Adding Privileges and Permissions
adding privileges and permissions importantdue to nacl deprecation by the chromium project, tizen tv will continue its support for nacl only until 2021-year products meanwhile, tizen tv will start focusing on high-performance, cross-browser webassembly from 2020-year products this topic describes how to add tizen privileges and ppapi permissions to a native client project in the tizen studio, and lists the tizen privileges corresponding to ppapi permissions related info security and api privileges tizen privilege some samsung product and tizen api modules can perform security-sensitive operations which, if not used correctly, can harm user privacy and system stability applications that use these sensitive apis must declare the required privileges in the "config xml" file privileges are categorized into public, partner, and platform levels the public level is the minimum privilege level, which means that any application developed using the tizen studio can use these privileges the partner level privileges require at least a partner-signed certificate, which is granted to developers who have a business relationship with the vendor the platform level is the highest privilege level, and an application that needs these privileges requires at least a platform-signed certificate, which is granted to vendor developers for more information about tizen privileges, see security and api privileges and tizen privilege in tizen applications, native client nacl modules using security-sensitive ppapi interfaces must also declare permissions in its " nmf" manifest file some ppapi permissions correspond to tizen privileges, since they grant access to the same resources consequently, both the ppapi permissions and the corresponding tizen privileges must be declared adding privileges when you build a nacl project in the tizen studio, the "config xml" and <projectname> nmf configuration files are generated automatically the tizen studio detects and adds privileges based on the included interface headers in the source code it maps the privileges to ppapi permissions, and includes them in the generated <projectname> nmf configuration file however, privileges required by header files outside the project must be added separately when you add tizen privileges to the project in the tizen studio, the equivalent ppapi permissions are automatically added to the <projectname> nmf configuration file warningbe careful when modifying the "config xml" and <projectname> nmf files directly to add tizen privileges to the project in the "project explorer" view, right-click the project name, and select "properties" in the side menu, select "tizen studio > tizen privileges" select the desired privileges from the list, and click "apply" to close the dialog, click "apply and close" the project automatically rebuilds to verify that the ppapi permissions were added, open the currentbin/<projectname> nmf file for example, if you added the "http //tizen org/privilege/filesystem write" privilege, the output " nmf" file contains the following ppapi permissions "permissions" [ "ppb_fileio", "ppb_fileio_private", "ppb_fileref", "ppb_filesystem", "ppb_removablestorage_dev" ], tizen privileges corresponding to ppapi permissions the following table maps ppapi permissions to the tizen privileges that must be added in the tizen studio the ppapi permission name is the same as the interface using it interfaces that do not require permissions are not listed noteif a ppapi permission corresponds to more than 1 tizen privilege, you must add all the corresponding privileges ppapi permission tizen privilege privilege level tizen version support 2 2 1 2 4 3 0 4 0 ppb_audioinput_dev http //developer samsung com/privilege/audiorecorder public yes yes yes yes http //tizen org/privilege/mediacapture ppb_devicecontrol_samsung http //developer samsung com/privilege/epg ppb_fileio http //tizen org/privilege/filesystem write ppb_fileio_private ppb_fileref ppb_filesystem ppb_fullscreen http //tizen org/privilege/fullscreen ppb_networkmonitor http //developer samsung com/privilege/network public ppb_programschedule_samsung http //developer samsung com/privilege/epg no no ppb_removablestorage_dev http //tizen org/privilege/filesystem write ppb_sefclient_samsung http //tizen org/privilege/systemmanager partner no ppb_servicelist_samsung http //developer samsung com/privilege/epg public yes ppb_systeminfo http //tizen org/privilege/system yes yes ppb_videocapture_dev http //tizen org/privilege/mediacapture table 1 ppapi permissions and corresponding tizen privileges other useful tizen privileges the following table lists other application features that require tizen privileges the listed privileges are supported since tizen 2 2 1 feature tizen privilege privilege level drm information retrieval http //developer samsung com/privilege/drminfo partner drm-protected content playback http //developer samsung com/privilege/drmplay public filesystem access http //tizen org/privilege/unlimitedstorage internet access http //tizen org/privilege/internet remote control http //tizen org/privilege/tv inputdevice table 2 useful tizen privileges