From 37a48daaebc06e2eee11109ef1bfbc06f2bdd768 Mon Sep 17 00:00:00 2001
From: Pawel Kaczmarczyk <p.kaczmarczy@samsung.com>
Date: Wed, 31 Jan 2018 11:55:58 +0100
Subject: [PATCH] [Exif] Synchronously checking access to file

ACR: http://suprem.sec.samsung.net/jira/browse/TWDAPI-187

[Verification] Tested in Chromium console

Change-Id: I4818dd71aaa54ef52bc0d18862f628beedac05f4
Signed-off-by: Pawel Kaczmarczyk <p.kaczmarczy@samsung.com>
---
 src/exif/exif_api.js      | 21 ++++++++++++++++++---
 src/exif/exif_instance.cc | 25 +++++++++++++++++++------
 2 files changed, 37 insertions(+), 9 deletions(-)

diff --git a/src/exif/exif_api.js b/src/exif/exif_api.js
index 3d2cd510..fc25fa3f 100644
--- a/src/exif/exif_api.js
+++ b/src/exif/exif_api.js
@@ -217,7 +217,12 @@ ExifManager.prototype.getExifInfo = function() {
     }
   };
 
-  native_.call('ExifManager_getExifInfo', {'uri': args.uri}, callback);
+  var result = native_.call('ExifManager_getExifInfo', {'uri': args.uri}, callback);
+
+  if (native_.isFailure(result)) {
+    // since tizen 5.0 the only possible error type here is SecurityError
+    throw native_.getErrorObject(result);
+  }
 };
 
 ExifManager.prototype.saveExifInfo = function() {
@@ -263,7 +268,12 @@ ExifManager.prototype.saveExifInfo = function() {
     }
   };
 
-  native_.call('ExifManager_saveExifInfo', json, callback);
+  var result = native_.call('ExifManager_saveExifInfo', json, callback);
+
+  if (native_.isFailure(result)) {
+    // since tizen 5.0 the only possible error type here is SecurityError
+    throw native_.getErrorObject(result);
+  }
 };
 
 ExifManager.prototype.getThumbnail = function() {
@@ -307,7 +317,12 @@ ExifManager.prototype.getThumbnail = function() {
     }
   };
 
-  native_.call('ExifManager_getThumbnail', {'uri': args.uri}, _callback);
+  var result = native_.call('ExifManager_getThumbnail', {'uri': args.uri}, _callback);
+
+  if (native_.isFailure(result)) {
+    // since tizen 5.0 the only possible error type here is SecurityError
+    throw native_.getErrorObject(result);
+  }
 };
 
 tizen.ExifInformation = function(exifInitDict) {
diff --git a/src/exif/exif_instance.cc b/src/exif/exif_instance.cc
index 121390c1..ff9c4d2e 100644
--- a/src/exif/exif_instance.cc
+++ b/src/exif/exif_instance.cc
@@ -27,6 +27,7 @@
 #include "common/platform_result.h"
 #include "common/task-queue.h"
 #include "common/tools.h"
+#include "common/filesystem/filesystem_provider.h"
 
 #include "exif/exif_information.h"
 #include "exif/exif_util.h"
@@ -59,15 +60,18 @@ void ExifInstance::ExifManagerGetExifInfo(const picojson::value& args, picojson:
   ScopeLogger();
 
   const std::string& uri = args.get("uri").get<std::string>();
+  const std::string& file_path = ExifUtil::convertUriToPath(uri);
 
   const double callback_id = args.get("callbackId").get<double>();
+  const std::string& real_path = common::FilesystemProvider::Create().GetRealPath(file_path);
+
+  CHECK_STORAGE_ACCESS(real_path, &out);
+
   auto get = [=](const std::shared_ptr<JsonValue>& response) -> void {
     ScopeLogger("Entered into asynchronous function, get");
     JsonValue result = JsonValue(JsonObject());
     PlatformResult status(ErrorCode::NO_ERROR);
 
-    const std::string& file_path = ExifUtil::convertUriToPath(uri);
-
     PlatformResult fileAvailability(common::tools::CheckFileAvailability(file_path));
     if (!fileAvailability) {
       LogAndReportError(fileAvailability, &response->get<picojson::object>());
@@ -99,15 +103,20 @@ void ExifInstance::ExifManagerSaveExifInfo(const picojson::value& args, picojson
   ScopeLogger();
 
   const double callback_id = args.get("callbackId").get<double>();
+
+  const std::string& file_uri = args.get("uri").get<std::string>();
+  const std::string& file_path = ExifUtil::convertUriToPath(file_uri);
+  const std::string& real_path = common::FilesystemProvider::Create().GetRealPath(file_path);
+
+  CHECK_STORAGE_ACCESS(real_path, &out);
+
   auto get = [=](const std::shared_ptr<JsonValue>& response) -> void {
     ScopeLogger("Entered into asynchronous function, get");
     JsonValue result = JsonValue(JsonObject());
     PlatformResult status(ErrorCode::NO_ERROR);
 
     ExifInformationPtr exifInfo(new ExifInformation(args));
-    const std::string& uri = exifInfo->getUri();
-    const std::string& path = ExifUtil::convertUriToPath(uri);
-    status = exifInfo->saveToFile(path);
+    status = exifInfo->saveToFile(file_path);
 
     if (status)
       ReportSuccess(result, response->get<picojson::object>());
@@ -131,12 +140,16 @@ void ExifInstance::ExifManagerGetThumbnail(const picojson::value& args, picojson
   ScopeLogger();
   const std::string& uri = args.get("uri").get<std::string>();
 
+  const std::string& file_path = ExifUtil::ExifUtil::convertUriToPath(uri);
+  const std::string& real_path = common::FilesystemProvider::Create().GetRealPath(file_path);
+
+  CHECK_STORAGE_ACCESS(real_path, &out);
+
   const double callback_id = args.get("callbackId").get<double>();
   auto get = [=](const std::shared_ptr<JsonValue>& response) -> void {
     ScopeLogger("Entered into asynchronous function, get");
     PlatformResult status(ErrorCode::NO_ERROR);
 
-    const std::string& file_path = ExifUtil::convertUriToPath(uri);
     JsonValue result = JsonValue(JsonObject());
     JsonObject& result_obj = result.get<JsonObject>();
 
-- 
2.34.1