From 60cc14d38c31ac7192f545581c184271fc985dbf Mon Sep 17 00:00:00 2001 From: Zofia Abramowska Date: Mon, 26 Jun 2017 13:42:35 +0200 Subject: [PATCH] Allow application to fetch its own policy Application requires checking its privacy privilege status to decide wether invoking askuser popup is required. This change allows apps to fetch its own policy (for the same app_id and user) without any additional privilege. Change-Id: Ie351f002107e58ad90b71f44ec25026469e38cb5 --- src/common/service_impl.cpp | 2 +- src/include/policy-manager.h | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/src/common/service_impl.cpp b/src/common/service_impl.cpp index bc85430..eeb73ca 100644 --- a/src/common/service_impl.cpp +++ b/src/common/service_impl.cpp @@ -1063,7 +1063,7 @@ int ServiceImpl::getConfiguredPolicy(const Credentials &creds, bool forAdmin, listOfPolicies); LogDebug("ADMIN - number of policies matched: " << listOfPolicies.size()); } else { - if (!authenticate(creds, Config::PRIVILEGE_POLICY_USER)) { + if (appProcessLabel != creds.label && !authenticate(creds, Config::PRIVILEGE_POLICY_USER)) { LogError("Not enough privilege to access user enforced policies"); return SECURITY_MANAGER_ERROR_ACCESS_DENIED; } diff --git a/src/include/policy-manager.h b/src/include/policy-manager.h index 63d983b..0c24178 100644 --- a/src/include/policy-manager.h +++ b/src/include/policy-manager.h @@ -373,6 +373,8 @@ int security_manager_get_configured_policy_for_admin( * for freeing allocated resources. * Required privileges: + * - application can fetch its policy without any privilege (providing that filters' + application name and user is the same as applications) * - http://tizen.org/privilege/notexist * * \param[in] p_filter Pointer to filter struct -- 2.7.4