From: Youngsoo Choi <kenshin.choi@samsung.com>
Date: Wed, 18 Aug 2021 22:20:59 +0000 (-0700)
Subject: [Service] Use smack privilege while calling device API
X-Git-Tag: submit/tizen/20210823.004918~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=2d73adef5cb02aeb039091addc4617b7fedb6170;p=platform%2Fframework%2Fweb%2Fwrtjs.git

[Service] Use smack privilege while calling device API

Web service app thread couldn't have its own smack app label on it.
Thus, web service f/w has used an access control module,
checking the app thread privilege by device API unit.

Recently, web service f/w ended up granting smack app label
on the web service app thread. So, the app privilege can be handled by
smack control and the access control module isn't needed anymore.

Change-Id: Iea55811f129b5a126c69c260cecb948dcbf40ca7
Signed-off-by: Youngsoo Choi <kenshin.choi@samsung.com>
---

diff --git a/wrt_app/service/access_control_manager.ts b/wrt_app/service/access_control_manager.ts
deleted file mode 100644
index 5fad4b24..00000000
--- a/wrt_app/service/access_control_manager.ts
+++ /dev/null
@@ -1,137 +0,0 @@
-import { wrt } from '../browser/wrt';
-
-function checkSystemInfoApiPrivilege(func: any, permissions: string[]) {
-  let override_func  = func;
-  return (...args: any[]) => {
-    if (args[0] === "CELLULAR_NETWORK" && !permissions.includes("http://tizen.org/privilege/telephony")) {
-      console.log('The telephony permission is missing.');
-      return ;
-    }
-    return override_func.call(global.tizen.systeminfo, ...args);
-  }
-}
-
-export function initialize(packageId: string, appId: string, permissions: string[]) {
-  let webapis = global.webapis;
-  let tizen = global.tizen;
-  if (!permissions.includes("http://tizen.org/privilege/account.read")) {
-    webapis.mde.getCurrentLoginId = () => {
-      console.log('The account.read permission is missing.');
-    }
-  }
-  Object.defineProperties(webapis.mde, {
-    getCurrentLoginId: { writable: false, enumerable: true }
-  });
-  if (!permissions.includes("http://tizen.org/privilege/alarm")) {
-    tizen.alarm.add =
-    tizen.alarm.remove =
-    tizen.alarm.removeAll =
-    tizen.alarm.get =
-    tizen.alarm.getAll =
-    tizen.alarm.getAlarmNotification =
-    tizen.alarm.addAlarmNotification = function() {
-      console.log('The alarm permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/apphistory.read")) {
-    tizen.application.getAppsUsageInfo =
-    tizen.application.getBatteryUsageInfo = function() {
-      console.log('The application.read permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/application.launch") &&
-      !permissions.includes("http://tizen.org/privilege/appmanager.launch")) {
-    tizen.application.launch = function() {
-      console.log('The application.launch and appmanager.launch permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/application.info")) {
-    tizen.application.getAppMetaData = function() {
-      console.log('The application.info permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/appmanager.certificate")) {
-    tizen.application.getAppCerts = function() {
-      console.log('The application.certificate permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/appmanager.kill")) {
-    tizen.application.kill = function() {
-      console.log('The application.kill permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/appmanager.launch") ||
-      !permissions.includes("http://tizen.org/privilege/datasharing")) {
-    tizen.datacontrol.addChangeListener =
-    tizen.datacontrol.removeChangeListener = function() {
-      console.log('The appmanager.launch or datasharing permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/datacontrol.consumer")) {
-    tizen.datacontrol.getValue =
-    tizen.datacontrol.updateValue =
-    tizen.datacontrol.insert =
-    tizen.datacontrol.update =
-    tizen.datacontrol.remove =
-    tizen.datacontrol.select =
-    tizen.datacontrol.addValue =
-    tizen.datacontrol.removeValue =
-    tizen.datacontrol.getDataControlConsumer = function() {
-      console.log('The datacontrol.consumer permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/filesystem.read")) {
-    tizen.filesystem.listDirectory =
-    tizen.filesystem.isFile =
-    tizen.filesystem.isDirectory =
-    tizen.filesystem.pathExists =
-    tizen.filesystem.copyFile =
-    tizen.filesystem.copyDirectory =
-    tizen.filesystem.moveFile =
-    tizen.filesystem.moveDirectory =
-    tizen.filesystem.resolve = function() {
-      console.log('The filesystem.read permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/filesystem.write")) {
-    tizen.filesystem.createDirectory =
-    tizen.filesystem.deleteFile =
-    tizen.filesystem.deleteDirectory =
-    tizen.filesystem.copyFile =
-    tizen.filesystem.copyDirectory =
-    tizen.filesystem.moveFile =
-    tizen.filesystem.moveDirectory =
-    tizen.filesystem.rename = function() {
-      console.log('The filesystem.write permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/notification")) {
-    tizen.alarm.addAlarmNotification = function() {
-      console.log('The notification permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/package.info")) {
-    tizen.package.setPackageInfoEventListener =
-    tizen.package.unsetPackageInfoEventListener =
-    tizen.package.getPackageInfo =
-    tizen.package.getPackagesInfo = function() {
-      console.log('The package.info permission is missing.');
-    }
-  }
-  if (!permissions.includes("http://tizen.org/privilege/packagemanager.install")) {
-    tizen.package.install =
-    tizen.package.uninstall = function() {
-      console.log('The packagemanager.install permission is missing.');
-    }
-  }
-  // systeminfo : Runtime privilege validation is required, based on parameters
-  tizen.systeminfo.getPropertyValue =
-    checkSystemInfoApiPrivilege(tizen.systeminfo.getPropertyValue, permissions);
-  tizen.systeminfo.getPropertyValueArray =
-    checkSystemInfoApiPrivilege(tizen.systeminfo.getPropertyValueArray, permissions);
-  tizen.systeminfo.addPropertyValueChangeListener =
-    checkSystemInfoApiPrivilege(tizen.systeminfo.addPropertyValueChangeListener, permissions);
-  tizen.systeminfo.addPropertyValueArrayChangeListener =
-    checkSystemInfoApiPrivilege(tizen.systeminfo.addPropertyValueArrayChangeListener, permissions);
-
-}
diff --git a/wrt_app/service/device_api_router.ts b/wrt_app/service/device_api_router.ts
index 5fe116b5..2c601d05 100644
--- a/wrt_app/service/device_api_router.ts
+++ b/wrt_app/service/device_api_router.ts
@@ -37,7 +37,6 @@ export class DeviceAPIRouter {
       this.refinePackageApis();
       this.refineFilesystemApis()
       this.refineMessagePortApis()
-      this.initAccessControlManager();
       this.refineXwalkUtilApis();
     }
   }
@@ -185,12 +184,6 @@ export class DeviceAPIRouter {
     }
   }
 
-  initAccessControlManager() {
-    console.log(`permissions : ${this.permissions}`);
-    const AccessControlManager = require('./access_control_manager');
-    AccessControlManager.initialize(this.packageId, this.serviceId, this.permissions);
-  }
-
   getServiceId() {
     return global.webapis.getServiceId();
   }