sl@0
|
1 |
/*
|
sl@0
|
2 |
* Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies).
|
sl@0
|
3 |
* All rights reserved.
|
sl@0
|
4 |
* This component and the accompanying materials are made available
|
sl@0
|
5 |
* under the terms of the License "Eclipse Public License v1.0"
|
sl@0
|
6 |
* which accompanies this distribution, and is available
|
sl@0
|
7 |
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
sl@0
|
8 |
*
|
sl@0
|
9 |
* Initial Contributors:
|
sl@0
|
10 |
* Nokia Corporation - initial contribution.
|
sl@0
|
11 |
*
|
sl@0
|
12 |
* Contributors:
|
sl@0
|
13 |
*
|
sl@0
|
14 |
* Description:
|
sl@0
|
15 |
*
|
sl@0
|
16 |
*/
|
sl@0
|
17 |
|
sl@0
|
18 |
|
sl@0
|
19 |
#include <ups/policy.h>
|
sl@0
|
20 |
|
sl@0
|
21 |
using namespace UserPromptService;
|
sl@0
|
22 |
|
sl@0
|
23 |
EXPORT_C TSidClasses::TSidClasses(TUint16 aSidClasses)
|
sl@0
|
24 |
: iSidClasses(aSidClasses)
|
sl@0
|
25 |
/**
|
sl@0
|
26 |
Constructor
|
sl@0
|
27 |
@param aSidClasses A 32 bit integers that represents the set of SID classes.
|
sl@0
|
28 |
*/
|
sl@0
|
29 |
{
|
sl@0
|
30 |
}
|
sl@0
|
31 |
|
sl@0
|
32 |
EXPORT_C TBool TSidClasses::Contains(const TSecureId& aSid) const
|
sl@0
|
33 |
/**
|
sl@0
|
34 |
Determines the set of SID classes contains a given SID.
|
sl@0
|
35 |
@param aSid The SID to test.
|
sl@0
|
36 |
@return ETrue if aSID lies within one of the SID classes.
|
sl@0
|
37 |
*/
|
sl@0
|
38 |
{
|
sl@0
|
39 |
TInt sidClass = (aSid.iId & 0xf0000000) >> 28;
|
sl@0
|
40 |
return (1 << sidClass) & iSidClasses;
|
sl@0
|
41 |
}
|
sl@0
|
42 |
|
sl@0
|
43 |
EXPORT_C CPolicy* CPolicy::NewL(const TSidClasses& aSidClasses, const RArray<TSecureId>& aSidList,
|
sl@0
|
44 |
const TDesC& aDestination, TUint aOptions, const TUid& aPolicyEvaluator,
|
sl@0
|
45 |
const TUid& aDialogCreator, TUint16 aFlags, TSystemServerSecurity aSystemServerSecurity,
|
sl@0
|
46 |
TUint16 aMajorVersion, TUint16 aMinorVersion, TBool aDefault)
|
sl@0
|
47 |
/**
|
sl@0
|
48 |
Creates a new policy object.
|
sl@0
|
49 |
|
sl@0
|
50 |
@param aSidClasses The classes of SIDs that this policy applies to.
|
sl@0
|
51 |
@param aSidList A list of individual SIDs that this policy applies to. This overrides aSidClasses.
|
sl@0
|
52 |
@param aDestination The wildcard string to match against destination supplied by the system server.
|
sl@0
|
53 |
@param aOptions A bit field that defines whether the prompt should be displayed and if so,
|
sl@0
|
54 |
what buttons should be available.
|
sl@0
|
55 |
@param aPolicyEvaluator The implementation UID of the policy evaluator ECOM plug-in to use with this policy.
|
sl@0
|
56 |
@param aDialogCreator The implementation UID of the dialog creator ECOM plug-in to use with this policy.
|
sl@0
|
57 |
@param aFlags Flags specific to an individual policy evaluator.
|
sl@0
|
58 |
@param aSystemServerSecurity Whether this policy is specific to clients that pass/fail
|
sl@0
|
59 |
the system server's security check.
|
sl@0
|
60 |
@param aMajorVersion The major version of the UPS policy file.
|
sl@0
|
61 |
@param aMinorVersion The minor version of the UPS policy file.
|
sl@0
|
62 |
@param aDefault Set to ETrue if this is an automatically generated policy
|
sl@0
|
63 |
because no match was found in the policy file.
|
sl@0
|
64 |
|
sl@0
|
65 |
@return A pointer to the new policy object.
|
sl@0
|
66 |
*/
|
sl@0
|
67 |
{
|
sl@0
|
68 |
CPolicy* self = CPolicy::NewLC(aSidClasses, aSidList, aDestination, aOptions,
|
sl@0
|
69 |
aPolicyEvaluator, aDialogCreator, aFlags, aSystemServerSecurity,
|
sl@0
|
70 |
aMajorVersion, aMinorVersion, aDefault);
|
sl@0
|
71 |
CleanupStack::Pop(self);
|
sl@0
|
72 |
return self;
|
sl@0
|
73 |
}
|
sl@0
|
74 |
|
sl@0
|
75 |
EXPORT_C CPolicy* CPolicy::NewLC(const TSidClasses& aSidClasses, const RArray<TSecureId>& aSidList,
|
sl@0
|
76 |
const TDesC& aDestination, TUint aOptions, const TUid& aPolicyEvaluator,
|
sl@0
|
77 |
const TUid& aDialogCreator, TUint16 aFlags, TSystemServerSecurity aSystemServerSecurity,
|
sl@0
|
78 |
TUint16 aMajorVersion, TUint16 aMinorVersion, TBool aDefault)
|
sl@0
|
79 |
/**
|
sl@0
|
80 |
Creates a new policy object and puts the pointer on the cleanup stack.
|
sl@0
|
81 |
|
sl@0
|
82 |
@param aSidClasses The classes of SIDs that this policy applies to.
|
sl@0
|
83 |
@param aSidList A list of individual SIDs that this policy applies to. This overrides aSidClasses.
|
sl@0
|
84 |
@param aDestination The wildcard string to match against destination supplied by the system server.
|
sl@0
|
85 |
@param aOptions A bit field that defines whether the prompt should be displayed and if so,
|
sl@0
|
86 |
what buttons should be available.
|
sl@0
|
87 |
@param aPolicyEvaluator The implementation UID of the policy evaluator ECOM plug-in to use with this policy.
|
sl@0
|
88 |
@param aDialogCreator The implementation UID of the dialog creator ECOM plug-in to use with this policy.
|
sl@0
|
89 |
@param aFlags Flags specific to an individual policy evaluator.
|
sl@0
|
90 |
@param aSystemServerSecurity Whether this policy is specific to clients that pass/fail
|
sl@0
|
91 |
the system server's security check.
|
sl@0
|
92 |
@param aMajorVersion The major version of the UPS policy file.
|
sl@0
|
93 |
@param aMinorVersion The minor version of the UPS policy file.
|
sl@0
|
94 |
@param aDefault Set to ETrue if this is an automatically generated policy
|
sl@0
|
95 |
because no match was found in the policy file.
|
sl@0
|
96 |
|
sl@0
|
97 |
@return A pointer to the new policy object.
|
sl@0
|
98 |
*/
|
sl@0
|
99 |
{
|
sl@0
|
100 |
CPolicy* self = new(ELeave) CPolicy(
|
sl@0
|
101 |
aSidClasses, aOptions, aPolicyEvaluator,
|
sl@0
|
102 |
aDialogCreator, aFlags, aSystemServerSecurity,
|
sl@0
|
103 |
aMajorVersion, aMinorVersion, aDefault);
|
sl@0
|
104 |
CleanupStack::PushL(self);
|
sl@0
|
105 |
self->ConstructL(aSidList, aDestination);
|
sl@0
|
106 |
return self;
|
sl@0
|
107 |
}
|
sl@0
|
108 |
|
sl@0
|
109 |
EXPORT_C TBool CPolicy::Matches(const TSecureId& aClientSid, const TDesC& aDestination, TBool aSecurityResult) const
|
sl@0
|
110 |
/**
|
sl@0
|
111 |
Determines whether a request matches this policy.
|
sl@0
|
112 |
The request matches if and only if the following conditions are true.
|
sl@0
|
113 |
|
sl@0
|
114 |
- aClientSid matches an entry in the SID list or lies within one of the classes of SIDs
|
sl@0
|
115 |
- aDestination matches the destination wildcard string in the policy.
|
sl@0
|
116 |
- The result of the system server's securitiy check for this client matches the rule defined
|
sl@0
|
117 |
for this policy.
|
sl@0
|
118 |
- iSystemServerSecurity == ESystemServerSecurityPassedOrFailed OR
|
sl@0
|
119 |
- aSecurityResult == ETrue and iSystemServerSecurity == ESystemServerSecurityPassed OR
|
sl@0
|
120 |
- aSecurityResult == EFalse and iSystemServerSecurity == ESystemServerSecurityFailed
|
sl@0
|
121 |
|
sl@0
|
122 |
@param aClientSid The SID of the client application
|
sl@0
|
123 |
@param aDestination A descriptor containing the destination supplied by the system server.
|
sl@0
|
124 |
@param aSecurityResult ETrue, if the client passed the system server's security check, otherwise, EFalse.
|
sl@0
|
125 |
@return ETrue If the policy matches the request; otherwise EFalse is returned.
|
sl@0
|
126 |
*/
|
sl@0
|
127 |
{
|
sl@0
|
128 |
if (iSystemServerSecurity == CPolicy::ESystemServerSecurityPassed &&
|
sl@0
|
129 |
! aSecurityResult)
|
sl@0
|
130 |
{
|
sl@0
|
131 |
return EFalse;
|
sl@0
|
132 |
}
|
sl@0
|
133 |
else if (iSystemServerSecurity == CPolicy::ESystemServerSecurityFailed &&
|
sl@0
|
134 |
aSecurityResult)
|
sl@0
|
135 |
{
|
sl@0
|
136 |
return EFalse;
|
sl@0
|
137 |
}
|
sl@0
|
138 |
|
sl@0
|
139 |
TBool sidMatch(EFalse);
|
sl@0
|
140 |
TInt sidListCount = iSidList.Count();
|
sl@0
|
141 |
if (sidListCount > 0)
|
sl@0
|
142 |
{
|
sl@0
|
143 |
for (TInt i = 0; i < sidListCount; ++i)
|
sl@0
|
144 |
{
|
sl@0
|
145 |
if (iSidList[i] == aClientSid.iId)
|
sl@0
|
146 |
{
|
sl@0
|
147 |
sidMatch = ETrue;
|
sl@0
|
148 |
break;
|
sl@0
|
149 |
}
|
sl@0
|
150 |
}
|
sl@0
|
151 |
}
|
sl@0
|
152 |
else
|
sl@0
|
153 |
{
|
sl@0
|
154 |
sidMatch = iSidClasses.Contains(aClientSid);
|
sl@0
|
155 |
}
|
sl@0
|
156 |
|
sl@0
|
157 |
return sidMatch && (aDestination.MatchF(*iDestination) != KErrNotFound);
|
sl@0
|
158 |
}
|
sl@0
|
159 |
|
sl@0
|
160 |
EXPORT_C const TDesC& CPolicy::Destination() const
|
sl@0
|
161 |
/**
|
sl@0
|
162 |
Gets the destination wildcard string.
|
sl@0
|
163 |
@return A reference to a descriptor containing the wildcard string to
|
sl@0
|
164 |
match against the destination supplied by the system server.
|
sl@0
|
165 |
*/
|
sl@0
|
166 |
{
|
sl@0
|
167 |
return *iDestination;
|
sl@0
|
168 |
}
|
sl@0
|
169 |
|
sl@0
|
170 |
EXPORT_C const TSidClasses& CPolicy::SidClasses() const
|
sl@0
|
171 |
/**
|
sl@0
|
172 |
Gets the classes of SIDs that are applicable to this policy.
|
sl@0
|
173 |
@return The set of SID classes that this policy applies to.
|
sl@0
|
174 |
*/
|
sl@0
|
175 |
{
|
sl@0
|
176 |
return iSidClasses;
|
sl@0
|
177 |
}
|
sl@0
|
178 |
|
sl@0
|
179 |
EXPORT_C const RArray<TSecureId>& CPolicy::SidList() const
|
sl@0
|
180 |
/**
|
sl@0
|
181 |
Gets the list of individual SIDs that are applicable to this policy.
|
sl@0
|
182 |
The SID list takes precedent over the SID classes when matching policies.
|
sl@0
|
183 |
|
sl@0
|
184 |
@return The list of SIDs that this policy applies to as an array of
|
sl@0
|
185 |
unsigned integers.
|
sl@0
|
186 |
*/
|
sl@0
|
187 |
{
|
sl@0
|
188 |
return iSidList;
|
sl@0
|
189 |
}
|
sl@0
|
190 |
|
sl@0
|
191 |
EXPORT_C CPolicy::TOptions CPolicy::Options() const
|
sl@0
|
192 |
/**
|
sl@0
|
193 |
Gets the options field for this policy.
|
sl@0
|
194 |
@see CPolicy::TOptions
|
sl@0
|
195 |
@return A 32bit integer containing the options.
|
sl@0
|
196 |
*/
|
sl@0
|
197 |
{
|
sl@0
|
198 |
return TOptions(iOptions);
|
sl@0
|
199 |
}
|
sl@0
|
200 |
|
sl@0
|
201 |
EXPORT_C const TUid& CPolicy::PolicyEvaluator() const
|
sl@0
|
202 |
/**
|
sl@0
|
203 |
Gets the implementation UID of the policy evaluator to use with this policy.
|
sl@0
|
204 |
@return The implementation UID of the Policy Evaluator
|
sl@0
|
205 |
*/
|
sl@0
|
206 |
{
|
sl@0
|
207 |
return iPolicyEvaluator;
|
sl@0
|
208 |
}
|
sl@0
|
209 |
|
sl@0
|
210 |
EXPORT_C const TUid& CPolicy::DialogCreator() const
|
sl@0
|
211 |
/**
|
sl@0
|
212 |
Identifies the Dialog Creator to use with this policy.
|
sl@0
|
213 |
@return The implementation UID of the Dialog Creator.
|
sl@0
|
214 |
*/
|
sl@0
|
215 |
{
|
sl@0
|
216 |
return iDialogCreator;
|
sl@0
|
217 |
}
|
sl@0
|
218 |
|
sl@0
|
219 |
EXPORT_C TUint16 CPolicy::Flags() const
|
sl@0
|
220 |
/**
|
sl@0
|
221 |
Gets the flags field. The contents of this field is specific to individual
|
sl@0
|
222 |
policy evaluator plug-ins.
|
sl@0
|
223 |
|
sl@0
|
224 |
@return The 16-bit flags field
|
sl@0
|
225 |
*/
|
sl@0
|
226 |
{
|
sl@0
|
227 |
return iFlags;
|
sl@0
|
228 |
}
|
sl@0
|
229 |
|
sl@0
|
230 |
EXPORT_C TBool CPolicy::Default() const
|
sl@0
|
231 |
/**
|
sl@0
|
232 |
If a policy file is defined for a request but no policy matches the request
|
sl@0
|
233 |
then a default policy object is created to allow the user to authorise a one-shot
|
sl@0
|
234 |
request.\n
|
sl@0
|
235 |
This function allows the Policy Evaluator to check whether this policy
|
sl@0
|
236 |
is the default policy.
|
sl@0
|
237 |
N.B. This can be overriden by simply defining a policy at the end of the file
|
sl@0
|
238 |
that matches all SIDs and has '*' as the destination wildcard.
|
sl@0
|
239 |
|
sl@0
|
240 |
@return ETrue if this policy is the default (automatically generated) policy.
|
sl@0
|
241 |
*/
|
sl@0
|
242 |
{
|
sl@0
|
243 |
return iDefault;
|
sl@0
|
244 |
}
|
sl@0
|
245 |
|
sl@0
|
246 |
EXPORT_C TBool CPolicy::PromptRequired() const
|
sl@0
|
247 |
/**
|
sl@0
|
248 |
Examines the set of options to determine whether the policy requires a prompt to be
|
sl@0
|
249 |
displayed.
|
sl@0
|
250 |
|
sl@0
|
251 |
If the options fields only contains authorizations (EYes, ESessionYes or EAlways) or conversely
|
sl@0
|
252 |
the options field only contains rejections (ENo,ESessionNo or ENever) then this function will
|
sl@0
|
253 |
return EFalse.\n
|
sl@0
|
254 |
|
sl@0
|
255 |
@return ETrue if a prompt is required or EFalse if a prompt is not required
|
sl@0
|
256 |
(in which case the request will probably be silently accepted / rejected).
|
sl@0
|
257 |
*/
|
sl@0
|
258 |
{
|
sl@0
|
259 |
// (a yes option) && (a no option)
|
sl@0
|
260 |
return ((iOptions & (EYes|ESessionYes|EAlways)) && (iOptions & (ENo|ESessionNo|ENever)));
|
sl@0
|
261 |
}
|
sl@0
|
262 |
|
sl@0
|
263 |
EXPORT_C CPolicy::TSystemServerSecurity CPolicy::SystemServerSecurity() const
|
sl@0
|
264 |
/**
|
sl@0
|
265 |
Whether this policy is specific to clients's that pass or fail the system
|
sl@0
|
266 |
server's securitiy check.
|
sl@0
|
267 |
@return An enum that dictates whether this policy only applies if the client
|
sl@0
|
268 |
process passed/failed the system server's security check.
|
sl@0
|
269 |
*/
|
sl@0
|
270 |
{
|
sl@0
|
271 |
return iSystemServerSecurity;
|
sl@0
|
272 |
}
|
sl@0
|
273 |
|
sl@0
|
274 |
EXPORT_C TUint16 CPolicy::MajorVersion() const
|
sl@0
|
275 |
/**
|
sl@0
|
276 |
Gets the major version of the UPS policy file containing this policy.
|
sl@0
|
277 |
@return A 16-bit unsigned number containing the major version number.
|
sl@0
|
278 |
*/
|
sl@0
|
279 |
{
|
sl@0
|
280 |
return iMajorVersion;
|
sl@0
|
281 |
}
|
sl@0
|
282 |
|
sl@0
|
283 |
EXPORT_C TUint16 CPolicy::MinorVersion() const
|
sl@0
|
284 |
/**
|
sl@0
|
285 |
Gets the minor version of the UPS policy file containing this policy.
|
sl@0
|
286 |
@return A 16-bit unsigned number containing the minor version number.
|
sl@0
|
287 |
*/
|
sl@0
|
288 |
{
|
sl@0
|
289 |
return iMinorVersion;
|
sl@0
|
290 |
}
|
sl@0
|
291 |
|
sl@0
|
292 |
CPolicy::CPolicy(const TSidClasses& aSidClasses, TUint aOptions,
|
sl@0
|
293 |
const TUid& aPolicyEvaluator, const TUid& aDialogCreator,
|
sl@0
|
294 |
TUint16 aFlags, TSystemServerSecurity aSystemServerSecurity,
|
sl@0
|
295 |
TUint16 aMajorVersion, TUint16 aMinorVersion, TBool aDefault)
|
sl@0
|
296 |
|
sl@0
|
297 |
/**
|
sl@0
|
298 |
Constructor
|
sl@0
|
299 |
@param aSidClasses The classes of SIDs that this policy applies to.
|
sl@0
|
300 |
@param aOptions A bit field that defines whether the prompt should be displayed and if so,
|
sl@0
|
301 |
what buttons should be available.
|
sl@0
|
302 |
@param aPolicyEvaluator The implementation UID of the policy evaluator ECOM plug-in to use with this policy.
|
sl@0
|
303 |
@param aDialogCreator The implementation UID of the dialog creator ECOM plug-in to use with this policy.
|
sl@0
|
304 |
@param aFlags Flags specific to an individual policy evaluator.
|
sl@0
|
305 |
@param aSystemServerSecurity Whether this policy is specific to clients that pass/fail
|
sl@0
|
306 |
the system server's security check.
|
sl@0
|
307 |
@param aMajorVersion The major version of the UPS policy file.
|
sl@0
|
308 |
@param aMinorVersion The minor version of the UPS policy file.
|
sl@0
|
309 |
@param aDefault Set to ETrue if this is an automatically generated policy
|
sl@0
|
310 |
because no match was found in the policy file.
|
sl@0
|
311 |
*/
|
sl@0
|
312 |
: iSidClasses(aSidClasses), iOptions(aOptions),
|
sl@0
|
313 |
iPolicyEvaluator(aPolicyEvaluator), iDialogCreator(aDialogCreator),
|
sl@0
|
314 |
iFlags(aFlags), iSystemServerSecurity(aSystemServerSecurity),
|
sl@0
|
315 |
iMajorVersion(aMajorVersion), iMinorVersion(aMinorVersion), iDefault(aDefault)
|
sl@0
|
316 |
{
|
sl@0
|
317 |
}
|
sl@0
|
318 |
|
sl@0
|
319 |
void CPolicy::ConstructL(const RArray<TSecureId>& aSidList, const TDesC& aDestination)
|
sl@0
|
320 |
/**
|
sl@0
|
321 |
Second phase constructor
|
sl@0
|
322 |
@param aSidList A list (possibly empty) of SIDs that this policy applies to.
|
sl@0
|
323 |
@param aDestination The destination wildcard string.
|
sl@0
|
324 |
*/
|
sl@0
|
325 |
{
|
sl@0
|
326 |
TInt numSids = aSidList.Count();
|
sl@0
|
327 |
for (TInt i = 0; i < numSids; ++i)
|
sl@0
|
328 |
{
|
sl@0
|
329 |
iSidList.AppendL(aSidList[i]);
|
sl@0
|
330 |
}
|
sl@0
|
331 |
iDestination = aDestination.AllocL();
|
sl@0
|
332 |
}
|
sl@0
|
333 |
|
sl@0
|
334 |
CPolicy::~CPolicy()
|
sl@0
|
335 |
/**
|
sl@0
|
336 |
Destructor
|
sl@0
|
337 |
*/
|
sl@0
|
338 |
{
|
sl@0
|
339 |
delete iDestination;
|
sl@0
|
340 |
iSidList.Close();
|
sl@0
|
341 |
}
|