1.1 --- /dev/null Thu Jan 01 00:00:00 1970 +0000
1.2 +++ b/os/security/cryptomgmtlibs/securitytestfw/test/testhandler2/t_capabilities.cpp Fri Jun 15 03:10:57 2012 +0200
1.3 @@ -0,0 +1,426 @@
1.4 +/*
1.5 +* Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +* All rights reserved.
1.7 +* This component and the accompanying materials are made available
1.8 +* under the terms of the License "Eclipse Public License v1.0"
1.9 +* which accompanies this distribution, and is available
1.10 +* at the URL "http://www.eclipse.org/legal/epl-v10.html".
1.11 +*
1.12 +* Initial Contributors:
1.13 +* Nokia Corporation - initial contribution.
1.14 +*
1.15 +* Contributors:
1.16 +*
1.17 +* Description:
1.18 +* Parsing of capability names
1.19 +*
1.20 +*/
1.21 +
1.22 +
1.23 +/**
1.24 + @file
1.25 +*/
1.26 +
1.27 +#include "t_input.h"
1.28 +#include "t_output.h"
1.29 +
1.30 +// This file needs to be updated in three places whenever new capabilities are
1.31 +// added - the list of capability names below and the methods
1.32 +// Input::ParseCapabilityNameL and Output::writeCapabilityL.
1.33 +
1.34 +// Capability names
1.35 +_LIT8(KCapabilityTCB, "TCB");
1.36 +_LIT8(KCapabilityCommDD, "CommDD");
1.37 +_LIT8(KCapabilityPowerMgmt, "PowerMgmt");
1.38 +_LIT8(KCapabilityMultimediaDD, "MultimediaDD");
1.39 +_LIT8(KCapabilityReadDeviceData, "ReadDeviceData");
1.40 +_LIT8(KCapabilityWriteDeviceData, "WriteDeviceData");
1.41 +_LIT8(KCapabilityDRM, "DRM");
1.42 +_LIT8(KCapabilityTrustedUI, "TrustedUI");
1.43 +_LIT8(KCapabilityProtServ, "ProtServ");
1.44 +_LIT8(KCapabilityDiskAdmin, "DiskAdmin");
1.45 +_LIT8(KCapabilityNetworkControl, "NetworkControl");
1.46 +_LIT8(KCapabilityAllFiles, "AllFiles");
1.47 +_LIT8(KCapabilitySwEvent, "SwEvent");
1.48 +_LIT8(KCapabilityNetworkServices, "NetworkServices");
1.49 +_LIT8(KCapabilityLocalServices, "LocalServices");
1.50 +_LIT8(KCapabilityReadUserData, "ReadUserData");
1.51 +_LIT8(KCapabilityWriteUserData, "WriteUserData");
1.52 +_LIT8(KCapabilityLocation, "Location");
1.53 +_LIT8(KCapabilitySurroundingsDD, "SurroundingsDD");
1.54 +_LIT8(KCapabilityUserEnvironment, "UserEnvironment");
1.55 +
1.56 +// Script file tags
1.57 +_LIT8(KCapabilityStart, "<capability>");
1.58 +_LIT8(KCapabilityEnd, "</capability>");
1.59 +_LIT8(KPolicyPass, "<pass/>");
1.60 +_LIT8(KPolicyFail, "<fail/>");
1.61 +_LIT8(KSecureIdStart, "<secureid>");
1.62 +_LIT8(KSecureIdEnd, "</secureid>");
1.63 +_LIT8(KVendorIdStart, "<vendorid>");
1.64 +_LIT8(KVendorIdEnd, "</vendorid>");
1.65 +
1.66 +_LIT(KCommaSpace, ", ");
1.67 +
1.68 +EXPORT_C TCapability Input::ParseCapabilityNameL(const TDesC8& aName)
1.69 + {
1.70 + TCapability result = ECapability_None;
1.71 +
1.72 + if (aName == KCapabilityTCB) result = ECapabilityTCB;
1.73 + else if (aName == KCapabilityCommDD) result = ECapabilityCommDD;
1.74 + else if (aName == KCapabilityPowerMgmt) result = ECapabilityPowerMgmt;
1.75 + else if (aName == KCapabilityMultimediaDD) result = ECapabilityMultimediaDD;
1.76 + else if (aName == KCapabilityReadDeviceData) result = ECapabilityReadDeviceData;
1.77 + else if (aName == KCapabilityWriteDeviceData) result = ECapabilityWriteDeviceData;
1.78 + else if (aName == KCapabilityDRM) result = ECapabilityDRM;
1.79 + else if (aName == KCapabilityTrustedUI) result = ECapabilityTrustedUI;
1.80 + else if (aName == KCapabilityProtServ) result = ECapabilityProtServ;
1.81 + else if (aName == KCapabilityDiskAdmin) result = ECapabilityDiskAdmin;
1.82 + else if (aName == KCapabilityNetworkControl) result = ECapabilityNetworkControl;
1.83 + else if (aName == KCapabilityAllFiles) result = ECapabilityAllFiles;
1.84 + else if (aName == KCapabilitySwEvent) result = ECapabilitySwEvent;
1.85 + else if (aName == KCapabilityNetworkServices) result = ECapabilityNetworkServices;
1.86 + else if (aName == KCapabilityLocalServices) result = ECapabilityLocalServices;
1.87 + else if (aName == KCapabilityReadUserData) result = ECapabilityReadUserData;
1.88 + else if (aName == KCapabilityWriteUserData) result = ECapabilityWriteUserData;
1.89 + else if (aName == KCapabilityLocation) result = ECapabilityLocation;
1.90 + else if (aName == KCapabilitySurroundingsDD) result = ECapabilitySurroundingsDD;
1.91 + else if (aName == KCapabilityUserEnvironment) result = ECapabilityUserEnvironment;
1.92 +
1.93 + if (result == ECapability_None)
1.94 + {
1.95 + User::Leave(KErrArgument);
1.96 + }
1.97 +
1.98 + return result;
1.99 + }
1.100 +
1.101 +EXPORT_C void Input::ParseCapabilitySetL(const TDesC8& aIn, TCapabilitySet& aOut)
1.102 + {
1.103 + aOut.SetEmpty();
1.104 + TInt pos = 0, err = KErrNone;
1.105 + for (;;)
1.106 + {
1.107 + const TDesC8& match = Input::ParseElement(aIn, KCapabilityStart, KCapabilityEnd, pos, err);
1.108 + if (err != KErrNone)
1.109 + {
1.110 + break;
1.111 + }
1.112 + aOut.AddCapability(ParseCapabilityNameL(match));
1.113 + }
1.114 + if (err != KErrNone && err != KErrNotFound)
1.115 + {
1.116 + User::Leave(err);
1.117 + }
1.118 + }
1.119 +
1.120 +EXPORT_C void Input::ParseSecurityPolicyL(const TDesC8& aIn, TSecurityPolicy& aOut)
1.121 + {
1.122 + TInt options = 0;
1.123 +
1.124 + TBool pass = aIn.Find(KPolicyPass) != KErrNotFound; // why didn't we use a proper xml parser?
1.125 + if (pass) ++options;
1.126 +
1.127 + TBool fail = aIn.Find(KPolicyFail) != KErrNotFound;
1.128 + if (fail) ++options;
1.129 +
1.130 + TUint secureId = ParseIntElement(aIn, KSecureIdStart, KSecureIdEnd);
1.131 + if (secureId) ++options;
1.132 +
1.133 + TUint vendorId = ParseIntElement(aIn, KVendorIdStart, KVendorIdEnd);
1.134 + if (vendorId) ++options;
1.135 +
1.136 + // Can only sepcify one of pass, fail, secureid, vendorid
1.137 + if (options > 1)
1.138 + User::Leave(KErrArgument);
1.139 +
1.140 + // Parse the capabilities
1.141 + TCapabilitySet capSet;
1.142 + ParseCapabilitySetL(aIn, capSet);
1.143 +
1.144 + // Determine maximum number of capabilities allowed
1.145 + TInt maxCaps;
1.146 + if (pass || fail)
1.147 + {
1.148 + maxCaps = 0;
1.149 + }
1.150 + else if (secureId || vendorId)
1.151 + {
1.152 + maxCaps = 3;
1.153 + }
1.154 + else
1.155 + {
1.156 + maxCaps = 7;
1.157 + }
1.158 +
1.159 + TCapability caps[7];
1.160 + TInt count = 0;
1.161 +
1.162 + // Extract capabilities into array
1.163 + TInt i;
1.164 + for (i = 0 ; i < ECapability_Limit ; ++i)
1.165 + {
1.166 + TCapability c = static_cast<TCapability>(i);
1.167 + if (capSet.HasCapability(c))
1.168 + {
1.169 + // Check if more capabities are specified that allowed
1.170 + if (count == maxCaps)
1.171 + {
1.172 + User::Leave(KErrArgument);
1.173 + }
1.174 + caps[count++] = c;
1.175 + }
1.176 + }
1.177 +
1.178 + // Fill the rest of the array with ECapability_None
1.179 + for (i = count ; i < maxCaps ; ++i)
1.180 + {
1.181 + caps[i] = ECapability_None;
1.182 + }
1.183 +
1.184 + if (pass)
1.185 + {
1.186 + aOut = TSecurityPolicy(TSecurityPolicy::EAlwaysPass);
1.187 + }
1.188 + else if (fail)
1.189 + {
1.190 + aOut = TSecurityPolicy(TSecurityPolicy::EAlwaysFail);
1.191 + }
1.192 + else if (secureId)
1.193 + {
1.194 + aOut = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]);
1.195 + }
1.196 + else if (vendorId)
1.197 + {
1.198 + aOut = TSecurityPolicy(TVendorId(vendorId), caps[0], caps[1], caps[2]);
1.199 + }
1.200 + else
1.201 + {
1.202 + aOut = TSecurityPolicy(caps[0], caps[1], caps[2], caps[3],
1.203 + caps[4], caps[5], caps[6]);
1.204 + }
1.205 + }
1.206 +
1.207 +EXPORT_C void Output::writeCapabilityL(TCapability aCap)
1.208 + {
1.209 + switch (aCap)
1.210 + {
1.211 + case ECapabilityTCB:
1.212 + writeString(KCapabilityTCB);
1.213 + break;
1.214 +
1.215 + case ECapabilityCommDD:
1.216 + writeString(KCapabilityCommDD);
1.217 + break;
1.218 +
1.219 + case ECapabilityPowerMgmt:
1.220 + writeString(KCapabilityPowerMgmt);
1.221 + break;
1.222 +
1.223 + case ECapabilityMultimediaDD:
1.224 + writeString(KCapabilityMultimediaDD);
1.225 + break;
1.226 +
1.227 + case ECapabilityReadDeviceData:
1.228 + writeString(KCapabilityReadDeviceData);
1.229 + break;
1.230 +
1.231 + case ECapabilityWriteDeviceData:
1.232 + writeString(KCapabilityWriteDeviceData);
1.233 + break;
1.234 +
1.235 + case ECapabilityDRM:
1.236 + writeString(KCapabilityDRM);
1.237 + break;
1.238 +
1.239 + case ECapabilityTrustedUI:
1.240 + writeString(KCapabilityTrustedUI);
1.241 + break;
1.242 +
1.243 + case ECapabilityProtServ:
1.244 + writeString(KCapabilityProtServ);
1.245 + break;
1.246 +
1.247 + case ECapabilityDiskAdmin:
1.248 + writeString(KCapabilityDiskAdmin);
1.249 + break;
1.250 +
1.251 + case ECapabilityNetworkControl:
1.252 + writeString(KCapabilityNetworkControl);
1.253 + break;
1.254 +
1.255 + case ECapabilityAllFiles:
1.256 + writeString(KCapabilityAllFiles);
1.257 + break;
1.258 +
1.259 + case ECapabilitySwEvent:
1.260 + writeString(KCapabilitySwEvent);
1.261 + break;
1.262 +
1.263 + case ECapabilityNetworkServices:
1.264 + writeString(KCapabilityNetworkServices);
1.265 + break;
1.266 +
1.267 + case ECapabilityLocalServices:
1.268 + writeString(KCapabilityLocalServices);
1.269 + break;
1.270 +
1.271 + case ECapabilityReadUserData:
1.272 + writeString(KCapabilityReadUserData);
1.273 + break;
1.274 +
1.275 + case ECapabilityWriteUserData:
1.276 + writeString(KCapabilityWriteUserData);
1.277 + break;
1.278 +
1.279 + case ECapabilityLocation:
1.280 + writeString(KCapabilityLocation);
1.281 + break;
1.282 +
1.283 + case ECapabilitySurroundingsDD:
1.284 + writeString(KCapabilitySurroundingsDD);
1.285 + break;
1.286 +
1.287 + case ECapabilityUserEnvironment:
1.288 + writeString(KCapabilityUserEnvironment);
1.289 + break;
1.290 +
1.291 + default:
1.292 + User::Invariant();
1.293 + }
1.294 + }
1.295 +
1.296 +EXPORT_C void Output::writeCapabilitySetL(const TCapabilitySet& aCaps)
1.297 + {
1.298 + TBool first = ETrue;
1.299 + for (TInt i = 0 ; i < ECapability_Limit ; ++i)
1.300 + {
1.301 + TCapability cap = static_cast<TCapability>(i);
1.302 + if (aCaps.HasCapability(cap))
1.303 + {
1.304 + if (!first)
1.305 + {
1.306 + writeString(KCommaSpace);
1.307 + }
1.308 + else
1.309 + {
1.310 + first = EFalse;
1.311 + }
1.312 + writeCapabilityL(cap);
1.313 + }
1.314 + }
1.315 + }
1.316 +
1.317 +/**
1.318 + * The real TSecurityPolicy class has no accessors, so to extract information
1.319 + * from it we cast it to this class, which has exactly the same layout.
1.320 + */
1.321 +class TPrintableSecurityPolicy
1.322 + {
1.323 +public:
1.324 + void WriteL(Output& aOut) const;
1.325 +
1.326 +public:
1.327 + enum TType
1.328 + {
1.329 + ETypeFail=0, // Always fail
1.330 + ETypePass=1, // Always pass
1.331 + ETypeC3=2, // Up to 3 capabilities
1.332 + ETypeC7=3, // Up to 7 capabilities
1.333 + ETypeS3=4, // SID + up to 3 capabilities
1.334 + ETypeV3=5, // VID + up to 3 capabilities
1.335 +
1.336 + ETypeLimit
1.337 + };
1.338 +
1.339 +private:
1.340 + TPrintableSecurityPolicy();
1.341 + TBool WriteCapsL(Output& aOut, TBool aFirst) const;
1.342 + void WriteExtraCapsL(Output& aOut, TBool aFirst) const;
1.343 +
1.344 +private:
1.345 + TUint8 iType;
1.346 + TUint8 iCaps[3]; // missing capabilities are set to 0xff
1.347 + union
1.348 + {
1.349 + TUint32 iSecureId;
1.350 + TUint32 iVendorId;
1.351 + TUint8 iExtraCaps[4]; // missing capabilities are set to 0xff
1.352 + };
1.353 + };
1.354 +
1.355 +// Check noone added another type to the enumeration
1.356 +__ASSERT_COMPILE(((TInt)TPrintableSecurityPolicy::ETypeLimit) == ((TInt)TSecurityPolicy::ETypeLimit));
1.357 +
1.358 +EXPORT_C void Output::writeSecurityPolicyL(const TSecurityPolicy& aPolicy)
1.359 + {
1.360 + const TPrintableSecurityPolicy* p = reinterpret_cast<const TPrintableSecurityPolicy*>(&aPolicy);
1.361 + p->WriteL(*this);
1.362 + }
1.363 +
1.364 +void TPrintableSecurityPolicy::WriteL(Output& aOut) const
1.365 + {
1.366 + switch (iType)
1.367 + {
1.368 + case ETypeFail:
1.369 + aOut.writeString(_L("AlwaysFail"));
1.370 + break;
1.371 + case ETypePass:
1.372 + aOut.writeString(_L("AlwaysPass"));
1.373 + break;
1.374 + case ETypeC3:
1.375 + WriteCapsL(aOut, ETrue);
1.376 + break;
1.377 + case ETypeC7:
1.378 + {
1.379 + TBool first = WriteCapsL(aOut, ETrue);
1.380 + WriteExtraCapsL(aOut, first);
1.381 + }
1.382 + break;
1.383 + case ETypeS3:
1.384 + aOut.writeString(_L("SID 0x"));
1.385 + aOut.writeHex(iSecureId);
1.386 + WriteCapsL(aOut, EFalse);
1.387 + break;
1.388 + case ETypeV3:
1.389 + aOut.writeString(_L("VID 0x"));
1.390 + aOut.writeHex(iVendorId);
1.391 + WriteCapsL(aOut, EFalse);
1.392 + break;
1.393 + default:
1.394 + User::Invariant();
1.395 + }
1.396 + }
1.397 +
1.398 +TBool TPrintableSecurityPolicy::WriteCapsL(Output& aOut, TBool aFirst) const
1.399 + {
1.400 + for (TInt i = 0 ; i < 3 ; ++i)
1.401 + {
1.402 + if (iCaps[i] != 0xff)
1.403 + {
1.404 + if (!aFirst)
1.405 + {
1.406 + aOut.writeString(KCommaSpace);
1.407 + }
1.408 + aFirst = EFalse;
1.409 + aOut.writeCapabilityL((TCapability) iCaps[i]);
1.410 + }
1.411 + }
1.412 + return aFirst;
1.413 + }
1.414 +
1.415 +void TPrintableSecurityPolicy::WriteExtraCapsL(Output& aOut, TBool aFirst) const
1.416 + {
1.417 + for (TInt i = 0 ; i < 3 ; ++i)
1.418 + {
1.419 + if (iExtraCaps[i] != 0xff)
1.420 + {
1.421 + if (!aFirst)
1.422 + {
1.423 + aOut.writeString(KCommaSpace);
1.424 + }
1.425 + aFirst = EFalse;
1.426 + aOut.writeCapabilityL((TCapability) iExtraCaps[i]);
1.427 + }
1.428 + }
1.429 + }