[M108 Aura Migration][NaCl] Recover GetPrivilegeMapping function when checking privilege

Migrated from tizen 7.0:
https://review.tizen.org/gerrit/#/c/platform/framework/web/chromium-efl/+/280677/

Change-Id: Ibe598e2cd12b337b204e148e296fb15bf66e8a92
Signed-off-by: jinbei09 <jinbei09.dai@samsung.com>

diff --git a/packaging/chromium-efl.spec b/packaging/chromium-efl.spec
index 457ceec..314abc0 100755 (executable)
--- a/packaging/chromium-efl.spec
+++ b/packaging/chromium-efl.spec
@@ -177,6 +177,7 @@ BuildRequires: pkgconfig(capi-stt-wrapper-tv)
 BuildRequires: pkgconfig(capi-system-display-rotator)
 BuildRequires: pkgconfig(capi-appfw-app-manager)
 BuildRequires: pkgconfig(cynara-client)
+BuildRequires: pkgconfig(security-privilege-manager)
 BuildRequires: pkgconfig(drmdecrypt)
 BuildRequires: pkgconfig(efl-assist)
 BuildRequires: pkgconfig(hdmicec-api)

diff --git a/tizen_src/build/BUILD.gn b/tizen_src/build/BUILD.gn
index 712155b..8bd9d14 100644 (file)
--- a/tizen_src/build/BUILD.gn
+++ b/tizen_src/build/BUILD.gn
@@ -408,6 +408,13 @@ tizen_pkg_config("pkgmgr-info") {
   }
 }
 
+tizen_pkg_config("security-privilege-manager") {
+  packages = []
+  if (tizen_product_tv && tizen_pepper_extensions) {
+    packages = [ "security-privilege-manager" ]
+  }
+}
+
 tizen_pkg_config("tizen-extension-client") {
   packages = []
   if (use_wayland) {

diff --git a/tizen_src/ewk/efl_integration/BUILD.gn b/tizen_src/ewk/efl_integration/BUILD.gn
index a374f4a..9827cc4 100644 (file)
--- a/tizen_src/ewk/efl_integration/BUILD.gn
+++ b/tizen_src/ewk/efl_integration/BUILD.gn
@@ -177,6 +177,7 @@ shared_library("chromium-ewk") {
     configs += [ "//tizen_src/build:cynara-client" ]
     configs += [ "//tizen_src/build:wayland-client" ]
     configs += [ "//tizen_src/build:tizen-extension-client" ]
+    configs += [ "//tizen_src/build:security-privilege-manager" ]
   }
 
   # TODO : Below dependency is set in chromium/device/battery_tizen.gypi,

diff --git a/tizen_src/ewk/efl_integration/ewk_privilege_checker.cc b/tizen_src/ewk/efl_integration/ewk_privilege_checker.cc
index 60524eb..264e60c 100644 (file)
--- a/tizen_src/ewk/efl_integration/ewk_privilege_checker.cc
+++ b/tizen_src/ewk/efl_integration/ewk_privilege_checker.cc
@@ -8,6 +8,7 @@
 #include <app_manager.h>
 #include <cynara-client.h>
 #include <pkgmgr-info.h>
+#include <privilege_manager.h>
 #include <unistd.h>
 #endif  // BUILDFLAG(IS_TIZEN)
 
@@ -68,6 +69,55 @@ bool GetPkgApiVersion(std::string* api_version) {
   return true;
 }
 
+bool GetPrivilegeMapping(const std::string& privilege_name,
+                         const std::string& api_version,
+                         std::vector<std::string>* privilege_mapping) {
+  if (!privilege_mapping)
+    return false;
+  char* local_privilege_name = strdup(privilege_name.c_str());
+  GList* privilege_list = nullptr;
+  privilege_list = g_list_append(privilege_list, local_privilege_name);
+
+  auto g_list_deleter = [](GList* p) {
+     [[maybe_unused]] auto data_deleter = [](gpointer data, gpointer user_data) {
+      char* char_data = static_cast<char*>(data);
+      free(char_data);
+    };
+    p = g_list_first(p);
+    g_list_foreach(p, data_deleter, nullptr);
+    g_list_free(p);
+  };
+
+  auto privilege_list_holder = std::unique_ptr<GList, decltype(g_list_deleter)>{
+      privilege_list, g_list_deleter};
+
+  GList* mapped_privilege_list = nullptr;
+  int ret = privilege_manager_get_mapped_privilege_list(
+      api_version.c_str(), PRVMGR_PACKAGE_TYPE_WRT, privilege_list_holder.get(),
+      &mapped_privilege_list);
+
+  auto mapped_list_holder = std::unique_ptr<GList, decltype(g_list_deleter)>{
+      mapped_privilege_list, g_list_deleter};
+  if (ret != PRVMGR_ERR_NONE) {
+    LOG(ERROR) << "Mapping returned with code: " << ret;
+    return false;
+  }
+
+  // If privilege was successfully resolved but returned empty list, we always
+  // return false for security reasons.
+  guint size = g_list_length(mapped_list_holder.get());
+  if (!size) {
+    LOG(WARNING) << "No mapping for privilege " << privilege_name.c_str();
+    return false;
+  }
+  GList* element = g_list_first(mapped_list_holder.get());
+  while (element) {
+    char* privilege = static_cast<char*>(element->data);
+    privilege_mapping->emplace_back(privilege);
+    element = g_list_next(element);
+  }
+  return true;
+}
 }  // namespace
 #endif  // BUILDFLAG(IS_TIZEN)
 
@@ -114,14 +164,22 @@ bool EwkPrivilegeChecker::CheckPrivilege(const std::string& privilege_name) {
                << "Can`t resolve properly privilege mapping!";
     return false;
   }
-
-  ret = cynara_check(p_cynara, smack_label.c_str(), "", uid.c_str(),
-                     privilege_name.c_str());
-  if (ret != CYNARA_API_ACCESS_ALLOWED) {
+  // Resolve privileges for their requested api_version on currently running
+  // Tizen version.
+  std::vector<std::string> privilege_mapping;
+  if (!GetPrivilegeMapping(privilege_name, api_version, &privilege_mapping)) {
     LOG(ERROR) << "Failed to acquire mapping for privilege: "
                << privilege_name.c_str();
     return false;
   }
+
+  for (const auto& str : privilege_mapping) {
+    ret = cynara_check(p_cynara, smack_label.c_str(), "", uid.c_str(),
+                       str.c_str());
+    if (ret != CYNARA_API_ACCESS_ALLOWED) {
+      return false;
+    }
+  }
   return true;
 #else  // BUILDFLAG(IS_TIZEN)
   ALLOW_UNUSED_LOCAL(privilege_name);