1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/kernelhwsrv/kernel/eka/include/e32capability.h Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,305 @@
1.4 +// Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
1.5 +// All rights reserved.
1.6 +// This component and the accompanying materials are made available
1.7 +// under the terms of the License "Eclipse Public License v1.0"
1.8 +// which accompanies this distribution, and is available
1.9 +// at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.10 +//
1.11 +// Initial Contributors:
1.12 +// Nokia Corporation - initial contribution.
1.13 +//
1.14 +// Contributors:
1.15 +//
1.16 +// Description:
1.17 +// e32\include\e32capability.h
1.18 +// Platform security capability definitions
1.19 +// Used by both source code and tools
1.20 +// This file can be directly included into C++ tools such as ROMBUILD to allow
1.21 +// capabilities to be specified by name. To do the same for MAKMAKE (in MMP
1.22 +// files) some perl code will be needed to parse this file and extract the
1.23 +// capability names and values.
1.24 +//
1.25 +//
1.26 +
1.27 +#ifndef __E32CAPABILITY_H__
1.28 +#define __E32CAPABILITY_H__
1.29 +
1.30 +/**
1.31 +An enumeration that defines the set of all supported capabilities.
1.32 +
1.33 +@publishedAll
1.34 +@released
1.35 +*/
1.36 +enum TCapability
1.37 + {
1.38 + /**
1.39 + Grants write access to executables and shared read-only resources.
1.40 +
1.41 + This is the most critical capability as it grants access to executables and
1.42 + therefore to their capabilities. It also grants write access to
1.43 + the /sys and /resource directories.
1.44 + */
1.45 + ECapabilityTCB = 0,
1.46 +
1.47 +
1.48 + /**
1.49 + Grants direct access to all communication device drivers. This includes:
1.50 + the EComm, Ethernet, USB device drivers etc.
1.51 + */
1.52 + ECapabilityCommDD = 1,
1.53 +
1.54 +
1.55 + /**
1.56 + Grants the right:
1.57 +
1.58 + - to kill any process in the system
1.59 + - to power off unused peripherals
1.60 + - to switch the machine into standby state
1.61 + - to wake the machine up
1.62 + - to power the machine down completely.
1.63 +
1.64 + Note that this does not control access to anything and everything
1.65 + that might drain battery power.
1.66 + */
1.67 + ECapabilityPowerMgmt = 2,
1.68 +
1.69 +
1.70 + /**
1.71 + Grants direct access to all multimedia device drivers.
1.72 +
1.73 + This includes the sound, camera, video device drivers etc.
1.74 + */
1.75 + ECapabilityMultimediaDD = 3,
1.76 +
1.77 +
1.78 + /**
1.79 + Grants read access to network operator, phone manufacturer and device
1.80 + confidential settings or data.
1.81 +
1.82 + For example, the pin lock code, the list of applications that are installed.
1.83 + */
1.84 + ECapabilityReadDeviceData = 4,
1.85 +
1.86 +
1.87 + /**
1.88 + Grants write access to settings that control the behaviour of the device.
1.89 +
1.90 + For example, device lock settings, system time, time zone, alarms, etc.
1.91 + */
1.92 + ECapabilityWriteDeviceData = 5,
1.93 +
1.94 +
1.95 + /**
1.96 + Grants access to protected content.
1.97 +
1.98 + DRM (Digital Rights Management) agents use this capability to decide whether
1.99 + or not an application should have access to DRM content.
1.100 + Applications granted DRM are trusted to respect the rights associated
1.101 + with the content.
1.102 + */
1.103 + ECapabilityDRM = 6,
1.104 +
1.105 +
1.106 + /**
1.107 + Grants the right to create a trusted UI session, and therefore to display
1.108 + dialogs in a secure UI environment.
1.109 +
1.110 + Trusted UI dialogs are rare. They must be used only when confidentiality
1.111 + and security are critical; for example, for password dialogs.
1.112 +
1.113 + Normal access to the user interface and the screen does not require
1.114 + this capability.
1.115 + */
1.116 + ECapabilityTrustedUI = 7,
1.117 +
1.118 +
1.119 + /**
1.120 + Grants the right to a server to register with a protected name.
1.121 +
1.122 + Currently, protected names start with a "!" character. The kernel prevents
1.123 + servers without this capability from using such a name, and therefore
1.124 + prevents protected servers from being impersonated.
1.125 + */
1.126 + ECapabilityProtServ = 8,
1.127 +
1.128 +
1.129 + /**
1.130 + Grants access to disk administration operations that affect more than one
1.131 + file or one directory (or overall filesystem integrity/behaviour, etc).
1.132 +
1.133 + For examples, reformatting a disk partition.
1.134 + */
1.135 + ECapabilityDiskAdmin = 9,
1.136 +
1.137 +
1.138 + /**
1.139 + Grants the right to modify or access network protocol controls.
1.140 +
1.141 + Typically when an action can change the behaviour of all existing and
1.142 + future connections, it should be protected by this capability.
1.143 +
1.144 + For example, forcing all existing connections on a specific protocol
1.145 + to be dropped, or changing the priority of a call.
1.146 + */
1.147 + ECapabilityNetworkControl = 10,
1.148 +
1.149 +
1.150 + /**
1.151 + Grants read access to the entire file system; grants write access to
1.152 + the private directories of other processes.
1.153 +
1.154 + This capability is very strictly controlled and should rarely be granted.
1.155 + */
1.156 + ECapabilityAllFiles = 11,
1.157 +
1.158 +
1.159 + /**
1.160 + Grants the right to generate software key & pen events, and to capture any
1.161 + of them regardless of the status of the application.
1.162 +
1.163 + Note that after obtaining the focus, normal applications do not need this
1.164 + capability to be dispatched key and pen events.
1.165 + */
1.166 + ECapabilitySwEvent = 12,
1.167 +
1.168 +
1.169 + /**
1.170 + A user capability that grants access to remote services without any
1.171 + restriction on its physical location.
1.172 +
1.173 + Typically, such a location is unknown to the phone user, and such services
1.174 + may incur cost for the phone user.
1.175 +
1.176 + Voice calls, SMS, and internet services are good examples of
1.177 + such network services. They are supported by GSM, CDMA and all IP transport
1.178 + protocols including Bluetooth profiles over IP.
1.179 + */
1.180 + ECapabilityNetworkServices = 13,
1.181 +
1.182 +
1.183 + /**
1.184 + A user capability that grants access to remote services in the close
1.185 + vicinity of the phone.
1.186 +
1.187 + The location of the remote service is well-known to the phone user, and in
1.188 + most cases, such services will not incur cost for the phone user.
1.189 + */
1.190 + ECapabilityLocalServices = 14,
1.191 +
1.192 +
1.193 + /**
1.194 + A user capability that grants read access to data that is confidential to
1.195 + the phone user.
1.196 +
1.197 + This capability supports the management of the user's privacy.
1.198 +
1.199 + Typically, contacts, messages and appointments are always seen user
1.200 + confidential data.
1.201 + */
1.202 + ECapabilityReadUserData = 15,
1.203 +
1.204 +
1.205 + /**
1.206 + A user capability that grants write access to user data.
1.207 +
1.208 + This capability supports the management of the integrity of user data.
1.209 +
1.210 + Note that this capability is not symmetric with the ECapabilityReadUserData
1.211 + capability. For example, you may want to prevent rogue applications from
1.212 + deleting music tracks but you may not want to restrict read access to them.
1.213 + */
1.214 + ECapabilityWriteUserData = 16,
1.215 +
1.216 +
1.217 + /**
1.218 + A user capability that grants access to the location of the device.
1.219 +
1.220 + This capability supports the management of the user's privacy with regard
1.221 + to the phone location.
1.222 + */
1.223 + ECapabilityLocation = 17,
1.224 +
1.225 +
1.226 + /**
1.227 + Grants access to logical device drivers that provide input information about
1.228 + the surroundings of the device.
1.229 +
1.230 + Good examples of drivers that require this capability would be GPS and biometrics
1.231 + device drivers. For complex multimedia logical device drivers that provide both
1.232 + input and output functions, such as Sound device driver, the MultimediaDD
1.233 + capability should be used if it is too difficult to separate the input from the
1.234 + output calls at its API level.
1.235 + */
1.236 + ECapabilitySurroundingsDD = 18,
1.237 +
1.238 +
1.239 + /**
1.240 + Grants access to live confidential information about the user and his/her
1.241 + immediate environment. This capability protect the user's privacy.
1.242 +
1.243 + Examples are audio, picture and video recording, biometrics (such as blood
1.244 + pressure) recording.
1.245 +
1.246 + Please note that the location of the device is excluded from this capability.
1.247 + The protection of this is achieved by using the dedicated capability Location
1.248 + */
1.249 + ECapabilityUserEnvironment = 19,
1.250 +
1.251 +
1.252 + ECapability_Limit, /**< @internalTechnology */
1.253 +
1.254 + ECapability_HardLimit = 255, /**< @internalTechnology */
1.255 +
1.256 + ECapability_None = -1, /**< Special value used to specify 'do not care' or 'no capability'.*/
1.257 +
1.258 + ECapability_Denied = -2 /**< Special value used to indicate a capability that is never granted. */
1.259 + };
1.260 +
1.261 +
1.262 +/** Define this macro to reference the names of the capabilities. This is here so
1.263 + that ROMBUILD can accept capability names.
1.264 +*/
1.265 +#ifdef __REFERENCE_CAPABILITY_NAMES__
1.266 +
1.267 +extern const char* const CapabilityNames[ECapability_Limit];
1.268 +
1.269 +#endif // __REFERENCE_CAPABILITY_NAMES__
1.270 +
1.271 +/** Define this macro to include the names of the capabilities. This is here so
1.272 + that ROMBUILD can accept capability names.
1.273 +*/
1.274 +#ifdef __INCLUDE_CAPABILITY_NAMES__
1.275 +
1.276 +/** List of names of all supported capabilities
1.277 + Must be in the same order as the enumerators in TCapability
1.278 +
1.279 +@publishedAll
1.280 +@released
1.281 +*/
1.282 +extern const char* const CapabilityNames[ECapability_Limit] =
1.283 + {
1.284 + "TCB",
1.285 + "CommDD",
1.286 + "PowerMgmt",
1.287 + "MultimediaDD",
1.288 + "ReadDeviceData",
1.289 + "WriteDeviceData",
1.290 + "DRM",
1.291 + "TrustedUI",
1.292 + "ProtServ",
1.293 + "DiskAdmin",
1.294 + "NetworkControl",
1.295 + "AllFiles",
1.296 + "SwEvent",
1.297 + "NetworkServices",
1.298 + "LocalServices",
1.299 + "ReadUserData",
1.300 + "WriteUserData",
1.301 + "Location",
1.302 + "SurroundingsDD",
1.303 + "UserEnvironment"
1.304 + };
1.305 +
1.306 +#endif // __INCLUDE_CAPABILITY_NAMES__
1.307 +
1.308 +#endif // __E32CAPABILITY_H__