media content information. |
| http://tizen.org/privilege/content.write | public | Managing contents | The application can create, update, and delete media content information. |
| http://tizen.org/privilege/download | public | Downloading via HTTP | The application can manage HTTP downloads. |
| http://tizen.org/privilege/filesystem.read | public | Reading file systems | The application can read file systems. |
| http://tizen.org/privilege/filesystem.write | public | Writing to file systems | The application can write to file systems. |
| http://tizen.org/privilege/healthinfo | public | Reading health related information | The application can read the user's health information gathered by device sensors, such as pedometer or heart rate monitor. |
| http://tizen.org/privilege/ime | public | Providing input methods | The application can provide users with a way to enter characters and symbols into an associated text field. |
| http://tizen.org/privilege/location | public | Using user location | The application can read the user's location information. |
| http://tizen.org/privilege/mediacontroller.client | public | Controlling media player | The application can receive information about currently playing media from applications that are allowed to send it, and can control those applications remotely. |
| http://tizen.org/privilege/mediacontroller.server | public | Accepting remote controls | The application can send information about currently playing media to applications that are allowed to receive it, and can be controlled remotely by those applications. |
| http://tizen.org/privilege/nfc.admin | public | Managing NFC general settings | The application can change NFC settings, such as turning NFC on or off. |
| http://tizen.org/privilege/nfc.cardemulation | public | Using NFC card emulation mode | The application can access smart card details, such as credit card details, and allow users to make payments via NFC. |
| http://tizen.org/privilege/nfc.common | public | Using NFC common features | The application can use NFC common features. |
| http://tizen.org/privilege/nfc.p2p | public | Pushing NFC messages | The application can push NFC messages to other devices. |
| http://tizen.org/privilege/nfc.tag | public | Reading/writing to NFC tags | The application can read and write NFC tag information. |
| http://tizen.org/privilege/notification | public | Providing notifications | The application can show and hide its own notifications and badges. |
| http://tizen.org/privilege/package.info | public | Receiving package information | The application can retrieve information about installed packages. |
| http://tizen.org/privilege/packagemanager.install | platform | Managing packages | The application can install or uninstall application packages. |
| http://tizen.org/privilege/power | public | Managing power | The application can control power-related settings, such as dimming the screen. |
| http://tizen.org/privilege/push | public | Receiving push notifications | The application can receive notifications from the Internet. |
| http://tizen.org/privilege/secureelement | public | Accessing secure elements | The application can access secure smart card chips, such as UICC/SIM, embedded secure elements, and secure SD cards. |
| http://tizen.org/privilege/setting | public | Accessing user settings | The application can change and read user settings. |
| http://tizen.org/privilege/system | public | Reading system information | The application can read system information. |
| http://tizen.org/privilege/systemmanager | partner | Reading secure system information | The application can read secure system information. Deprecated since 2.3.1. Use http://tizen.org/privilege/telephony instead. |
| http://tizen.org/privilege/telephony | public | Accessing telephony information | The application can retrieve telephony information, such as the network and SIM card used, the IMEI, and the statuses of calls. |
| http://tizen.org/privilege/volume.set | public | Adjusting volume | The application can adjust the volume for different features, such as notification alerts, ringtones, and media. |
| Privilege | Level | Description |
|---|---|---|
| http://tizen.org/privilege/internet | public | The application can access the Internet using the WebSocket, XMLHttpRequest Level 1, and Cross-Origin Resource Sharing APIs. |
| http://tizen.org/privilege/mediacapture | public | The application can manipulate streams from cameras and microphones using the getUserMedia API.
Privilege behavior:
|
| http://tizen.org/privilege/unlimitedstorage | public | The application can use the storage with unlimited size with the Indexed Database API.
Privilege behavior:
|
| http://tizen.org/privilege/location | public | The application can access geographic locations using the Geolocation API.
Privilege behavior:
|
| Privilege | Level | Description |
|---|---|---|
| http://tizen.org/privilege/camera | public | The application can capture video and image on a target device using the Camera API (Tizen Extension) (Video Recording and Image Capture) API.
Privilege behavior:
|
| http://tizen.org/privilege/audiorecorder | public | The application can record an audio stream on a target device using the Camera API (Tizen Extension) (Audio Recording) API.
Privilege behavior:
|
