Tizen Native Service not asking for Application Launch Privilege

Question

I am working on a Hybrid App (Web UI with Native Service) of API version 5.5 for my Samsung Galaxy Active Watch. I want to launch a Native Service from another Native Service.

Problem:

My Service App has the privilege of http://tizen.org/privilege/appmanager.launch & http://tizen.org/privilege/application.launch in the manifest file. When I check the privileges using ppm_check_permissions method of the Privacy Privilege Manager, the result shows that http://tizen.org/privilege/application.launch is permanently denied from User.

I never denied this privilege. I've also reset the device but the result is same. When I try to forcefully request the permission using the ppm_request_permission the result is PRIVACY_PRIVILEGE_MANAGER_REQUEST_RESULT_DENY_FOREVER.

If I try to launch the target application without having the privilege it's not getting launched as per requirement. I get the APP_CONTROL_ERROR_LAUNCH_REJECTED error even when the target application is in the same package.

Expected Behavior:

Service App should allow me to ask the privilege of http://tizen.org/privilege/application.launch from User so I can launch another Service from this one.

Manifest File:

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<manifest xmlns="http://tizen.org/ns/packages" api-version="5.5" package="org.example.myservice" version="1.0.0">
    <profile name="wearable"/>
    <service-application appid="org.example.myservice" exec="myservice" multiple="false" nodisplay="true" taskmanage="false" type="capp">
        <label>myservice</label>
        <icon>myservice.png</icon>
        <background-category value="location"/>
        <background-category value="background-network"/>
        <background-category value="sensor"/>
    </service-application>
    <privileges>
        <privilege>http://tizen.org/privilege/network.get</privilege>
        <privilege>http://tizen.org/privilege/appdir.shareddata</privilege>
        <privilege>http://tizen.org/privilege/healthinfo</privilege>
        <privilege>http://tizen.org/privilege/appmanager.launch</privilege>
        <privilege>http://tizen.org/privilege/haptic</privilege>
        <privilege>http://tizen.org/privilege/internet</privilege>
        <privilege>http://tizen.org/privilege/datasharing</privilege>
    </privileges>
    <feature name="http://tizen.org/feature/sensor.accelerometer">true</feature>
    <feature name="http://tizen.org/feature/sensor.pedometer">true</feature>
    <feature name="http://tizen.org/feature/sensor.heart_rate_monitor">true</feature>
    <feature name="http://tizen.org/feature/sensor.gyroscope">true</feature>
    <feature name="http://tizen.org/feature/sensor.gesture_recognition">true</feature>
</manifest>

Privilege Checking Code:

void check_and_request_permissions()
{
    const char* required_privileges[] = {
        "http://tizen.org/privilege/location",
        "http://tizen.org/privilege/internet",
        "http://tizen.org/privilege/network.get",
        "http://tizen.org/privilege/appdir.shareddata",
        "http://tizen.org/privilege/datasharing",
        "http://tizen.org/privilege/healthinfo",
        "http://tizen.org/privilege/haptic",
        "http://tizen.org/privilege/appmanager.launch"
        };
    ppm_check_result_e privilege_permission_results[PRIVILEGESCOUNT];
    int result = ppm_check_permissions(required_privileges, PRIVILEGESCOUNT, privilege_permission_results);
    if(result == PRIVACY_PRIVILEGE_MANAGER_ERROR_NONE)
    {
        //Make the permissions list to be asked
        askable_privileges_count = 0;
        for(int i=0;i<PRIVILEGESCOUNT;i++)
        {
            switch(privilege_permission_results[i])
            {
                //Application already have this particular privilege
                case PRIVACY_PRIVILEGE_MANAGER_CHECK_RESULT_ALLOW:
                    #ifdef LOGGING_REQUIRED
                        dlog_print(DLOG_DEBUG, LOG_TAG, "handle_ppm_check_result: Wellbeing Service application has already been granted the \'%s\' privilege.", required_privileges[i]);
                    #endif
                    break;

                //Application is already denied to access this particular privilege
                case PRIVACY_PRIVILEGE_MANAGER_CHECK_RESULT_DENY:
                    #ifdef LOGGING_REQUIRED
                        dlog_print(DLOG_DEBUG, LOG_TAG, "handle_ppm_check_result: Wellbeing Service application has already been denied the \'%s\' privilege.", required_privileges[i]);
                    #endif
                    break;

                case PRIVACY_PRIVILEGE_MANAGER_CHECK_RESULT_ASK:
                    #ifdef LOGGING_REQUIRED
                        dlog_print(DLOG_DEBUG, LOG_TAG, "handle_ppm_check_result: \'%s\' privilege is not granted yet.", required_privileges[i]);
                    #endif
                    askable_privileges[askable_privileges_count++] = required_privileges[i];
                    break;
            }
        }

        //Ask for the privileges now
        askable_privileges_index = 0;
        #ifdef LOGGING_REQUIRED
            dlog_print(DLOG_DEBUG, LOG_TAG, "Remaining Privileges: %d - %d = %d.", askable_privileges_count, askable_privileges_index, askable_privileges_count-1-askable_privileges_index);
        #endif
        while (askable_privileges_index < askable_privileges_count)
        {
            #ifdef LOGGING_REQUIRED
                dlog_print(DLOG_DEBUG, LOG_TAG, "handle_ppm_check_result: Asking for the \'%s\' privilege...", askable_privileges[askable_privileges_index]);
            #endif
            ppm_request_permission(askable_privileges[askable_privileges_index], ppm_request_response_callback, NULL);
            askable_privileges_index++;
        }
        if(device_user_name[0] != '\0')
        {
            //Initialize JSON variables
            json_object_root = cJSON_CreateArray();
        }
    }
    else
    {
        if(result == PRIVACY_PRIVILEGE_MANAGER_ERROR_IO_ERROR )
        {
            #ifdef LOGGING_REQUIRED
                dlog_print(DLOG_DEBUG, LOG_TAG, "get_privacy_previleges: \'ppm_check_permission\' method failed to execute. Error: PRIVACY_PRIVILEGE_MANAGER_ERROR_IO_ERROR", result);
            #endif
        }
        else if(result == PRIVACY_PRIVILEGE_MANAGER_ERROR_INVALID_PARAMETER)
        {
            #ifdef LOGGING_REQUIRED
                dlog_print(DLOG_DEBUG, LOG_TAG, "get_privacy_previleges: \'ppm_check_permission\' method failed to execute. Error: PRIVACY_PRIVILEGE_MANAGER_ERROR_INVALID_PARAMETER", result);
            #endif
        }
        else if(result == PRIVACY_PRIVILEGE_MANAGER_ERROR_ALREADY_IN_PROGRESS)
        {
            #ifdef LOGGING_REQUIRED
                dlog_print(DLOG_DEBUG, LOG_TAG, "get_privacy_previleges: \'ppm_check_permission\' method failed to execute. Error: PRIVACY_PRIVILEGE_MANAGER_ERROR_ALREADY_IN_PROGRESS", result);
            #endif
        }
        else if(result == PRIVACY_PRIVILEGE_MANAGER_ERROR_OUT_OF_MEMORY)
        {
            #ifdef LOGGING_REQUIRED
                dlog_print(DLOG_DEBUG, LOG_TAG, "get_privacy_previleges: \'ppm_check_permission\' method failed to execute. Error: PRIVACY_PRIVILEGE_MANAGER_ERROR_OUT_OF_MEMORY", result);
            #endif
        }
        else if(result == PRIVACY_PRIVILEGE_MANAGER_ERROR_PERMISSION_DENIED)
        {
            #ifdef LOGGING_REQUIRED
                dlog_print(DLOG_DEBUG, LOG_TAG, "get_privacy_previleges: \'ppm_check_permission\' method failed to execute. Error: PRIVACY_PRIVILEGE_MANAGER_ERROR_PERMISSION_DENIED", result);
            #endif
        }
        else if(result == PRIVACY_PRIVILEGE_MANAGER_ERROR_UNKNOWN)
        {
            #ifdef LOGGING_REQUIRED
                dlog_print(DLOG_DEBUG, LOG_TAG, "get_privacy_previleges: \'ppm_check_permission\' method failed to execute. Error: PRIVACY_PRIVILEGE_MANAGER_ERROR_UNKNOWN", result);
            #endif
        }
    }
}

`http://tizen.org/privilege/application.launch` is a web application privilege (see [web](https://docs.tizen.org/application/web/tutorials/sec-privileges/) and [native](https://docs.tizen.org/application/native/tutorials/details/sec-privileges/) privileges) so your native app should be asking for `appmanager.launch` instead. — zoska, Jul 08 '21 at 12:05
I can see that neither of these two privlieges are privacy privileges, so usage of ppm API is not required. Are you sure you have proper privileges in manifest file? — zoska, Jul 09 '21 at 14:49
Thanks for the response. I have included both the privileges in the manifest file. I have also tried after removing the `application.launch` privilege (including the `appmanager.launch` privilege only) but the result is same. — Itban Saeed, Jul 11 '21 at 12:21
Also, please check this: does `ppm_check_permission` for appmanager.launch in native service also return DENY? Also, documentation describes APP_CONTROL_ERROR_LAUNCH_REJECTED as "The application cannot be launched now" and there is a different error code - APP_CONTROL_ERROR_PERMISSION_DENIED for "Permission denied", so maybe your problem lies somewhere else? And, as I said earlier, `ppm_request_permission` will prompt user for permission only in case of privacy privileges, and these two are not. So your original problem assumes wrong expected behavior. — zoska, Jul 12 '21 at 15:32
Thanks again for the response. I've added the manifest file now. `ppm_check_permission ` for the `appmanager.launch` also gives `PRIVACY_PRIVILEGE_MANAGER_REQUEST_RESULT_DENY_FOREVER` and when I try to launch the application from this service I get the `APP_CONTROL_ERROR_LAUNCH_REJECTED` error so it's just my assumption that it is because of not having the `appmanager.launch` privilege. Even if they are not privacy privileges, I think the `ppm_check_permission ` should not return `PRIVACY_PRIVILEGE_MANAGER_REQUEST_RESULT_DENY_FOREVER`. — Itban Saeed, Jul 12 '21 at 18:46
Yes, it shouldn't return DENY_FOREVER, but it will never ask privilege from User for non-privacy privileges, as you require in expected behavior. I'm sorry, I couldn't reproduce the problem with the information you have given. I've created a hybrid native-service with web-application and ppm_check_permission(http://tizen.org/privilege/appmanager.launch) for native service returns ALLOW for me. Maybe you could add source code and information on how do you install and launch the application? — zoska, Jul 13 '21 at 11:46
Also, just to be sure - you are working on Tizen Wearable 5.5 image? I can see that the API used in application is 5.5, but what about the Tizen version? — zoska, Jul 13 '21 at 15:45
The source code version is `Tizen 5.5` but the OS version is of the device `Galaxy Watch SM-R800` is `Tizen 4.0`. Regarding the method I'm using, I've updated my question and added the privilege checking code. — Itban Saeed, Jul 14 '21 at 13:05
Why are you writing your code in Tizen 5.5 version for 4.0 version OS? I don't think this configuration is even supported. — zoska, Jul 15 '21 at 14:39
Because the the `Tizen 5.5` APIs are more advanced and optimized. I haven't faced any configuration related issue yet. — Itban Saeed, Jul 19 '21 at 10:41

Tizen Native Service not asking for Application Launch Privilege

0 Answers0