[M85][Service] Drop thread privilege of service app

This drops the privilege of service app and sets it to User::Pkg::{PKG_ID}.
With this changes, the service app is under control of kernel smack rule.

Reference:
https://review.tizen.org/gerrit/249081

Together with:
https://review.tizen.org/gerrit/251775

Change-Id: I0cd14f159b61b17dc395fd938144a0646529a2d9
Signed-off-by: Youngsoo Choi <kenshin.choi@samsung.com>

diff --git a/wrt_app/service/access_control_manager.ts b/wrt_app/service/access_control_manager.ts
index 87afb7a..b3d804c 100644 (file)
--- a/wrt_app/service/access_control_manager.ts
+++ b/wrt_app/service/access_control_manager.ts
@@ -1,3 +1,4 @@
+import { wrt } from '../browser/wrt';
 
 function checkSystemInfoApiPrivilege(func: any, permissions: string[]) {
   let override_func  = func;
@@ -10,7 +11,8 @@ function checkSystemInfoApiPrivilege(func: any, permissions: string[]) {
   }
 }
 
-export function initialize(permissions: string[]) {
+export function initialize(packageId: string, appId: string, permissions: string[]) {
+  wrt.security?.dropThreadPrivilege(packageId, appId);
   let tizen = global.tizen;
   if (!permissions.includes("http://tizen.org/privilege/alarm")) {
     tizen.alarm.add =

diff --git a/wrt_app/service/device_api_router.ts b/wrt_app/service/device_api_router.ts
index 9e2495b..c083c11 100644 (file)
--- a/wrt_app/service/device_api_router.ts
+++ b/wrt_app/service/device_api_router.ts
@@ -154,7 +154,7 @@ export class DeviceAPIRouter {
   initAccessControlManager() {
     console.log(`permissions : ${this.permissions}`);
     const AccessControlManager = require('./access_control_manager');
-    AccessControlManager.initialize(this.permissions);
+    AccessControlManager.initialize(this.packageId, this.serviceId, this.permissions);
   }
 
   getServiceId() {