verifying notification category privilege 01/67901/6 accepted/tizen/common/20160504.125257 accepted/tizen/ivi/20160503.093015 accepted/tizen/mobile/20160503.092916 accepted/tizen/tv/20160503.092941 accepted/tizen/wearable/20160503.092953 submit/tizen/20160503.003646
authorKamil Rojewski <k.rojewski@samsung.com>
Mon, 25 Apr 2016 10:52:29 +0000 (12:52 +0200)
committerKamil Rojewski <k.rojewski@samsung.com>
Fri, 29 Apr 2016 12:48:14 +0000 (14:48 +0200)
Change-Id: I4850ccc6a91bb2c2bb18a91032d75da1305db02d

src/wgt/CMakeLists.txt
src/wgt/step/security/step_check_wgt_notification_category.cc [new file with mode: 0644]
src/wgt/step/security/step_check_wgt_notification_category.h [new file with mode: 0644]
src/wgt/wgt_installer.cc

index 1b515f7..5ab8b00 100644 (file)
@@ -13,6 +13,7 @@ SET(SRCS
   step/security/step_add_default_privileges.cc
   step/security/step_check_settings_level.cc
   step/security/step_check_wgt_background_category.cc
+  step/security/step_check_wgt_notification_category.cc
   wgt_app_query_interface.cc
   wgt_installer.cc
 )
diff --git a/src/wgt/step/security/step_check_wgt_notification_category.cc b/src/wgt/step/security/step_check_wgt_notification_category.cc
new file mode 100644 (file)
index 0000000..67eca45
--- /dev/null
@@ -0,0 +1,41 @@
+// Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#include <wgt/step/security/step_check_wgt_notification_category.h>
+
+#include <common/utils/glist_range.h>
+
+#include <manifest_parser/utils/logging.h>
+
+namespace {
+const char kNotificationCategoryName[]
+    = "http://tizen.org/category/always_on_top";
+}
+
+namespace wgt {
+namespace security {
+
+common_installer::Step::Status StepCheckWgtNotificationCategory::process() {
+  const auto notificationAllowed = context_->privilege_level.get() >=
+    common_installer::PrivilegeLevel::PARTNER;
+
+  // no point in checking if priv is set
+  if (notificationAllowed)
+    return Status::OK;
+
+  for (const auto app :
+      GListRange<application_x *>(context_->manifest_data.get()->application)) {
+    for (const auto category : GListRange<char *>(app->category)) {
+      if (strcmp(category, kNotificationCategoryName) == 0) {
+          LOG(ERROR) << "Insufficient privileges for notification category.";
+          return Status::PRIVILEGE_ERROR;
+      }
+    }
+  }
+
+  LOG(INFO) << "No notification category present.";
+  return Status::OK;
+}
+}  // namespace security
+}  // namespace wgt
diff --git a/src/wgt/step/security/step_check_wgt_notification_category.h b/src/wgt/step/security/step_check_wgt_notification_category.h
new file mode 100644 (file)
index 0000000..738a6ea
--- /dev/null
@@ -0,0 +1,31 @@
+// Copyright (c) 2015 Samsung Electronics Co., Ltd All Rights Reserved
+// Use of this source code is governed by a apache 2.0 license that can be
+// found in the LICENSE file.
+
+#ifndef WGT_STEP_SECURITY_STEP_CHECK_WGT_NOTIFICATION_CATEGORY_H_
+#define WGT_STEP_SECURITY_STEP_CHECK_WGT_NOTIFICATION_CATEGORY_H_
+
+#include <common/step/step.h>
+
+namespace wgt {
+namespace security {
+
+/**
+ * \brief Checks if the app can show notifications, if it requires that feature.
+ */
+class StepCheckWgtNotificationCategory :
+  public common_installer::Step {
+ public:
+  using common_installer::Step::Step;
+  ~StepCheckWgtNotificationCategory() = default;
+
+  Status process() override;
+
+  Status clean() override { return Status::OK; }
+  Status undo() override { return Status::OK; }
+  Status precheck() override { return Status::OK; }
+};
+}  // namespace security
+}  // namespace wgt
+
+#endif  // WGT_STEP_SECURITY_STEP_CHECK_WGT_NOTIFICATION_CATEGORY_H_
index 2476a32..1ba2c06 100644 (file)
@@ -67,6 +67,7 @@
 #include "wgt/step/security/step_add_default_privileges.h"
 #include "wgt/step/security/step_check_settings_level.h"
 #include "wgt/step/security/step_check_wgt_background_category.h"
+#include "wgt/step/security/step_check_wgt_notification_category.h"
 
 namespace ci = common_installer;
 
@@ -87,6 +88,7 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<ci::security::StepPrivilegeCompatibility>();
       AddStep<wgt::security::StepCheckSettingsLevel>();
       AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+      AddStep<wgt::security::StepCheckWgtNotificationCategory>();
       AddStep<wgt::encryption::StepEncryptResources>();
       AddStep<wgt::filesystem::StepWgtResourceDirectory>();
       AddStep<ci::security::StepRollbackInstallationSecurity>();
@@ -114,6 +116,7 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<ci::security::StepPrivilegeCompatibility>();
       AddStep<wgt::security::StepCheckSettingsLevel>();
       AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+      AddStep<wgt::security::StepCheckWgtNotificationCategory>();
       AddStep<ci::security::StepCheckOldCertificate>();
       AddStep<wgt::filesystem::StepWgtResourceDirectory>();
       AddStep<ci::configuration::StepParseManifest>(
@@ -182,6 +185,7 @@ WgtInstaller::WgtInstaller(ci::PkgMgrPtr pkgrmgr)
       AddStep<ci::security::StepPrivilegeCompatibility>();
       AddStep<wgt::security::StepCheckSettingsLevel>();
       AddStep<wgt::security::StepCheckWgtBackgroundCategory>();
+      AddStep<wgt::security::StepCheckWgtNotificationCategory>();
       AddStep<ci::security::StepCheckOldCertificate>();
       AddStep<wgt::filesystem::StepWgtResourceDirectory>();
       AddStep<ci::configuration::StepParseManifest>(