StartFileInfo(this),
//localized, so not binded
// file:// + / : without "/" path, webkit return security error
- PrefixURL(this, L"file:///"),
+ PrefixURL(this, DPL::String(L"app://") + DPL::FromASCIIString(tizenId) + L"/"),
InstallPath(
this,
&BindToWidgetDAO<DPL::String, &WidgetDAOReadOnly::getFullPath>::Get),
"http",
"https",
"widget",
+ "app",
"vnd.youtube",
"rtsp"
};
HTTP,
HTTPS,
WIDGET,
+ APP,
YOUTUBE,
RTSP,
{ URI_ACTION_WRT, URI_ACTION_WRT, URI_ACTION_WRT }, // HTTP
{ URI_ACTION_WRT, URI_ACTION_WRT, URI_ACTION_WRT }, // HTTPS
{ URI_ACTION_WRT, URI_ACTION_WRT, URI_ACTION_WRT }, // WIDGET
+ { URI_ACTION_WRT, URI_ACTION_WRT, URI_ACTION_WRT }, // APP
{ URI_ACTION_VIDEO, URI_ACTION_VIDEO, URI_ACTION_VIDEO }, // YOUTUBE
{ URI_ACTION_VIDEO, URI_ACTION_VIDEO, URI_ACTION_VIDEO } // RTSP
};
{ URI_ACTION_APPSVC, URI_ACTION_WRT, URI_ACTION_APPSVC }, // HTTP
{ URI_ACTION_APPSVC, URI_ACTION_WRT, URI_ACTION_APPSVC }, // HTTPS
{ URI_ACTION_WRT, URI_ACTION_WRT, URI_ACTION_APPSVC }, // WIDGET
+ { URI_ACTION_WRT, URI_ACTION_WRT, URI_ACTION_APPSVC }, // APP
{ URI_ACTION_VIDEO, URI_ACTION_VIDEO, URI_ACTION_VIDEO }, // YOUTUBE
{ URI_ACTION_VIDEO, URI_ACTION_VIDEO, URI_ACTION_VIDEO } // RTSP
};
SERVICE_DATA_TYPE_MIME
};
+char const * const SCHEME_TYPE_APP = "app";
char const * const SCHEME_TYPE_FILE = "file";
char const * const SCHEME_TYPE_WIDGET = "widget";
}
std::string scheme(urlcstr, end);
- if (scheme != SCHEME_TYPE_WIDGET && scheme != SCHEME_TYPE_FILE) {
+ if (scheme != SCHEME_TYPE_WIDGET && scheme != SCHEME_TYPE_FILE && scheme != SCHEME_TYPE_APP) {
LogDebug("scheme doesn't need to localize");
return DPL::OptionalString(inputURI);
}
#include "bundle_uri_handling.h"
#include <dpl/log/log.h>
#include <string.h>
+#include <sys/stat.h>
#include <dpl/utils/wrt_global_settings.h>
// For dao creation (widget info fetching)
#include <dpl/wrt-dao-ro/widget_dao_read_only.h>
namespace {
char const * const SCHEME_TYPE_FILE = "file";
char const * const SCHEME_TYPE_WIDGET = "widget";
+char const * const SCHEME_TYPE_APP = "app";
char const * const WARP_ERROR_MSG =
"file:///usr/etc/wrt/warp_security_error.msg";
char const * const PARAM_URL = "param:url";
-char const * const ACE_IGNORED_SCHEMA[] = { "file://", "widget://", "data:",
- "tel:", "sms:", "mmsto:", "mailto:",
- 0 };
+char const * const ACE_IGNORED_SCHEMA[] = { "file://", "widget://", "app://",
+ "data:", "tel:", "sms:", "mmsto:",
+ "mailto:", 0 };
bool checkWARP(const char *url, const DPL::String& tizenId)
{
DPL::FromUTF8String(std::string(url)));
}
+bool preventSymlink(const std::string & url)
+{
+ if(0 != strncmp(url.c_str(), SCHEME_TYPE_FILE, strlen(SCHEME_TYPE_FILE)))
+ {
+ return true;
+ }
+ if(url.size() >= strlen(SCHEME_TYPE_FILE) + 3)
+ {
+ std::string file = url.substr(strlen(SCHEME_TYPE_FILE) + 3);
+ struct stat st;
+ if(0 != stat(file.c_str(), &st)) return true;
+ return !S_ISLNK(st.st_mode);
+ }
+ else
+ {
+ return true;
+ }
+}
+
bool checkACE(const char* url, bool xhr, const DPL::String& tizenId)
{
if (url) {
auto uri = DPL::ToUTF8String(*op_uri);
if (!checkWARP(uri.c_str(), tizenId)) {
- LogDebug("Request was blocked by WARP: " << uri);
+ LogWarning("Request was blocked by WARP: " << uri);
return false;
}
if (!checkACE(uri.c_str(), is_xhr, tizenId)) {
- LogDebug("Request was blocked by ACE: " << uri);
+ LogWarning("Request was blocked by ACE: " << uri);
+ return false;
+ }
+
+ if (!preventSymlink(uri)) {
+ LogWarning("Request for symlink is invalid: " << uri);
return false;
}
DPL::OptionalString localizeURI(const DPL::String& inputURI,
const DPL::String& tizenId)
{
- auto uri = DPL::ToUTF8String(inputURI);
+ std::string uri = DPL::ToUTF8String(inputURI);
LogDebug("localizing url: " << uri);
-
auto urlcstr = uri.c_str();
-
const char *end = strstr(urlcstr, ":");
if (!end) {
LogDebug("no schema in link, return null");
// lack of schema
return DPL::Optional<DPL::String>::Null;
}
-
std::string scheme(urlcstr, end);
- if (scheme != SCHEME_TYPE_WIDGET && scheme != SCHEME_TYPE_FILE) {
+
+ if (scheme != SCHEME_TYPE_WIDGET && scheme != SCHEME_TYPE_FILE && scheme != SCHEME_TYPE_APP) {
LogDebug("scheme doesn't need to localize");
return DPL::OptionalString(inputURI);
}
// URI localization on WebProcess side
#include "bundle_uri_handling.h"
+//TODO: this is temprary hack for ENABLE marco is webkit!
+//do not include header webkits after this as they want work probably
+#define ENABLE(X) 0
+#include <WKBundlePrivate.h>
+#undef ENABLE
+
namespace {
const char * const uriChangedMessageName = "uri_changed_msg";
const char * const uriBlockedMessageName = "uri_blocked_msg";
const char * const URICHANGE_BLOCKED_URL = "null";
const char * const SCHEME_HTTP = "http";
const char * const SCHEME_HTTPS = "https";
-const char * const SCHEME_FILE = "file://";
+const char * const SCHEME_FILE = "file";
+const char * const SCHEME_FILE_SLASH = "file://";
const char * const DATA_STRING = "data:";
const char * const BASE64_STRING = ";base64,";
const char * const BLANK_PAGE_URL = "about:blank";
const char * const VIEWMODE_TYPE_MAXIMIZED = "maximized";
const std::size_t FILE_BUF_MAX_SIZE = 1024; // bytes
const std::size_t PLAIN_CHUNK_SIZE = 1008; // bytes
+const char * const warpAllowProtocolsForWildcard[] = { "http", "https" };
}
Bundle::Bundle(WKBundleRef bundle) :
}
}
+void Bundle::bypassCORSforWARPAccessList(WrtDB::WidgetDAOReadOnly & dao)
+{
+ // bypassing CORS using origin whitelist
+ WrtDB::WidgetAccessInfoList WAList;
+ dao.getWidgetAccessInfo(WAList);
+ FOREACH(it, WAList)
+ {
+ const WrtDB::WidgetAccessInfo & access = *it;
+ WKURLRef url = WKURLCreateWithUTF8CString(DPL::ToUTF8String(access.strIRI).c_str());
+
+ std::string source = std::string("app://") + DPL::ToUTF8String(m_widgetTizenId) + "/";
+
+ LogDebug("WARP to WK whitelist position: " << source << " for "
+ << access.strIRI << " subDomains: " << access.bSubDomains);
+
+ WKStringRef wkSource = WKStringCreateWithUTF8CString(source.c_str());
+ WKStringRef wkHost;
+ WKStringRef wkProtocol;
+ if(access.strIRI == L"*")
+ {
+ //wildcard force to explicitly say which protocol is used
+ // passed wkHost if empty means wildcard -> allow everything but protocol has to be set.
+ for(unsigned i = 0; i < sizeof(warpAllowProtocolsForWildcard); i++)
+ {
+ wkHost = WKStringCreateWithUTF8CString("");
+ wkProtocol = WKStringCreateWithUTF8CString(warpAllowProtocolsForWildcard[i]);
+ WKBundleAddOriginAccessWhitelistEntry(m_bundle,
+ wkSource, wkProtocol, wkHost, access.bSubDomains);
+ }
+ }
+ else
+ {
+ wkHost = WKURLCopyHostName(url);
+ wkProtocol = WKURLCopyScheme(url);
+ WKBundleAddOriginAccessWhitelistEntry(m_bundle,
+ wkSource, wkProtocol, wkHost, access.bSubDomains);
+ }
+
+ WKRelease(wkHost);
+ WKRelease(wkProtocol);
+ WKRelease(wkSource);
+ }
+}
+
void Bundle::didReceiveMessage(WKStringRef messageName, WKTypeRef messageBody)
{
LogDebug("got message type: " << toString(messageName).c_str());
m_widgetTizenId = DPL::FromASCIIString(msgString);
WrtDB::WidgetDAOReadOnly dao(m_widgetTizenId);
+
+ bypassCORSforWARPAccessList(dao);
+
/* This type of message is received when widget is restarting
* (proably in other situation too). Widget restart can be
* called after system language change so language tags have to
LogDebug("URI processing result: " << *localizedUrl);
std::string tmpUrlStr = DPL::ToUTF8String(*localizedUrl);
WKURLRef tmpUrl = WKURLCreateWithUTF8CString(tmpUrlStr.c_str());
- std::string scheme = toString(WKURLCopyScheme(url));
+ std::string scheme = toString(WKURLCopyScheme(url)); //scheme of original request
WKRelease(url);
+
+ if(scheme == SCHEME_FILE) {
+ LogError("File schema blocked for: " << dplurl);
+ return NULL;
+ }
+
// Return value must contain details information of input
// WKURLRequestRef. Current webkit2 doesn't support api that
// copy WKURLRequestRef or change url only. Before webkit2
{
std::string filePath;
- size_t pos = Url.find_first_not_of(SCHEME_FILE);
+ size_t pos = Url.find_first_not_of(SCHEME_FILE_SLASH);
if (std::string::npos != pos) {
filePath = Url.substr(pos - 1);
}
std::set<WrtDB::EncryptedFileInfo>::iterator it;
info.fileName = DPL::FromUTF8String(filePath);
- if ((0 == strncmp(Url.c_str(), SCHEME_FILE, strlen(SCHEME_FILE))) &&
+ if ((0 == strncmp(Url.c_str(), SCHEME_FILE_SLASH, strlen(SCHEME_FILE_SLASH))) &&
(m_encryptedFiles.end() != (it =
m_encryptedFiles.find(info))))
{
{
std::string filePath;
- size_t pos = resource.find_first_not_of(SCHEME_FILE);
+ size_t pos = resource.find_first_not_of(SCHEME_FILE_SLASH);
if (std::string::npos != pos) {
filePath = resource.substr(pos - 1);
}
void fixWKMessageArgs(std::string & argScale,
std::string & argEncodedBundle,
std::string & argTheme);
+
+ void bypassCORSforWARPAccessList(WrtDB::WidgetDAOReadOnly &dao);
+
void *DecryptChunkByTrustZone(const unsigned char *inBuffer,
int inBufSize);
};