projects / platform / framework / web / wrtjs.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ecbe285)
[Service] Provide privilege |internet| for the use of network modules 21/248221/6
authorYoungsoo Choi <kenshin.choi@samsung.com>
Mon, 23 Nov 2020 02:05:12 +0000 (18:05 -0800)
committerYoungsoo Choi <kenshin.choi@samsung.com>
Thu, 26 Nov 2020 04:56:25 +0000 (20:56 -0800)
As per Tizen security policy, accessing to network should have
Tizen internet privilege.

So, this provides |internet| privilege control for the use of
Nodejs built-in network modules.

Change-Id: If08648f7ba98e90f0af698d608338fff79f86c45
Signed-off-by: Youngsoo Choi <kenshin.choi@samsung.com>
d2d_app/config.xml patch | blob | history
wrt_app/service/access_control_manager.ts patch | blob | history

diff --git a/d2d_app/config.xml b/d2d_app/config.xml
index 3f3ecfccccb95783deb1493ef1afa8cb18d22964..336ab2b2f2d0109b96f79c2c15be9778e3c8b1aa 100755 (executable)
--- a/d2d_app/config.xml
+++ b/d2d_app/config.xml
@@ -9,6 +9,7 @@
     <tizen:privilege name="http://tizen.org/privilege/package.info"/>
     <tizen:privilege name="http://tizen.org/privilege/filesystem.read"/>
     <tizen:privilege name="http://tizen.org/privilege/filesystem.write"/>
+    <tizen:privilege name="http://tizen.org/privilege/internet"/>
     <tizen:privilege name="http://tizen.org/privilege/mediastorage"/>
     <tizen:profile name="mobile"/>
     <tizen:service id="9z6IujVul3.Service" type="global">
diff --git a/wrt_app/service/access_control_manager.ts b/wrt_app/service/access_control_manager.ts
index 54afc105c0abb79f6ba50f148ed57c7abd78c644..77d889bfdfbb544362b6f33c864c6230072288e0 100644 (file)
--- a/wrt_app/service/access_control_manager.ts
+++ b/wrt_app/service/access_control_manager.ts
@@ -11,6 +11,14 @@ function checkSystemInfoApiPrivilege(func: any, permissions: string[]) {
   }
 }
 
+function isNetworkModule(module: string) {
+  if (module === 'dgram' || module.includes('http') || module === 'net' ||
+      module === 'tls') {
+    return true;
+  }
+  return false;
+}
+
 export function initialize(permissions: string[]) {
   let tizen = global.tizen;
   if (!permissions.includes("http://tizen.org/privilege/alarm")) {
@@ -134,6 +142,9 @@ export function refineResolveFilename(permissions: string[]) {
     let path = '';
     if (args[0] === 'fs') {
       path = originalResolveFilename('fs_tizen', args[1], args[2]);
+    } else if (isNetworkModule(args[0]) &&
+        !permissions.includes("http://tizen.org/privilege/internet")) {
+      throw new Error('The internet permission is missing.');
     } else {
       path = originalResolveFilename(...args);
     }
Domain: Web Framework / Web Runtime;