1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/persistentdata/persistentstorage/dbms/sdbms/Sd_PolicyProxy2.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,309 @@
1.4 +// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
1.5 +// All rights reserved.
1.6 +// This component and the accompanying materials are made available
1.7 +// under the terms of "Eclipse Public License v1.0"
1.8 +// which accompanies this distribution, and is available
1.9 +// at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.10 +//
1.11 +// Initial Contributors:
1.12 +// Nokia Corporation - initial contribution.
1.13 +//
1.14 +// Contributors:
1.15 +//
1.16 +// Description:
1.17 +// CPolicyProxy class
1.18 +//
1.19 +//
1.20 +
1.21 +#include "SD_STD.H"
1.22 +#include "Sd_PolicyProxy.h"
1.23 +#include "D32SQL.H"
1.24 +
1.25 +using namespace DBSC;
1.26 +
1.27 +/**
1.28 +TDbsFunction enum value is used as an index in KDbsFunc2SecurityPolicyMask array.
1.29 +For each TDbsFunction enum value there is a set of security policies,
1.30 +which have to be satisified by the caller capabilities (at least one of them) -
1.31 +before the related operation to be executed.
1.32 +@internalComponent
1.33 +*/
1.34 +static const TUint8 KDbsFunc2SecurityPolicyMask[EDbsLast] =
1.35 + {
1.36 +/*EDbsResourceMark*/ EPTNone,
1.37 +/*EDbsResourceCheck*/ EPTNone,
1.38 +/*EDbsResourceCount*/ EPTNone,
1.39 +/*EDbsSetHeapFailure*/ EPTNone,
1.40 +/*EDbsOpenDatabase*/ EPTRead | EPTWrite | EPTSchema, //---The caller capabilities will be asserted later, when the db security uid is known
1.41 +/*EDbsClose*/ EPTNone, //---EDbsClose may be used to close every possible type of server side dbms object
1.42 +/*EDbsDatabaseAuthenticate*/EPTNone, //---Not supported for secure shared databases
1.43 +/*EDbsDatabaseDestroy*/ EPTSchema, //---Only admin can destroy the database
1.44 +/*EDbsDatabaseBegin*/ EPTRead | EPTWrite | EPTSchema, //---Begin transaction, which makes sense if the caller wants to change the database schema or to insert/delete/update database tables or to protect its "read" operations
1.45 +/*EDbsDatabaseCommit*/ EPTRead | EPTWrite | EPTSchema, //---Commit transaction, which makes sense if the caller wants to change the database schema or to insert/delete/update database tables or to protect its "read" operations
1.46 +/*EDbsDatabaseRollback*/ EPTRead | EPTWrite | EPTSchema, //---Rollback transaction, which makes sense if the caller wants to change the database schema or to insert/delete/update database tables or to protect its "read" operations
1.47 +/*EDbsDatabaseProperty*/ EPTNone,
1.48 +/*EDbsDatabaseCreateTable*/ EPTSchema,
1.49 +/*EDbsDatabaseTables*/ EPTNone,
1.50 +/*EDbsDatabaseColumns*/ EPTNone,
1.51 +/*EDbsDatabaseIndexes*/ EPTNone,
1.52 +/*EDbsDatabaseKeys*/ EPTNone,
1.53 +/*EDbsDatabaseOpenObserver*/EPTNone,
1.54 +/*EDbsDatabaseOpenUtility*/ EPTWrite, //---Compact/Recover operations
1.55 +/*EDbsDatabaseOpenDropTable*/EPTSchema,
1.56 +/*EDbsDatabaseOpenAlterTable*/EPTSchema,
1.57 +/*EDbsDatabaseOpenCreateIndex*/EPTSchema,
1.58 +/*EDbsDatabaseOpenDropIndex*/EPTSchema,
1.59 +/*EDbsDatabaseExecute*/ EPTWrite | EPTSchema, //---either CREATE/DROP/ALTER database operations or INSERT/UPDATE/DELETE table operations. An additional caller capabilities check will be made after the parsing of the sql string.
1.60 +/*EDbsDatabasePrepareView*/ EPTRead, //---"SELECT" sql string
1.61 +/*EDbsDatabaseOpenTable*/ EPTRead | EPTWrite, //---If the caller neither have capabilities for read or write table security policies, then the the caller cannot open the table.
1.62 +/*EDbsObserverNotify*/ EPTNone,
1.63 +/*EDbsObserverCancel*/ EPTNone,
1.64 +/*EDbsIncrementalNext*/ EPTNone,
1.65 +/*EDbsCursorColumnTypes*/ EPTNone,
1.66 +/*EDbsCursorReset*/ EPTNone, //---Moves the cursor at the beginning of the table/dataset
1.67 +/*EDbsCursorEvaluate*/ EPTNone,
1.68 +/*EDbsCursorUnevaluated*/ EPTNone,
1.69 +/*EDbsCursorSetIndex*/ EPTRead,
1.70 +/*EDbsCursorSeek*/ EPTRead,
1.71 +/*EDbsCursorAtBeginning*/ EPTNone,
1.72 +/*EDbsCursorAtEnd*/ EPTNone,
1.73 +/*EDbsCursorAtRow*/ EPTNone,
1.74 +/*EDbsCursorCount*/ EPTRead | EPTWrite,
1.75 +/*EDbsCursorGotoPos*/ EPTRead,
1.76 +/*EDbsCursorBookmark*/ EPTRead,
1.77 +/*EDbsCursorGotoBookmark*/ EPTRead,
1.78 +/*EDbsCursorGet*/ EPTRead,
1.79 +/*EDbsCursorInsert*/ EPTWrite,
1.80 +/*EDbsCursorUpdate*/ EPTWrite,
1.81 +/*EDbsCursorRetrieveRow*/ EPTNone, //---Used by "Insert" operations sometime
1.82 +/*EDbsCursorCancel*/ EPTNone,
1.83 +/*EDbsCursorPut*/ EPTWrite,
1.84 +/*EDbsCursorDelete*/ EPTWrite,
1.85 +/*EDbsCursorColumns*/ EPTNone,
1.86 +/*EDbsCursorColumnDef*/ EPTNone,
1.87 +/*EDbsCursorSetNull*/ EPTWrite,
1.88 +/*EDbsCursorColumnSize*/ EPTNone,
1.89 +/*EDbsCursorColumnSource*/ EPTRead, //---Used for large BLOB fields - read ops
1.90 +/*EDbsCursorColumnSink*/ EPTWrite, //---Used for large BLOB fields - write ops
1.91 +/*EDbsCursorOpenConstraint*/EPTRead,
1.92 +/*EDbsCursorMatch*/ EPTRead,
1.93 +/*EDbsCursorFind*/ EPTRead,
1.94 +/*EDbsStreamRead*/ EPTNone,
1.95 +/*EDbsStreamWrite*/ EPTNone,
1.96 +/*EDbsStreamSize*/ EPTNone,
1.97 +/*EDbsStreamSynch*/ EPTNone,
1.98 +/*EDbsCreateDatabase*/ EPTSchema,
1.99 +/*EDbsDatabaseList*/ EPTNone,
1.100 +/*EDbsCopyDatabase*/ EPTSchema,
1.101 +/*EDbsDeleteDatabase*/ EPTSchema,
1.102 +/*EDbsGetSecurityPolicy*/ EPTNone,
1.103 +/*EDbsReserveDriveSpace*/ EPTNone,
1.104 +/*EDbsFreeReservedSpace*/ EPTNone,
1.105 +/*EDbsReserveGetAccess*/ EPTNone,
1.106 +/*EDbsReserveReleaseAccess*/EPTNone,
1.107 +/*EDbsGetBackupPath*/ EPTNone,
1.108 +/*EDbsGetBackupPaths*/ EPTNone
1.109 + };
1.110 +
1.111 +/**
1.112 +This function returns bit-field mask value, containing security policies types (R/W/S)
1.113 +Each security policy contains a set of Capabilities/SID/VID.
1.114 +In order particular database operation to be executed, the caller Capabilities/SID/VID have
1.115 +to be checked against security policy Capabilities/SID/VID.
1.116 +Don't forget to map new DBMS functions here!
1.117 +@param aFunction DBMS server function code
1.118 +@return An integer mask with a set of security policy types. The caller has to satisfy at least
1.119 + one of of them.
1.120 +*/
1.121 +static TUint DbsFunction2PolicyMask(TDbsFunction aFunction)
1.122 + {
1.123 + __ASSERT(aFunction < EDbsLast);
1.124 + return KDbsFunc2SecurityPolicyMask[aFunction];
1.125 + }
1.126 +
1.127 +/**
1.128 +Extracts DBMS server function code from aMessage argument.
1.129 +@param aMessage DBMS server message
1.130 +@return DBMS server function code
1.131 +@internalComponent
1.132 +*/
1.133 +static TDbsFunction Message2Function(const RMessage2& aMessage)
1.134 + {
1.135 + TDbsFunction func = ::DbsFunction(aMessage.Function());
1.136 + return static_cast <TDbsFunction> (func & ~KDbsObjectReturn);
1.137 + }
1.138 +
1.139 +/**
1.140 +*/
1.141 +inline CPolicyProxy::CPolicyProxy(RFs& aFs):iFs(aFs)
1.142 + {
1.143 + }
1.144 +
1.145 +/**
1.146 +Standard phase-one factory method for CPolicyProxy instances.
1.147 +@param aFs A file server session instance
1.148 +@param aPrivatePath DBMS server private data path
1.149 +@return A pointer to the created CPolicyProxy instance.
1.150 +@leave KErrNoMemory
1.151 +*/
1.152 +CPolicyProxy* CPolicyProxy::NewL(RFs& aFs,const TDesC& aPrivatePath)
1.153 + {
1.154 + CPolicyProxy* self = new (ELeave) CPolicyProxy(aFs);
1.155 + CleanupStack::PushL(self);
1.156 + self->ConstructL(aPrivatePath);
1.157 + CleanupStack::Pop(self);
1.158 + return self;
1.159 + }
1.160 +
1.161 +/**
1.162 +*/
1.163 +CPolicyProxy::~CPolicyProxy()
1.164 + {
1.165 + if(iPolicySpace) //iPolicySpace can be NULL in OOM tests
1.166 + {
1.167 + iPolicySpace->Release();
1.168 + }
1.169 + }
1.170 +
1.171 +/**
1.172 +Returns requested database security policy interface, which cannot be NULL.
1.173 +@param aDbPolicyRequest Request params: request type (secure/non-secure) and domain UID
1.174 +@return A const pointer to the related UID security policy object.
1.175 +*/
1.176 +const MPolicy* CPolicyProxy::DbPolicyL(const TDbPolicyRequest& aDbPolicyRequest)
1.177 + {
1.178 + return iPolicySpace->DbPolicyL(aDbPolicyRequest);
1.179 + }
1.180 +
1.181 +/**
1.182 +Returns requested table security policy interface, which cannot be NULL.
1.183 +@param aDbPolicyRequest Request params: request type (secure/non-secure) and domain UID
1.184 +@param aTblName Database table name
1.185 +@return A const pointer to the related table security policy object.
1.186 +*/
1.187 +const MPolicy* CPolicyProxy::TblPolicyL(const TDbPolicyRequest& aDbPolicyRequest,
1.188 + const TDesC& aTblName)
1.189 + {
1.190 + return iPolicySpace->TblPolicyL(aDbPolicyRequest, aTblName);
1.191 + }
1.192 +
1.193 +/**
1.194 +This method is used to get the SQL related MPolicy interface and the related security
1.195 +policy type.
1.196 +If aUPRequest.iRqAccess is EATNonSecure, then the default security policy will be returned.
1.197 +Currently the DBMS can process the following SQL strings:
1.198 +1)DDL - CREATE/DROP/ALTER SQL statements - EPTSchema database access level.
1.199 +2)DML - INSERT/UPDATE/DELETE SQL statements. Only one table can be put after the "FROM"
1.200 + SQL keyword. EPTWrite table access level.
1.201 +3)QUERY- SELECT SQL statements. Only one table can be out after the "FROM" SQL keyword.
1.202 + EPTRead table access level.
1.203 +@param aDbPolicyRequest A const reference to an object packing security policy uid and the request type:
1.204 + secure/non-secure.
1.205 +@param aSql SQL string
1.206 +@param aPolicyType An output parameter, referencing the location, where the policy type will be stored.
1.207 +@return A const pointer to the related policy interface. It cannot be NULL, and must not be deleted.
1.208 +@leave One of the system-wide error codes.
1.209 +*/
1.210 +const MPolicy* CPolicyProxy::SqlPolicyL(const TDbPolicyRequest& aDbPolicyRequest, const TDesC& aSql,
1.211 + TPolicyType& aPolicyType)
1.212 + {
1.213 + const MPolicy* policy = NULL;
1.214 + aPolicyType = EPTNone;
1.215 + //Get table name and sql type.
1.216 + TSqlParser2 sqlParser;
1.217 + sqlParser.ParseL(aSql);
1.218 + Sql::TStatementType sqlType = sqlParser.StatementType();
1.219 + //Reinitialize aSqlSecurityPolicyData, which is sql type dependent.
1.220 + switch(sqlType)
1.221 + {
1.222 + case Sql::EDDL:
1.223 + //Database EPTSchema access level
1.224 + policy = DbPolicyL(aDbPolicyRequest);
1.225 + aPolicyType = EPTSchema;
1.226 + break;
1.227 + case Sql::EDML:
1.228 + default:
1.229 + {//Table access level - EPTRead or EPTWrite.
1.230 + const TDesC& tblName = sqlParser.TableName();
1.231 + __ASSERT(tblName.Length() > 0);
1.232 + TBuf<KDbMaxName> tblNameBuf;
1.233 + tblNameBuf.Copy(tblName);
1.234 + policy = TblPolicyL(aDbPolicyRequest, tblNameBuf);
1.235 + aPolicyType = sqlType == Sql::EDML ? EPTWrite : EPTRead;
1.236 + }
1.237 + break;
1.238 + }
1.239 + __ASSERT(policy);
1.240 + return policy;
1.241 + }
1.242 +
1.243 +/**
1.244 +Returns backup&restore SID for the databases, the access to which is controlled by the
1.245 +security policy, identified by aDbUid parameter.
1.246 +@param aDbUid Domain UID
1.247 +@return Backup&restore SID for the supplied domain UID
1.248 +@leave KErrArgument if there is no security policy domain for the supplied UID.
1.249 +*/
1.250 +TSecureId CPolicyProxy::BackupSIDL(TUid aDbUid) const
1.251 + {
1.252 + return iPolicySpace->BackupSIDL(aDbUid);
1.253 + }
1.254 +
1.255 +/**
1.256 +Asserts caller capabilities/SID/VID, packed in aMessage parameter against the security policy
1.257 +managed by aPolicy parameter. The caller has to satisfy at least one of the related to
1.258 +the message security policies.
1.259 +@param aMessage An object whith caller capabilities/SID/VID, which has to be checked.
1.260 +@param aPolicy A const reference to the security policy object.
1.261 +@leave KErrPermissionDenied The caller has no enough rights for the requested DBMS operation
1.262 +*/
1.263 +void CPolicyProxy::CheckL(const RMessage2& aMessage, const MPolicy& aPolicy) const
1.264 + {
1.265 + TDbsFunction func = ::Message2Function(aMessage);
1.266 + TUint mask = ::DbsFunction2PolicyMask(func);
1.267 + if(mask != EPTNone)
1.268 + {
1.269 + for(TInt c=0;c<KPolicyTypesCount;++c)
1.270 + {
1.271 + TPolicyType policyType = static_cast <TPolicyType> (1 << c);
1.272 + if(policyType & mask)
1.273 + {
1.274 + if(aPolicy.Check(aMessage, policyType))
1.275 + {
1.276 + return;
1.277 + }
1.278 + }
1.279 + }
1.280 + __LEAVE(KErrPermissionDenied);
1.281 + }
1.282 + }
1.283 +
1.284 +/**
1.285 +Asserts caller capabilities/SID/VID, packed in aMessage parameter against the security policy
1.286 +managed by aPolicy parameter.
1.287 +@param aPolicyType The policy type, against which the check has to be done.
1.288 +@param aMessage An object whith caller capabilities/SID/VID, which has to be checked.
1.289 +@param aPolicy A const reference to the security policy object.
1.290 +@leave KErrPermissionDenied The caller has no enough rights for the requested DBMS operation
1.291 +*/
1.292 +void CPolicyProxy::CheckL(TPolicyType aPolicyType, const RMessage2& aMessage, const MPolicy& aPolicy) const
1.293 + {
1.294 + if(aPolicyType != EPTNone)
1.295 + {
1.296 + if(!aPolicy.Check(aMessage, aPolicyType))
1.297 + {
1.298 + __LEAVE(KErrPermissionDenied);
1.299 + }
1.300 + }
1.301 + }
1.302 +
1.303 +/**
1.304 +Standard phase-two construction method for CPolicyProxy instances.
1.305 +@param aPrivatePath DBMS server private data path
1.306 +@leave KErrNoMemory
1.307 +*/
1.308 +void CPolicyProxy::ConstructL(const TDesC& aPrivatePath)
1.309 + {
1.310 + iPolicySpace = TPolicySpaceFactory::NewPolicySpaceL(iFs, aPrivatePath);
1.311 + }
1.312 +