sl@0
|
1 |
// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
|
sl@0
|
2 |
// All rights reserved.
|
sl@0
|
3 |
// This component and the accompanying materials are made available
|
sl@0
|
4 |
// under the terms of the License "Eclipse Public License v1.0"
|
sl@0
|
5 |
// which accompanies this distribution, and is available
|
sl@0
|
6 |
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
sl@0
|
7 |
//
|
sl@0
|
8 |
// Initial Contributors:
|
sl@0
|
9 |
// Nokia Corporation - initial contribution.
|
sl@0
|
10 |
//
|
sl@0
|
11 |
// Contributors:
|
sl@0
|
12 |
//
|
sl@0
|
13 |
// Description:
|
sl@0
|
14 |
// e32\common\secure.cpp
|
sl@0
|
15 |
//
|
sl@0
|
16 |
//
|
sl@0
|
17 |
|
sl@0
|
18 |
#define __INCLUDE_ALL_SUPPORTED_CAPABILITIES__
|
sl@0
|
19 |
#include "common.h"
|
sl@0
|
20 |
#ifdef __KERNEL_MODE__
|
sl@0
|
21 |
#include <kernel/kernel.h>
|
sl@0
|
22 |
#include <kernel/kern_priv.h>
|
sl@0
|
23 |
#endif
|
sl@0
|
24 |
|
sl@0
|
25 |
// Check that the layout of TSecurityInfo and SSecurityInfo are the same
|
sl@0
|
26 |
// because we use this assumption in the TSecurityInfo::Set methods
|
sl@0
|
27 |
__ASSERT_COMPILE(_FOFF(TSecurityInfo,iSecureId)==_FOFF(SSecurityInfo,iSecureId));
|
sl@0
|
28 |
__ASSERT_COMPILE(_FOFF(TSecurityInfo,iVendorId)==_FOFF(SSecurityInfo,iVendorId));
|
sl@0
|
29 |
__ASSERT_COMPILE(_FOFF(TSecurityInfo,iCaps)==_FOFF(SSecurityInfo,iCaps));
|
sl@0
|
30 |
|
sl@0
|
31 |
|
sl@0
|
32 |
#ifdef __KERNEL_MODE__
|
sl@0
|
33 |
|
sl@0
|
34 |
|
sl@0
|
35 |
/**
|
sl@0
|
36 |
Construct a TSecurityInfo setting it to the security attributes of aProcess.
|
sl@0
|
37 |
@param aProcess A process.
|
sl@0
|
38 |
*/
|
sl@0
|
39 |
EXPORT_C TSecurityInfo::TSecurityInfo(DProcess* aProcess)
|
sl@0
|
40 |
{
|
sl@0
|
41 |
memcpy(this, &aProcess->iS, sizeof(SSecurityInfo));
|
sl@0
|
42 |
}
|
sl@0
|
43 |
|
sl@0
|
44 |
/**
|
sl@0
|
45 |
Construct a TSecurityInfo setting it to the security attributes to those of the process
|
sl@0
|
46 |
owning the specified thread.
|
sl@0
|
47 |
@param aThread A thread.
|
sl@0
|
48 |
*/
|
sl@0
|
49 |
EXPORT_C TSecurityInfo::TSecurityInfo(DThread* aThread)
|
sl@0
|
50 |
{
|
sl@0
|
51 |
memcpy(this, &aThread->iOwningProcess->iS, sizeof(SSecurityInfo));
|
sl@0
|
52 |
}
|
sl@0
|
53 |
|
sl@0
|
54 |
#else
|
sl@0
|
55 |
|
sl@0
|
56 |
/**
|
sl@0
|
57 |
Construct a TSecurityInfo setting it to the security attributes of aProcess.
|
sl@0
|
58 |
@param aProcess A process.
|
sl@0
|
59 |
*/
|
sl@0
|
60 |
EXPORT_C TSecurityInfo::TSecurityInfo(RProcess aProcess)
|
sl@0
|
61 |
{
|
sl@0
|
62 |
Exec::ProcessSecurityInfo(aProcess.Handle(),*(SSecurityInfo*)this);
|
sl@0
|
63 |
}
|
sl@0
|
64 |
|
sl@0
|
65 |
/**
|
sl@0
|
66 |
Construct a TSecurityInfo setting it to the security attributes to those of the process
|
sl@0
|
67 |
owning the specified thread.
|
sl@0
|
68 |
@param aThread A thread.
|
sl@0
|
69 |
*/
|
sl@0
|
70 |
EXPORT_C TSecurityInfo::TSecurityInfo(RThread aThread)
|
sl@0
|
71 |
{
|
sl@0
|
72 |
Exec::ThreadSecurityInfo(aThread.Handle(),*(SSecurityInfo*)this);
|
sl@0
|
73 |
}
|
sl@0
|
74 |
|
sl@0
|
75 |
/**
|
sl@0
|
76 |
Construct a TSecurityInfo setting it to the security attributes of the process
|
sl@0
|
77 |
which sent the message aMsgPtr
|
sl@0
|
78 |
@param aMsgPtr a message
|
sl@0
|
79 |
*/
|
sl@0
|
80 |
EXPORT_C TSecurityInfo::TSecurityInfo(RMessagePtr2 aMsgPtr)
|
sl@0
|
81 |
{
|
sl@0
|
82 |
Exec::MessageSecurityInfo(aMsgPtr.Handle(),*(SSecurityInfo*)this);
|
sl@0
|
83 |
}
|
sl@0
|
84 |
|
sl@0
|
85 |
TInt TSecurityInfo::Set(RSessionBase aSession)
|
sl@0
|
86 |
{
|
sl@0
|
87 |
return Exec::SessionSecurityInfo(aSession.Handle(),*(SSecurityInfo*)this);
|
sl@0
|
88 |
}
|
sl@0
|
89 |
|
sl@0
|
90 |
/**
|
sl@0
|
91 |
Sets this TSecurityInfo to the security attributes of this process' creator.
|
sl@0
|
92 |
*/
|
sl@0
|
93 |
EXPORT_C void TSecurityInfo::SetToCreatorInfo()
|
sl@0
|
94 |
{
|
sl@0
|
95 |
Exec::CreatorSecurityInfo(*(SSecurityInfo*)this);
|
sl@0
|
96 |
}
|
sl@0
|
97 |
|
sl@0
|
98 |
#endif //__KERNEL_MODE__
|
sl@0
|
99 |
|
sl@0
|
100 |
/**
|
sl@0
|
101 |
Construct a set consisting of two capabilities.
|
sl@0
|
102 |
@param aCapability1 The first capability.
|
sl@0
|
103 |
@param aCapability2 The second capability.
|
sl@0
|
104 |
*/
|
sl@0
|
105 |
EXPORT_C TCapabilitySet::TCapabilitySet(TCapability aCapability1, TCapability aCapability2)
|
sl@0
|
106 |
{
|
sl@0
|
107 |
SetEmpty();
|
sl@0
|
108 |
AddCapability(aCapability1);
|
sl@0
|
109 |
AddCapability(aCapability2);
|
sl@0
|
110 |
}
|
sl@0
|
111 |
|
sl@0
|
112 |
/**
|
sl@0
|
113 |
Make this set empty. I.e. Containing no capabilities.
|
sl@0
|
114 |
*/
|
sl@0
|
115 |
EXPORT_C void TCapabilitySet::SetEmpty()
|
sl@0
|
116 |
{
|
sl@0
|
117 |
memset(iCaps,0,sizeof(iCaps));
|
sl@0
|
118 |
}
|
sl@0
|
119 |
|
sl@0
|
120 |
|
sl@0
|
121 |
/**
|
sl@0
|
122 |
Make this set consist of all capabilities supported by this OS version.
|
sl@0
|
123 |
*/
|
sl@0
|
124 |
EXPORT_C void TCapabilitySet::SetAllSupported()
|
sl@0
|
125 |
{
|
sl@0
|
126 |
*(SCapabilitySet*)&iCaps=AllSupportedCapabilities;
|
sl@0
|
127 |
}
|
sl@0
|
128 |
|
sl@0
|
129 |
#ifndef __KERNEL_MODE__
|
sl@0
|
130 |
// Documented in header file
|
sl@0
|
131 |
EXPORT_C void TCapabilitySet::SetDisabled()
|
sl@0
|
132 |
{
|
sl@0
|
133 |
Exec::DisabledCapabilities(*(SCapabilitySet*)this);
|
sl@0
|
134 |
}
|
sl@0
|
135 |
#endif // __KERNEL_MODE__
|
sl@0
|
136 |
|
sl@0
|
137 |
/**
|
sl@0
|
138 |
Add a single capability to the set.
|
sl@0
|
139 |
If the capability is not supported by this OS version then it is not added and
|
sl@0
|
140 |
the set is left unchanged.
|
sl@0
|
141 |
@see TCapabilitySet::SetAllSupported()
|
sl@0
|
142 |
@param aCapability Capability to add.
|
sl@0
|
143 |
*/
|
sl@0
|
144 |
EXPORT_C void TCapabilitySet::AddCapability(TCapability aCapability)
|
sl@0
|
145 |
{
|
sl@0
|
146 |
if((TUint32)aCapability<(TUint32)ECapability_Limit)
|
sl@0
|
147 |
{
|
sl@0
|
148 |
TInt index = aCapability>>3;
|
sl@0
|
149 |
TUint8 mask = (TUint8)(1<<(aCapability&7));
|
sl@0
|
150 |
mask &= ((TUint8*)&AllSupportedCapabilities)[index];
|
sl@0
|
151 |
((TUint8*)iCaps)[index] |= mask;
|
sl@0
|
152 |
}
|
sl@0
|
153 |
}
|
sl@0
|
154 |
|
sl@0
|
155 |
/**
|
sl@0
|
156 |
Remove a single capability from the set, if it is present.
|
sl@0
|
157 |
@param aCapability Capability to remove.
|
sl@0
|
158 |
*/
|
sl@0
|
159 |
EXPORT_C void TCapabilitySet::RemoveCapability(TCapability aCapability)
|
sl@0
|
160 |
{
|
sl@0
|
161 |
if((TUint32)aCapability<(TUint32)ECapability_Limit)
|
sl@0
|
162 |
{
|
sl@0
|
163 |
TInt index = aCapability>>3;
|
sl@0
|
164 |
TUint8 mask = (TUint8)(1<<(aCapability&7));
|
sl@0
|
165 |
((TUint8*)iCaps)[index] &= ~mask;
|
sl@0
|
166 |
}
|
sl@0
|
167 |
}
|
sl@0
|
168 |
|
sl@0
|
169 |
/**
|
sl@0
|
170 |
Perform a union of this capability set with another.
|
sl@0
|
171 |
The result replaces the content of 'this'.
|
sl@0
|
172 |
@param aCapabilities A cpability set
|
sl@0
|
173 |
*/
|
sl@0
|
174 |
EXPORT_C void TCapabilitySet::Union(const TCapabilitySet& aCapabilities)
|
sl@0
|
175 |
{
|
sl@0
|
176 |
for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
|
sl@0
|
177 |
iCaps[n] |= aCapabilities.iCaps[n];
|
sl@0
|
178 |
}
|
sl@0
|
179 |
|
sl@0
|
180 |
/**
|
sl@0
|
181 |
Perform an intersection of this capability set with another.
|
sl@0
|
182 |
The result replaces the content of 'this'.
|
sl@0
|
183 |
@param aCapabilities A capability set
|
sl@0
|
184 |
*/
|
sl@0
|
185 |
EXPORT_C void TCapabilitySet::Intersection(const TCapabilitySet& aCapabilities)
|
sl@0
|
186 |
{
|
sl@0
|
187 |
for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
|
sl@0
|
188 |
iCaps[n] &= aCapabilities.iCaps[n];
|
sl@0
|
189 |
}
|
sl@0
|
190 |
|
sl@0
|
191 |
/**
|
sl@0
|
192 |
Remove a set of capabilities from this set.
|
sl@0
|
193 |
@param aCapabilities The set of capabilities to remove
|
sl@0
|
194 |
*/
|
sl@0
|
195 |
EXPORT_C void TCapabilitySet::Remove(const TCapabilitySet& aCapabilities)
|
sl@0
|
196 |
{
|
sl@0
|
197 |
for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
|
sl@0
|
198 |
iCaps[n] &= ~aCapabilities.iCaps[n];
|
sl@0
|
199 |
}
|
sl@0
|
200 |
|
sl@0
|
201 |
/**
|
sl@0
|
202 |
Test if a single capability is present in the set.
|
sl@0
|
203 |
The capability ECapability_None is always treated as being present.
|
sl@0
|
204 |
@param aCapability The capability to test
|
sl@0
|
205 |
@return 1 if the capability is present, 0 if it is not.
|
sl@0
|
206 |
*/
|
sl@0
|
207 |
EXPORT_C TBool TCapabilitySet::HasCapability(TCapability aCapability) const
|
sl@0
|
208 |
{
|
sl@0
|
209 |
if((TUint32)aCapability<(TUint32)ECapability_Limit)
|
sl@0
|
210 |
return (((TUint8*)iCaps)[aCapability>>3]>>(aCapability&7))&1;
|
sl@0
|
211 |
// coverity[dead_error_condition]
|
sl@0
|
212 |
if(aCapability==ECapability_None)
|
sl@0
|
213 |
return ETrue;
|
sl@0
|
214 |
return EFalse; // Handles illegal argument and ECapability_Denied
|
sl@0
|
215 |
}
|
sl@0
|
216 |
|
sl@0
|
217 |
/**
|
sl@0
|
218 |
Test if all the capabilities in a given set are present in this set
|
sl@0
|
219 |
@param aCapabilities The capability set to test
|
sl@0
|
220 |
@return A non-zero value if all the capabilities are present, zero otherwise.
|
sl@0
|
221 |
*/
|
sl@0
|
222 |
EXPORT_C TBool TCapabilitySet::HasCapabilities(const TCapabilitySet& aCapabilities) const
|
sl@0
|
223 |
{
|
sl@0
|
224 |
TUint32 checkFail=0;
|
sl@0
|
225 |
for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
|
sl@0
|
226 |
checkFail |= aCapabilities.iCaps[n]&~iCaps[n];
|
sl@0
|
227 |
return checkFail?0:1;
|
sl@0
|
228 |
}
|
sl@0
|
229 |
|
sl@0
|
230 |
// Documented in header file
|
sl@0
|
231 |
TBool TCapabilitySet::NotEmpty() const
|
sl@0
|
232 |
{
|
sl@0
|
233 |
TUint32 notEmpty=0;
|
sl@0
|
234 |
for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
|
sl@0
|
235 |
notEmpty |= iCaps[n];
|
sl@0
|
236 |
return notEmpty;
|
sl@0
|
237 |
}
|
sl@0
|
238 |
|
sl@0
|
239 |
//ECapability_None is assumed to be -1 in the internals of TSecurityPolicy
|
sl@0
|
240 |
__ASSERT_COMPILE(ECapability_None == -1);
|
sl@0
|
241 |
|
sl@0
|
242 |
/** Constructs a TSecurityPolicy to either always pass or always fail checks made
|
sl@0
|
243 |
against it, depending on the value of aType.
|
sl@0
|
244 |
@param aType Must be one of EAlwaysPass or EAlwaysFail
|
sl@0
|
245 |
@panic USER 191 if aType is not a valid value
|
sl@0
|
246 |
*/
|
sl@0
|
247 |
EXPORT_C TSecurityPolicy::TSecurityPolicy(TSecPolicyType aType)
|
sl@0
|
248 |
: iType((TUint8)aType), iSecureId(TUint32(ECapability_None))
|
sl@0
|
249 |
{
|
sl@0
|
250 |
//This constructor uses TSecPolicyType as public alias for the internal
|
sl@0
|
251 |
//TType. Thus EAlwaysFail must have the same value as ETypeFail (same with the
|
sl@0
|
252 |
//pass case too).
|
sl@0
|
253 |
__ASSERT_COMPILE(EAlwaysFail == (TSecPolicyType)ETypeFail);
|
sl@0
|
254 |
__ASSERT_COMPILE(EAlwaysPass == (TSecPolicyType)ETypePass);
|
sl@0
|
255 |
|
sl@0
|
256 |
__ASSERT_ALWAYS(aType == EAlwaysFail || aType == EAlwaysPass, Panic(ETSecPolicyTypeInvalid));
|
sl@0
|
257 |
iCaps[0] = (TUint8)ECapability_None;
|
sl@0
|
258 |
iCaps[1] = (TUint8)ECapability_None;
|
sl@0
|
259 |
iCaps[2] = (TUint8)ECapability_None;
|
sl@0
|
260 |
}
|
sl@0
|
261 |
|
sl@0
|
262 |
/** Construct a TSecurityPolicy object to check up to 3 capabilties.
|
sl@0
|
263 |
@param aCap1 The first capability to add to this policy
|
sl@0
|
264 |
@param aCap2 An optional second capability to add to this policy
|
sl@0
|
265 |
@param aCap3 An optional third capability to add to this policy
|
sl@0
|
266 |
@panic USER 189 If any of the supplied capabilities are not valid.
|
sl@0
|
267 |
*/
|
sl@0
|
268 |
EXPORT_C TSecurityPolicy::TSecurityPolicy(TCapability aCap1, TCapability aCap2, TCapability aCap3)
|
sl@0
|
269 |
//iSecureId=0xFFFFFFFF sets iExtraCaps[0-3] each to ECapability_None (==0xFF)
|
sl@0
|
270 |
: iType(ETypeC3), iSecureId(TUint32(ECapability_None))
|
sl@0
|
271 |
{
|
sl@0
|
272 |
ConstructAndCheck3(aCap1, aCap2, aCap3);
|
sl@0
|
273 |
}
|
sl@0
|
274 |
|
sl@0
|
275 |
/** Construct a TSecurityPolicy object to check up to 7 capabilties.
|
sl@0
|
276 |
@param aCap1 The first capability to add to this policy
|
sl@0
|
277 |
@param aCap2 The second capability to add to this policy
|
sl@0
|
278 |
@param aCap3 The third capability to add to this policy
|
sl@0
|
279 |
@param aCap4 The fourth capability to add to this policy
|
sl@0
|
280 |
@param aCap5 An optional fifth capability to add to this policy
|
sl@0
|
281 |
@param aCap6 An optional sixth capability to add to this policy
|
sl@0
|
282 |
@param aCap7 An optional seventh capability to add to this policy
|
sl@0
|
283 |
@panic USER 189 If any of the supplied capabilities are not valid.
|
sl@0
|
284 |
*/
|
sl@0
|
285 |
EXPORT_C TSecurityPolicy::TSecurityPolicy(TCapability aCap1, TCapability aCap2,
|
sl@0
|
286 |
TCapability aCap3, TCapability aCap4, TCapability aCap5, TCapability aCap6, TCapability aCap7)
|
sl@0
|
287 |
: iType(ETypeC7)
|
sl@0
|
288 |
{
|
sl@0
|
289 |
ConstructAndCheck3(aCap1, aCap2, aCap3);
|
sl@0
|
290 |
__ASSERT_COMPILE(ECapability_None==-1); // Our argument check below assumes this
|
sl@0
|
291 |
__ASSERT_ALWAYS( (TUint)(aCap4+1)<=(TUint)ECapability_Limit
|
sl@0
|
292 |
&&(TUint)(aCap5+1)<=(TUint)ECapability_Limit
|
sl@0
|
293 |
&&(TUint)(aCap6+1)<=(TUint)ECapability_Limit
|
sl@0
|
294 |
&&(TUint)(aCap7+1)<=(TUint)ECapability_Limit
|
sl@0
|
295 |
,Panic(ECapabilityInvalid));
|
sl@0
|
296 |
iExtraCaps[0] = (TUint8)aCap4;
|
sl@0
|
297 |
iExtraCaps[1] = (TUint8)aCap5;
|
sl@0
|
298 |
iExtraCaps[2] = (TUint8)aCap6;
|
sl@0
|
299 |
iExtraCaps[3] = (TUint8)aCap7;
|
sl@0
|
300 |
}
|
sl@0
|
301 |
|
sl@0
|
302 |
/** Construct a TSecurityPolicy object to check a secure id and up to 3 capabilties.
|
sl@0
|
303 |
@param aSecureId The secure id to add to this policy
|
sl@0
|
304 |
@param aCap1 The first capability to add to this policy
|
sl@0
|
305 |
@param aCap2 The second capability to add to this policy
|
sl@0
|
306 |
@param aCap3 The third capability to add to this policy
|
sl@0
|
307 |
@panic USER 189 If any of the supplied capabilities are not valid.
|
sl@0
|
308 |
*/
|
sl@0
|
309 |
EXPORT_C TSecurityPolicy::TSecurityPolicy(TSecureId aSecureId,
|
sl@0
|
310 |
TCapability aCap1, TCapability aCap2, TCapability aCap3)
|
sl@0
|
311 |
: iType(ETypeS3), iSecureId(aSecureId)
|
sl@0
|
312 |
{
|
sl@0
|
313 |
ConstructAndCheck3(aCap1, aCap2, aCap3);
|
sl@0
|
314 |
}
|
sl@0
|
315 |
|
sl@0
|
316 |
/** Construct a TSecurityPolicy object to check a vendor id and up to 3 capabilties.
|
sl@0
|
317 |
@param aVendorId The vendor id to add to this policy
|
sl@0
|
318 |
@param aCap1 The first capability to add to this policy
|
sl@0
|
319 |
@param aCap2 The second capability to add to this policy
|
sl@0
|
320 |
@param aCap3 The third capability to add to this policy
|
sl@0
|
321 |
@panic USER 189 If any of the supplied capabilities are not valid.
|
sl@0
|
322 |
*/
|
sl@0
|
323 |
EXPORT_C TSecurityPolicy::TSecurityPolicy(TVendorId aVendorId,
|
sl@0
|
324 |
TCapability aCap1, TCapability aCap2, TCapability aCap3)
|
sl@0
|
325 |
: iType(ETypeV3), iVendorId(aVendorId)
|
sl@0
|
326 |
{
|
sl@0
|
327 |
ConstructAndCheck3(aCap1, aCap2, aCap3);
|
sl@0
|
328 |
}
|
sl@0
|
329 |
|
sl@0
|
330 |
/** Sets up iCaps[0-2] with supplied values and checks for their validity.
|
sl@0
|
331 |
@panic USER 189 If any of the supplied capabilities are invalid.
|
sl@0
|
332 |
*/
|
sl@0
|
333 |
void TSecurityPolicy::ConstructAndCheck3(TCapability aCap1, TCapability aCap2, TCapability aCap3)
|
sl@0
|
334 |
{
|
sl@0
|
335 |
__ASSERT_COMPILE(ECapability_None==-1); // Our argument check below assumes this
|
sl@0
|
336 |
__ASSERT_ALWAYS( (TUint)(aCap1+1)<=(TUint)ECapability_Limit
|
sl@0
|
337 |
&&(TUint)(aCap2+1)<=(TUint)ECapability_Limit
|
sl@0
|
338 |
&&(TUint)(aCap3+1)<=(TUint)ECapability_Limit
|
sl@0
|
339 |
,Panic(ECapabilityInvalid));
|
sl@0
|
340 |
iCaps[0] = (TUint8)aCap1;
|
sl@0
|
341 |
iCaps[1] = (TUint8)aCap2;
|
sl@0
|
342 |
iCaps[2] = (TUint8)aCap3;
|
sl@0
|
343 |
}
|
sl@0
|
344 |
|
sl@0
|
345 |
/**
|
sl@0
|
346 |
Checks that this object is in a valid state
|
sl@0
|
347 |
@return A non-zero value if this object is valid, zero otherwise.
|
sl@0
|
348 |
@internalComponent
|
sl@0
|
349 |
*/
|
sl@0
|
350 |
TBool TSecurityPolicy::Validate() const
|
sl@0
|
351 |
{
|
sl@0
|
352 |
switch(iType)
|
sl@0
|
353 |
{
|
sl@0
|
354 |
case ETypeFail:
|
sl@0
|
355 |
case ETypePass:
|
sl@0
|
356 |
if(iSecureId!=TUint32(ECapability_None))
|
sl@0
|
357 |
return EFalse;
|
sl@0
|
358 |
__ASSERT_COMPILE(TUint8(ECapability_None)==0xffu); // Test below assumes this...
|
sl@0
|
359 |
if((iCaps[0]&iCaps[1]&iCaps[2])!=TUint8(ECapability_None)) // check caps 0 to 2 are each == ECapability_None
|
sl@0
|
360 |
return EFalse;
|
sl@0
|
361 |
return ETrue;
|
sl@0
|
362 |
|
sl@0
|
363 |
case ETypeC7:
|
sl@0
|
364 |
return ETrue;
|
sl@0
|
365 |
|
sl@0
|
366 |
case ETypeC3:
|
sl@0
|
367 |
if(iSecureId!=TUint32(ECapability_None))
|
sl@0
|
368 |
return EFalse;
|
sl@0
|
369 |
return ETrue;
|
sl@0
|
370 |
|
sl@0
|
371 |
case ETypeS3:
|
sl@0
|
372 |
case ETypeV3:
|
sl@0
|
373 |
return ETrue;
|
sl@0
|
374 |
|
sl@0
|
375 |
default:
|
sl@0
|
376 |
return EFalse;
|
sl@0
|
377 |
}
|
sl@0
|
378 |
}
|
sl@0
|
379 |
|
sl@0
|
380 |
/** Sets this TSecurityPolicy to a copy of the policy described by the
|
sl@0
|
381 |
supplied descriptor. Such a descriptor can be obtained from
|
sl@0
|
382 |
TSecurityPolicy::Package().
|
sl@0
|
383 |
@see TSecurityPolicy::Package()
|
sl@0
|
384 |
@param aDes A descriptor representing the state of another TSecurityPolicy.
|
sl@0
|
385 |
@return KErrNone, if successful, otherwise one of the other system-wide error
|
sl@0
|
386 |
codes.
|
sl@0
|
387 |
*/
|
sl@0
|
388 |
EXPORT_C TInt TSecurityPolicy::Set(const TDesC8& aDes)
|
sl@0
|
389 |
{
|
sl@0
|
390 |
if(aDes.Size() == sizeof(TSecurityPolicy))
|
sl@0
|
391 |
{
|
sl@0
|
392 |
*this = *(TSecurityPolicy*)aDes.Ptr();
|
sl@0
|
393 |
if(Validate())
|
sl@0
|
394 |
return KErrNone;
|
sl@0
|
395 |
}
|
sl@0
|
396 |
// Set failed so set up the policy as an EAlwaysFail case.
|
sl@0
|
397 |
iType = EAlwaysFail;
|
sl@0
|
398 |
iCaps[0] = TUint8(ECapability_None);
|
sl@0
|
399 |
iCaps[1] = TUint8(ECapability_None);
|
sl@0
|
400 |
iCaps[2] = TUint8(ECapability_None);
|
sl@0
|
401 |
iSecureId = TUint32(ECapability_None);
|
sl@0
|
402 |
return KErrArgument;
|
sl@0
|
403 |
}
|
sl@0
|
404 |
|
sl@0
|
405 |
/**
|
sl@0
|
406 |
Constructs a TPtrC8 wrapping the platform security attributes of this
|
sl@0
|
407 |
TSecurityPolicy. Such a descriptor is suitable for passing across the
|
sl@0
|
408 |
client server boundary.
|
sl@0
|
409 |
|
sl@0
|
410 |
The format of the descriptor is determined by the first byte which specifies
|
sl@0
|
411 |
the type of this TSecurityPolicy. The first byte is one of the constants
|
sl@0
|
412 |
specified in the enum TSecurityPolicy::TType.
|
sl@0
|
413 |
|
sl@0
|
414 |
For TSecurityPolicy objects of types ETypeC3, ETypeS3, ETypePass or ETypeFail
|
sl@0
|
415 |
the descriptor will contain the following data in the order listed:
|
sl@0
|
416 |
@code
|
sl@0
|
417 |
TUint8 iType; // set to ETypeC3, ETypeS3, ETypePass or ETypeFail
|
sl@0
|
418 |
TUint8 iCaps[3];
|
sl@0
|
419 |
TUint32 iSecureId;
|
sl@0
|
420 |
@endcode
|
sl@0
|
421 |
ETypeC3 descriptors will contain capabilities in iCaps but have iSecureId set
|
sl@0
|
422 |
to ECapability_None. ETypeS3 are similar to ETypeC3 descriptors but will have
|
sl@0
|
423 |
iSecureId set to the secure ID value of the TSecurityPolicy object.
|
sl@0
|
424 |
ETypePass and ETypeFail objects will have values of all of the elements of iCaps
|
sl@0
|
425 |
and iSecureId set to ECapability_None.
|
sl@0
|
426 |
|
sl@0
|
427 |
For TSecurityPolicy objects of type ETypeV3 the descriptor will contain the
|
sl@0
|
428 |
following data in the order listed:
|
sl@0
|
429 |
@code
|
sl@0
|
430 |
TUint8 iType; // set to ETypeV3
|
sl@0
|
431 |
TUint8 iCaps[3]; // set to the values of 3 capabilities
|
sl@0
|
432 |
TUint32 iVendorId; // set to the value of the vendor ID of the TSecurityPolicy
|
sl@0
|
433 |
@endcode
|
sl@0
|
434 |
|
sl@0
|
435 |
For TSecurityPolicy objects of type ETypeC7 the descriptor will contain the
|
sl@0
|
436 |
following data in the order listed:
|
sl@0
|
437 |
@code
|
sl@0
|
438 |
TUint8 iType; // set to ETypeC7
|
sl@0
|
439 |
TUint8 iCaps[3]; // set to the values of 3 of the objects capabilities
|
sl@0
|
440 |
TUint8 iExtraCaps[4]; // set to the values of 4 of the objects capabilities
|
sl@0
|
441 |
@endcode
|
sl@0
|
442 |
@see TSecurityPolicy::TType
|
sl@0
|
443 |
@see TSecurityPolicy::Set()
|
sl@0
|
444 |
@return A TPtrC8 wrapping the platform security attributes of this TSecurityPolicy.
|
sl@0
|
445 |
*/
|
sl@0
|
446 |
EXPORT_C TPtrC8 TSecurityPolicy::Package() const
|
sl@0
|
447 |
{
|
sl@0
|
448 |
return TPtrC8((TUint8*)(this), sizeof(TSecurityPolicy));
|
sl@0
|
449 |
}
|
sl@0
|
450 |
|
sl@0
|
451 |
/** Checks this policy against the supplied SSecurityInfo.
|
sl@0
|
452 |
@param aSecInfo The SSecurityInfo object to check against this TSecurityPolicy.
|
sl@0
|
453 |
@param aMissing A SSecurityInfo object which this method fills with any capabilities or IDs
|
sl@0
|
454 |
it finds to be missing. This is designed to help generating diagnostic messages.
|
sl@0
|
455 |
@return ETrue if all the requirements of this TSecurityPolicy are met, EFalse
|
sl@0
|
456 |
@panic USER 190 if aSecInfo is an invalid SSecurityInfo object
|
sl@0
|
457 |
otherwise.
|
sl@0
|
458 |
*/
|
sl@0
|
459 |
TBool TSecurityPolicy::CheckPolicy(const SSecurityInfo& aSecInfo, SSecurityInfo& aMissing) const
|
sl@0
|
460 |
{
|
sl@0
|
461 |
TBool result = EFalse;
|
sl@0
|
462 |
//It is thought to be by far the most common case to have 3 or less
|
sl@0
|
463 |
//capabilities in a policy. Hence we'll set this for all of them even
|
sl@0
|
464 |
//though ETypePass doesn't need it.
|
sl@0
|
465 |
aMissing.iSecureId = 0;
|
sl@0
|
466 |
aMissing.iVendorId = 0;
|
sl@0
|
467 |
__ASSERT_COMPILE(SCapabilitySet::ENCapW == 2);
|
sl@0
|
468 |
aMissing.iCaps[0] = 0;
|
sl@0
|
469 |
aMissing.iCaps[1] = 0;
|
sl@0
|
470 |
aMissing.iCaps.AddCapability((TCapability)(iCaps[0]));
|
sl@0
|
471 |
aMissing.iCaps.AddCapability((TCapability)(iCaps[1]));
|
sl@0
|
472 |
aMissing.iCaps.AddCapability((TCapability)(iCaps[2]));
|
sl@0
|
473 |
aMissing.iCaps.Remove(aSecInfo.iCaps);
|
sl@0
|
474 |
switch(iType)
|
sl@0
|
475 |
{
|
sl@0
|
476 |
case ETypeFail:
|
sl@0
|
477 |
//result already False;
|
sl@0
|
478 |
break;
|
sl@0
|
479 |
case ETypePass:
|
sl@0
|
480 |
result = ETrue;
|
sl@0
|
481 |
break;
|
sl@0
|
482 |
case ETypeC7:
|
sl@0
|
483 |
aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[0]));
|
sl@0
|
484 |
aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[1]));
|
sl@0
|
485 |
aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[2]));
|
sl@0
|
486 |
aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[3]));
|
sl@0
|
487 |
aMissing.iCaps.Remove(aSecInfo.iCaps);
|
sl@0
|
488 |
//It is intentional that there is no break statement here
|
sl@0
|
489 |
case ETypeC3:
|
sl@0
|
490 |
if(!aMissing.iCaps.NotEmpty())
|
sl@0
|
491 |
{
|
sl@0
|
492 |
result = ETrue;
|
sl@0
|
493 |
}
|
sl@0
|
494 |
break;
|
sl@0
|
495 |
case ETypeS3:
|
sl@0
|
496 |
if(!aMissing.iCaps.NotEmpty() && iSecureId == aSecInfo.iSecureId)
|
sl@0
|
497 |
{
|
sl@0
|
498 |
result = ETrue;
|
sl@0
|
499 |
}
|
sl@0
|
500 |
//This else if required to set the aMissing.iCaps secure id for diagnostics.
|
sl@0
|
501 |
//Doesn't affect pass case.
|
sl@0
|
502 |
else if(iSecureId != aSecInfo.iSecureId)
|
sl@0
|
503 |
{
|
sl@0
|
504 |
aMissing.iSecureId = iSecureId;
|
sl@0
|
505 |
}
|
sl@0
|
506 |
break;
|
sl@0
|
507 |
case ETypeV3:
|
sl@0
|
508 |
if(!aMissing.iCaps.NotEmpty() && iVendorId == aSecInfo.iVendorId)
|
sl@0
|
509 |
{
|
sl@0
|
510 |
result = ETrue;
|
sl@0
|
511 |
}
|
sl@0
|
512 |
else if(iVendorId != aSecInfo.iVendorId)
|
sl@0
|
513 |
{
|
sl@0
|
514 |
aMissing.iVendorId = iVendorId;
|
sl@0
|
515 |
}
|
sl@0
|
516 |
break;
|
sl@0
|
517 |
default:
|
sl@0
|
518 |
Panic(ESecurityPolicyCorrupt);
|
sl@0
|
519 |
break;
|
sl@0
|
520 |
}
|
sl@0
|
521 |
return result;
|
sl@0
|
522 |
}
|
sl@0
|
523 |
|
sl@0
|
524 |
#ifndef __KERNEL_MODE__
|
sl@0
|
525 |
|
sl@0
|
526 |
/** Checks this policy against the platform security attributes of aProcess.
|
sl@0
|
527 |
|
sl@0
|
528 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
529 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
530 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
531 |
check failed.
|
sl@0
|
532 |
|
sl@0
|
533 |
@param aProcess The RProcess object to check against this TSecurityPolicy.
|
sl@0
|
534 |
@param aDiagnostic A string that will be emitted along with any diagnostic message
|
sl@0
|
535 |
that may be issued if the policy check fails.
|
sl@0
|
536 |
This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
|
sl@0
|
537 |
which enables it to be easily removed from the system.
|
sl@0
|
538 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
539 |
platform security attributes of aProcess, EFalse otherwise.
|
sl@0
|
540 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
541 |
*/
|
sl@0
|
542 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
543 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RProcess aProcess, const char* aDiagnostic) const
|
sl@0
|
544 |
{
|
sl@0
|
545 |
SSecurityInfo missing;
|
sl@0
|
546 |
TSecurityInfo secInfo(aProcess);
|
sl@0
|
547 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
|
sl@0
|
548 |
if(!pass)
|
sl@0
|
549 |
pass = PlatSec::PolicyCheckFail(aProcess.Handle(),missing,aDiagnostic)==KErrNone;
|
sl@0
|
550 |
return pass;
|
sl@0
|
551 |
}
|
sl@0
|
552 |
#else // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
553 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RProcess aProcess, const char* /*aDiagnostic*/) const
|
sl@0
|
554 |
{
|
sl@0
|
555 |
return DoCheckPolicy(aProcess);
|
sl@0
|
556 |
}
|
sl@0
|
557 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
558 |
|
sl@0
|
559 |
/** Checks this policy against the platform security attributes of aProcess.
|
sl@0
|
560 |
|
sl@0
|
561 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
562 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
563 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
564 |
check failed.
|
sl@0
|
565 |
|
sl@0
|
566 |
@param aProcess The RProcess object to check against this TSecurityPolicy.
|
sl@0
|
567 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
568 |
platform security attributes of aProcess, EFalse otherwise.
|
sl@0
|
569 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
570 |
*/
|
sl@0
|
571 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RProcess aProcess) const
|
sl@0
|
572 |
{
|
sl@0
|
573 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
574 |
return DoCheckPolicy(aProcess, NULL);
|
sl@0
|
575 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
576 |
SSecurityInfo missing;
|
sl@0
|
577 |
TSecurityInfo secInfo(aProcess);
|
sl@0
|
578 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
|
sl@0
|
579 |
if(!pass)
|
sl@0
|
580 |
pass = (PlatSec::EmitDiagnostic() == KErrNone);
|
sl@0
|
581 |
return pass;
|
sl@0
|
582 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
583 |
}
|
sl@0
|
584 |
|
sl@0
|
585 |
/** Checks this policy against the platform security attributes of the process
|
sl@0
|
586 |
owning aThread.
|
sl@0
|
587 |
|
sl@0
|
588 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
589 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
590 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
591 |
check failed.
|
sl@0
|
592 |
|
sl@0
|
593 |
@param aThread The thread whose owning process' platform security attributes
|
sl@0
|
594 |
are to be checked against this TSecurityPolicy.
|
sl@0
|
595 |
@param aDiagnostic A string that will be emitted along with any diagnostic message
|
sl@0
|
596 |
that may be issued if the policy check fails.
|
sl@0
|
597 |
This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
|
sl@0
|
598 |
which enables it to be easily removed from the system.
|
sl@0
|
599 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
600 |
platform security parameters of the owning process of aThread, EFalse otherwise.
|
sl@0
|
601 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
602 |
*/
|
sl@0
|
603 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
604 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RThread aThread, const char* aDiagnostic) const
|
sl@0
|
605 |
{
|
sl@0
|
606 |
SSecurityInfo missing;
|
sl@0
|
607 |
TSecurityInfo secInfo(aThread);
|
sl@0
|
608 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
|
sl@0
|
609 |
if(!pass)
|
sl@0
|
610 |
pass = PlatSec::PolicyCheckFail(aThread.Handle(),missing,aDiagnostic)==KErrNone;
|
sl@0
|
611 |
return pass;
|
sl@0
|
612 |
}
|
sl@0
|
613 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
614 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RThread aThread, const char* /*aDiagnostic*/) const
|
sl@0
|
615 |
{
|
sl@0
|
616 |
return DoCheckPolicy(aThread);
|
sl@0
|
617 |
}
|
sl@0
|
618 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
619 |
|
sl@0
|
620 |
/** Checks this policy against the platform security attributes of the process
|
sl@0
|
621 |
owning aThread.
|
sl@0
|
622 |
|
sl@0
|
623 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
624 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
625 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
626 |
check failed.
|
sl@0
|
627 |
|
sl@0
|
628 |
@param aThread The thread whose owning process' platform security attributes
|
sl@0
|
629 |
are to be checked against this TSecurityPolicy.
|
sl@0
|
630 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
631 |
platform security parameters of the owning process of aThread, EFalse otherwise.
|
sl@0
|
632 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
633 |
*/
|
sl@0
|
634 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RThread aThread) const
|
sl@0
|
635 |
{
|
sl@0
|
636 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
637 |
return DoCheckPolicy(aThread, NULL);
|
sl@0
|
638 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
639 |
SSecurityInfo missing;
|
sl@0
|
640 |
TSecurityInfo secInfo(aThread);
|
sl@0
|
641 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
|
sl@0
|
642 |
if(!pass)
|
sl@0
|
643 |
pass = (PlatSec::EmitDiagnostic() == KErrNone);
|
sl@0
|
644 |
return pass;
|
sl@0
|
645 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
646 |
}
|
sl@0
|
647 |
|
sl@0
|
648 |
TInt TSecurityPolicy::CheckPolicy(RSessionBase aSession) const
|
sl@0
|
649 |
{
|
sl@0
|
650 |
SSecurityInfo missing;
|
sl@0
|
651 |
TSecurityInfo secInfo;
|
sl@0
|
652 |
TInt r = secInfo.Set(aSession);
|
sl@0
|
653 |
if (r!=KErrNone)
|
sl@0
|
654 |
return r;
|
sl@0
|
655 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
|
sl@0
|
656 |
if(!pass)
|
sl@0
|
657 |
{
|
sl@0
|
658 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
659 |
r = PlatSec::PolicyCheckFail(aSession.Handle(),missing,NULL);
|
sl@0
|
660 |
#else
|
sl@0
|
661 |
r = PlatSec::EmitDiagnostic();
|
sl@0
|
662 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
663 |
}
|
sl@0
|
664 |
return r;
|
sl@0
|
665 |
}
|
sl@0
|
666 |
|
sl@0
|
667 |
/** Checks this policy against the platform security attributes of the process which sent
|
sl@0
|
668 |
the given message.
|
sl@0
|
669 |
|
sl@0
|
670 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
671 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
672 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
673 |
check failed.
|
sl@0
|
674 |
|
sl@0
|
675 |
@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
|
sl@0
|
676 |
@param aDiagnostic A string that will be emitted along with any diagnostic message
|
sl@0
|
677 |
that may be issued if the policy check fails.
|
sl@0
|
678 |
This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
|
sl@0
|
679 |
which enables it to be easily removed from the system.
|
sl@0
|
680 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
681 |
platform security attributes of aMsg, EFalse otherwise.
|
sl@0
|
682 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
683 |
*/
|
sl@0
|
684 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
685 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, const char* aDiagnostic) const
|
sl@0
|
686 |
{
|
sl@0
|
687 |
SSecurityInfo missing;
|
sl@0
|
688 |
TSecurityInfo secInfo(aMsgPtr);
|
sl@0
|
689 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
|
sl@0
|
690 |
if(!pass)
|
sl@0
|
691 |
pass = PlatSec::PolicyCheckFail(aMsgPtr,missing,aDiagnostic)==KErrNone;
|
sl@0
|
692 |
return pass;
|
sl@0
|
693 |
}
|
sl@0
|
694 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
695 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, const char* /*aDiagnostic*/) const
|
sl@0
|
696 |
{
|
sl@0
|
697 |
return DoCheckPolicy(aMsgPtr);
|
sl@0
|
698 |
}
|
sl@0
|
699 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
700 |
|
sl@0
|
701 |
/** Checks this policy against the platform security attributes of the process which sent
|
sl@0
|
702 |
the given message.
|
sl@0
|
703 |
|
sl@0
|
704 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
705 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
706 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
707 |
check failed.
|
sl@0
|
708 |
|
sl@0
|
709 |
@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
|
sl@0
|
710 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
711 |
platform security attributes of aMsg, EFalse otherwise.
|
sl@0
|
712 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
713 |
*/
|
sl@0
|
714 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr) const
|
sl@0
|
715 |
{
|
sl@0
|
716 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
717 |
return DoCheckPolicy(aMsgPtr, NULL);
|
sl@0
|
718 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
719 |
SSecurityInfo missing;
|
sl@0
|
720 |
TSecurityInfo secInfo(aMsgPtr);
|
sl@0
|
721 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
|
sl@0
|
722 |
if(!pass)
|
sl@0
|
723 |
pass = (PlatSec::EmitDiagnostic() == KErrNone);
|
sl@0
|
724 |
return pass;
|
sl@0
|
725 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
726 |
}
|
sl@0
|
727 |
|
sl@0
|
728 |
/** Checks this policy against the platform security attributes of the process which sent
|
sl@0
|
729 |
the given message.
|
sl@0
|
730 |
|
sl@0
|
731 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
732 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
733 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
734 |
check failed.
|
sl@0
|
735 |
|
sl@0
|
736 |
@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
|
sl@0
|
737 |
@param aMissing A TSecurityInfo object which this method fills with any capabilities or IDs
|
sl@0
|
738 |
it finds to be missing.
|
sl@0
|
739 |
@param aDiagnostic A string that will be emitted along with any diagnostic message
|
sl@0
|
740 |
that may be issued if the policy check fails.
|
sl@0
|
741 |
This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
|
sl@0
|
742 |
which enables it to be easily removed from the system.
|
sl@0
|
743 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
744 |
platform security attributes of aMsg, EFalse otherwise.
|
sl@0
|
745 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
746 |
*/
|
sl@0
|
747 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
748 |
TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, TSecurityInfo& aMissing, const char* aDiagnostic) const
|
sl@0
|
749 |
{
|
sl@0
|
750 |
TSecurityInfo secInfo(aMsgPtr);
|
sl@0
|
751 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), *((SSecurityInfo*)&aMissing));
|
sl@0
|
752 |
if(!pass)
|
sl@0
|
753 |
pass = PlatSec::PolicyCheckFail(aMsgPtr,*((SSecurityInfo*)&aMissing),aDiagnostic)==KErrNone;
|
sl@0
|
754 |
return pass;
|
sl@0
|
755 |
}
|
sl@0
|
756 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
757 |
|
sl@0
|
758 |
/** Checks this policy against the platform security attributes of the process which sent
|
sl@0
|
759 |
the given message.
|
sl@0
|
760 |
|
sl@0
|
761 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
762 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
763 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
764 |
check failed.
|
sl@0
|
765 |
|
sl@0
|
766 |
@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
|
sl@0
|
767 |
@param aMissing A TSecurityInfo object which this method fills with any capabilities or IDs
|
sl@0
|
768 |
it finds to be missing.
|
sl@0
|
769 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
770 |
platform security attributes of aMsg, EFalse otherwise.
|
sl@0
|
771 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
772 |
*/
|
sl@0
|
773 |
TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, TSecurityInfo& aMissing) const
|
sl@0
|
774 |
{
|
sl@0
|
775 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
776 |
return DoCheckPolicy(aMsgPtr, aMissing, NULL);
|
sl@0
|
777 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
778 |
TSecurityInfo secInfo(aMsgPtr);
|
sl@0
|
779 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), *((SSecurityInfo*)&aMissing));
|
sl@0
|
780 |
if(!pass)
|
sl@0
|
781 |
pass = (PlatSec::EmitDiagnostic() == KErrNone);
|
sl@0
|
782 |
return pass;
|
sl@0
|
783 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
784 |
}
|
sl@0
|
785 |
|
sl@0
|
786 |
/** Checks this policy against the platform security attributes of this process' creator.
|
sl@0
|
787 |
|
sl@0
|
788 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
789 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
790 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
791 |
check failed.
|
sl@0
|
792 |
|
sl@0
|
793 |
@param aProcess The RProcess object to check against this TSecurityPolicy.
|
sl@0
|
794 |
@param aDiagnostic A string that will be emitted along with any diagnostic message
|
sl@0
|
795 |
that may be issued if the policy check fails.
|
sl@0
|
796 |
This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
|
sl@0
|
797 |
which enables it to be easily removed from the system.
|
sl@0
|
798 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
799 |
platform security attributes of this process' creator, EFalse otherwise.
|
sl@0
|
800 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
801 |
*/
|
sl@0
|
802 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
803 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicyCreator(const char* aDiagnostic) const
|
sl@0
|
804 |
{
|
sl@0
|
805 |
SSecurityInfo missing;
|
sl@0
|
806 |
TSecurityInfo secInfo;
|
sl@0
|
807 |
secInfo.SetToCreatorInfo();
|
sl@0
|
808 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
|
sl@0
|
809 |
if(!pass)
|
sl@0
|
810 |
pass = PlatSec::CreatorPolicyCheckFail(missing,aDiagnostic)==KErrNone;
|
sl@0
|
811 |
return pass;
|
sl@0
|
812 |
}
|
sl@0
|
813 |
#else // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
814 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicyCreator(const char* /*aDiagnostic*/) const
|
sl@0
|
815 |
{
|
sl@0
|
816 |
return DoCheckPolicyCreator();
|
sl@0
|
817 |
}
|
sl@0
|
818 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
819 |
|
sl@0
|
820 |
/** Checks this policy against the platform security attributes of this process' creator.
|
sl@0
|
821 |
|
sl@0
|
822 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
823 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
824 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
825 |
check failed.
|
sl@0
|
826 |
|
sl@0
|
827 |
@param aProcess The RProcess object to check against this TSecurityPolicy.
|
sl@0
|
828 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
829 |
platform security attributes of this process' creator, EFalse otherwise.
|
sl@0
|
830 |
@panic USER 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
831 |
*/
|
sl@0
|
832 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicyCreator() const
|
sl@0
|
833 |
{
|
sl@0
|
834 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
835 |
return DoCheckPolicyCreator(NULL);
|
sl@0
|
836 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
837 |
SSecurityInfo missing;
|
sl@0
|
838 |
TSecurityInfo secInfo;
|
sl@0
|
839 |
secInfo.SetToCreatorInfo();
|
sl@0
|
840 |
TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
|
sl@0
|
841 |
if(!pass)
|
sl@0
|
842 |
pass = (PlatSec::EmitDiagnostic() == KErrNone);
|
sl@0
|
843 |
return pass;
|
sl@0
|
844 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
845 |
}
|
sl@0
|
846 |
|
sl@0
|
847 |
#else //__KERNEL_MODE__
|
sl@0
|
848 |
|
sl@0
|
849 |
/** Checks this policy against the platform security attributes of aProcess.
|
sl@0
|
850 |
|
sl@0
|
851 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
852 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
853 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
854 |
check failed.
|
sl@0
|
855 |
|
sl@0
|
856 |
@param aProcess The DProcess object to check against this TSecurityPolicy.
|
sl@0
|
857 |
@param aDiagnostic A string that will be emitted along with any diagnostic message
|
sl@0
|
858 |
that may be issued if the policy check fails.
|
sl@0
|
859 |
This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
|
sl@0
|
860 |
which enables it to be easily removed from the system.
|
sl@0
|
861 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
862 |
platform security attributes of aProcess, EFalse otherwise.
|
sl@0
|
863 |
@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
864 |
*/
|
sl@0
|
865 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
866 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DProcess* aProcess, const char* aDiagnostic) const
|
sl@0
|
867 |
{
|
sl@0
|
868 |
SSecurityInfo missing;
|
sl@0
|
869 |
TBool pass = CheckPolicy(aProcess->iS, missing);
|
sl@0
|
870 |
if(!pass)
|
sl@0
|
871 |
pass = PlatSec::PolicyCheckFail(aProcess,missing,aDiagnostic)==KErrNone;
|
sl@0
|
872 |
return pass;
|
sl@0
|
873 |
}
|
sl@0
|
874 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
875 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DProcess* aProcess, const char* /*aDiagnostic*/) const
|
sl@0
|
876 |
{
|
sl@0
|
877 |
return DoCheckPolicy(aProcess);
|
sl@0
|
878 |
}
|
sl@0
|
879 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
880 |
|
sl@0
|
881 |
/** Checks this policy against the platform security attributes of aProcess.
|
sl@0
|
882 |
|
sl@0
|
883 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
884 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
885 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
886 |
check failed.
|
sl@0
|
887 |
|
sl@0
|
888 |
@param aProcess The DProcess object to check against this TSecurityPolicy.
|
sl@0
|
889 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
890 |
platform security attributes of aProcess, EFalse otherwise.
|
sl@0
|
891 |
@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
892 |
*/
|
sl@0
|
893 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DProcess* aProcess) const
|
sl@0
|
894 |
{
|
sl@0
|
895 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
896 |
return DoCheckPolicy(aProcess, NULL);
|
sl@0
|
897 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
898 |
SSecurityInfo missing;
|
sl@0
|
899 |
TBool pass = CheckPolicy(aProcess->iS, missing);
|
sl@0
|
900 |
if(!pass)
|
sl@0
|
901 |
pass = (PlatSec::EmitDiagnostic() == KErrNone);
|
sl@0
|
902 |
return pass;
|
sl@0
|
903 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
904 |
}
|
sl@0
|
905 |
|
sl@0
|
906 |
/** Checks this policy against the platform security attributes of the process
|
sl@0
|
907 |
owning aThread.
|
sl@0
|
908 |
|
sl@0
|
909 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
910 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
911 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
912 |
check failed.
|
sl@0
|
913 |
|
sl@0
|
914 |
@param aThread The thread whose owning process' platform security attributes
|
sl@0
|
915 |
are to be checked against this TSecurityPolicy.
|
sl@0
|
916 |
@param aDiagnostic A string that will be emitted along with any diagnostic message
|
sl@0
|
917 |
that may be issued if the policy check fails.
|
sl@0
|
918 |
This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
|
sl@0
|
919 |
which enables it to be easily removed from the system.
|
sl@0
|
920 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
921 |
platform security parameters of the owning process of aThread, EFalse otherwise.
|
sl@0
|
922 |
@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
923 |
*/
|
sl@0
|
924 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
925 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DThread* aThread, const char* aDiagnostic) const
|
sl@0
|
926 |
{
|
sl@0
|
927 |
SSecurityInfo missing;
|
sl@0
|
928 |
TBool pass = CheckPolicy(aThread->iOwningProcess->iS, missing);
|
sl@0
|
929 |
if(!pass)
|
sl@0
|
930 |
pass = PlatSec::PolicyCheckFail(aThread,missing,aDiagnostic)==KErrNone;
|
sl@0
|
931 |
return pass;
|
sl@0
|
932 |
}
|
sl@0
|
933 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
934 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DThread* aThread, const char* /*aDiagnostic*/) const
|
sl@0
|
935 |
{
|
sl@0
|
936 |
return DoCheckPolicy(aThread);
|
sl@0
|
937 |
}
|
sl@0
|
938 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
939 |
|
sl@0
|
940 |
/** Checks this policy against the platform security attributes of the process
|
sl@0
|
941 |
owning aThread.
|
sl@0
|
942 |
|
sl@0
|
943 |
When a check fails the action taken is determined by the system wide Platform Security
|
sl@0
|
944 |
configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
|
sl@0
|
945 |
If PlatSecEnforcement is OFF, then this function will return ETrue even though the
|
sl@0
|
946 |
check failed.
|
sl@0
|
947 |
|
sl@0
|
948 |
@param aThread The thread whose owning process' platform security attributes
|
sl@0
|
949 |
are to be checked against this TSecurityPolicy.
|
sl@0
|
950 |
@return ETrue if all the requirements of this TSecurityPolicy are met by the
|
sl@0
|
951 |
platform security parameters of the owning process of aThread, EFalse otherwise.
|
sl@0
|
952 |
@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
|
sl@0
|
953 |
*/
|
sl@0
|
954 |
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DThread* aThread) const
|
sl@0
|
955 |
{
|
sl@0
|
956 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
957 |
return DoCheckPolicy(aThread, NULL);
|
sl@0
|
958 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
959 |
SSecurityInfo missing;
|
sl@0
|
960 |
TBool pass = CheckPolicy(aThread->iOwningProcess->iS, missing);
|
sl@0
|
961 |
if(!pass)
|
sl@0
|
962 |
pass = (PlatSec::EmitDiagnostic() == KErrNone);
|
sl@0
|
963 |
return pass;
|
sl@0
|
964 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
965 |
}
|
sl@0
|
966 |
|
sl@0
|
967 |
#endif // !__KERNEL_MODE__
|
sl@0
|
968 |
|
sl@0
|
969 |
|
sl@0
|
970 |
#ifndef __KERNEL_MODE__
|
sl@0
|
971 |
|
sl@0
|
972 |
EXPORT_C TInt PlatSec::ConfigSetting(TConfigSetting aSetting)
|
sl@0
|
973 |
{
|
sl@0
|
974 |
TUint32 flags = Exec::KernelConfigFlags();
|
sl@0
|
975 |
switch(aSetting)
|
sl@0
|
976 |
{
|
sl@0
|
977 |
case EPlatSecEnforcement:
|
sl@0
|
978 |
flags &= EKernelConfigPlatSecEnforcement;
|
sl@0
|
979 |
break;
|
sl@0
|
980 |
case EPlatSecDiagnotics:
|
sl@0
|
981 |
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
982 |
flags &= EKernelConfigPlatSecDiagnostics;
|
sl@0
|
983 |
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
984 |
flags=0;
|
sl@0
|
985 |
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
|
sl@0
|
986 |
break;
|
sl@0
|
987 |
case EPlatSecProcessIsolation:
|
sl@0
|
988 |
flags &= EKernelConfigPlatSecProcessIsolation;
|
sl@0
|
989 |
break;
|
sl@0
|
990 |
case EPlatSecEnforceSysBin:
|
sl@0
|
991 |
flags &= EKernelConfigPlatSecEnforceSysBin;
|
sl@0
|
992 |
break;
|
sl@0
|
993 |
case EPlatSecLocked:
|
sl@0
|
994 |
flags &= EKernelConfigPlatSecLocked;
|
sl@0
|
995 |
break;
|
sl@0
|
996 |
default:
|
sl@0
|
997 |
flags = 0;
|
sl@0
|
998 |
break;
|
sl@0
|
999 |
}
|
sl@0
|
1000 |
if(flags)
|
sl@0
|
1001 |
flags = 1;
|
sl@0
|
1002 |
return flags;
|
sl@0
|
1003 |
}
|
sl@0
|
1004 |
|
sl@0
|
1005 |
EXPORT_C TBool PlatSec::IsCapabilityEnforced(TCapability aCapability)
|
sl@0
|
1006 |
{
|
sl@0
|
1007 |
if(!((TCapabilitySet&)AllSupportedCapabilities).HasCapability(aCapability))
|
sl@0
|
1008 |
return EFalse;
|
sl@0
|
1009 |
|
sl@0
|
1010 |
SCapabilitySet disabled;
|
sl@0
|
1011 |
Exec::DisabledCapabilities(disabled);
|
sl@0
|
1012 |
if(((TCapabilitySet&)disabled).HasCapability(aCapability))
|
sl@0
|
1013 |
return EFalse;
|
sl@0
|
1014 |
|
sl@0
|
1015 |
return PlatSec::ConfigSetting(EPlatSecEnforcement);
|
sl@0
|
1016 |
}
|
sl@0
|
1017 |
|
sl@0
|
1018 |
#endif // Not __KERNEL_MODE__
|