From 8c8e3380db04c4a40959a0afe756a716895526ba Mon Sep 17 00:00:00 2001 From: Jihoon Chung Date: Wed, 21 Nov 2012 17:17:51 +0900 Subject: [PATCH] Implement security settings in the widgetDAO [Issue#] N/A [Problem] N/A [Cause] N/A [Solution] Implement security settings values security popup usage : This value contorl securit popup when web application uses API which is needed user permission user geolication usage : case of web application requests location information web notification usage : case of web application shows notification web database usage : Before create web database in the local data directory, user should allow permission filesystem usage : case of web application using file system API, user should allow permiision Security settings are read-only property to the web application process. For keeping read-only property, security settings are implement in the widget DAO. [SCMRequest] N/A Change-Id: Ib31eb778cb541a536ef2a4e8a4a102751925e0cb --- modules/widget_dao/dao/widget_dao.cpp | 154 +++++++++++++++++++++ modules/widget_dao/dao/widget_dao_read_only.cpp | 64 ++++++++- .../include/dpl/wrt-dao-ro/common_dao_types.h | 9 +- .../include/dpl/wrt-dao-ro/widget_dao_read_only.h | 15 ++ .../widget_dao/include/dpl/wrt-dao-rw/widget_dao.h | 11 ++ modules/widget_dao/orm/wrt_db | 12 ++ 6 files changed, 263 insertions(+), 2 deletions(-) diff --git a/modules/widget_dao/dao/widget_dao.cpp b/modules/widget_dao/dao/widget_dao.cpp index deb55d2..56076b1 100644 --- a/modules/widget_dao/dao/widget_dao.cpp +++ b/modules/widget_dao/dao/widget_dao.cpp @@ -119,6 +119,136 @@ void WidgetDAO::setPkgName(const DPL::OptionalString& pkgName) SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed to register widget") } +void WidgetDAO::setSecurityPopupUsage(const SettingsType value) +{ + SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN + { + using namespace DPL::DB::ORM; + using namespace DPL::DB::ORM::wrt; + + ScopedTransaction transaction(&WrtDatabase::interface()); + if (!isWidgetInstalled(getHandle())) { + ThrowMsg(WidgetDAOReadOnly::Exception::WidgetNotExist, + "Cannot find widget. Handle: " << getHandle()); + } + + WidgetSecuritySettings::Row row; + row.Set_security_popup_usage(value); + + WRT_DB_UPDATE(update, WidgetSecuritySettings, &WrtDatabase::interface()) + update->Where(Equals(getHandle())); + update->Values(row); + update->Execute(); + + transaction.Commit(); + } + SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed to set security popup usage") +} + +void WidgetDAO::setGeolocationUsage(const SettingsType value) +{ + SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN + { + using namespace DPL::DB::ORM; + using namespace DPL::DB::ORM::wrt; + + ScopedTransaction transaction(&WrtDatabase::interface()); + if (!isWidgetInstalled(getHandle())) { + ThrowMsg(WidgetDAOReadOnly::Exception::WidgetNotExist, + "Cannot find widget. Handle: " << getHandle()); + } + + WidgetSecuritySettings::Row row; + row.Set_geolocation_usage(value); + + WRT_DB_UPDATE(update, WidgetSecuritySettings, &WrtDatabase::interface()) + update->Where(Equals(getHandle())); + update->Values(row); + update->Execute(); + + transaction.Commit(); + } + SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed to set geolocation usage") +} + +void WidgetDAO::setWebNotificationUsage(const SettingsType value) +{ + SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN + { + using namespace DPL::DB::ORM; + using namespace DPL::DB::ORM::wrt; + + ScopedTransaction transaction(&WrtDatabase::interface()); + if (!isWidgetInstalled(getHandle())) { + ThrowMsg(WidgetDAOReadOnly::Exception::WidgetNotExist, + "Cannot find widget. Handle: " << getHandle()); + } + + WidgetSecuritySettings::Row row; + row.Set_web_notification_usage(value); + + WRT_DB_UPDATE(update, WidgetSecuritySettings, &WrtDatabase::interface()) + update->Where(Equals(getHandle())); + update->Values(row); + update->Execute(); + + transaction.Commit(); + } + SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed to set web notification usage") +} + +void WidgetDAO::setWebDatabaseUsage(const SettingsType value) +{ + SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN + { + using namespace DPL::DB::ORM; + using namespace DPL::DB::ORM::wrt; + + ScopedTransaction transaction(&WrtDatabase::interface()); + if (!isWidgetInstalled(getHandle())) { + ThrowMsg(WidgetDAOReadOnly::Exception::WidgetNotExist, + "Cannot find widget. Handle: " << getHandle()); + } + + WidgetSecuritySettings::Row row; + row.Set_web_database_usage(value); + + WRT_DB_UPDATE(update, WidgetSecuritySettings, &WrtDatabase::interface()) + update->Where(Equals(getHandle())); + update->Values(row); + update->Execute(); + + transaction.Commit(); + } + SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed to set web database usage") +} + +void WidgetDAO::setFileSystemUsage(const SettingsType value) +{ + SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN + { + using namespace DPL::DB::ORM; + using namespace DPL::DB::ORM::wrt; + + ScopedTransaction transaction(&WrtDatabase::interface()); + if (!isWidgetInstalled(getHandle())) { + ThrowMsg(WidgetDAOReadOnly::Exception::WidgetNotExist, + "Cannot find widget. Handle: " << getHandle()); + } + + WidgetSecuritySettings::Row row; + row.Set_file_system_usage(value); + + WRT_DB_UPDATE(update, WidgetSecuritySettings, &WrtDatabase::interface()) + update->Where(Equals(getHandle())); + update->Values(row); + update->Execute(); + + transaction.Commit(); + } + SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed to set filesystem usage") +} + void WidgetDAO::registerWidget( const WidgetPkgName & widgetPkgname, const WidgetRegisterInfo &widgetRegInfo, @@ -218,6 +348,8 @@ void WidgetDAO::registerWidgetInternal( registerEncryptedResouceInfo(widgetHandle, widgetRegInfo); registerExternalLocations(widgetHandle, widgetRegInfo.externalLocations); + + registerWidgetSecuritySettings(widgetHandle); } void WidgetDAO::registerOrUpdateWidget( @@ -664,6 +796,28 @@ void WidgetDAO::registerExternalLocations(DbWidgetHandle widgetHandle, SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed to register external files"); } +void WidgetDAO::registerWidgetSecuritySettings(DbWidgetHandle widgetHandle) +{ + SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN + { + using namespace DPL::DB::ORM; + using namespace DPL::DB::ORM::wrt; + DPL::DB::ORM::wrt::ScopedTransaction transaction(&WrtDatabase::interface()); + + WidgetSecuritySettings::Row row; + row.Set_app_id(widgetHandle); + row.Set_security_popup_usage(SETTINGS_TYPE_ON); + row.Set_geolocation_usage(SETTINGS_TYPE_ON); + row.Set_web_notification_usage(SETTINGS_TYPE_ON); + row.Set_web_database_usage(SETTINGS_TYPE_ON); + row.Set_file_system_usage(SETTINGS_TYPE_ON); + + DO_INSERT(row, WidgetSecuritySettings) + transaction.Commit(); + } + SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed to register external files"); +} + void WidgetDAO::unregisterAllExternalLocations() { using namespace DPL::DB::ORM; diff --git a/modules/widget_dao/dao/widget_dao_read_only.cpp b/modules/widget_dao/dao/widget_dao_read_only.cpp index aa54c6b..7dda9ef 100644 --- a/modules/widget_dao/dao/widget_dao_read_only.cpp +++ b/modules/widget_dao/dao/widget_dao_read_only.cpp @@ -64,7 +64,9 @@ namespace WrtDB { typedef DPL::DB::ORM::wrt::WidgetInfo::Row WidgetInfoRow; typedef DPL::DB::ORM::wrt::WidgetFeature::widget_feature_id::ColumnType - WidgetFeatureId; + WidgetFeatureId; +typedef DPL::DB::ORM::wrt::WidgetSecuritySettings::Row + WidgetSecuritySettingsRow; namespace { @@ -88,6 +90,26 @@ WidgetInfoRow getWidgetInfoRow(int widgetHandle) SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed in GetWidgetInfoRow") } +WidgetSecuritySettingsRow getWidgetSecuritySettingsRow(int widgetHandle) +{ + LogDebug("Getting WidgetSecuritySettings row. Handle: " << widgetHandle); + SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN + { + using namespace DPL::DB::ORM; + using namespace DPL::DB::ORM::wrt; + WRT_DB_SELECT(select, WidgetSecuritySettings, &WrtDatabase::interface()) + select->Where(Equals(widgetHandle)); + + WidgetSecuritySettings::Select::RowList rows = select->GetRowList(); + if (rows.empty()) { + ThrowMsg(WidgetDAOReadOnly::Exception::WidgetNotExist, + "Cannot find widget. Handle: " << widgetHandle); + } + return rows.front(); + } + SQL_CONNECTION_EXCEPTION_HANDLER_END("Failed in getWidgetSecuritySettingsRow") +} + const int MAX_TIZENID_LENGTH = 10; } // namespace @@ -1145,6 +1167,46 @@ WidgetPkgName WidgetDAOReadOnly::generateTizenId() { return tizenId; } +SettingsType WidgetDAOReadOnly::getSecurityPopupUsage(void) const +{ + WidgetSecuritySettingsRow row = + getWidgetSecuritySettingsRow(m_widgetHandle); + DPL::OptionalInt result = row.Get_security_popup_usage(); + return static_cast(*result); +} + +SettingsType WidgetDAOReadOnly::getGeolocationUsage(void) const +{ + WidgetSecuritySettingsRow row = + getWidgetSecuritySettingsRow(m_widgetHandle); + DPL::OptionalInt result = row.Get_geolocation_usage(); + return static_cast(*result); +} + +SettingsType WidgetDAOReadOnly::getWebNotificationUsage(void) const +{ + WidgetSecuritySettingsRow row = + getWidgetSecuritySettingsRow(m_widgetHandle); + DPL::OptionalInt result = row.Get_web_notification_usage(); + return static_cast(*result); +} + +SettingsType WidgetDAOReadOnly::getWebDatabaseUsage(void) const +{ + WidgetSecuritySettingsRow row = + getWidgetSecuritySettingsRow(m_widgetHandle); + DPL::OptionalInt result = row.Get_web_database_usage(); + return static_cast(*result); +} + +SettingsType WidgetDAOReadOnly::getFileSystemUsage(void) const +{ + WidgetSecuritySettingsRow row = + getWidgetSecuritySettingsRow(m_widgetHandle); + DPL::OptionalInt result = row.Get_file_system_usage(); + return static_cast(*result); +} + #undef SQL_CONNECTION_EXCEPTION_HANDLER_BEGIN #undef SQL_CONNECTION_EXCEPTION_HANDLER_END #undef CHECK_WIDGET_EXISTENCE diff --git a/modules/widget_dao/include/dpl/wrt-dao-ro/common_dao_types.h b/modules/widget_dao/include/dpl/wrt-dao-ro/common_dao_types.h index 36ee037..6ccd104 100644 --- a/modules/widget_dao/include/dpl/wrt-dao-ro/common_dao_types.h +++ b/modules/widget_dao/include/dpl/wrt-dao-ro/common_dao_types.h @@ -302,7 +302,7 @@ enum PkgType PKG_TYPE_UNKNOWN = 0, // unknown PKG_TYPE_NOMAL_WEB_APP, PKG_TYPE_HOSTED_WEB_APP, // request from browser - PKG_TYPE_HYBRID_WEB_APP, // Tizen webapp with C++ service app + PKG_TYPE_HYBRID_WEB_APP // Tizen webapp with C++ service app }; class PackagingType @@ -341,6 +341,13 @@ class PackagingType PkgType pkgType; }; +enum SettingsType +{ + SETTINGS_TYPE_UNKNOWN = 0, + SETTINGS_TYPE_ON, + SETTINGS_TYPE_ALWAYS_ASK, + SETTINGS_TYPE_OFF +}; } // namespace WrtDB struct WidgetSetting diff --git a/modules/widget_dao/include/dpl/wrt-dao-ro/widget_dao_read_only.h b/modules/widget_dao/include/dpl/wrt-dao-ro/widget_dao_read_only.h index 5b66498..2d776ca 100644 --- a/modules/widget_dao/include/dpl/wrt-dao-ro/widget_dao_read_only.h +++ b/modules/widget_dao/include/dpl/wrt-dao-ro/widget_dao_read_only.h @@ -750,6 +750,21 @@ class WidgetDAOReadOnly * @return new tizen id */ static WidgetPkgName generateTizenId(); + + /** + * @brief This method return each value for security setting + * + * @return SettingsType + * SETTINGS_TYPE_UNKNOWN : unknow value + * SETTINGS_TYPE_ON : enable + * SETTINGS_TYPE_ALWAYS_ASK : ask by popup + * SETTINGS_TYPE_OFF : disable + */ + SettingsType getSecurityPopupUsage() const; + SettingsType getGeolocationUsage() const; + SettingsType getWebNotificationUsage() const; + SettingsType getWebDatabaseUsage() const; + SettingsType getFileSystemUsage() const; }; } // namespace WrtDB diff --git a/modules/widget_dao/include/dpl/wrt-dao-rw/widget_dao.h b/modules/widget_dao/include/dpl/wrt-dao-rw/widget_dao.h index 94aba6b..44b9d1b 100644 --- a/modules/widget_dao/include/dpl/wrt-dao-rw/widget_dao.h +++ b/modules/widget_dao/include/dpl/wrt-dao-rw/widget_dao.h @@ -140,6 +140,15 @@ class WidgetDAO : public WidgetDAOReadOnly */ void updateFeatureRejectStatus(const DbWidgetFeature &widgetFeature); + /* + * This method change security settings value + */ + void setSecurityPopupUsage(const SettingsType value); + void setGeolocationUsage(const SettingsType value); + void setWebNotificationUsage(const SettingsType value); + void setWebDatabaseUsage(const SettingsType value); + void setFileSystemUsage(const SettingsType value); + private: //Methods used during widget registering static DbWidgetHandle registerWidgetInfo( @@ -193,6 +202,8 @@ class WidgetDAO : public WidgetDAOReadOnly */ static void registerExternalLocations(DbWidgetHandle widgetHandle, const ExternalLocationList & externals); + static void registerWidgetSecuritySettings(DbWidgetHandle widgetHandle); + static void registerWidgetInternal( const WidgetPkgName & widgetName, diff --git a/modules/widget_dao/orm/wrt_db b/modules/widget_dao/orm/wrt_db index 0dfedb4..751addc 100644 --- a/modules/widget_dao/orm/wrt_db +++ b/modules/widget_dao/orm/wrt_db @@ -215,6 +215,18 @@ CREATE_TABLE(WidgetWARPInfo) ) CREATE_TABLE_END() +CREATE_TABLE(WidgetSecuritySettings) + COLUMN_NOT_NULL(app_id, INT,) + COLUMN_NOT_NULL(security_popup_usage, INT, DEFAULT 1) + COLUMN_NOT_NULL(geolocation_usage, INT, DEFAULT 1) + COLUMN_NOT_NULL(web_notification_usage, INT, DEFAULT 1) + COLUMN_NOT_NULL(web_database_usage, INT, DEFAULT 1) + COLUMN_NOT_NULL(file_system_usage, INT, DEFAULT 1) + TABLE_CONSTRAINTS( + FOREIGN KEY (app_id) REFERENCES WidgetInfo (app_id) ON DELETE CASCADE + ) +CREATE_TABLE_END() + CREATE_TABLE(FeaturesList) COLUMN_NOT_NULL(FeatureUUID, INTEGER, primary key autoincrement) COLUMN_NOT_NULL(FeatureName, TEXT, unique) -- 2.7.4