[Service] Sync with the latest security changes from tizen 6.5

The latest security changes are synced from tizen 6.5.

Note that the fs module control is not needed anymore
because of thread based smack label.

Together with:
https://review.tizen.org/gerrit/257363

Change-Id: Ie0f4717b8074e773b4b9467cc89d8be3dd9976f2
Signed-off-by: Youngsoo Choi <kenshin.choi@samsung.com>

diff --git a/wrt_app/service/access_control_manager.ts b/wrt_app/service/access_control_manager.ts
index ae6883a71803a8c21ca057bd1505e32b94099bc1..99746711dbc59b59f8330252185e4a072cf297c1 100644 (file)
--- a/wrt_app/service/access_control_manager.ts
+++ b/wrt_app/service/access_control_manager.ts
@@ -138,22 +138,3 @@ export function initialize(packageId:string, appId:string, permissions: string[]
     checkSystemInfoApiPrivilege(tizen.systeminfo.addPropertyValueArrayChangeListener, permissions);
 
 }
-
-export function refineResolveFilename(packageId: string, permissions: string[]) {
-  const originalResolveFilename = Module._resolveFilename;
-  Module._resolveFilename = function(...args: any[]) {
-    let path = '';
-    if (args[0] === 'fs') {
-      path = originalResolveFilename('fs_tizen', args[1], args[2]);
-    } else if (isNetworkModule(args[0]) &&
-        !permissions.includes("http://tizen.org/privilege/internet")) {
-      throw new Error('The internet permission is missing.');
-    } else {
-      path = originalResolveFilename(...args);
-    }
-    if (path.startsWith('/') && !wrt.security?.checkSmack(packageId, path, 'r'))
-      throw new Error(`Invalid access to ${path}`);
-    return path;
-  }
-  Object.defineProperty(Module, '_resolveFilename', { writable: false });
-}

diff --git a/wrt_app/service/device_api_router.ts b/wrt_app/service/device_api_router.ts
index 93a1d4611f8c6705fae423060137db16529cc54c..8012bcc729cb3ec26971d95d4bde4ccdc49bd07d 100644 (file)
--- a/wrt_app/service/device_api_router.ts
+++ b/wrt_app/service/device_api_router.ts
@@ -38,7 +38,6 @@ export class DeviceAPIRouter {
       this.refineFilesystemApis()
       this.initAccessControlManager();
       this.refineXwalkUtilApis();
-      this.refineResolveFilename();
     }
   }
 
@@ -73,7 +72,6 @@ export class DeviceAPIRouter {
     this.initEdgeWebapis();
     this.initMDEWebapis();
     this.initProductWebapis();
-    this.initSecurityWebapis();
   }
 
   initEdgeWebapis() {
@@ -189,23 +187,6 @@ export class DeviceAPIRouter {
     }
   }
 
-  initSecurityWebapis() {
-    if (wrt['security'] && !global.webapis.security) {
-      let security = wrt.security as NativeWRTjs.SecurityExtension;
-      global.webapis.security = {
-        checkSmack: (packageId: string, path: string, type: string) => {
-          let smackMap = this.smackMap;
-          if (smackMap[path] !== undefined && smackMap[path][type] !== undefined)
-            return smackMap[path][type];
-          if (smackMap[path] === undefined)
-            smackMap[path] = {};
-          return smackMap[path][type] = security.checkSmack(packageId, path, type);
-        }
-      }
-      Object.defineProperty(global.webapis, 'security', { writable: false, enumerable: true });
-    }
-  }
-
   initAccessControlManager() {
     console.log(`permissions : ${this.permissions}`);
     const AccessControlManager = require('./access_control_manager');