home / skills / plurigrid / asi / manifest-privilege-validator

manifest-privilege-validator skill

Q: Which privilege levels does the validator recognize?

It recognizes public, partner, and platform levels and flags mismatches or unsupported combinations.

Q: Can it suggest fixes for incorrect privilege names?

Yes. Diagnostics include likely correct names and guidance on selecting the appropriate privilege level.

safe

This skill validates tizen-manifest.xml privilege declarations, ensuring correctness, proper levels, and conformance for secure Tizen apps.

npx playbooks add skill plurigrid/asi --skill manifest-privilege-validator

Review the files below or copy the command above to add this skill to your agents.

Files (1)

SKILL.md

2.3 KB

---
name: manifest-privilege-validator
description: Validates tizen-manifest.xml privilege declarations. Checks privilege correctness, required privilege levels, and manifest conformance.
category: tizen-security
author: Tizen Community
source: tizen/security
license: Apache-2.0
trit: -1
trit_label: MINUS
verified: true
featured: true
---

# Manifest Privilege Validator Skill

**Trit**: -1 (MINUS)
**Category**: tizen-security
**Author**: Tizen Community
**Source**: tizen/security
**License**: Apache-2.0

## Description

Validates tizen-manifest.xml privilege declarations. Checks privilege correctness, required privilege levels, and manifest conformance.

## When to Use

This is a Tizen security/IoT skill. Use when:
- Developing Tizen applications (web, native, .NET)
- Auditing Tizen app security
- Provisioning TizenRT/ARTIK IoT devices
- Implementing Tizen compliance
- Analyzing SMACK policies or Cynara access control

## Tizen Security Model

### SMACK (Simplified Mandatory Access Control Kernel)
- Linux kernel 3.12+ mandatory access control
- Process isolation via labels
- Prevent inter-app resource access

### Cynara
- Fast privilege access control service
- Policy-based permission checking
- External agent integration

### KeyManager
- Central secure storage repository
- Password-protected data access
- Certificate and key management

### Tizen Manifest
- Privilege declarations (public, partner, platform)
- App sandboxing configuration
- Resource access specifications

## Related Skills

- manifest-privilege-validator
- smack-policy-auditor
- tizen-cve-scanner
- sandbox-escape-detector
- cynara-policy-checker
- iot-device-provisioning

## References

- Tizen Official Docs: https://docs.tizen.org/
- Samsung Security Manager: https://github.com/Samsung/security-manager
- Samsung Cynara: https://github.com/Samsung/cynara
- TizenRT: https://github.com/Samsung/TizenRT


## SDF Interleaving

This skill connects to **Software Design for Flexibility** (Hanson & Sussman, 2021):

### Primary Chapter: 10. Adventure Game Example

**Concepts**: autonomous agent, game, synthesis

### GF(3) Balanced Triad

```
manifest-privilege-validator (−) + SDF.Ch10 (+) + [balancer] (○) = 0
```

**Skill Trit**: -1 (MINUS - verification)

### Secondary Chapters

- Ch6: Layering

### Connection Pattern

Adventure games synthesize techniques. This skill integrates multiple patterns.

Overview

This skill validates tizen-manifest.xml privilege declarations for correctness and conformance. It detects incorrect privilege names, mismatched privilege levels (public, partner, platform), and common manifest structure errors that can break app deployment or violate security policies. The validator is aimed at Tizen app developers, auditors, and IoT integrators who must ensure manifests meet platform requirements.

How this skill works

The validator parses the tizen-manifest.xml and inspects declared privileges against an authoritative privilege list and required access levels. It checks tag structure, namespace usage, and attribute validity, then reports mismatches, missing required privileges, and over-privileged declarations. Output includes clear diagnostics and remediation hints so you can fix manifests quickly.

When to use it

During Tizen app development to catch manifest issues before packaging
When auditing app security to verify least-privilege adherence
While provisioning TizenRT or ARTIK IoT devices to ensure proper access control
Before submitting apps to a store or certification to avoid rejection
When integrating with Cynara or SMACK to align manifest privileges with runtime policies

Best practices

Validate manifests as part of CI to prevent regressions
Favor the minimum required privilege level (public < partner < platform)
Keep a curated, versioned privilege whitelist to avoid custom or deprecated names
Address each diagnostic with the smallest change that resolves the issue
Combine static manifest checks with runtime policy reviews (Cynara/SMACK)

Example use cases

A web app developer runs the validator in CI and fixes an incorrect privilege name before packaging
An auditor scans a fleet of IoT apps to find over-privileged components and generates remediation tickets
An integrator preparing an ARTIK image verifies manifests match device-level Cynara policies
A security team uses the tool to ensure manifest changes comply with platform certification rules

FAQ

Which privilege levels does the validator recognize?

It recognizes public, partner, and platform levels and flags mismatches or unsupported combinations.

Can it suggest fixes for incorrect privilege names?

Yes. Diagnostics include likely correct names and guidance on selecting the appropriate privilege level.