[wrt-plugins-common] Ace Check API change.

 * ace_check_access() -> ace_check_access_ex()
 * 'AceSecurityStatus' return type has new value, 'PrivacyDenied'.

[Issue#] N/A
[Problem] Platform requirement.
[Cause] N/A
[Solution] To get more detailed information about denied cause, ace check api was changed.

Change-Id: I63d0175c8b402d0833ab773b85268db59de58dc5

diff --git a/src/Commons/FunctionDeclaration.h b/src/Commons/FunctionDeclaration.h
index 9075268..d603c49 100644 (file)
--- a/src/Commons/FunctionDeclaration.h
+++ b/src/Commons/FunctionDeclaration.h
@@ -108,6 +108,7 @@ enum class AceSecurityStatus
 {
     AccessGranted,
     AccessDenied,
+    PrivacyDenied,
     InternalError
 };
 
@@ -146,8 +147,17 @@ AceSecurityStatus aceCheckAccess(
     ArgumentsVerifier argsVerify;
     argsVerify(aceFunction, args ...);
 
-    if (!(WrtAccessSingleton::Instance().checkAccessControl(aceFunction))) {
-            return AceSecurityStatus::AccessDenied;
+    WrtAccess::CheckAccessReturnType ret =
+        WrtAccessSingleton::Instance().checkAccessControl(aceFunction);
+
+    if (ret == WrtAccess::CHECK_ACCESS_PRIVILEGE_DENIED) {
+        return AceSecurityStatus::AccessDenied;
+    }
+    else if (ret == WrtAccess::CHECK_ACCESS_PRIVACY_DENIED) {
+        return AceSecurityStatus::PrivacyDenied;
+    }
+    else if (ret == WrtAccess::CHECK_ACCESS_INTERNAL_ERROR) {
+        return AceSecurityStatus::InternalError;
     }
 
     return AceSecurityStatus::AccessGranted;

diff --git a/src/Commons/WrtAccess/WrtAccess.cpp b/src/Commons/WrtAccess/WrtAccess.cpp
index 0e9f50a..128dbf5 100644 (file)
--- a/src/Commons/WrtAccess/WrtAccess.cpp
+++ b/src/Commons/WrtAccess/WrtAccess.cpp
@@ -172,7 +172,7 @@ int WrtAccess::getWidgetId() const
     return m_widgetId;
 }
 
-bool WrtAccess::checkAccessControl(const AceFunction& aceFunction) const
+WrtAccess::CheckAccessReturnType WrtAccess::checkAccessControl(const AceFunction& aceFunction) const
 {
     Assert(
         m_pluginOwners && "WrtAccessSingleton needs to be initialized with"
@@ -249,9 +249,9 @@ bool WrtAccess::checkAccessControl(const AceFunction& aceFunction) const
         }
     }
 
-    ace_bool_t aceCheckResult = ACE_FALSE;
+    ace_check_result_t aceCheckResult = ACE_PRIVILEGE_DENIED;
     DPL::Log::LogSystemSingleton::Instance().SetTag("SECURITY_DAEMON");
-    ace_return_t ret = ace_check_access(&aceRequest, &aceCheckResult);
+    ace_return_t ret = ace_check_access_ex(&aceRequest, &aceCheckResult);
     DPL::Log::LogSystemSingleton::Instance().SetTag("WRT_PLUGINS");
     for (i = 0; i < deviceCount; ++i) {
         delete[] aceRequest.dev_cap_list.items[i].param_list.items;
@@ -260,9 +260,20 @@ bool WrtAccess::checkAccessControl(const AceFunction& aceFunction) const
 
     if (ACE_OK != ret) {
         _E("Error in ace check: %d", static_cast<int>(ret));
-        return false;
+        return CHECK_ACCESS_INTERNAL_ERROR;
     }
-    return ACE_TRUE == aceCheckResult;
+
+    if (aceCheckResult == ACE_ACCESS_GRANTED) {
+        return CHECK_ACCESS_GRANTED;
+    }
+    else if (aceCheckResult == ACE_PRIVILEGE_DENIED) {
+        return CHECK_ACCESS_PRIVILEGE_DENIED;
+    }
+    else if (aceCheckResult == ACE_PRIVACY_DENIED) {
+        return CHECK_ACCESS_PRIVACY_DENIED;
+    }
+
+    return CHECK_ACCESS_INTERNAL_ERROR;
 }
 }
 } // WrtDeviceApisCommon

diff --git a/src/Commons/WrtAccess/WrtAccess.h b/src/Commons/WrtAccess/WrtAccess.h
index 7467215..c274534 100644 (file)
--- a/src/Commons/WrtAccess/WrtAccess.h
+++ b/src/Commons/WrtAccess/WrtAccess.h
@@ -31,11 +31,19 @@ namespace WrtDeviceApis {
 namespace Commons {
 class WrtAccess
 {
+    enum CheckAccessReturnType
+    {
+        CHECK_ACCESS_GRANTED,
+        CHECK_ACCESS_PRIVILEGE_DENIED,
+        CHECK_ACCESS_PRIVACY_DENIED,
+        CHECK_ACCESS_INTERNAL_ERROR
+    };
+
   public:
     void initialize(int widgetId);
     void deinitialize(int widgetId);
     int getWidgetId() const;
-    bool checkAccessControl(const AceFunction &aceFunction) const;
+    CheckAccessReturnType checkAccessControl(const AceFunction &aceFunction) const;
 
   private:
 

diff --git a/src/CommonsJavaScript/Security/SecurityFunctionDeclaration.h b/src/CommonsJavaScript/Security/SecurityFunctionDeclaration.h
index dcdd452..8ad1987 100644 (file)
--- a/src/CommonsJavaScript/Security/SecurityFunctionDeclaration.h
+++ b/src/CommonsJavaScript/Security/SecurityFunctionDeclaration.h
@@ -30,6 +30,7 @@ enum class AceSecurityStatus
 {
     AccessGranted,
     AccessDenied,
+    PrivacyDenied,
     InternalError
 };
 
@@ -65,15 +66,19 @@ AceSecurityStatus aceCheckAccess2(
     ArgumentsVerifier argsVerify;
     argsVerify(aceFunction, args ...);
 
-    Try {
-        if (!(WrtAccessSingleton::Instance().checkAccessControl(aceFunction)))
-        {
-            LogDebug("Function is not allowed to run");
-            return AceSecurityStatus::AccessDenied;
-        }
+    WrtAccess::CheckAccessReturnType ret =
+        WrtAccessSingleton::Instance().checkAccessControl(aceFunction);
+
+    if (ret == WrtAccess::CHECK_ACCESS_PRIVILEGE_DENIED) {
+        LogError("Function is not allowed to run - AccessDenied");
+        return AceSecurityStatus::AccessDenied;
+    }
+    else if (ret == WrtAccess::CHECK_ACCESS_PRIVACY_DENIED) {
+        LogError("Function is not allowed to run - PrivacyDenied");
+        return AceSecurityStatus::PrivacyDenied;
     }
-    Catch(WrtDeviceApis::Commons::OutOfRangeException) {
-        LogError("WrtAccess doesn't exist.");
+    else if (ret == WrtAccess::CHECK_ACCESS_INTERNAL_ERROR) {
+        LogError("InternalError");
         return AceSecurityStatus::InternalError;
     }