Implement tizen privilege for w3c API

[Issue#] N/A
[Problem] N/A
[Cause] N/A
[Solution] Implement tizen privilege for W3C API.
If web application contains "http://tizen.org/privilege/geolocation"
with tizen:privilege tag, web application uses geolocation without
security warning popup. In this case, only local origin is allowed to use.

Even this information is showed in the setting menu(Advanced settings->
Exceptions settings), user cannot delete it.(This list will display
by read-only property)
[SCMRequest] N/A

Change-Id: Id67e98e34da98a2639d8328255051347c4525f4c

diff --git a/modules/security_origin_dao/dao/security_origin_dao.cpp b/modules/security_origin_dao/dao/security_origin_dao.cpp
index 07c816f..8c4874a 100644 (file)
--- a/modules/security_origin_dao/dao/security_origin_dao.cpp
+++ b/modules/security_origin_dao/dao/security_origin_dao.cpp
@@ -54,6 +54,10 @@ DPL::DB::SqlConnection::Flag::Type SECURITY_ORIGIN_DB_TYPE =
 const char* const SECURITY_ORIGIN_DB_NAME = ".security_origin.db";
 const char* const SECURITY_ORIGIN_DB_SQL_PATH =
     "/usr/share/wrt-engine/security_origin_db.sql";
+const char* const SECURITY_DATABASE_JOURNAL_FILENAME = "-journal";
+
+const int WEB_APPLICATION_UID = 5000;
+const int WEB_APPLICATION_GUID = 5000;
 
 std::string createDatabasePath(const WrtDB::WidgetPkgName &pkgName)
 {
@@ -114,6 +118,23 @@ void checkDatabase(std::string databasePath)
                                        SECURITY_ORIGIN_DB_OPTION);
             con.ExecCommand(ssBuffer.str().c_str());
         }
+
+        if(chown(databasePath.c_str(),
+                 WEB_APPLICATION_UID,
+                 WEB_APPLICATION_GUID) != 0)
+        {
+            ThrowMsg(SecurityOriginDAO::Exception::DatabaseError,
+                 "Fail to change uid/guid");
+        }
+        std::string databaseJournal =
+            databasePath + SECURITY_DATABASE_JOURNAL_FILENAME;
+        if(chown(databaseJournal.c_str(),
+                 WEB_APPLICATION_UID,
+                 WEB_APPLICATION_GUID) != 0)
+        {
+            ThrowMsg(SecurityOriginDAO::Exception::DatabaseError,
+                 "Fail to change uid/guid");
+        }
     }
     SQL_CONNECTION_EXCEPTION_HANDLER_END("Fail to get database Path")
 }
@@ -191,9 +212,30 @@ Result SecurityOriginDAO::getResult(
         "Failed to get result for security origin")
 }
 
-void SecurityOriginDAO::setSecurityOriginData(
-    const SecurityOriginData &securityOriginData,
-    const Result result)
+bool SecurityOriginDAO::isReadOnly(const SecurityOriginData &securityOriginData)
+{
+    SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN
+    {
+        SECURITY_ORIGIN_DB_SELECT(select, SecurityOriginInfo, &m_securityOriginDBInterface);
+        select->Where(
+            And(And(And(Equals<SecurityOriginInfo::feature>(securityOriginData.feature),
+                        Equals<SecurityOriginInfo::scheme>(securityOriginData.origin.scheme)),
+                    Equals<SecurityOriginInfo::host>(securityOriginData.origin.host)),
+                Equals<SecurityOriginInfo::port>(securityOriginData.origin.port)));
+        SecurityOriginInfo::Select::RowList rows = select->GetRowList();
+
+        if (rows.empty()) {
+            return RESULT_UNKNOWN;
+        }
+        SecurityOriginInfo::Row row = rows.front();
+        return row.Get_readonly() ? true : false;
+    }
+    SQL_CONNECTION_EXCEPTION_HANDLER_END("Fail to get readonly property")
+}
+
+void SecurityOriginDAO::setSecurityOriginData(const SecurityOriginData &securityOriginData,
+                                              const Result result,
+                                              const bool readOnly)
 {
     SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN
     {
@@ -204,6 +246,7 @@ void SecurityOriginDAO::setSecurityOriginData(
         row.Set_host(securityOriginData.origin.host);
         row.Set_port(securityOriginData.origin.port);
         row.Set_result(result);
+        row.Set_readonly(readOnly ? 1 : 0);
 
         if (true == hasResult(securityOriginData)) {
             SECURITY_ORIGIN_DB_UPDATE(update,
@@ -224,6 +267,15 @@ void SecurityOriginDAO::setSecurityOriginData(
     SQL_CONNECTION_EXCEPTION_HANDLER_END("Fail to set security origin data")
 }
 
+void SecurityOriginDAO::setPrivilegeSecurityOriginData(const Feature feature)
+{
+    Origin origin(DPL::FromUTF8String("file"),
+                  DPL::FromUTF8String(""),
+                  0);
+    SecurityOriginData data(feature, origin);
+    setSecurityOriginData(data, RESULT_ALLOW_ALWAYS, true);
+}
+
 void SecurityOriginDAO::removeSecurityOriginData(
     const SecurityOriginData &securityOriginData)
 {

diff --git a/modules/security_origin_dao/dao/security_origin_dao_types.cpp b/modules/security_origin_dao/dao/security_origin_dao_types.cpp
index 601b277..639c2b7 100644 (file)
--- a/modules/security_origin_dao/dao/security_origin_dao_types.cpp
+++ b/modules/security_origin_dao/dao/security_origin_dao_types.cpp
@@ -25,4 +25,11 @@
 #include <wrt-commons/security-origin-dao/security_origin_dao_types.h>
 #include <dpl/log/log.h>
 
-namespace SecurityOriginDB {} // namespace SecurityOriginDB
\ No newline at end of file
+namespace SecurityOriginDB {
+const std::map<std::string, Feature> g_W3CPrivilegeTextMap = {
+    {"http://tizen.org/privilege/location",     FEATURE_GEOLOCATION},
+    {"http://tizen.org/privilege/notification", FEATURE_WEB_NOTIFICATION},
+    {"http://tizen.org/privilege/unlimitedstorage",     FEATURE_WEB_DATABASE},
+    {"http://tizen.org/privilege/filesystem.write",      FEATURE_FILE_SYSTEM_ACCESS}
+};
+} // namespace SecurityOriginDB

diff --git a/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao.h b/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao.h
index f9ad12f..9f075ee 100644 (file)
--- a/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao.h
+++ b/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao.h
@@ -43,8 +43,11 @@ class SecurityOriginDAO
     virtual ~SecurityOriginDAO();
     SecurityOriginDataList getSecurityOriginDataList();
     Result getResult(const SecurityOriginData &securityOriginData);
+    bool isReadOnly(const SecurityOriginData &securityOriginData);
     void setSecurityOriginData(const SecurityOriginData &securityOriginData,
-                               const Result result);
+                               const Result result,
+                               const bool readOnly = false);
+    void setPrivilegeSecurityOriginData(const Feature feature);
     void removeSecurityOriginData(const SecurityOriginData &securityOriginData);
     void removeSecurityOriginData(const Result result);
 

diff --git a/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao_types.h b/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao_types.h
index c517f05..28ead78 100644 (file)
--- a/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao_types.h
+++ b/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao_types.h
@@ -26,6 +26,7 @@
 
 #include <list>
 #include <memory>
+#include <map>
 #include <dpl/string.h>
 
 namespace SecurityOriginDB {
@@ -48,6 +49,8 @@ enum Result
     RESULT_DENY_ALWAYS
 };
 
+extern const std::map<std::string, Feature> g_W3CPrivilegeTextMap;
+
 struct Origin
 {
     DPL::String scheme;

diff --git a/modules/security_origin_dao/orm/security_origin_db b/modules/security_origin_dao/orm/security_origin_db
index cb45aa4..2d9c4f9 100644 (file)
--- a/modules/security_origin_dao/orm/security_origin_db
+++ b/modules/security_origin_dao/orm/security_origin_db
@@ -1,11 +1,12 @@
 SQL(BEGIN TRANSACTION;)
 
 CREATE_TABLE(SecurityOriginInfo)
-    COLUMN_NOT_NULL(feature, INT, )
-    COLUMN_NOT_NULL(scheme,  TEXT,DEFAULT '')
-    COLUMN_NOT_NULL(host,    TEXT,DEFAULT '')
-    COLUMN_NOT_NULL(port,    INT, DEFAULT 0)
-    COLUMN_NOT_NULL(result,  INT, DEFAULT 0)
+    COLUMN_NOT_NULL(feature,  INT, )
+    COLUMN_NOT_NULL(scheme,   TEXT,DEFAULT '')
+    COLUMN_NOT_NULL(host,     TEXT,DEFAULT '')
+    COLUMN_NOT_NULL(port,     INT, DEFAULT 0)
+    COLUMN_NOT_NULL(result,   INT, DEFAULT 0)
+    COLUMN_NOT_NULL(readonly, INT, DEFAULT 0)
     TABLE_CONSTRAINTS(PRIMARY KEY(feature,scheme,host,port))
 CREATE_TABLE_END()