From: Youngsoo Choi Date: Tue, 19 Jan 2021 02:53:31 +0000 (+0900) Subject: [M85][Service] Drop thread privilege of service app X-Git-Tag: submit/tizen/20210219.160114^0 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=8fdbbe55276275c63760ebc6bd48a830c1410e29;p=platform%2Fframework%2Fweb%2Fwrtjs.git [M85][Service] Drop thread privilege of service app This drops the privilege of service app and sets it to User::Pkg::{PKG_ID}. With this changes, the service app is under control of kernel smack rule. Reference: https://review.tizen.org/gerrit/249081 Together with: https://review.tizen.org/gerrit/251775 Change-Id: I0cd14f159b61b17dc395fd938144a0646529a2d9 Signed-off-by: Youngsoo Choi --- diff --git a/wrt_app/service/access_control_manager.ts b/wrt_app/service/access_control_manager.ts index 87afb7a..b3d804c 100644 --- a/wrt_app/service/access_control_manager.ts +++ b/wrt_app/service/access_control_manager.ts @@ -1,3 +1,4 @@ +import { wrt } from '../browser/wrt'; function checkSystemInfoApiPrivilege(func: any, permissions: string[]) { let override_func = func; @@ -10,7 +11,8 @@ function checkSystemInfoApiPrivilege(func: any, permissions: string[]) { } } -export function initialize(permissions: string[]) { +export function initialize(packageId: string, appId: string, permissions: string[]) { + wrt.security?.dropThreadPrivilege(packageId, appId); let tizen = global.tizen; if (!permissions.includes("http://tizen.org/privilege/alarm")) { tizen.alarm.add = diff --git a/wrt_app/service/device_api_router.ts b/wrt_app/service/device_api_router.ts index 9e2495b..c083c11 100644 --- a/wrt_app/service/device_api_router.ts +++ b/wrt_app/service/device_api_router.ts @@ -154,7 +154,7 @@ export class DeviceAPIRouter { initAccessControlManager() { console.log(`permissions : ${this.permissions}`); const AccessControlManager = require('./access_control_manager'); - AccessControlManager.initialize(this.permissions); + AccessControlManager.initialize(this.packageId, this.serviceId, this.permissions); } getServiceId() {