os/security/cryptomgmtlibs/securitycommonutils/source/securityutils/securityutils.cpp
1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptomgmtlibs/securitycommonutils/source/securityutils/securityutils.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,131 @@
1.4 +/*
1.5 +* Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +* Common security functions
1.19 +*
1.20 +*/
1.21 +
1.22 +
1.23 +/**
1.24 + @file
1.25 +*/
1.26 +
1.27 +
1.28 +#include "securityutils.h"
1.29 +
1.30 +#include <f32file.h>
1.31 +
1.32 +// Extracts the next sub-dir name, i.e. "directory1" for "directory1\directory2\...". As a second parameter, returns the remaining path without the leading slash
1.33 +// Return ETrue iff a directory was found in the path
1.34 + TBool GetNextDirNameL(const TPtrC& aPath, TPtrC& aNextDir, TPtrC& aRemainingPath)
1.35 + {
1.36 + TInt nextSlashPos = aPath.Locate('\\');
1.37 + if (nextSlashPos < 0)
1.38 + return EFalse;
1.39 +
1.40 + aNextDir.Set(aPath.Left(nextSlashPos));
1.41 + TPtrC remainingPath = nextSlashPos < aPath.Length() - 1 ? aPath.Mid(nextSlashPos + 1) : TPtrC();
1.42 + aRemainingPath.Set(remainingPath);
1.43 +
1.44 + return ETrue;
1.45 + }
1.46 +
1.47 +TCapabilitySet PrivateModificationRequiredCapabilitiesL(const TDesC& aPrivateSubPath, TSecureId aClientSid)
1.48 + {
1.49 + TPtrC privateSubDirName;
1.50 + TPtrC remainingSubPath;
1.51 + TBool nextDirAvailable = GetNextDirNameL(aPrivateSubPath, privateSubDirName, remainingSubPath);
1.52 + // Filter out paths which do not have a /private/<SID> form - require TCB for them
1.53 + // First, filter out files directly under the /private directory
1.54 + if (!nextDirAvailable)
1.55 + return TCapabilitySet(ECapabilityTCB);
1.56 +
1.57 + if (privateSubDirName.Length() != 8)
1.58 + return TCapabilitySet(ECapabilityTCB); // Filter out sub-dir names which do not have 8 bytes, i.e. do not represent a SID
1.59 +
1.60 + TLex hexConverter(privateSubDirName);
1.61 + TUint32 foundSecureIdInt;
1.62 + if (hexConverter.Val(foundSecureIdInt, EHex) != KErrNone)
1.63 + return TCapabilitySet(ECapabilityTCB); // Filter out paths which do not have a <secureId> subdir under private
1.64 +
1.65 + TSecureId foundSecureId(foundSecureIdInt);
1.66 + if (foundSecureId != aClientSid) // Check whether this the client's SID
1.67 + {
1.68 + TPtrC nextSubPath; // Check for /private/<SID>/import directories
1.69 + TPtrC nextSubDir;
1.70 + if (!GetNextDirNameL(remainingSubPath, nextSubDir, nextSubPath) || nextSubDir.CompareF(_L("import")) != 0)
1.71 + {
1.72 + // If not an import directory, require TCB or AllFiles
1.73 + TCapabilitySet ret(ECapabilityTCB);
1.74 + ret.AddCapability(ECapabilityAllFiles);
1.75 + return ret;
1.76 + }
1.77 + }
1.78 +
1.79 + TCapabilitySet emptySet;
1.80 + emptySet.SetEmpty();
1.81 + return emptySet;
1.82 + }
1.83 +
1.84 +EXPORT_C TCapabilitySet SecCommonUtils::FileModificationRequiredCapabilitiesL(const TDesC& aFileName, TSecureId aClientSid)
1.85 + {
1.86 + TCapabilitySet emptySet;
1.87 + emptySet.SetEmpty();
1.88 +
1.89 + // TParsePtrC is unusable, since it panics on incorrect paths. We have to use TParse and create a temporary buffer for it (as there's no TParseC)
1.90 + RBuf tempbuf;
1.91 + tempbuf.CreateL(aFileName);
1.92 + tempbuf.CleanupClosePushL();
1.93 +
1.94 + TParse pathParse;
1.95 + if (pathParse.Set(tempbuf, NULL, NULL) != KErrNone)
1.96 + {
1.97 + CleanupStack::PopAndDestroy(&tempbuf);
1.98 + // Path failed to parse - require TCB, as it is the only capability which allows modification anywhere on the FS
1.99 + // (and we do not know where on the FS this file is)
1.100 + return TCapabilitySet(ECapabilityTCB);
1.101 + }
1.102 +
1.103 + CleanupStack::PopAndDestroy(&tempbuf);
1.104 +
1.105 + // check for wild cards (such as * or ?) in paths
1.106 + if(pathParse.IsWild())
1.107 + return TCapabilitySet(ECapabilityTCB);
1.108 +
1.109 + // check for relative paths
1.110 + if(aFileName.Find(_L("..")) != KErrNotFound)
1.111 + return TCapabilitySet(ECapabilityTCB);
1.112 +
1.113 + TPtrC pathTmp = pathParse.Path();
1.114 + if (pathTmp.Length() <= 1) // The should be at least one directory - otherwise there's nothing to check
1.115 + return emptySet;
1.116 +
1.117 + // Get the first directory name
1.118 + TPtrC path = pathTmp.Mid(1); // Remove the leading slash
1.119 +
1.120 + TPtrC firstDirName;
1.121 + TPtrC remainingPath;
1.122 + TBool nextDirAvailable = GetNextDirNameL(path, firstDirName, remainingPath);
1.123 + __ASSERT_ALWAYS(nextDirAvailable, User::Invariant()); // There should be at least one directory if the Path() was not empty
1.124 +
1.125 + // For 'sys' or 'resource', require TCB
1.126 + if (firstDirName.CompareF(_L("sys")) == 0 || firstDirName.CompareF(_L("resource")) == 0)
1.127 + return TCapabilitySet(ECapabilityTCB);
1.128 +
1.129 + if (firstDirName.CompareF(_L("private")) == 0)
1.130 + return PrivateModificationRequiredCapabilitiesL(remainingPath, aClientSid);
1.131 +
1.132 + // If the directory name is not 'private', 'resource' or 'sys', no capabilities are required
1.133 + return emptySet;
1.134 + }