1 // Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
2 // All rights reserved.
3 // This component and the accompanying materials are made available
4 // under the terms of "Eclipse Public License v1.0"
5 // which accompanies this distribution, and is available
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".
8 // Initial Contributors:
9 // Nokia Corporation - initial contribution.
16 #ifndef __D32SECURITY_H__
17 #define __D32SECURITY_H__
19 #include "D32Assert.h"
21 //Forward declarations
25 DBSC namespace is a placeholder for security policy framework.
26 DBSC stands for [D]ata[B]ase [S]e[C]urity.
33 KPolicyTypesCount specifies how many different policy type are maintained by the system.
36 const TInt KPolicyTypesCount = 3;
39 Each secure shared database/table have a security policy associated with it.
40 There are three security policy types:"READ" - EPTRead - for any database/table read operation,
41 "WRITE"- EPTWrite - for any database/table write operation.
42 "SCHEMA"- EPTSchema - for any database admin operation.
43 To execute particular DBMS operation, the caller must have a set of Capabilities/SID/VID,
44 which must satisfy related R/W/S security policies of the database/table, on which the operation
54 EPTLast = 1 << (KPolicyTypesCount - 1)
58 Type of the controled by the security policy object: database or table
69 This enum represents possible type of the requested access when opening/creating a database
71 EATNonSecure - non-secure access to private/legacy/shared-non-secure database
72 EATSecure - secure access to shared-secure database
82 This structure packs together the uid from the database format string and
83 requested access type to the database.
86 struct TDbPolicyRequest
89 TAccessType iAccessType;
93 MPolicy interface is used to check DBMS client capabilities against the security policy
94 managed by this interface.
95 The Check() method parameter, aPolicyType, specifies against which policy (R/W/S) caller
96 capabilities/SID/VID have to be asserted.
97 Do not put MPolicy interfaces in the CleanupStack! MPolicySpace instance will
99 Using MPolicy::Dump() method you can dump the content of the controled object
100 into a text file. Note that the dump works only if you have __DBDUMP__ macro defined.
106 virtual TBool Check(const RMessage2& aMessage, TPolicyType aPolicyType) const = 0;
107 virtual TInt Get(TPolicyType aPolicyType, TSecurityPolicy& aPolicy) const = 0;
108 DECLARE_DB_DUMP(aFile)
112 MPolicySpace interface represents an interface to the security policiy space, which manages
113 all the security policies, presented in the system.
114 It can be used to retrieve MPolicy interface for particular database/table object or
115 getting the backup&restore security ID.
116 MPolicySpace interface manages static data structure, created during the DBMS startup.
117 The data in this structure will never be modified during the DBMS server life time.
118 DbPolicyL() and TblPolicyL() leave with KErrArgument error, if there is no policy for
119 the database/table object, represented in the method arguments.
125 virtual void Release() = 0;
126 virtual const MPolicy* DbPolicyL(const TDbPolicyRequest& aDbPolicyRequest) const = 0;
127 virtual const MPolicy* TblPolicyL(const TDbPolicyRequest& aDbPolicyRequest, const TDesC& aTblName) const = 0;
128 virtual TSecureId BackupSIDL(TUid aDbUid) const = 0;
132 TPolicySpaceFactory is a factory class, used for creating an object, which implements
133 MPolicySpace interface.
134 Do not forget that MPolicySpace is a "M" interface, so if
135 you want to push it in the Cleanup Stack, you should use CleanupReleasePushL() call, but not
136 CleanupStack::PushL().
139 class TPolicySpaceFactory
142 static MPolicySpace* NewPolicySpaceL(RFs& aFs, const TDesC& aPrivatePath);
145 } //end of - namespace DBSC
147 #endif//__D32SECURITY_H__