[Service][Global] Implement access control for privilege management

author k2.nagaraju <k2.nagaraju@samsung.com>

Tue, 17 Dec 2019 15:00:57 +0000 (20:30 +0530)

committer Youngsoo Choi <kenshin.choi@samsung.com>

Mon, 30 Dec 2019 08:03:20 +0000 (00:03 -0800)
author k2.nagaraju <k2.nagaraju@samsung.com>
Tue, 17 Dec 2019 15:00:57 +0000 (20:30 +0530)
committer Youngsoo Choi <kenshin.choi@samsung.com>
Mon, 30 Dec 2019 08:03:20 +0000 (00:03 -0800)
diff --git a/wrt_app/service/access_control_manager.js b/wrt_app/service/access_control_manager.js

new file mode 100644 (file)

index 0000000..bda869d
--- /dev/null
+++ b/wrt_app/service/access_control_manager.js
@@ -0,0 +1,123 @@
+class AccessControlManager {
+  constructor(permissions, sandbox) {
+    this.permissions = permissions;
+    this.sandbox = sandbox;
+    this.systeminfo = {};
+    this.systeminfo.getPropertyValue = sandbox.tizen.systeminfo.getPropertyValue;
+  }
+  initialize() {
+    const permissions = this.permissions;
+    let tizen = this.sandbox.tizen;
+    if (!permissions.includes("http://tizen.org/privilege/alarm")) {
+      tizen.alarm.add =
+      tizen.alarm.remove =
+      tizen.alarm.removeAll =
+      tizen.alarm.get =
+      tizen.alarm.getAll =
+      tizen.alarm.getAlarmNotification =
+      tizen.alarm.addAlarmNotification = function() {
+        console.log('The alarm permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/apphistory.read")) {
+      tizen.application.getAppsUsageInfo =
+      tizen.application.getBatteryUsageInfo = function() {
+        console.log('The application.read permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/application.launch")) {
+      tizen.application.launch =
+      tizen.application.launchAppControl = function() {
+        console.log('The application.launch permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/application.info")) {
+      tizen.application.getAppMetaData = function() {
+        console.log('The application.info permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/appmanager.certificate")) {
+      tizen.application.getAppCerts = function() {
+        console.log('The application.certificate permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/appmanager.kill")) {
+      tizen.application.kill = function() {
+        console.log('The application.kill permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/appmanager.launch") ||
+        !permissions.includes("http://tizen.org/privilege/datasharing")) {
+      tizen.datacontrol.addChangeListener =
+      tizen.datacontrol.removeChangeListener = function() {
+        console.log('The appmanager.launch or datasharing permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/datacontrol.consumer")) {
+      tizen.datacontrol.getValue =
+      tizen.datacontrol.updateValue =
+      tizen.datacontrol.insert =
+      tizen.datacontrol.update =
+      tizen.datacontrol.remove =
+      tizen.datacontrol.select =
+      tizen.datacontrol.addValue =
+      tizen.datacontrol.removeValue =
+      tizen.datacontrol.getDataControlConsumer = function() {
+        console.log('The datacontrol.consumer permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/filesystem.read")) {
+      tizen.filesystem.listDirectory =
+      tizen.filesystem.isFile =
+      tizen.filesystem.isDirectory =
+      tizen.filesystem.pathExists =
+      tizen.filesystem.copyFile =
+      tizen.filesystem.copyDirectory =
+      tizen.filesystem.moveFile =
+      tizen.filesystem.moveDirectory =
+      tizen.filesystem.resolve = function() {
+        console.log('The filesystem.read permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/filesystem.write")) {
+      tizen.filesystem.createDirectory =
+      tizen.filesystem.deleteFile =
+      tizen.filesystem.deleteDirectory =
+      tizen.filesystem.copyFile =
+      tizen.filesystem.copyDirectory =
+      tizen.filesystem.moveFile =
+      tizen.filesystem.moveDirectory =
+      tizen.filesystem.rename = function() {
+        console.log('The filesystem.write permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/notification")) {
+      tizen.alarm.addAlarmNotification = function() {
+        console.log('The notification permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/package.info")) {
+      tizen.package.setPackageInfoEventListener =
+      tizen.package.unsetPackageInfoEventListener =
+      tizen.package.getPackageInfo =
+      tizen.package.getPackagesInfo = function() {
+        console.log('The package.info permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/packagemanager.install")) {
+      tizen.package.install =
+      tizen.package.uninstall = function() {
+        console.log('The packagemanager.install permission is missing.');
+      }
+    }
+    // systeminfo : Runtime privilege validation is required, based on parameters
+    tizen.systeminfo.getPropertyValue = function(type, onSuccessCallback, onErrorCallback) {
+      if (type === "CELLULAR_NETWORK" && !permissions.includes("http://tizen.org/privilege/telephony")) {
+        console.log('The telephony permission is missing.');
+        return;
+      }
+      this.systeminfo.getPropertyValue.apply(tizen.systeminfo, arguments);
+    }.bind(this);
+  }
+}
+module.exports = AccessControlManager;
diff --git a/wrt_app/service/main.js b/wrt_app/service/main.js

index 19594ce..ed10e5d 100755 (executable)
--- a/wrt_app/service/main.js
+++ b/wrt_app/service/main.js
@@ -18,13 +18,14 @@
  
  const wrt = require('../browser/wrt');
  const vm = require('vm');
+const AccessControlManager = require('./access_control_manager');
  const TizenExtension = require('./tizen_extension');
  
  var sandbox = [];
  var sandbox_count = 0;
  
-wrt.on('start-service', (event, app_id) => {
-  console.log('start service app : ' + app_id);
+wrt.on('start-service', (event, app_id, permissions) => {
+  console.log('start service app : ' + app_id + ', permissions : ' + permissions);
    new TizenExtension();
    if (sandbox[app_id] === undefined) {
      if (sandbox_count === 0) {
@@ -38,6 +39,8 @@ wrt.on('start-service', (event, app_id) => {
        require: require,
        tizen: tizen,
      };
+    let access_control_manager = new AccessControlManager(permissions, sandbox[app_id]);
+    access_control_manager.initialize();
      for(let key in global) {
        sandbox[app_id][key] = global[key];
      }
author	k2.nagaraju <k2.nagaraju@samsung.com>
	Tue, 17 Dec 2019 15:00:57 +0000 (20:30 +0530)
committer	Youngsoo Choi <kenshin.choi@samsung.com>
	Mon, 30 Dec 2019 08:03:20 +0000 (00:03 -0800)
wrt_app/service/access_control_manager.js	[new file with mode: 0644]	patch \| blob
wrt_app/service/main.js		patch \| blob \| history