From ecbe285cf2e50f361acf4d77a8a762520b7e3ffd Mon Sep 17 00:00:00 2001 From: Youngsoo Choi Date: Sun, 22 Nov 2020 18:05:12 -0800 Subject: [PATCH] [Service] Refactor access control of file system This moves the control of file system to access control manager. Together with: https://review.tizen.org/gerrit/248284 Change-Id: I576fc1e43b26c9655ebe24efa40d5348886c365b Signed-off-by: Youngsoo Choi --- wrt_app/service/access_control_manager.ts | 17 ++++++++++++++++ wrt_app/service/device_api_router.ts | 24 ++++++----------------- 2 files changed, 23 insertions(+), 18 deletions(-) diff --git a/wrt_app/service/access_control_manager.ts b/wrt_app/service/access_control_manager.ts index 87afb7a3..54afc105 100644 --- a/wrt_app/service/access_control_manager.ts +++ b/wrt_app/service/access_control_manager.ts @@ -1,3 +1,4 @@ +const Module = require('module'); function checkSystemInfoApiPrivilege(func: any, permissions: string[]) { let override_func = func; @@ -126,3 +127,19 @@ export function initialize(permissions: string[]) { checkSystemInfoApiPrivilege(tizen.systeminfo.addPropertyValueArrayChangeListener, permissions); } + +export function refineResolveFilename(permissions: string[]) { + const originalResolveFilename = Module._resolveFilename; + Module._resolveFilename = function(...args: any[]) { + let path = ''; + if (args[0] === 'fs') { + path = originalResolveFilename('fs_tizen', args[1], args[2]); + } else { + path = originalResolveFilename(...args); + } + if (path.startsWith('/') && !global.webapis.isValidPath(path)) + throw new Error(`Invalid access to ${path}`); + return path; + } + Object.defineProperty(Module, '_resolveFilename', { writable: false }); +} diff --git a/wrt_app/service/device_api_router.ts b/wrt_app/service/device_api_router.ts index 22801121..f4269238 100644 --- a/wrt_app/service/device_api_router.ts +++ b/wrt_app/service/device_api_router.ts @@ -1,5 +1,4 @@ import { wrt } from '../browser/wrt'; -const Module = require('module'); export class DeviceAPIRouter { currentApplication: any; @@ -51,9 +50,9 @@ export class DeviceAPIRouter { ]; this.initWebapis(); + this.permissions = wrt.getPrivileges(this.id); this.refineResolveFilename(); if (isGlobal) { - this.permissions = wrt.getPrivileges(this.id); this.refineApplicationApis(); this.refinePackageApis(); this.refineFilesystemApis() @@ -103,22 +102,6 @@ export class DeviceAPIRouter { this.initProductWebapis(); } - refineResolveFilename() { - const originalResolveFilename = Module._resolveFilename; - Module._resolveFilename = function(...args: any[]) { - let path = ''; - if (args[0] === 'fs') { - path = originalResolveFilename('fs_tizen', args[1], args[2]); - } else { - path = originalResolveFilename(...args); - } - if (path.startsWith('/') && !global.webapis.isValidPath(path)) - throw new Error(`Invalid access to ${path}`); - return path; - } - Object.defineProperty(Module, '_resolveFilename', { writable: false }); - } - initEdgeWebapis() { if (wrt['edge'] && !global.webapis.edge) { let edge = wrt.edge as NativeWRTjs.EdgeExtension; @@ -219,6 +202,11 @@ export class DeviceAPIRouter { AccessControlManager.initialize(this.permissions); } + refineResolveFilename() { + const AccessControlManager = require('./access_control_manager'); + AccessControlManager.refineResolveFilename(this.permissions); + } + getServiceId() { return global.webapis.getServiceId(); } -- 2.34.1