[WRTjs][Service] Drop thread privilege of service app

This drops the privilege of service app and sets it to User::Pkg::{PKG_ID}.
With this changes, the service app is under control of kernel smack rule.

Together with:
https://review.tizen.org/gerrit/249088

Change-Id: Icccd23cc27842cb24f3e81afc21f8d5d013460bf
Signed-off-by: Youngsoo Choi <kenshin.choi@samsung.com>

diff --git a/wrt_app/service/access_control_manager.ts b/wrt_app/service/access_control_manager.ts
index a8c2b23e87feff9c27ad79cf0fe4729d9691ea5a..e3621a028b81201e2d8f1e5d76164be4c92c63ae 100644 (file)
--- a/wrt_app/service/access_control_manager.ts
+++ b/wrt_app/service/access_control_manager.ts
@@ -1,3 +1,5 @@
+import { wrt } from '../browser/wrt';
+
 const Module = require('module');
 
 function checkSystemInfoApiPrivilege(func: any, permissions: string[]) {
@@ -19,7 +21,8 @@ function isNetworkModule(module: string) {
   return false;
 }
 
-export function initialize(permissions: string[]) {
+export function initialize(packageId:string, permissions: string[]) {
+  wrt.security?.dropThreadPrivilege(packageId);
   let tizen = global.tizen;
   if (!permissions.includes("http://tizen.org/privilege/alarm")) {
     tizen.alarm.add =
@@ -136,7 +139,7 @@ export function initialize(permissions: string[]) {
 
 }
 
-export function refineResolveFilename(permissions: string[]) {
+export function refineResolveFilename(packageId: string, permissions: string[]) {
   const originalResolveFilename = Module._resolveFilename;
   Module._resolveFilename = function(...args: any[]) {
     let path = '';
@@ -148,9 +151,7 @@ export function refineResolveFilename(permissions: string[]) {
     } else {
       path = originalResolveFilename(...args);
     }
-    const webapis = global.webapis;
-    if (path.startsWith('/') &&
-        !webapis.security.checkSmack(webapis.getPackageId(), path, 'r'))
+    if (path.startsWith('/') && !wrt.security?.checkSmack(packageId, path, 'r'))
       throw new Error(`Invalid access to ${path}`);
     return path;
   }

diff --git a/wrt_app/service/device_api_router.ts b/wrt_app/service/device_api_router.ts
index 99d86edddab27963b1b81490b3aad6e60a71cfab..18ec305e64b0ee3e85a0e5bedf9d4e66a83cbb04 100644 (file)
--- a/wrt_app/service/device_api_router.ts
+++ b/wrt_app/service/device_api_router.ts
@@ -197,12 +197,12 @@ export class DeviceAPIRouter {
   initAccessControlManager() {
     console.log(`permissions : ${this.permissions}`);
     const AccessControlManager = require('./access_control_manager');
-    AccessControlManager.initialize(this.permissions);
+    AccessControlManager.initialize(this.packageId, this.permissions);
   }
 
   refineResolveFilename() {
     const AccessControlManager = require('./access_control_manager');
-    AccessControlManager.refineResolveFilename(this.permissions);
+    AccessControlManager.refineResolveFilename(this.packageId, this.permissions);
   }
 
   getServiceId() {