1 <?xml version="1.0" encoding="ISO-8859-1" ?> 

     2 <policy>

     3 <!--  an alias groups a set of capabilities under one name 

     4 --> 

     5         <alias name="UserDataGroup">

     6                 <info>This can contain info which can be displayed with capabilities while prompting</info> 

     7                 <capabilities>

     8                         <capability>ReadUserData</capability> 

     9                         <capability>WriteUserData</capability> 

    10                         <capability>Location</capability> 

    11                         <capability>UserEnvironment</capability> 

    12                 </capabilities>

    13         </alias>

    14         <alias name="NetworkGroup">

    15                 <capabilities>

    16                         <!-- capability>UserPrivacyData</capability

    17                         --> 

    18                         <capability>NetworkServices</capability> 

    19                         <capability>LocalServices</capability> 

    20                 </capabilities>

    21         </alias>

    22         <alias name="DeviceResourcesGroup">

    23                 <capabilities>

    24                         <!-- capability>UserPrivacyData</capability

    25                         --> 

    26                         <capability>MultimediaDD</capability> 

    27                         <capability>ReadDeviceData</capability> 

    28                         <capability>WriteDeviceData</capability> 

    29                         <capability>CommDD</capability> 

    30                         <capability>SurroundingsDD</capability> 

    31                         <capability>NetworkControl</capability> 

    32                 </capabilities>

    33         </alias>

    34         <!--  specify a protection domain 

    35         --> 

    36         <domain name="UnTrusted">

    37         <!--  user-grantable capabilities for this domain 

    38         --> 

    39                 <user>

    40                         <condition>session</condition> 

    41                         <!-- <condition>blanket</condition> to permanenty allow these capabilities

    42                         -->

    43                         <defaultCondition>session</defaultCondition> 

    44                         <capabilities>

    45                                 <capability>UserDataGroup</capability> 

    46                                 <capability>NetworkGroup</capability> 

    47                         </capabilities>

    48                 </user>

    49                 <user>

    50                         <!-- will prompt every time these capbilities are required

    51                         -->

    52                         <defaultCondition>session</defaultCondition>

    53                         <condition>oneshot</condition>

    54                         <capabilities>

    55                                 <capability>DeviceResourcesGroup</capability> 

    56                         </capabilities>

    57                 </user>

    58         <!--  could extend this to other types of conditional capabilities 

    59         --> 

    60         </domain>

    61 </policy>