[secureelement] - Checking privileges moved to JS layer

Change-Id: I90da69a37e35c91f54fafc5951342ad68155b41f
Signed-off-by: Andrzej Popowski <a.popowski@samsung.com>

diff --git a/src/secureelement/secureelement_api.js b/src/secureelement/secureelement_api.js
index 2498f2a..1e5d38c 100644 (file)
--- a/src/secureelement/secureelement_api.js
+++ b/src/secureelement/secureelement_api.js
@@ -3,6 +3,7 @@
 // found in the LICENSE file.
 
 var validator_ = xwalk.utils.validator;
+var privilege_ = xwalk.utils.privilege;
 var types_ = validator_.Types;
 var type_utils = xwalk.utils.type;
 var native_ = new xwalk.utils.NativeManager(extension);
@@ -37,6 +38,8 @@ ListenerManager.prototype.onListenerCalled = function(msg) {
 };
 
 ListenerManager.prototype.addListener = function(callback) {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
+
     var id = this.nextId;
     if (!this.nativeSet) {
         this.native.addListener(this.listenerName, this.onListenerCalled.bind(this));
@@ -51,6 +54,8 @@ ListenerManager.prototype.addListener = function(callback) {
 };
 
 ListenerManager.prototype.removeListener = function(watchId) {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
+
     if (this.listeners.hasOwnProperty(watchId)) {
       delete this.listeners[watchId];
     }
@@ -69,6 +74,8 @@ function SEService() {
 }
 
 SEService.prototype.getReaders = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
+
     var args = validator_.validateArgs(arguments, [
         { name: "successCallback", type: types_.FUNCTION },
         { name: "errorCallback", type: types_.FUNCTION, optional: true, nullable: true }
@@ -116,6 +123,8 @@ SEService.prototype.unregisterSEListener = function() {
 }
 
 SEService.prototype.shutdown = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
+
     var result = native_.callSync('SEService_shutdown', {});
 
     if (native_.isFailure(result)) {
@@ -142,6 +151,8 @@ function Reader(reader_handle) {
 }
 
 Reader.prototype.getName = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
+
     var callArgs = { handle: this._handle };
     var result = native_.callSync('SEReader_getName', callArgs);
 
@@ -153,6 +164,8 @@ Reader.prototype.getName = function() {
 };
 
 Reader.prototype.openSession = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
+
     var args = validator_.validateArgs(arguments, [
         { name: "successCallback", type: types_.FUNCTION },
         { name: "errorCallback", type: types_.FUNCTION, optional: true, nullable: true }
@@ -174,6 +187,7 @@ Reader.prototype.openSession = function() {
 };
 
 Reader.prototype.closeSessions = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
     var callArgs = { handle: this._handle };
     native_.call('SEReader_closeSessions', callArgs);
 };
@@ -188,11 +202,14 @@ function Channel( channel_handle, is_basic_channel) {
 }
 
 Channel.prototype.close = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
     var callArgs = { handle: this._handle };
     native_.callSync('SEChannel_close', callArgs);
 };
 
 Channel.prototype.transmit = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
+
     var args = validator_.validateArgs(arguments, [
         { name: "command", type: types_.ARRAY, values: types_.BYTE },
         { name: "successCallback", type: types_.FUNCTION },
@@ -217,6 +234,7 @@ Channel.prototype.transmit = function() {
 }
 
 Channel.prototype.getSelectResponse = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
     var callArgs = { handle: this._handle };
     native_.callSync('SEChannel_getSelectResponse', callArgs);
 }
@@ -237,6 +255,8 @@ function Session(session_handle) {
 }
 
 Session.prototype.openBasicChannel = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
+
     var args = validator_.validateArgs(arguments, [
         { name: "aid", type: types_.ARRAY, values: types_.BYTE },
         { name: "successCallback", type: types_.FUNCTION },
@@ -262,6 +282,8 @@ Session.prototype.openBasicChannel = function() {
 };
 
 Session.prototype.openLogicalChannel = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
+
     var args = validator_.validateArgs(arguments, [
         { name: "aid", type: types_.ARRAY, values: types_.BYTE },
         { name: "successCallback", type: types_.FUNCTION },
@@ -287,16 +309,19 @@ Session.prototype.openLogicalChannel = function() {
 }
 
 Session.prototype.getATR = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
     var callArgs = { handle: this._handle };
     return native_.callSync('SESession_getATR', callArgs);
 }
 
 Session.prototype.close = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
     var callArgs = { handle: this._handle };
     native_.callSync('SESession_close', callArgs);
 }
 
 Session.prototype.closeChannels = function() {
+    xwalk.utils.checkPrivilegeAccess(privilege_.SECUREELEMENT);
     var callArgs = { handle: this._handle };
     native_.callSync('SESession_closeChannels', callArgs);
 }

diff --git a/src/secureelement/secureelement_instance.cc b/src/secureelement/secureelement_instance.cc
index 14fc760..8682792 100644 (file)
--- a/src/secureelement/secureelement_instance.cc
+++ b/src/secureelement/secureelement_instance.cc
@@ -20,10 +20,6 @@ namespace secureelement {
 using namespace common;
 using namespace smartcard_service_api;
 
-namespace {
-const std::string kPrivilegeSecureElement = "http://tizen.org/privilege/secureelement";
-}
-
 SecureElementInstance::SecureElementInstance()
     : service_(*this) {
     using std::placeholders::_1;
@@ -63,8 +59,6 @@ SecureElementInstance::~SecureElementInstance() {
 void SecureElementInstance::GetReaders(const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
 
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
   double callback_id = 0.0;
   if (args.contains("callbackId")) {
     callback_id = args.get("callbackId").get<double>();
@@ -76,9 +70,6 @@ void SecureElementInstance::GetReaders(const picojson::value& args, picojson::ob
 
 void SecureElementInstance::RegisterSEListener(const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
-
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
   service_.RegisterSEListener();
   ReportSuccess(out);
 }
@@ -86,18 +77,12 @@ void SecureElementInstance::RegisterSEListener(const picojson::value& args, pico
 void SecureElementInstance::UnregisterSEListener(
     const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
-
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
   service_.UnregisterSEListener();
   ReportSuccess(out);
 }
 
 void SecureElementInstance::Shutdown(const picojson::value& args, picojson::object& out) {
   LoggerD("Entered");
-
-  CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
   service_.Shutdown();
   ReportSuccess(out);
 }
@@ -105,9 +90,6 @@ void SecureElementInstance::Shutdown(const picojson::value& args, picojson::obje
 void SecureElementInstance::GetName(
         const picojson::value& args, picojson::object& out) {
     LoggerD("Entered");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     Reader* reader_ptr = (Reader*) static_cast<long>(args.get("handle").get<double>());
     SEReader seReader(reader_ptr);
     picojson::value result = seReader.getName();
@@ -127,9 +109,6 @@ void SecureElementInstance::IsPresent(
 void SecureElementInstance::CloseSessions(
         const picojson::value& args, picojson::object& out) {
     LoggerD("Entered");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     Reader* reader_ptr = (Reader*) static_cast<long>(args.get("handle").get<double>());
     SEReader seReader(reader_ptr);
     seReader.closeSessions();
@@ -138,9 +117,6 @@ void SecureElementInstance::CloseSessions(
 
 void SecureElementInstance::CloseChannel( const picojson::value& args, picojson::object& out) {
     LoggerD("Enter");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     ClientChannel* channel_ptr = (ClientChannel*) static_cast<long>(args.get("handle").get<double>());
     SEChannel seChannel(channel_ptr);
     seChannel.close();
@@ -149,9 +125,6 @@ void SecureElementInstance::CloseChannel( const picojson::value& args, picojson:
 
 void SecureElementInstance::GetSelectResponse( const picojson::value& args, picojson::object& out) {
     LoggerD("Enter");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     ClientChannel* channel_ptr = (ClientChannel*) static_cast<long>(args.get("handle").get<double>());
     SEChannel seChannel(channel_ptr);
 
@@ -167,9 +140,6 @@ void SecureElementInstance::GetSelectResponse( const picojson::value& args, pico
 void SecureElementInstance::OpenSession(
         const picojson::value& args, picojson::object& out) {
     LoggerD("Entered");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     const double callback_id = args.get("callbackId").get<double>();
     Reader* reader_ptr = (Reader*) static_cast<long>(args.get("handle").get<double>());
 
@@ -215,9 +185,6 @@ void SecureElementInstance::OpenSession(
 
 void SecureElementInstance::OpenBasicChannel( const picojson::value& args, picojson::object& out) {
     LoggerD("Enter");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     const double callback_id = args.get("callbackId").get<double>();
     const picojson::array v_aid = args.get("aid").get<picojson::value::array>();
     Session* session_ptr = (Session*) static_cast<long>(args.get("handle").get<double>());
@@ -260,9 +227,6 @@ void SecureElementInstance::OpenBasicChannel( const picojson::value& args, picoj
 
 void SecureElementInstance::OpenLogicalChannel( const picojson::value& args, picojson::object& out) {
     LoggerD("Enter");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     const double callback_id = args.get("callbackId").get<double>();
     const picojson::array v_aid = args.get("aid").get<picojson::value::array>();
     Session* session_ptr = (Session*) static_cast<long>(args.get("handle").get<double>());
@@ -306,8 +270,6 @@ void SecureElementInstance::OpenLogicalChannel( const picojson::value& args, pic
 void SecureElementInstance::GetATR( const picojson::value& args, picojson::object& out) {
     LoggerD("Enter");
 
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     Session* session_ptr = (Session*) static_cast<long>(args.get("handle").get<double>());
     SESession seSession(session_ptr);
 
@@ -332,9 +294,6 @@ void SecureElementInstance::IsSessionClosed( const picojson::value& args, picojs
 
 void SecureElementInstance::CloseSession( const picojson::value& args, picojson::object& out) {
     LoggerD("Enter");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     Session* session_ptr = (Session*) static_cast<long>(args.get("handle").get<double>());
     SESession seSession(session_ptr);
     seSession.close();
@@ -344,9 +303,6 @@ void SecureElementInstance::CloseSession( const picojson::value& args, picojson:
 
 void SecureElementInstance::CloseChannels( const picojson::value& args, picojson::object& out) {
     LoggerD("Enter");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     Session* session_ptr = (Session*) static_cast<long>(args.get("handle").get<double>());
     SESession seSession(session_ptr);
     seSession.closeChannels();
@@ -355,9 +311,6 @@ void SecureElementInstance::CloseChannels( const picojson::value& args, picojson
 
 void SecureElementInstance::Transmit( const picojson::value& args, picojson::object& out) {
     LoggerD("Enter");
-
-    CHECK_PRIVILEGE_ACCESS(kPrivilegeSecureElement, &out);
-
     const double callback_id = args.get("callbackId").get<double>();
     const picojson::array v_command = args.get("command").get<picojson::value::array>();
     ClientChannel* channel_ptr = (ClientChannel*) static_cast<long>(args.get("handle").get<double>());