You can use Authorization Manager (authman) to restrict access to Persistent Publish/Subscribe (PPS) objects.
As well as letting you persist information across device restarts, PPS is useful for sharing information between apps in a secure manner. You can use the Authorization Manager (authman) to restrict access to a PPS object and to limit the data one more multiple apps can access.
To create a permission, you edit the pps.conf file to create a capability. You can then configure access and restrictions to the resources and services for that new capability in the /etc/authman/sys.acl and /etc/authman/sys.res files.
After you have created a capability, use the <rim:permit> to specify the name of the capability in the config.xml in your HTML5 project. The <rim:permit> element in the config.xml file grants the HTML5 app access to the resources and services defined by the capability.
Before you begin, you should have a good understanding of authman, of PPS, and how to use PPS with an HTML5 app.
The instructions below show you how to:
To perform these tasks:
<?xml version='1.0' encoding='utf-8'?> <widget id="CordovaPPSdemo" version="1.0.0.0" xmlns="http://www.w3.org/ns/widgets" xmlns:rim="http://www.blackberry.com/ns/widgets"> <name>Cordova PPS Demo</name> <author>QNX</author> <description>Cordova PPS Demo</description> <content src="index.html" /> <rim:permissions> <rim:permit>access_shared</rim:permit> <rim:permit>access_internet</rim:permit> <rim:permit>run_native</rim:permit> <rim:permit>access_demo</rim:permit> </rim:permissions> <feature name="com.qnx.demo" /> <feature name="com.qnx.demo" value="com.qnx.demo" /> </widget>
qnx/demo 0:0:0660:O_CREAT user::rw group::rw other::rw mask::rw
access_demo ACL opt rwx:rw /pps/qnx/ ACL opt rwx:rw /pps/qnx/demo
access_demo deny * allow CordovaPPSdemo.testDev_dovaPPSdemod339185a
The string "CordovaPPSdemo.testDev_dovaPPSdemod339185a" is determined when you build your app using the build debug command. The name is a combination of the package name and the package identifier. There are two ways to determine the string to use.
Package-Name+ '.' + Package-Id
Archive-Manifest-Version: 1.5 Archive-Created-By: BlackBerry WebKit BAR Packager 1.10 Package-Type: application Package-Author: QNX Package-Author-Id: testUU5YICAgICAgICAgICAgICA Package-Name: CordovaPPSdemo Package-Id: testDev_dovaPPSdemod339185a Package-Version: 1.0.0.0 Package-Version-Id: testMS4wLjAuMCAgICAgICAgICA ... ...
After the CordovaPPSdemo app is deployed, no other app may access the PPS object named qnx/demo. If you want another app to access this PPS object, add the generated name of the app to /etc/authman.sys using another allow entry as described above.