From 4c1395c8aa726451375d84e0442f179cdc24d530 Mon Sep 17 00:00:00 2001 From: Jihoon Chung Date: Sat, 12 Jan 2013 17:25:26 +0900 Subject: [PATCH] Implement tizen privilege for w3c API [Issue#] N/A [Problem] N/A [Cause] N/A [Solution] Implement tizen privilege for W3C API. If web application contains "http://tizen.org/privilege/geolocation" with tizen:privilege tag, web application uses geolocation without security warning popup. In this case, only local origin is allowed to use. Even this information is showed in the setting menu(Advanced settings-> Exceptions settings), user cannot delete it.(This list will display by read-only property) [SCMRequest] N/A Change-Id: Id67e98e34da98a2639d8328255051347c4525f4c --- .../dao/security_origin_dao.cpp | 58 ++++++++++++++++++++-- .../dao/security_origin_dao_types.cpp | 9 +++- .../security-origin-dao/security_origin_dao.h | 5 +- .../security_origin_dao_types.h | 3 ++ modules/security_origin_dao/orm/security_origin_db | 11 ++-- 5 files changed, 76 insertions(+), 10 deletions(-) diff --git a/modules/security_origin_dao/dao/security_origin_dao.cpp b/modules/security_origin_dao/dao/security_origin_dao.cpp index 07c816f..8c4874a 100644 --- a/modules/security_origin_dao/dao/security_origin_dao.cpp +++ b/modules/security_origin_dao/dao/security_origin_dao.cpp @@ -54,6 +54,10 @@ DPL::DB::SqlConnection::Flag::Type SECURITY_ORIGIN_DB_TYPE = const char* const SECURITY_ORIGIN_DB_NAME = ".security_origin.db"; const char* const SECURITY_ORIGIN_DB_SQL_PATH = "/usr/share/wrt-engine/security_origin_db.sql"; +const char* const SECURITY_DATABASE_JOURNAL_FILENAME = "-journal"; + +const int WEB_APPLICATION_UID = 5000; +const int WEB_APPLICATION_GUID = 5000; std::string createDatabasePath(const WrtDB::WidgetPkgName &pkgName) { @@ -114,6 +118,23 @@ void checkDatabase(std::string databasePath) SECURITY_ORIGIN_DB_OPTION); con.ExecCommand(ssBuffer.str().c_str()); } + + if(chown(databasePath.c_str(), + WEB_APPLICATION_UID, + WEB_APPLICATION_GUID) != 0) + { + ThrowMsg(SecurityOriginDAO::Exception::DatabaseError, + "Fail to change uid/guid"); + } + std::string databaseJournal = + databasePath + SECURITY_DATABASE_JOURNAL_FILENAME; + if(chown(databaseJournal.c_str(), + WEB_APPLICATION_UID, + WEB_APPLICATION_GUID) != 0) + { + ThrowMsg(SecurityOriginDAO::Exception::DatabaseError, + "Fail to change uid/guid"); + } } SQL_CONNECTION_EXCEPTION_HANDLER_END("Fail to get database Path") } @@ -191,9 +212,30 @@ Result SecurityOriginDAO::getResult( "Failed to get result for security origin") } -void SecurityOriginDAO::setSecurityOriginData( - const SecurityOriginData &securityOriginData, - const Result result) +bool SecurityOriginDAO::isReadOnly(const SecurityOriginData &securityOriginData) +{ + SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN + { + SECURITY_ORIGIN_DB_SELECT(select, SecurityOriginInfo, &m_securityOriginDBInterface); + select->Where( + And(And(And(Equals(securityOriginData.feature), + Equals(securityOriginData.origin.scheme)), + Equals(securityOriginData.origin.host)), + Equals(securityOriginData.origin.port))); + SecurityOriginInfo::Select::RowList rows = select->GetRowList(); + + if (rows.empty()) { + return RESULT_UNKNOWN; + } + SecurityOriginInfo::Row row = rows.front(); + return row.Get_readonly() ? true : false; + } + SQL_CONNECTION_EXCEPTION_HANDLER_END("Fail to get readonly property") +} + +void SecurityOriginDAO::setSecurityOriginData(const SecurityOriginData &securityOriginData, + const Result result, + const bool readOnly) { SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN { @@ -204,6 +246,7 @@ void SecurityOriginDAO::setSecurityOriginData( row.Set_host(securityOriginData.origin.host); row.Set_port(securityOriginData.origin.port); row.Set_result(result); + row.Set_readonly(readOnly ? 1 : 0); if (true == hasResult(securityOriginData)) { SECURITY_ORIGIN_DB_UPDATE(update, @@ -224,6 +267,15 @@ void SecurityOriginDAO::setSecurityOriginData( SQL_CONNECTION_EXCEPTION_HANDLER_END("Fail to set security origin data") } +void SecurityOriginDAO::setPrivilegeSecurityOriginData(const Feature feature) +{ + Origin origin(DPL::FromUTF8String("file"), + DPL::FromUTF8String(""), + 0); + SecurityOriginData data(feature, origin); + setSecurityOriginData(data, RESULT_ALLOW_ALWAYS, true); +} + void SecurityOriginDAO::removeSecurityOriginData( const SecurityOriginData &securityOriginData) { diff --git a/modules/security_origin_dao/dao/security_origin_dao_types.cpp b/modules/security_origin_dao/dao/security_origin_dao_types.cpp index 601b277..639c2b7 100644 --- a/modules/security_origin_dao/dao/security_origin_dao_types.cpp +++ b/modules/security_origin_dao/dao/security_origin_dao_types.cpp @@ -25,4 +25,11 @@ #include #include -namespace SecurityOriginDB {} // namespace SecurityOriginDB \ No newline at end of file +namespace SecurityOriginDB { +const std::map g_W3CPrivilegeTextMap = { + {"http://tizen.org/privilege/location", FEATURE_GEOLOCATION}, + {"http://tizen.org/privilege/notification", FEATURE_WEB_NOTIFICATION}, + {"http://tizen.org/privilege/unlimitedstorage", FEATURE_WEB_DATABASE}, + {"http://tizen.org/privilege/filesystem.write", FEATURE_FILE_SYSTEM_ACCESS} +}; +} // namespace SecurityOriginDB diff --git a/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao.h b/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao.h index f9ad12f..9f075ee 100644 --- a/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao.h +++ b/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao.h @@ -43,8 +43,11 @@ class SecurityOriginDAO virtual ~SecurityOriginDAO(); SecurityOriginDataList getSecurityOriginDataList(); Result getResult(const SecurityOriginData &securityOriginData); + bool isReadOnly(const SecurityOriginData &securityOriginData); void setSecurityOriginData(const SecurityOriginData &securityOriginData, - const Result result); + const Result result, + const bool readOnly = false); + void setPrivilegeSecurityOriginData(const Feature feature); void removeSecurityOriginData(const SecurityOriginData &securityOriginData); void removeSecurityOriginData(const Result result); diff --git a/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao_types.h b/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao_types.h index c517f05..28ead78 100644 --- a/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao_types.h +++ b/modules/security_origin_dao/include/wrt-commons/security-origin-dao/security_origin_dao_types.h @@ -26,6 +26,7 @@ #include #include +#include #include namespace SecurityOriginDB { @@ -48,6 +49,8 @@ enum Result RESULT_DENY_ALWAYS }; +extern const std::map g_W3CPrivilegeTextMap; + struct Origin { DPL::String scheme; diff --git a/modules/security_origin_dao/orm/security_origin_db b/modules/security_origin_dao/orm/security_origin_db index cb45aa4..2d9c4f9 100644 --- a/modules/security_origin_dao/orm/security_origin_db +++ b/modules/security_origin_dao/orm/security_origin_db @@ -1,11 +1,12 @@ SQL(BEGIN TRANSACTION;) CREATE_TABLE(SecurityOriginInfo) - COLUMN_NOT_NULL(feature, INT, ) - COLUMN_NOT_NULL(scheme, TEXT,DEFAULT '') - COLUMN_NOT_NULL(host, TEXT,DEFAULT '') - COLUMN_NOT_NULL(port, INT, DEFAULT 0) - COLUMN_NOT_NULL(result, INT, DEFAULT 0) + COLUMN_NOT_NULL(feature, INT, ) + COLUMN_NOT_NULL(scheme, TEXT,DEFAULT '') + COLUMN_NOT_NULL(host, TEXT,DEFAULT '') + COLUMN_NOT_NULL(port, INT, DEFAULT 0) + COLUMN_NOT_NULL(result, INT, DEFAULT 0) + COLUMN_NOT_NULL(readonly, INT, DEFAULT 0) TABLE_CONSTRAINTS(PRIMARY KEY(feature,scheme,host,port)) CREATE_TABLE_END() -- 2.7.4