os/kernelhwsrv/kernel/eka/common/secure.cpp
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution.
sl@0
     1
// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
sl@0
     2
// All rights reserved.
sl@0
     3
// This component and the accompanying materials are made available
sl@0
     4
// under the terms of the License "Eclipse Public License v1.0"
sl@0
     5
// which accompanies this distribution, and is available
sl@0
     6
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
sl@0
     7
//
sl@0
     8
// Initial Contributors:
sl@0
     9
// Nokia Corporation - initial contribution.
sl@0
    10
//
sl@0
    11
// Contributors:
sl@0
    12
//
sl@0
    13
// Description:
sl@0
    14
// e32\common\secure.cpp
sl@0
    15
// 
sl@0
    16
//
sl@0
    17
sl@0
    18
#define __INCLUDE_ALL_SUPPORTED_CAPABILITIES__
sl@0
    19
#include "common.h"
sl@0
    20
#ifdef __KERNEL_MODE__
sl@0
    21
#include <kernel/kernel.h>
sl@0
    22
#include <kernel/kern_priv.h>
sl@0
    23
#endif
sl@0
    24
sl@0
    25
// Check that the layout of TSecurityInfo and SSecurityInfo are the same
sl@0
    26
// because we use this assumption in the TSecurityInfo::Set methods
sl@0
    27
__ASSERT_COMPILE(_FOFF(TSecurityInfo,iSecureId)==_FOFF(SSecurityInfo,iSecureId));
sl@0
    28
__ASSERT_COMPILE(_FOFF(TSecurityInfo,iVendorId)==_FOFF(SSecurityInfo,iVendorId));
sl@0
    29
__ASSERT_COMPILE(_FOFF(TSecurityInfo,iCaps)==_FOFF(SSecurityInfo,iCaps));
sl@0
    30
sl@0
    31
sl@0
    32
#ifdef __KERNEL_MODE__
sl@0
    33
sl@0
    34
sl@0
    35
/**
sl@0
    36
Construct a TSecurityInfo setting it to the security attributes of aProcess.
sl@0
    37
@param aProcess A process.
sl@0
    38
*/
sl@0
    39
EXPORT_C TSecurityInfo::TSecurityInfo(DProcess* aProcess)
sl@0
    40
	{
sl@0
    41
	memcpy(this, &aProcess->iS, sizeof(SSecurityInfo));
sl@0
    42
	}
sl@0
    43
sl@0
    44
/**
sl@0
    45
Construct a TSecurityInfo setting it to the security attributes to those of the process
sl@0
    46
owning the specified thread.
sl@0
    47
@param aThread A thread.
sl@0
    48
*/
sl@0
    49
EXPORT_C TSecurityInfo::TSecurityInfo(DThread* aThread)
sl@0
    50
	{
sl@0
    51
	memcpy(this, &aThread->iOwningProcess->iS, sizeof(SSecurityInfo));
sl@0
    52
	}
sl@0
    53
sl@0
    54
#else
sl@0
    55
sl@0
    56
/**
sl@0
    57
Construct a TSecurityInfo setting it to the security attributes of aProcess.
sl@0
    58
@param aProcess A process.
sl@0
    59
*/
sl@0
    60
EXPORT_C TSecurityInfo::TSecurityInfo(RProcess aProcess)
sl@0
    61
	{
sl@0
    62
	Exec::ProcessSecurityInfo(aProcess.Handle(),*(SSecurityInfo*)this);
sl@0
    63
	}
sl@0
    64
sl@0
    65
/**
sl@0
    66
Construct a TSecurityInfo setting it to the security attributes to those of the process
sl@0
    67
owning the specified thread.
sl@0
    68
@param aThread A thread.
sl@0
    69
*/
sl@0
    70
EXPORT_C TSecurityInfo::TSecurityInfo(RThread aThread)
sl@0
    71
	{
sl@0
    72
	Exec::ThreadSecurityInfo(aThread.Handle(),*(SSecurityInfo*)this);
sl@0
    73
	}
sl@0
    74
sl@0
    75
/**
sl@0
    76
Construct a TSecurityInfo setting it to the security attributes of the process
sl@0
    77
which sent the message aMsgPtr
sl@0
    78
@param aMsgPtr a message
sl@0
    79
*/
sl@0
    80
EXPORT_C TSecurityInfo::TSecurityInfo(RMessagePtr2 aMsgPtr)
sl@0
    81
	{
sl@0
    82
	Exec::MessageSecurityInfo(aMsgPtr.Handle(),*(SSecurityInfo*)this);
sl@0
    83
	}
sl@0
    84
sl@0
    85
TInt TSecurityInfo::Set(RSessionBase aSession)
sl@0
    86
	{
sl@0
    87
	return Exec::SessionSecurityInfo(aSession.Handle(),*(SSecurityInfo*)this);
sl@0
    88
	}
sl@0
    89
sl@0
    90
/**
sl@0
    91
Sets this TSecurityInfo to the security attributes of this process' creator.
sl@0
    92
*/
sl@0
    93
EXPORT_C void TSecurityInfo::SetToCreatorInfo()
sl@0
    94
	{
sl@0
    95
	Exec::CreatorSecurityInfo(*(SSecurityInfo*)this);
sl@0
    96
	}
sl@0
    97
sl@0
    98
#endif //__KERNEL_MODE__
sl@0
    99
sl@0
   100
/**
sl@0
   101
Construct a set consisting of two capabilities.
sl@0
   102
@param aCapability1 The first capability.
sl@0
   103
@param aCapability2 The second capability.
sl@0
   104
*/
sl@0
   105
EXPORT_C TCapabilitySet::TCapabilitySet(TCapability aCapability1, TCapability aCapability2)
sl@0
   106
	{
sl@0
   107
	SetEmpty();
sl@0
   108
	AddCapability(aCapability1);
sl@0
   109
	AddCapability(aCapability2);
sl@0
   110
	}
sl@0
   111
sl@0
   112
/**
sl@0
   113
Make this set empty. I.e. Containing no capabilities.
sl@0
   114
*/
sl@0
   115
EXPORT_C void TCapabilitySet::SetEmpty()
sl@0
   116
	{
sl@0
   117
	memset(iCaps,0,sizeof(iCaps));
sl@0
   118
	}
sl@0
   119
sl@0
   120
sl@0
   121
/**
sl@0
   122
Make this set consist of all capabilities supported by this OS version.
sl@0
   123
*/
sl@0
   124
EXPORT_C void TCapabilitySet::SetAllSupported()
sl@0
   125
	{
sl@0
   126
	*(SCapabilitySet*)&iCaps=AllSupportedCapabilities;
sl@0
   127
	}
sl@0
   128
sl@0
   129
#ifndef __KERNEL_MODE__
sl@0
   130
// Documented in header file
sl@0
   131
EXPORT_C void TCapabilitySet::SetDisabled()
sl@0
   132
	{
sl@0
   133
	Exec::DisabledCapabilities(*(SCapabilitySet*)this);
sl@0
   134
	}
sl@0
   135
#endif // __KERNEL_MODE__
sl@0
   136
sl@0
   137
/**
sl@0
   138
Add a single capability to the set.
sl@0
   139
If the capability is not supported by this OS version then it is not added and
sl@0
   140
the set is left unchanged.
sl@0
   141
@see TCapabilitySet::SetAllSupported()
sl@0
   142
@param aCapability Capability to add.
sl@0
   143
*/
sl@0
   144
EXPORT_C void TCapabilitySet::AddCapability(TCapability aCapability)
sl@0
   145
	{
sl@0
   146
	if((TUint32)aCapability<(TUint32)ECapability_Limit)
sl@0
   147
		{
sl@0
   148
		TInt index = aCapability>>3;
sl@0
   149
		TUint8 mask = (TUint8)(1<<(aCapability&7));
sl@0
   150
		mask &= ((TUint8*)&AllSupportedCapabilities)[index];
sl@0
   151
		((TUint8*)iCaps)[index] |= mask;
sl@0
   152
		}
sl@0
   153
	}
sl@0
   154
sl@0
   155
/**
sl@0
   156
Remove a single capability from the set, if it is present.
sl@0
   157
@param aCapability Capability to remove.
sl@0
   158
*/
sl@0
   159
EXPORT_C void TCapabilitySet::RemoveCapability(TCapability aCapability)
sl@0
   160
	{
sl@0
   161
	if((TUint32)aCapability<(TUint32)ECapability_Limit)
sl@0
   162
		{
sl@0
   163
		TInt index = aCapability>>3;
sl@0
   164
		TUint8 mask = (TUint8)(1<<(aCapability&7));
sl@0
   165
		((TUint8*)iCaps)[index] &= ~mask;
sl@0
   166
		}
sl@0
   167
	}
sl@0
   168
sl@0
   169
/**
sl@0
   170
Perform a union of this capability set with another.
sl@0
   171
The result replaces the content of 'this'.
sl@0
   172
@param aCapabilities A cpability set
sl@0
   173
*/
sl@0
   174
EXPORT_C void TCapabilitySet::Union(const TCapabilitySet& aCapabilities)
sl@0
   175
	{
sl@0
   176
	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
sl@0
   177
		iCaps[n] |= aCapabilities.iCaps[n];
sl@0
   178
	}
sl@0
   179
sl@0
   180
/**
sl@0
   181
Perform an intersection of this capability set with another.
sl@0
   182
The result replaces the content of 'this'.
sl@0
   183
@param aCapabilities A capability set
sl@0
   184
*/
sl@0
   185
EXPORT_C void TCapabilitySet::Intersection(const TCapabilitySet& aCapabilities)
sl@0
   186
	{
sl@0
   187
	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
sl@0
   188
		iCaps[n] &= aCapabilities.iCaps[n];
sl@0
   189
	}
sl@0
   190
sl@0
   191
/**
sl@0
   192
Remove a set of capabilities from this set.
sl@0
   193
@param aCapabilities The set of capabilities to remove
sl@0
   194
*/
sl@0
   195
EXPORT_C void TCapabilitySet::Remove(const TCapabilitySet& aCapabilities)
sl@0
   196
	{
sl@0
   197
	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
sl@0
   198
		iCaps[n] &= ~aCapabilities.iCaps[n];
sl@0
   199
	}
sl@0
   200
sl@0
   201
/**
sl@0
   202
Test if a single capability is present in the set.
sl@0
   203
The capability ECapability_None is always treated as being present.
sl@0
   204
@param aCapability The capability to test
sl@0
   205
@return 1 if the capability is present, 0 if it is not.
sl@0
   206
*/
sl@0
   207
EXPORT_C TBool TCapabilitySet::HasCapability(TCapability aCapability) const
sl@0
   208
	{
sl@0
   209
	if((TUint32)aCapability<(TUint32)ECapability_Limit)
sl@0
   210
		return (((TUint8*)iCaps)[aCapability>>3]>>(aCapability&7))&1;
sl@0
   211
	// coverity[dead_error_condition]
sl@0
   212
	if(aCapability==ECapability_None)
sl@0
   213
		return ETrue;
sl@0
   214
	return EFalse;  // Handles illegal argument and ECapability_Denied
sl@0
   215
	}
sl@0
   216
sl@0
   217
/**
sl@0
   218
Test if all the capabilities in a given set are present in this set
sl@0
   219
@param aCapabilities The capability set to test
sl@0
   220
@return A non-zero value if all the capabilities are present, zero otherwise.
sl@0
   221
*/
sl@0
   222
EXPORT_C TBool TCapabilitySet::HasCapabilities(const TCapabilitySet& aCapabilities) const
sl@0
   223
	{
sl@0
   224
	TUint32 checkFail=0;
sl@0
   225
	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
sl@0
   226
		checkFail |= aCapabilities.iCaps[n]&~iCaps[n];
sl@0
   227
	return checkFail?0:1;
sl@0
   228
	}
sl@0
   229
sl@0
   230
// Documented in header file
sl@0
   231
TBool TCapabilitySet::NotEmpty() const
sl@0
   232
	{
sl@0
   233
	TUint32 notEmpty=0;
sl@0
   234
	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
sl@0
   235
		notEmpty |= iCaps[n];
sl@0
   236
	return notEmpty;
sl@0
   237
	}
sl@0
   238
sl@0
   239
//ECapability_None is assumed to be -1 in the internals of TSecurityPolicy
sl@0
   240
__ASSERT_COMPILE(ECapability_None == -1);
sl@0
   241
sl@0
   242
/** Constructs a TSecurityPolicy to either always pass or always fail checks made
sl@0
   243
against it, depending on the value of aType.
sl@0
   244
@param aType Must be one of EAlwaysPass or EAlwaysFail
sl@0
   245
@panic USER 191 if aType is not a valid value
sl@0
   246
*/
sl@0
   247
EXPORT_C TSecurityPolicy::TSecurityPolicy(TSecPolicyType aType)
sl@0
   248
	: iType((TUint8)aType), iSecureId(TUint32(ECapability_None))
sl@0
   249
	{
sl@0
   250
	//This constructor uses TSecPolicyType as public alias for the internal
sl@0
   251
	//TType.  Thus EAlwaysFail must have the same value as ETypeFail (same with the
sl@0
   252
	//pass case too).
sl@0
   253
	__ASSERT_COMPILE(EAlwaysFail == (TSecPolicyType)ETypeFail);
sl@0
   254
	__ASSERT_COMPILE(EAlwaysPass == (TSecPolicyType)ETypePass);
sl@0
   255
sl@0
   256
	__ASSERT_ALWAYS(aType == EAlwaysFail || aType == EAlwaysPass, Panic(ETSecPolicyTypeInvalid));
sl@0
   257
	iCaps[0] = (TUint8)ECapability_None;
sl@0
   258
	iCaps[1] = (TUint8)ECapability_None;
sl@0
   259
	iCaps[2] = (TUint8)ECapability_None;
sl@0
   260
	}
sl@0
   261
sl@0
   262
/** Construct a TSecurityPolicy object to check up to 3 capabilties.
sl@0
   263
@param aCap1 The first capability to add to this policy
sl@0
   264
@param aCap2 An optional second capability to add to this policy
sl@0
   265
@param aCap3 An optional third capability to add to this policy
sl@0
   266
@panic USER 189 If any of the supplied capabilities are not valid.
sl@0
   267
*/
sl@0
   268
EXPORT_C TSecurityPolicy::TSecurityPolicy(TCapability aCap1, TCapability aCap2, TCapability aCap3)
sl@0
   269
	//iSecureId=0xFFFFFFFF sets iExtraCaps[0-3] each to ECapability_None (==0xFF)
sl@0
   270
	: iType(ETypeC3), iSecureId(TUint32(ECapability_None))
sl@0
   271
	{
sl@0
   272
	ConstructAndCheck3(aCap1, aCap2, aCap3);
sl@0
   273
	}
sl@0
   274
sl@0
   275
/** Construct a TSecurityPolicy object to check up to 7 capabilties.
sl@0
   276
@param aCap1 The first capability to add to this policy
sl@0
   277
@param aCap2 The second capability to add to this policy
sl@0
   278
@param aCap3 The third capability to add to this policy
sl@0
   279
@param aCap4 The fourth capability to add to this policy
sl@0
   280
@param aCap5 An optional fifth capability to add to this policy
sl@0
   281
@param aCap6 An optional sixth capability to add to this policy
sl@0
   282
@param aCap7 An optional seventh capability to add to this policy
sl@0
   283
@panic USER 189 If any of the supplied capabilities are not valid.
sl@0
   284
*/
sl@0
   285
EXPORT_C TSecurityPolicy::TSecurityPolicy(TCapability aCap1, TCapability aCap2, 
sl@0
   286
	TCapability aCap3, TCapability aCap4, TCapability aCap5, TCapability aCap6, TCapability aCap7)
sl@0
   287
	: iType(ETypeC7)  
sl@0
   288
	{
sl@0
   289
	ConstructAndCheck3(aCap1, aCap2, aCap3);
sl@0
   290
	__ASSERT_COMPILE(ECapability_None==-1); // Our argument check below assumes this
sl@0
   291
	__ASSERT_ALWAYS(  (TUint)(aCap4+1)<=(TUint)ECapability_Limit
sl@0
   292
					&&(TUint)(aCap5+1)<=(TUint)ECapability_Limit
sl@0
   293
					&&(TUint)(aCap6+1)<=(TUint)ECapability_Limit
sl@0
   294
					&&(TUint)(aCap7+1)<=(TUint)ECapability_Limit
sl@0
   295
					,Panic(ECapabilityInvalid));
sl@0
   296
	iExtraCaps[0] = (TUint8)aCap4;
sl@0
   297
	iExtraCaps[1] = (TUint8)aCap5;
sl@0
   298
	iExtraCaps[2] = (TUint8)aCap6;
sl@0
   299
	iExtraCaps[3] = (TUint8)aCap7;
sl@0
   300
	}
sl@0
   301
sl@0
   302
/** Construct a TSecurityPolicy object to check a secure id and up to 3 capabilties.
sl@0
   303
@param aSecureId The secure id to add to this policy
sl@0
   304
@param aCap1 The first capability to add to this policy
sl@0
   305
@param aCap2 The second capability to add to this policy
sl@0
   306
@param aCap3 The third capability to add to this policy
sl@0
   307
@panic USER 189 If any of the supplied capabilities are not valid.
sl@0
   308
*/
sl@0
   309
EXPORT_C TSecurityPolicy::TSecurityPolicy(TSecureId aSecureId, 
sl@0
   310
	TCapability aCap1, TCapability aCap2, TCapability aCap3)
sl@0
   311
	: iType(ETypeS3), iSecureId(aSecureId)
sl@0
   312
	{
sl@0
   313
	ConstructAndCheck3(aCap1, aCap2, aCap3);
sl@0
   314
	}
sl@0
   315
sl@0
   316
/** Construct a TSecurityPolicy object to check a vendor id and up to 3 capabilties.
sl@0
   317
@param aVendorId The vendor id to add to this policy
sl@0
   318
@param aCap1 The first capability to add to this policy
sl@0
   319
@param aCap2 The second capability to add to this policy
sl@0
   320
@param aCap3 The third capability to add to this policy
sl@0
   321
@panic USER 189 If any of the supplied capabilities are not valid.
sl@0
   322
*/
sl@0
   323
EXPORT_C TSecurityPolicy::TSecurityPolicy(TVendorId aVendorId, 
sl@0
   324
	TCapability aCap1, TCapability aCap2, TCapability aCap3)
sl@0
   325
	: iType(ETypeV3), iVendorId(aVendorId)
sl@0
   326
	{
sl@0
   327
	ConstructAndCheck3(aCap1, aCap2, aCap3);
sl@0
   328
	}
sl@0
   329
sl@0
   330
/** Sets up iCaps[0-2] with supplied values and checks for their validity.
sl@0
   331
@panic USER 189 If any of the supplied capabilities are invalid.
sl@0
   332
*/
sl@0
   333
void TSecurityPolicy::ConstructAndCheck3(TCapability aCap1, TCapability aCap2, TCapability aCap3)
sl@0
   334
	{
sl@0
   335
	__ASSERT_COMPILE(ECapability_None==-1); // Our argument check below assumes this
sl@0
   336
	__ASSERT_ALWAYS(  (TUint)(aCap1+1)<=(TUint)ECapability_Limit
sl@0
   337
					&&(TUint)(aCap2+1)<=(TUint)ECapability_Limit
sl@0
   338
					&&(TUint)(aCap3+1)<=(TUint)ECapability_Limit
sl@0
   339
					,Panic(ECapabilityInvalid));
sl@0
   340
	iCaps[0] = (TUint8)aCap1;
sl@0
   341
	iCaps[1] = (TUint8)aCap2;
sl@0
   342
	iCaps[2] = (TUint8)aCap3;
sl@0
   343
	}
sl@0
   344
sl@0
   345
/**
sl@0
   346
Checks that this object is in a valid state
sl@0
   347
@return A non-zero value if this object is valid, zero otherwise.
sl@0
   348
@internalComponent
sl@0
   349
*/
sl@0
   350
TBool TSecurityPolicy::Validate() const
sl@0
   351
	{
sl@0
   352
	switch(iType)
sl@0
   353
		{
sl@0
   354
		case ETypeFail:
sl@0
   355
		case ETypePass:
sl@0
   356
			if(iSecureId!=TUint32(ECapability_None))
sl@0
   357
				return EFalse;
sl@0
   358
			__ASSERT_COMPILE(TUint8(ECapability_None)==0xffu); // Test below assumes this...
sl@0
   359
			if((iCaps[0]&iCaps[1]&iCaps[2])!=TUint8(ECapability_None)) // check caps 0 to 2 are each == ECapability_None
sl@0
   360
				return EFalse;
sl@0
   361
			return ETrue;
sl@0
   362
sl@0
   363
		case ETypeC7:
sl@0
   364
			return ETrue;
sl@0
   365
sl@0
   366
		case ETypeC3:
sl@0
   367
			if(iSecureId!=TUint32(ECapability_None))
sl@0
   368
				return EFalse;
sl@0
   369
			return ETrue;
sl@0
   370
sl@0
   371
		case ETypeS3:
sl@0
   372
		case ETypeV3:
sl@0
   373
			return ETrue;
sl@0
   374
sl@0
   375
		default:
sl@0
   376
			return EFalse;
sl@0
   377
		}
sl@0
   378
	}
sl@0
   379
sl@0
   380
/** Sets this TSecurityPolicy to a copy of the policy described by the
sl@0
   381
supplied descriptor. Such a descriptor can be obtained from
sl@0
   382
TSecurityPolicy::Package().
sl@0
   383
@see TSecurityPolicy::Package()
sl@0
   384
@param aDes A descriptor representing the state of another TSecurityPolicy.
sl@0
   385
@return KErrNone, if successful, otherwise one of the other system-wide error
sl@0
   386
codes.
sl@0
   387
*/
sl@0
   388
EXPORT_C TInt TSecurityPolicy::Set(const TDesC8& aDes)
sl@0
   389
	{
sl@0
   390
	if(aDes.Size() == sizeof(TSecurityPolicy))
sl@0
   391
		{
sl@0
   392
		*this = *(TSecurityPolicy*)aDes.Ptr();
sl@0
   393
		if(Validate())
sl@0
   394
			return KErrNone;
sl@0
   395
		}
sl@0
   396
	// Set failed so set up the policy as an EAlwaysFail case.
sl@0
   397
	iType = EAlwaysFail;
sl@0
   398
	iCaps[0] = TUint8(ECapability_None);
sl@0
   399
	iCaps[1] = TUint8(ECapability_None);
sl@0
   400
	iCaps[2] = TUint8(ECapability_None);
sl@0
   401
	iSecureId = TUint32(ECapability_None);
sl@0
   402
	return KErrArgument;
sl@0
   403
	}
sl@0
   404
sl@0
   405
/** 
sl@0
   406
Constructs a TPtrC8 wrapping the platform security attributes of this
sl@0
   407
TSecurityPolicy.  Such a descriptor is suitable for passing across the
sl@0
   408
client server boundary.
sl@0
   409
sl@0
   410
The format of the descriptor is determined by the first byte which specifies 
sl@0
   411
the type of this TSecurityPolicy.  The first byte is one of the constants
sl@0
   412
specified in the enum TSecurityPolicy::TType.
sl@0
   413
sl@0
   414
For TSecurityPolicy objects of types ETypeC3, ETypeS3, ETypePass or ETypeFail
sl@0
   415
the descriptor will contain the following data in the order listed:
sl@0
   416
@code
sl@0
   417
	TUint8 iType; 		// set to ETypeC3, ETypeS3, ETypePass or ETypeFail
sl@0
   418
	TUint8 iCaps[3];
sl@0
   419
	TUint32 iSecureId;
sl@0
   420
@endcode
sl@0
   421
ETypeC3 descriptors will contain capabilities in iCaps but have iSecureId set
sl@0
   422
to ECapability_None.  ETypeS3 are similar to ETypeC3 descriptors but will have
sl@0
   423
iSecureId set to the secure ID value of the TSecurityPolicy object.
sl@0
   424
ETypePass and ETypeFail objects will have values of all of the elements of iCaps
sl@0
   425
and iSecureId set to ECapability_None.
sl@0
   426
sl@0
   427
For TSecurityPolicy objects of type ETypeV3 the descriptor will contain the
sl@0
   428
following data in the order listed:
sl@0
   429
@code
sl@0
   430
	TUint8 iType;		// set to ETypeV3
sl@0
   431
	TUint8 iCaps[3];	// set to the values of 3 capabilities
sl@0
   432
	TUint32 iVendorId;	// set to the value of the vendor ID of the TSecurityPolicy
sl@0
   433
@endcode
sl@0
   434
sl@0
   435
For TSecurityPolicy objects of type ETypeC7 the descriptor will contain the
sl@0
   436
following data in the order listed:
sl@0
   437
@code
sl@0
   438
	TUint8 iType;			// set to ETypeC7
sl@0
   439
	TUint8 iCaps[3];		// set to the values of 3 of the objects capabilities
sl@0
   440
	TUint8 iExtraCaps[4];	// set to the values of 4 of the objects capabilities
sl@0
   441
@endcode
sl@0
   442
@see TSecurityPolicy::TType
sl@0
   443
@see TSecurityPolicy::Set()
sl@0
   444
@return A TPtrC8 wrapping the platform security attributes of this TSecurityPolicy.
sl@0
   445
*/
sl@0
   446
EXPORT_C TPtrC8 TSecurityPolicy::Package() const
sl@0
   447
	{
sl@0
   448
	return TPtrC8((TUint8*)(this), sizeof(TSecurityPolicy));
sl@0
   449
	}
sl@0
   450
sl@0
   451
/** Checks this policy against the supplied SSecurityInfo.
sl@0
   452
@param aSecInfo The SSecurityInfo object to check against this TSecurityPolicy.
sl@0
   453
@param aMissing A SSecurityInfo object which this method fills with any capabilities or IDs
sl@0
   454
				it finds to be missing. This is designed to help generating diagnostic messages.
sl@0
   455
@return ETrue if all the requirements of this TSecurityPolicy are met, EFalse
sl@0
   456
@panic USER 190 if aSecInfo is an invalid SSecurityInfo object
sl@0
   457
otherwise.
sl@0
   458
*/
sl@0
   459
TBool TSecurityPolicy::CheckPolicy(const SSecurityInfo& aSecInfo, SSecurityInfo& aMissing) const
sl@0
   460
	{
sl@0
   461
	TBool result = EFalse;
sl@0
   462
	//It is thought to be by far the most common case to have 3 or less
sl@0
   463
	//capabilities in a policy.  Hence we'll set this for all of them even
sl@0
   464
	//though ETypePass doesn't need it.
sl@0
   465
	aMissing.iSecureId = 0;
sl@0
   466
	aMissing.iVendorId = 0;
sl@0
   467
	__ASSERT_COMPILE(SCapabilitySet::ENCapW == 2);
sl@0
   468
	aMissing.iCaps[0] = 0;
sl@0
   469
	aMissing.iCaps[1] = 0;
sl@0
   470
	aMissing.iCaps.AddCapability((TCapability)(iCaps[0]));
sl@0
   471
	aMissing.iCaps.AddCapability((TCapability)(iCaps[1]));
sl@0
   472
	aMissing.iCaps.AddCapability((TCapability)(iCaps[2]));
sl@0
   473
	aMissing.iCaps.Remove(aSecInfo.iCaps);
sl@0
   474
	switch(iType)
sl@0
   475
		{
sl@0
   476
		case ETypeFail:
sl@0
   477
			//result already False;
sl@0
   478
			break;
sl@0
   479
		case ETypePass:
sl@0
   480
			result = ETrue;	
sl@0
   481
			break;
sl@0
   482
		case ETypeC7:
sl@0
   483
			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[0]));
sl@0
   484
			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[1]));
sl@0
   485
			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[2]));
sl@0
   486
			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[3]));
sl@0
   487
			aMissing.iCaps.Remove(aSecInfo.iCaps);
sl@0
   488
			//It is intentional that there is no break statement here
sl@0
   489
		case ETypeC3:
sl@0
   490
			if(!aMissing.iCaps.NotEmpty())
sl@0
   491
				{
sl@0
   492
				result = ETrue;
sl@0
   493
				}
sl@0
   494
			break;
sl@0
   495
		case ETypeS3:
sl@0
   496
			if(!aMissing.iCaps.NotEmpty() && iSecureId == aSecInfo.iSecureId)
sl@0
   497
				{
sl@0
   498
				result = ETrue;
sl@0
   499
				}
sl@0
   500
			//This else if required to set the aMissing.iCaps secure id for diagnostics.
sl@0
   501
			//Doesn't affect pass case.
sl@0
   502
			else if(iSecureId != aSecInfo.iSecureId) 
sl@0
   503
				{
sl@0
   504
				aMissing.iSecureId = iSecureId;
sl@0
   505
				}
sl@0
   506
			break;
sl@0
   507
		case ETypeV3:
sl@0
   508
			if(!aMissing.iCaps.NotEmpty() && iVendorId == aSecInfo.iVendorId)
sl@0
   509
				{
sl@0
   510
				result = ETrue;
sl@0
   511
				}
sl@0
   512
			else if(iVendorId != aSecInfo.iVendorId)
sl@0
   513
				{
sl@0
   514
				aMissing.iVendorId = iVendorId;
sl@0
   515
				}
sl@0
   516
			break;
sl@0
   517
		default:
sl@0
   518
			Panic(ESecurityPolicyCorrupt);
sl@0
   519
			break;
sl@0
   520
		}
sl@0
   521
	return result;
sl@0
   522
	}
sl@0
   523
sl@0
   524
#ifndef __KERNEL_MODE__
sl@0
   525
sl@0
   526
/** Checks this policy against the platform security attributes of aProcess.
sl@0
   527
sl@0
   528
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   529
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   530
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   531
	check failed.
sl@0
   532
sl@0
   533
@param aProcess The RProcess object to check against this TSecurityPolicy.
sl@0
   534
@param aDiagnostic A string that will be emitted along with any diagnostic message
sl@0
   535
							that may be issued if the policy check fails.
sl@0
   536
							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
sl@0
   537
							which enables it to be easily removed from the system.
sl@0
   538
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   539
platform security attributes of aProcess, EFalse otherwise.
sl@0
   540
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   541
*/
sl@0
   542
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   543
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RProcess aProcess, const char* aDiagnostic) const
sl@0
   544
	{
sl@0
   545
	SSecurityInfo missing;
sl@0
   546
	TSecurityInfo secInfo(aProcess);
sl@0
   547
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
sl@0
   548
	if(!pass)
sl@0
   549
		pass = PlatSec::PolicyCheckFail(aProcess.Handle(),missing,aDiagnostic)==KErrNone;
sl@0
   550
	return pass;
sl@0
   551
	}
sl@0
   552
#else // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   553
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RProcess aProcess, const char* /*aDiagnostic*/) const
sl@0
   554
	{
sl@0
   555
	return DoCheckPolicy(aProcess);
sl@0
   556
	}
sl@0
   557
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   558
sl@0
   559
/** Checks this policy against the platform security attributes of aProcess.
sl@0
   560
sl@0
   561
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   562
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   563
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   564
	check failed.
sl@0
   565
sl@0
   566
@param aProcess The RProcess object to check against this TSecurityPolicy.
sl@0
   567
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   568
platform security attributes of aProcess, EFalse otherwise.
sl@0
   569
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   570
*/
sl@0
   571
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RProcess aProcess) const
sl@0
   572
	{
sl@0
   573
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   574
	return DoCheckPolicy(aProcess, NULL);
sl@0
   575
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   576
	SSecurityInfo missing;
sl@0
   577
	TSecurityInfo secInfo(aProcess);
sl@0
   578
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
sl@0
   579
	if(!pass)
sl@0
   580
		pass = (PlatSec::EmitDiagnostic() == KErrNone);
sl@0
   581
	return pass;
sl@0
   582
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   583
	}
sl@0
   584
sl@0
   585
/** Checks this policy against the platform security attributes of the process
sl@0
   586
owning aThread.
sl@0
   587
sl@0
   588
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   589
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   590
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   591
	check failed.
sl@0
   592
sl@0
   593
@param aThread The thread whose owning process' platform security attributes
sl@0
   594
are to be checked against this TSecurityPolicy.
sl@0
   595
@param aDiagnostic A string that will be emitted along with any diagnostic message
sl@0
   596
							that may be issued if the policy check fails.
sl@0
   597
							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
sl@0
   598
							which enables it to be easily removed from the system.
sl@0
   599
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   600
platform security parameters of the owning process of aThread, EFalse otherwise.
sl@0
   601
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   602
*/
sl@0
   603
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   604
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RThread aThread, const char* aDiagnostic) const
sl@0
   605
	{
sl@0
   606
	SSecurityInfo missing;
sl@0
   607
	TSecurityInfo secInfo(aThread);
sl@0
   608
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
sl@0
   609
	if(!pass)
sl@0
   610
		pass = PlatSec::PolicyCheckFail(aThread.Handle(),missing,aDiagnostic)==KErrNone;
sl@0
   611
	return pass;
sl@0
   612
	}
sl@0
   613
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   614
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RThread aThread, const char* /*aDiagnostic*/) const
sl@0
   615
	{
sl@0
   616
	return DoCheckPolicy(aThread);
sl@0
   617
	}
sl@0
   618
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   619
sl@0
   620
/** Checks this policy against the platform security attributes of the process
sl@0
   621
owning aThread.
sl@0
   622
sl@0
   623
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   624
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   625
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   626
	check failed.
sl@0
   627
sl@0
   628
@param aThread The thread whose owning process' platform security attributes
sl@0
   629
are to be checked against this TSecurityPolicy.
sl@0
   630
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   631
platform security parameters of the owning process of aThread, EFalse otherwise.
sl@0
   632
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   633
*/
sl@0
   634
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RThread aThread) const
sl@0
   635
	{
sl@0
   636
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   637
	return DoCheckPolicy(aThread, NULL);
sl@0
   638
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   639
	SSecurityInfo missing;
sl@0
   640
	TSecurityInfo secInfo(aThread);
sl@0
   641
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
sl@0
   642
	if(!pass)
sl@0
   643
		pass = (PlatSec::EmitDiagnostic() == KErrNone);
sl@0
   644
	return pass;
sl@0
   645
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   646
	}
sl@0
   647
sl@0
   648
TInt TSecurityPolicy::CheckPolicy(RSessionBase aSession) const
sl@0
   649
	{
sl@0
   650
	SSecurityInfo missing;
sl@0
   651
	TSecurityInfo secInfo;
sl@0
   652
	TInt r = secInfo.Set(aSession);
sl@0
   653
	if (r!=KErrNone)
sl@0
   654
		return r;
sl@0
   655
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
sl@0
   656
	if(!pass)
sl@0
   657
		{
sl@0
   658
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   659
		r = PlatSec::PolicyCheckFail(aSession.Handle(),missing,NULL);
sl@0
   660
#else
sl@0
   661
		r = PlatSec::EmitDiagnostic();
sl@0
   662
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   663
		}
sl@0
   664
	return r;
sl@0
   665
	}
sl@0
   666
sl@0
   667
/** Checks this policy against the platform security attributes of the process which sent
sl@0
   668
the given message.
sl@0
   669
sl@0
   670
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   671
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   672
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   673
	check failed.
sl@0
   674
sl@0
   675
@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
sl@0
   676
@param aDiagnostic A string that will be emitted along with any diagnostic message
sl@0
   677
							that may be issued if the policy check fails.
sl@0
   678
							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
sl@0
   679
							which enables it to be easily removed from the system.
sl@0
   680
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   681
platform security attributes of aMsg, EFalse otherwise.
sl@0
   682
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   683
*/
sl@0
   684
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   685
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, const char* aDiagnostic) const
sl@0
   686
	{
sl@0
   687
	SSecurityInfo missing;
sl@0
   688
	TSecurityInfo secInfo(aMsgPtr);
sl@0
   689
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
sl@0
   690
	if(!pass)
sl@0
   691
		pass = PlatSec::PolicyCheckFail(aMsgPtr,missing,aDiagnostic)==KErrNone;
sl@0
   692
	return pass;
sl@0
   693
	}
sl@0
   694
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   695
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, const char* /*aDiagnostic*/) const
sl@0
   696
	{
sl@0
   697
	return DoCheckPolicy(aMsgPtr);
sl@0
   698
	}
sl@0
   699
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   700
sl@0
   701
/** Checks this policy against the platform security attributes of the process which sent
sl@0
   702
the given message.
sl@0
   703
sl@0
   704
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   705
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   706
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   707
	check failed.
sl@0
   708
sl@0
   709
@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
sl@0
   710
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   711
platform security attributes of aMsg, EFalse otherwise.
sl@0
   712
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   713
*/
sl@0
   714
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr) const
sl@0
   715
	{
sl@0
   716
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   717
	return DoCheckPolicy(aMsgPtr, NULL);
sl@0
   718
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   719
	SSecurityInfo missing;
sl@0
   720
	TSecurityInfo secInfo(aMsgPtr);
sl@0
   721
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
sl@0
   722
	if(!pass)
sl@0
   723
		pass = (PlatSec::EmitDiagnostic() == KErrNone);
sl@0
   724
	return pass;
sl@0
   725
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   726
	}
sl@0
   727
sl@0
   728
/** Checks this policy against the platform security attributes of the process which sent
sl@0
   729
the given message.
sl@0
   730
sl@0
   731
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   732
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   733
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   734
	check failed.
sl@0
   735
sl@0
   736
@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
sl@0
   737
@param aMissing A TSecurityInfo object which this method fills with any capabilities or IDs
sl@0
   738
				it finds to be missing. 
sl@0
   739
@param aDiagnostic A string that will be emitted along with any diagnostic message
sl@0
   740
							that may be issued if the policy check fails.
sl@0
   741
							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
sl@0
   742
							which enables it to be easily removed from the system.
sl@0
   743
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   744
platform security attributes of aMsg, EFalse otherwise.
sl@0
   745
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   746
*/
sl@0
   747
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   748
TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, TSecurityInfo& aMissing, const char* aDiagnostic) const
sl@0
   749
	{
sl@0
   750
	TSecurityInfo secInfo(aMsgPtr);
sl@0
   751
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), *((SSecurityInfo*)&aMissing));
sl@0
   752
	if(!pass)
sl@0
   753
		pass = PlatSec::PolicyCheckFail(aMsgPtr,*((SSecurityInfo*)&aMissing),aDiagnostic)==KErrNone;
sl@0
   754
	return pass;
sl@0
   755
	}
sl@0
   756
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   757
sl@0
   758
/** Checks this policy against the platform security attributes of the process which sent
sl@0
   759
the given message.
sl@0
   760
sl@0
   761
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   762
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   763
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   764
	check failed.
sl@0
   765
sl@0
   766
@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
sl@0
   767
@param aMissing A TSecurityInfo object which this method fills with any capabilities or IDs
sl@0
   768
				it finds to be missing. 
sl@0
   769
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   770
platform security attributes of aMsg, EFalse otherwise.
sl@0
   771
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   772
*/
sl@0
   773
TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, TSecurityInfo& aMissing) const
sl@0
   774
	{
sl@0
   775
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   776
	return DoCheckPolicy(aMsgPtr, aMissing, NULL);
sl@0
   777
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   778
	TSecurityInfo secInfo(aMsgPtr);
sl@0
   779
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), *((SSecurityInfo*)&aMissing));
sl@0
   780
	if(!pass)
sl@0
   781
		pass = (PlatSec::EmitDiagnostic() == KErrNone);
sl@0
   782
	return pass;
sl@0
   783
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   784
	}
sl@0
   785
sl@0
   786
/** Checks this policy against the platform security attributes of this process' creator.
sl@0
   787
sl@0
   788
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   789
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   790
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   791
	check failed.
sl@0
   792
sl@0
   793
@param aProcess The RProcess object to check against this TSecurityPolicy.
sl@0
   794
@param aDiagnostic A string that will be emitted along with any diagnostic message
sl@0
   795
							that may be issued if the policy check fails.
sl@0
   796
							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
sl@0
   797
							which enables it to be easily removed from the system.
sl@0
   798
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   799
platform security attributes of this process' creator, EFalse otherwise.
sl@0
   800
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   801
*/
sl@0
   802
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   803
EXPORT_C TBool TSecurityPolicy::DoCheckPolicyCreator(const char* aDiagnostic) const
sl@0
   804
	{
sl@0
   805
	SSecurityInfo missing;
sl@0
   806
	TSecurityInfo secInfo;
sl@0
   807
	secInfo.SetToCreatorInfo();
sl@0
   808
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
sl@0
   809
	if(!pass)
sl@0
   810
		pass = PlatSec::CreatorPolicyCheckFail(missing,aDiagnostic)==KErrNone;
sl@0
   811
	return pass;
sl@0
   812
	}
sl@0
   813
#else // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   814
EXPORT_C TBool TSecurityPolicy::DoCheckPolicyCreator(const char* /*aDiagnostic*/) const
sl@0
   815
	{
sl@0
   816
	return DoCheckPolicyCreator();
sl@0
   817
	}
sl@0
   818
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   819
sl@0
   820
/** Checks this policy against the platform security attributes of this process' creator.
sl@0
   821
sl@0
   822
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   823
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   824
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   825
	check failed.
sl@0
   826
sl@0
   827
@param aProcess The RProcess object to check against this TSecurityPolicy.
sl@0
   828
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   829
platform security attributes of this process' creator, EFalse otherwise.
sl@0
   830
@panic USER 190 if 'this' is an invalid SSecurityInfo object
sl@0
   831
*/
sl@0
   832
EXPORT_C TBool TSecurityPolicy::DoCheckPolicyCreator() const
sl@0
   833
	{
sl@0
   834
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   835
	return DoCheckPolicyCreator(NULL);
sl@0
   836
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   837
	SSecurityInfo missing;
sl@0
   838
	TSecurityInfo secInfo;
sl@0
   839
	secInfo.SetToCreatorInfo();
sl@0
   840
	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
sl@0
   841
	if(!pass)
sl@0
   842
		pass = (PlatSec::EmitDiagnostic() == KErrNone);
sl@0
   843
	return pass;
sl@0
   844
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   845
	}
sl@0
   846
sl@0
   847
#else //__KERNEL_MODE__
sl@0
   848
sl@0
   849
/** Checks this policy against the platform security attributes of aProcess.
sl@0
   850
sl@0
   851
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   852
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   853
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   854
	check failed.
sl@0
   855
sl@0
   856
@param aProcess The DProcess object to check against this TSecurityPolicy.
sl@0
   857
@param aDiagnostic A string that will be emitted along with any diagnostic message
sl@0
   858
							that may be issued if the policy check fails.
sl@0
   859
							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
sl@0
   860
							which enables it to be easily removed from the system.
sl@0
   861
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   862
platform security attributes of aProcess, EFalse otherwise.
sl@0
   863
@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
sl@0
   864
*/
sl@0
   865
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   866
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DProcess* aProcess, const char* aDiagnostic) const
sl@0
   867
	{
sl@0
   868
	SSecurityInfo missing;
sl@0
   869
	TBool pass = CheckPolicy(aProcess->iS, missing);
sl@0
   870
	if(!pass)
sl@0
   871
		pass = PlatSec::PolicyCheckFail(aProcess,missing,aDiagnostic)==KErrNone;
sl@0
   872
	return pass;
sl@0
   873
	}
sl@0
   874
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   875
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DProcess* aProcess, const char* /*aDiagnostic*/) const
sl@0
   876
	{
sl@0
   877
	return DoCheckPolicy(aProcess);
sl@0
   878
	}
sl@0
   879
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   880
sl@0
   881
/** Checks this policy against the platform security attributes of aProcess.
sl@0
   882
sl@0
   883
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   884
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   885
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   886
	check failed.
sl@0
   887
sl@0
   888
@param aProcess The DProcess object to check against this TSecurityPolicy.
sl@0
   889
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   890
platform security attributes of aProcess, EFalse otherwise.
sl@0
   891
@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
sl@0
   892
*/
sl@0
   893
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DProcess* aProcess) const
sl@0
   894
	{
sl@0
   895
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   896
	return DoCheckPolicy(aProcess, NULL);
sl@0
   897
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   898
	SSecurityInfo missing;
sl@0
   899
	TBool pass = CheckPolicy(aProcess->iS, missing);
sl@0
   900
	if(!pass)
sl@0
   901
		pass = (PlatSec::EmitDiagnostic() == KErrNone);
sl@0
   902
	return pass;
sl@0
   903
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   904
	}
sl@0
   905
sl@0
   906
/** Checks this policy against the platform security attributes of the process
sl@0
   907
owning aThread.
sl@0
   908
sl@0
   909
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   910
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   911
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   912
	check failed.
sl@0
   913
sl@0
   914
@param aThread The thread whose owning process' platform security attributes
sl@0
   915
are to be checked against this TSecurityPolicy.
sl@0
   916
@param aDiagnostic A string that will be emitted along with any diagnostic message
sl@0
   917
							that may be issued if the policy check fails.
sl@0
   918
							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
sl@0
   919
							which enables it to be easily removed from the system.
sl@0
   920
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   921
platform security parameters of the owning process of aThread, EFalse otherwise.
sl@0
   922
@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
sl@0
   923
*/
sl@0
   924
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   925
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DThread* aThread, const char* aDiagnostic) const
sl@0
   926
	{
sl@0
   927
	SSecurityInfo missing;
sl@0
   928
	TBool pass = CheckPolicy(aThread->iOwningProcess->iS, missing);
sl@0
   929
	if(!pass)
sl@0
   930
		pass = PlatSec::PolicyCheckFail(aThread,missing,aDiagnostic)==KErrNone;
sl@0
   931
	return pass;
sl@0
   932
	}
sl@0
   933
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   934
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DThread* aThread, const char* /*aDiagnostic*/) const
sl@0
   935
	{
sl@0
   936
	return DoCheckPolicy(aThread);
sl@0
   937
	}
sl@0
   938
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   939
sl@0
   940
/** Checks this policy against the platform security attributes of the process
sl@0
   941
owning aThread.
sl@0
   942
sl@0
   943
	When a check fails the action taken is determined by the system wide Platform Security
sl@0
   944
	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
sl@0
   945
	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
sl@0
   946
	check failed.
sl@0
   947
sl@0
   948
@param aThread The thread whose owning process' platform security attributes
sl@0
   949
are to be checked against this TSecurityPolicy.
sl@0
   950
@return ETrue if all the requirements of this TSecurityPolicy are met by the
sl@0
   951
platform security parameters of the owning process of aThread, EFalse otherwise.
sl@0
   952
@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
sl@0
   953
*/
sl@0
   954
EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DThread* aThread) const
sl@0
   955
	{
sl@0
   956
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   957
	return DoCheckPolicy(aThread, NULL);
sl@0
   958
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   959
	SSecurityInfo missing;
sl@0
   960
	TBool pass = CheckPolicy(aThread->iOwningProcess->iS, missing);
sl@0
   961
	if(!pass)
sl@0
   962
		pass = (PlatSec::EmitDiagnostic() == KErrNone);
sl@0
   963
	return pass;
sl@0
   964
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   965
	}
sl@0
   966
sl@0
   967
#endif // !__KERNEL_MODE__
sl@0
   968
sl@0
   969
sl@0
   970
#ifndef __KERNEL_MODE__
sl@0
   971
sl@0
   972
EXPORT_C TInt PlatSec::ConfigSetting(TConfigSetting aSetting)
sl@0
   973
	{
sl@0
   974
	TUint32 flags = Exec::KernelConfigFlags();
sl@0
   975
	switch(aSetting)
sl@0
   976
		{
sl@0
   977
		case EPlatSecEnforcement:
sl@0
   978
			flags &= EKernelConfigPlatSecEnforcement;
sl@0
   979
			break;
sl@0
   980
		case EPlatSecDiagnotics:
sl@0
   981
#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   982
			flags &= EKernelConfigPlatSecDiagnostics;
sl@0
   983
#else //__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   984
			flags=0;
sl@0
   985
#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
sl@0
   986
			break;
sl@0
   987
		case EPlatSecProcessIsolation:
sl@0
   988
			flags &= EKernelConfigPlatSecProcessIsolation;
sl@0
   989
			break;
sl@0
   990
		case EPlatSecEnforceSysBin:
sl@0
   991
			flags &= EKernelConfigPlatSecEnforceSysBin;
sl@0
   992
			break;
sl@0
   993
		case EPlatSecLocked:
sl@0
   994
			flags &= EKernelConfigPlatSecLocked;
sl@0
   995
			break;
sl@0
   996
		default:
sl@0
   997
			flags = 0;
sl@0
   998
			break;
sl@0
   999
		}
sl@0
  1000
	if(flags)
sl@0
  1001
		flags = 1;
sl@0
  1002
	return flags;
sl@0
  1003
	}
sl@0
  1004
sl@0
  1005
EXPORT_C TBool PlatSec::IsCapabilityEnforced(TCapability aCapability)
sl@0
  1006
	{
sl@0
  1007
	if(!((TCapabilitySet&)AllSupportedCapabilities).HasCapability(aCapability))
sl@0
  1008
		return EFalse;
sl@0
  1009
sl@0
  1010
	SCapabilitySet disabled;
sl@0
  1011
	Exec::DisabledCapabilities(disabled);
sl@0
  1012
	if(((TCapabilitySet&)disabled).HasCapability(aCapability))
sl@0
  1013
		return EFalse;
sl@0
  1014
sl@0
  1015
	return PlatSec::ConfigSetting(EPlatSecEnforcement);
sl@0
  1016
	}
sl@0
  1017
sl@0
  1018
#endif // Not __KERNEL_MODE__