I want to prevent the Phone display from switching off when my App is open and in the foreground.
Is there an API to do so?
I asked a similar question a while ago on the dev-webapps mailing list. Frédéric is correct in that you can use the navigator.requestWakeLock('screen') to obtain a lock, however it is a myth that you always need to release the lock.
To qoute one of the replies to my question above:
You do not have permission to hold the lock past the user leaving or
closing the app. So the lock will be automatically [released] for you. We'll even
re-grab the lock when the user brings the app back from the background so
no need to do that either
I have tested this in both hosted apps and packaged app, and that is exactly how it will work. So, if you intend to keep the screenlock for as long as your app is open, then all you have to do is to add this to your app:
navigator.requestWakeLock('screen');
However, if you want to give user a setting option to prevent the app from locking, then you would need to keep the reference to the lock and release it as soon as user changes the setting. Otherewise you are good to go. You can find more information about requestWakeLock on MDN.
You can use the requestWakeLock function to achieve this by doing
var lock = navigator.requestWakeLock('screen');
However, don't forget to unlock the screen later by doing
lock.unlock();
Related
I have an application written based on lotus notes client. I wanted to check whether lotus notes is running before starting my application, so that I can skip asking for password from the user if "Don't prompt for password from other notes-based programs" is checked.
One method is get all the running process and look for nlnotes.exe and notes2.exe process to confirm.
Is there any other method to achieve the same.
To be more specific, I want to know whether any registry entries are made to say that notes is currently running. We can't open two instances of notes client, this made me think IBm might have used registry entry to check for running instance.
Kindly correct me if I'm wrong.
The registry would not be a good place for info like that, because if the client crashed the registry data would need to be cleaned up. The same is true for lock files. So while I can't say for sure, I believe IBM detects whether the client is already running by looking for in-memory objects - e.g., shared memory sections, mutexes, etc. Using Process Explorer, I see several shared memory sections associated with the Notes processes. One likely candidate is a section called -LTSCS-22275429-MEM9, but I don't know how that name is generated, if it ever changes with reinstall, reboot, etc. It would take a fair amount of experimentation to determine that - and then of course one would have to figure out how to write the code to detect it, but that's my best guess as to how it's done.
I'm making a security software that is a parental control monitoring system and I don't want any user / administrator or a program to kill my process.
I have tried using SetSecurityInfo() but that didn't work. Then SetKernelObjectSecurity but that also didn't do what I wanted.
How would I do this?
I would also love to have a clear explanation of any code provided.
EDIT: If so, how do antivirus programs do it ???
Can you please help me. Im new to WINAPI I would like to know about something which is simple... Sorry to trouble you guys but at least you can show me the code for some 'watch dog' process or something . . .
This is not controlled by the process itself, and certainly not by its calling a magic API function. If it were, all malicious software would set itself up as "unkillable" and totally pwn your system. Rather, it is a security attribute of the executable file—specifically, the "Terminate" permission.
You can explore this for yourself by downloading Process Explorer:
Open the properties for your process
Switch to the "Security" tab
Click the "Permissions" button
Click the "Advanced" button
Select the desired user or group
Change the setting of the "Terminate" permission.
System processes have the "Terminate" permission denied to all users except the SYSTEM user. This is why even administrators receive the "Access Denied" message, because they lack the "Terminate" permission for system processes.
Of course, even setting this attribute correctly does not make the process "unkillable". It just makes it more difficult. There is plenty of software available online for a free download that allows users to kill such processes, and anyone with basic knowledge of the Windows security model can work around it without even requiring special software.
And none of this makes much sense for parental control software. You should be using the Windows security model to your advantage, not trying to work against it. Install the software as an administrator (i.e., the parent's account), and then set the child(ren) up with a limited user account. Limited user accounts won't be able to kill your process because they don't have the requisite permissions. If an administrator wants to kill your process, then you should let them, not give them some spurious "ACCESS DENIED" headache.
No it's not possible. No matter what you do, I can always turn the machine off.
First of all, lets make it clear it is impossible.
But, you can make it harder.
Besides, what "Code Gray" wrote I'm adding:
You can use another process to be a watchdog, and your process watches the watchdog as well (cyclic watchdog), so if one of you is being terminate, it re-runs the other one. You can bypass that by killing your process and the watchdog before any of them get the chance to start the other one.
1a. An attacker can freeze the process instead of terminating it, therefore (1) wouldn't work, so you can "ping" each other every N seconds, and if a ping is missing, something is wrong (not sure how to recover this, depends on the product).
If you are a service, you can set windows to recover your service once its down.
Just an idea, I would not do that in a product. You can API-hook an important function in an important process (a function that is being called quite a lot). Everytime the function is being called, check if your process is up, if not, REBOOT! :-P.
Another wild idea (That I wouldn't do in a product!!!), write a driver and look for a terminate event for your process. If it someone terminates your process, cause a blue screen! That will show 'em! 8-P
Good Luck!
Hooking NtTerminateProcess in kernel mode may helps you.
PS: Hook also NtTerminateThread, because I remember one version of NOD32 antivirus with dumb bug, when killing process was denied, but killing all threads was possible. :-)
The application must be desgined in such a way that it must support multiple users while commiting into SVN Repositiry. I'm done with the application and the related stuff, however, i'm stuck with this multi-user thing. How i can achieve this? I saw somewhere that for every thread you have to instantiate a separate SVNRepository driver. This tell it's not thread safe..or may be i'm getting the whole thing wrong. Any help on this issue is appreciated. thanks.
I get the above info (the one in italics) from Here .
I'm SVNKit developer, let me explain how the things work.
SVNRepository class represents one SVN connection with it's own credentials. It is thread-unsafe that means that you can perform only sequential operations on it. See this article for more details:
http://vcs.atspace.co.uk/2012/09/21/are-svnkit-methods-reenterable/
So if your application tries to create several commits at the same time, you should use several independent SVNRepository instances. Good news is that no special synchronization code is required, all synchronization is performed on the server side. Another good news is that when commit for a certain SVNRepository object is finished or cancelled, you can reuse the connection to start another commit. But note that if you use http protocol, you can't reuse the same connection to commit on behalf another user even if you change credentials for the connection (SVNRepository#setAuthenticationManager).
To create a commit without working copy use SVNRepository#getCommitEditor which starts the commit transaction. To stop the transaction use either ISVNCommitEditor#closeEdit or ISVNCommitEditor#abortEdit; you can perform other operations on SVNRepository instance, until commit transaction is finished.
ISVNCommitEditor instance should describe your virtual working copy: it tells to SVNKit about your current knowledge of the latest working copy state. If the description doesn't correspond to the real latest change you get "File or directory is out of date; try updating" error.
http://vcs.atspace.co.uk/2012/07/20/subversion-remote-api-committing-without-working-copy/
You can use -1 instead of real revision in ISVNEditor#openFile/openDir to disable checks, but that can cause another problem: you could overwrite changes without knowing about them.
Another option is to commit using real working copies and real changes on filesystem (using SvnOperationFactory#createCommit). But even in this case have a look at the first link to learn which objects can/can't be reused across threads.
Hope this helps, if you have other questions, feel free to ask on SVNKit mailing list.
User downloads an App (which assume is a game) from server. I need to enforce time constraint on how long a user can run an Application on a system.
eg. Starting from the time of installation, user can use the Application till only 5 days.
My problem is, if I depend on system time/day etc for implementing this logic, user might change the system time and overcome the logic.
Platform: Linux/C++
P.S.: I have to assume a case in which user decides to not connect to internet at all after he downloaded the Application. Since I don't have network access so can't rely on server based storage about Application's installation date/time etc.
Can someone give a clue how this kind of behavior is implemented in Applications which give a trial period of their usage?
Edit:
I am adding the Algo which I am thinking:
At installation time :
At the time of installation store the current system date.
Store this info in an encrypted form into a file DRM.txt
On App startup :
Open the file and decrypt the installation date.
Get the current date from system.
Match if the application is allowed to be executed according to the number of days that have passed since user installed it.
If allowed, start the App else give error msg and return.
Problem:
Let at the time of installation system date is 19/12/2012 and user is allowed to use the App only for 4 days that is till 22/12//2012. Thus, 19/12/2012 is stored into DRM.txt.
After 4 days user changes the system date back to 20/12/2012, then my logic to check will allow this Application to run.
Hope this clarifies what I am trying to say.
This can be achieved through encryption, for example storing a date into an encrypted file, note that this won't prevent reverse engineering, etc, etc, etc
Save and check the time when start and stop the APP.
If the current time is much shorter than the saved time, then you can think it is cheating.
I have a UI app (uses GTK) for Linux that requires to be run as root (it reads and writes /dev/sd*).
Instead of requiring the user to open a root shell or use "sudo" manually every time when he launches my app, I wonder if the app can use some OS-provided API to get root permissions. (Note: gtk app's can't use "setuid" mode, so that's not an option here.)
The advantage here would be an easier workflow: The user could, from his default user account, double click my app from the desktop instead of having to open a root terminal and launch it from there.
I ask this because OS X offers exactly this: An app can ask the OS to launch an executable with root permissions - the OS (and not the app) then asks the user to input his credentials, verifies them and then launches the target as desired.
I wonder if there's something similar for Linux (Ubuntu, e.g.)
Clarification:
So, after the hint at PolicyKit I wonder if I can use that to get r/w access to the "/dev/sd..." block devices. I find the documention quite hard to understand, so I thought I'd first ask whether this is possible at all before I spend hours on trying to understand it in vain.
Update:
The app is a remote operated disk repair tool for the unsavvy Linux user, and those Linux noobs won't have much understanding of using sudo or even changing their user's group memberships, especially if their disk just started acting up and they're freaking out. That's why I seek a solution that avoids technicalities like this.
The old way, simple but now being phased out, is GKSu. Here is the discussion on GKSu's future.
The new way is to use PolicyKit. I'm not quite sure how this works but I think you need to launch your app using the pkexec command.
UPDATE:
Looking at the example code on http://hal.freedesktop.org/docs/polkit/polkit-apps.html, it seems that you can use PolicyKit to obtain authorization for certain actions which are described by .policy files in /usr/share/polkit-1/actions. The action for executing a program as another user is org.freedesktop.policykit.exec. I can't seem to find an action for directly accessing block devices, but I have to admit, the PolicyKit documentation breaks my brain too.
So, perhaps the simplest course of action for you is to separate your disk-mangling code that requires privileges into a command-line utility, and run that from your GUI application using g_spawn_[a]sync() with pkexec. That way you wouldn't have to bother with requesting actions and that sort of thing. It's probably bad practice anyway to run your whole GUI application as root.
Another suggestion is to ask the author of PolicyKit (David Zeuthen) directly. Or try posting your question to the gtk-app-devel list.