Allow application to fetch its own policy

Application requires checking its privacy privilege
status to decide wether invoking askuser popup is
required. This change allows apps to fetch its own
policy (for the same app_id and user) without any
additional privilege.

Change-Id: Ie351f002107e58ad90b71f44ec25026469e38cb5

diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp
index bc85430..eeb73ca 100644 (file)
--- a/src/common/service_impl.cpp
+++ b/src/common/service_impl.cpp
@@ -1063,7 +1063,7 @@ int ServiceImpl::getConfiguredPolicy(const Credentials &creds, bool forAdmin,
                 listOfPolicies);
             LogDebug("ADMIN - number of policies matched: " << listOfPolicies.size());
         } else {
-            if (!authenticate(creds, Config::PRIVILEGE_POLICY_USER)) {
+            if (appProcessLabel != creds.label && !authenticate(creds, Config::PRIVILEGE_POLICY_USER)) {
                 LogError("Not enough privilege to access user enforced policies");
                 return SECURITY_MANAGER_ERROR_ACCESS_DENIED;
             }

diff --git a/src/include/policy-manager.h b/src/include/policy-manager.h
index 63d983b..0c24178 100644 (file)
--- a/src/include/policy-manager.h
+++ b/src/include/policy-manager.h
@@ -373,6 +373,8 @@ int security_manager_get_configured_policy_for_admin(
  *            for freeing allocated resources.
 
  * Required privileges:
+ * - application can fetch its policy without any privilege (providing that filters'
+     application name and user is the same as applications)
  * - http://tizen.org/privilege/notexist
  *
  * \param[in]  p_filter        Pointer to filter struct