From: k2.nagaraju <k2.nagaraju@samsung.com>
Date: Tue, 17 Dec 2019 15:00:57 +0000 (+0530)
Subject: [Service][Global] Implement access control for privilege management
X-Git-Tag: submit/tizen_5.5/20200109.070620~1^2
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8c0aa40bf1e2768b25db44536032d8b58df3ab40;p=platform%2Fframework%2Fweb%2Fwrtjs.git

[Service][Global] Implement access control for privilege management

This provides access control as per specified privileges in config.xml
for service application.

Change-Id: I2bae3574fccd9e7333c485e6b3229b407ad28660
Signed-off-by: k2.nagaraju <k2.nagaraju@samsung.com>
Signed-off-by: Youngsoo Choi <kenshin.choi@samsung.com>
---

diff --git a/wrt_app/service/access_control_manager.js b/wrt_app/service/access_control_manager.js
new file mode 100644
index 0000000..bda869d
--- /dev/null
+++ b/wrt_app/service/access_control_manager.js
@@ -0,0 +1,123 @@
+class AccessControlManager {
+  constructor(permissions, sandbox) {
+    this.permissions = permissions;
+    this.sandbox = sandbox;
+    this.systeminfo = {};
+    this.systeminfo.getPropertyValue = sandbox.tizen.systeminfo.getPropertyValue;
+  }
+  initialize() {
+    const permissions = this.permissions;
+    let tizen = this.sandbox.tizen;
+    if (!permissions.includes("http://tizen.org/privilege/alarm")) {
+      tizen.alarm.add =
+      tizen.alarm.remove =
+      tizen.alarm.removeAll =
+      tizen.alarm.get =
+      tizen.alarm.getAll =
+      tizen.alarm.getAlarmNotification =
+      tizen.alarm.addAlarmNotification = function() {
+        console.log('The alarm permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/apphistory.read")) {
+      tizen.application.getAppsUsageInfo =
+      tizen.application.getBatteryUsageInfo = function() {
+        console.log('The application.read permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/application.launch")) {
+      tizen.application.launch =
+      tizen.application.launchAppControl = function() {
+        console.log('The application.launch permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/application.info")) {
+      tizen.application.getAppMetaData = function() {
+        console.log('The application.info permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/appmanager.certificate")) {
+      tizen.application.getAppCerts = function() {
+        console.log('The application.certificate permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/appmanager.kill")) {
+      tizen.application.kill = function() {
+        console.log('The application.kill permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/appmanager.launch") ||
+        !permissions.includes("http://tizen.org/privilege/datasharing")) {
+      tizen.datacontrol.addChangeListener =
+      tizen.datacontrol.removeChangeListener = function() {
+        console.log('The appmanager.launch or datasharing permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/datacontrol.consumer")) {
+      tizen.datacontrol.getValue =
+      tizen.datacontrol.updateValue =
+      tizen.datacontrol.insert =
+      tizen.datacontrol.update =
+      tizen.datacontrol.remove =
+      tizen.datacontrol.select =
+      tizen.datacontrol.addValue =
+      tizen.datacontrol.removeValue =
+      tizen.datacontrol.getDataControlConsumer = function() {
+        console.log('The datacontrol.consumer permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/filesystem.read")) {
+      tizen.filesystem.listDirectory =
+      tizen.filesystem.isFile =
+      tizen.filesystem.isDirectory =
+      tizen.filesystem.pathExists =
+      tizen.filesystem.copyFile =
+      tizen.filesystem.copyDirectory =
+      tizen.filesystem.moveFile =
+      tizen.filesystem.moveDirectory =
+      tizen.filesystem.resolve = function() {
+        console.log('The filesystem.read permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/filesystem.write")) {
+      tizen.filesystem.createDirectory =
+      tizen.filesystem.deleteFile =
+      tizen.filesystem.deleteDirectory =
+      tizen.filesystem.copyFile =
+      tizen.filesystem.copyDirectory =
+      tizen.filesystem.moveFile =
+      tizen.filesystem.moveDirectory =
+      tizen.filesystem.rename = function() {
+        console.log('The filesystem.write permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/notification")) {
+      tizen.alarm.addAlarmNotification = function() {
+        console.log('The notification permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/package.info")) {
+      tizen.package.setPackageInfoEventListener =
+      tizen.package.unsetPackageInfoEventListener =
+      tizen.package.getPackageInfo =
+      tizen.package.getPackagesInfo = function() {
+        console.log('The package.info permission is missing.');
+      }
+    }
+    if (!permissions.includes("http://tizen.org/privilege/packagemanager.install")) {
+      tizen.package.install =
+      tizen.package.uninstall = function() {
+        console.log('The packagemanager.install permission is missing.');
+      }
+    }
+    // systeminfo : Runtime privilege validation is required, based on parameters
+    tizen.systeminfo.getPropertyValue = function(type, onSuccessCallback, onErrorCallback) {
+      if (type === "CELLULAR_NETWORK" && !permissions.includes("http://tizen.org/privilege/telephony")) {
+        console.log('The telephony permission is missing.');
+        return;
+      }
+      this.systeminfo.getPropertyValue.apply(tizen.systeminfo, arguments);
+    }.bind(this);
+  }
+}
+module.exports = AccessControlManager;
diff --git a/wrt_app/service/main.js b/wrt_app/service/main.js
index 19594ce..ed10e5d 100755
--- a/wrt_app/service/main.js
+++ b/wrt_app/service/main.js
@@ -18,13 +18,14 @@
 
 const wrt = require('../browser/wrt');
 const vm = require('vm');
+const AccessControlManager = require('./access_control_manager');
 const TizenExtension = require('./tizen_extension');
 
 var sandbox = [];
 var sandbox_count = 0;
 
-wrt.on('start-service', (event, app_id) => {
-  console.log('start service app : ' + app_id);
+wrt.on('start-service', (event, app_id, permissions) => {
+  console.log('start service app : ' + app_id + ', permissions : ' + permissions);
   new TizenExtension();
   if (sandbox[app_id] === undefined) {
     if (sandbox_count === 0) {
@@ -38,6 +39,8 @@ wrt.on('start-service', (event, app_id) => {
       require: require,
       tizen: tizen,
     };
+    let access_control_manager = new AccessControlManager(permissions, sandbox[app_id]);
+    access_control_manager.initialize();
     for(let key in global) {
       sandbox[app_id][key] = global[key];
     }