From: Arkadiusz Pietraszek Date: Fri, 27 Apr 2018 09:23:56 +0000 (+0200) Subject: [Filesystem] Added storege privilage checks X-Git-Tag: submit/tizen/20180518.121229~2 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=b1e7effa3f192ef8bd511298a54b8269f0dbd11d;p=platform%2Fcore%2Fapi%2Fwebapi-plugins.git [Filesystem] Added storege privilage checks ACR: http://suprem.sec.samsung.net/jira/browse/TWDAPI-121 Change-Id: Id146dd02bc37ffc6064a40d77f184f302def3f93 Signed-off-by: Arkadiusz Pietraszek --- diff --git a/src/filesystem/filesystem_instance.cc b/src/filesystem/filesystem_instance.cc index 5c0f3416..bd11dcdf 100644 --- a/src/filesystem/filesystem_instance.cc +++ b/src/filesystem/filesystem_instance.cc @@ -1286,6 +1286,8 @@ void FilesystemInstance::FileSystemManagerOpenFile(const picojson::value& args, } const std::string& path = args.get("path").get(); + + CHECK_STORAGE_ACCESS(path, &out); const std::string open_mode = GetFopenMode(args); FILE* file = nullptr; try { @@ -1311,6 +1313,7 @@ void FilesystemInstance::FileSystemManagerCreateDirectory(const picojson::value& double callback_id = args.get("callbackId").get(); const std::string& path = args.get("path").get(); bool make_parents = args.get("makeParents").get(); + CHECK_STORAGE_ACCESS(path, &out); this->worker.add_job([this, callback_id, path, make_parents] { picojson::value response = picojson::value(picojson::object()); @@ -1337,6 +1340,7 @@ void FilesystemInstance::FileSystemManagerDeleteFile(const picojson::value& args double callback_id = args.get("callbackId").get(); const std::string& path = args.get("path").get(); + CHECK_STORAGE_ACCESS(path, &out); this->worker.add_job([this, callback_id, path] { picojson::value response = picojson::value(picojson::object()); picojson::object& obj = response.get(); @@ -1361,6 +1365,8 @@ void FilesystemInstance::FileSystemManagerDeleteDirectory(const picojson::value& double callback_id = args.get("callbackId").get(); const std::string& path = args.get("path").get(); + + CHECK_STORAGE_ACCESS(path, &out); bool recursive = args.get("recursive").get(); this->worker.add_job([this, callback_id, path, recursive] { @@ -1399,7 +1405,9 @@ void FilesystemInstance::FileSystemManagerCopyFile(const picojson::value& args, double callback_id = args.get("callbackId").get(); const std::string& path = args.get("path").get(); + CHECK_STORAGE_ACCESS(path, &out); const std::string& destination_path = args.get("destinationPath").get(); + CHECK_STORAGE_ACCESS(destination_path, &out); bool overwrite = args.get("overwrite").get(); this->worker.add_job([this, callback_id, path, destination_path, overwrite] { @@ -1444,7 +1452,9 @@ void FilesystemInstance::FileSystemManagerCopyDirectory(const picojson::value& a CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemRead, &out); CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemWrite, &out); const std::string& path = args.get("path").get(); + CHECK_STORAGE_ACCESS(path, &out); const std::string& destination_path = args.get("destinationPath").get(); + CHECK_STORAGE_ACCESS(destination_path, &out); double callback_id = args.get("callbackId").get(); bool overwrite = args.get("overwrite").get(); @@ -1490,7 +1500,9 @@ void FilesystemInstance::FileSystemManagerMoveFile(const picojson::value& args, CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemWrite, &out); const std::string& path = args.get("path").get(); + CHECK_STORAGE_ACCESS(path, &out); const std::string& destination_path = args.get("destinationPath").get(); + CHECK_STORAGE_ACCESS(destination_path, &out); double callback_id = args.get("callbackId").get(); bool overwrite = args.get("overwrite").get(); @@ -1539,7 +1551,9 @@ void FilesystemInstance::FileSystemManagerMoveDirectory(const picojson::value& a CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemWrite, &out); double callback_id = args.get("callbackId").get(); const std::string& path = args.get("path").get(); + CHECK_STORAGE_ACCESS(path, &out); const std::string& destination_path = args.get("destinationPath").get(); + CHECK_STORAGE_ACCESS(destination_path, &out); bool overwrite = args.get("overwrite").get(); this->worker.add_job([this, callback_id, path, destination_path, overwrite] { @@ -1581,6 +1595,8 @@ void FilesystemInstance::FileSystemManagerRename(const picojson::value& args, ScopeLogger(); CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemWrite, &out); const std::string& path = args.get("path").get(); + + CHECK_STORAGE_ACCESS(path, &out); double callback_id = args.get("callbackId").get(); const std::string& new_name = args.get("newName").get(); @@ -1637,6 +1653,7 @@ void FilesystemInstance::FileSystemManagerListDirectory(const picojson::value& a double callback_id = args.get("callbackId").get(); const std::string& path = args.get("path").get(); const picojson::object& filter = args.get("filter").get(); + CHECK_STORAGE_ACCESS(path, &out); this->worker.add_job([this, callback_id, path, filter] { ScopeLogger(); @@ -1725,6 +1742,8 @@ void FilesystemInstance::FileSystemManagerIsFile(const picojson::value& args, ScopeLogger(); CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemRead, &out); const std::string& path = args.get("path").get(); + + CHECK_STORAGE_ACCESS(path, &out); picojson::value is_file{}; try { struct stat buf {}; @@ -1745,6 +1764,8 @@ void FilesystemInstance::FileSystemManagerIsDirectory(const picojson::value& arg ScopeLogger(); CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemRead, &out); const std::string& path = args.get("path").get(); + + CHECK_STORAGE_ACCESS(path, &out); picojson::value is_directory{}; try { struct stat buf {}; @@ -1765,6 +1786,8 @@ void FilesystemInstance::FileSystemManagerPathExists(const picojson::value& args ScopeLogger(); CHECK_PRIVILEGE_ACCESS(kPrivilegeFilesystemRead, &out); const std::string& path = args.get("path").get(); + + CHECK_STORAGE_ACCESS(path, &out); picojson::value does_file_exist = picojson::value{true}; try { struct stat buf {};