1 // Copyright (c) 2008-2009 Nokia Corporation and/or its subsidiary(-ies).
2 // All rights reserved.
3 // This component and the accompanying materials are made available
4 // under the terms of "Eclipse Public License v1.0"
5 // which accompanies this distribution, and is available
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".
8 // Initial Contributors:
9 // Nokia Corporation - initial contribution.
14 // Wrapper around RMessage2 that provides message validation and error handling
15 // to improve robustness of system servers under IPC attack
19 #if !defined(CLIENTMESSAGECMN_H)
20 #define CLIENTMESSAGECMN_H
25 #include <babitflags.h>
26 #include "clientmessage.h"
33 This defines the maximum number of parameters that can be stored in a
34 TClientMessageSchema structure. This corresponds to the maximum number
35 of arguments in an RMessage2
38 const TInt KMaxParameters = 4;
41 This mask is used to select the parameter type from TParameterDetails.iType
44 const TInt KParamTypeMask = 0xFFFF;
47 This mask is used to select the validation function index from
48 TParameterDetails.iType
51 const TInt KValidationFnIndexMask = 0xFFFF0000;
54 This is used to shift down the value masked using KValidationFnIndexMask
57 const TInt KShift16Bit = 16;
61 This enum lists the flags currently represented by the TBitFlags32
62 CClientMessage::iFlags
67 EFlagParam0Validated = 0,
71 /** Informs CompleteRequestL() that message not valid as client has already been panicked. */
73 /** Setting this flag indicates that for bad message errors, request
74 should be completed with error code rather than panicking the client */
75 EFlagDoNotPanicClientOnBadMessageErrors = 30,
76 EFlagLogBadMessages = 31
80 This class implements the behaviour for a TInt parameter type.
81 The ValidateL function reads the Int value from the clients message and checks
82 that the value read is between the iMax and iMin constraints defined in the
86 NONSHARABLE_CLASS(CIntParameter) : public CMessageParameterBase
90 static CMessageParameterBase* NewL(const TParameterDetails& aParam, TInt aParamIndex,
91 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
92 virtual ~CIntParameter();
93 virtual void ValidateL();
94 virtual TInt GetIntL();
97 CIntParameter(const TParameterDetails& aParam,TInt aParamIndex,
98 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
101 //This stores the TInt value read from the client message during validation
106 This class implements the behaviour for a read only 8 bit
107 descriptor parameter type. The ValidateL function checks that the length
108 of the descriptor argument in the client’s process does not exceed iMax
109 defined in the message schema.
112 NONSHARABLE_CLASS(CDes8ReadParameter) : public CMessageParameterBase
115 static CMessageParameterBase* NewL(const TParameterDetails& aParam, TInt aParamIndex,
116 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
117 virtual ~CDes8ReadParameter();
118 virtual void ValidateL();
119 virtual const TDesC8& GetDes8L();
120 virtual TInt GetDesLengthL();
121 virtual void ReadL(TDes8& aDes, TInt aOffset);
124 CDes8ReadParameter(const TParameterDetails& aParam, TInt aParamIndex,
125 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
128 //On validation this descriptor is instantiated and the contents or the client
129 //descriptor are read into the local descriptor
134 This class implements the behaviour for a read\write 8 bit
135 descriptor parameter type. The ValidateL function checks that the MaxLength
136 of the descriptor in the client’s process is not less than iMin and that the
137 length of the descriptor does not exceed iMax defined in the message schema.
140 NONSHARABLE_CLASS(CDes8Parameter) : public CMessageParameterBase
143 static CMessageParameterBase* NewL(const TParameterDetails& aParam, TInt aParamIndex,
144 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
145 virtual ~CDes8Parameter();
146 virtual void ValidateL();
147 virtual void WriteL(const TDesC8& aDes, TInt aOffset);
148 virtual void ReadL(TDes8& aDes, TInt aOffset);
149 virtual TInt GetDesLengthL();
150 virtual TInt GetDesMaxLengthL();
153 CDes8Parameter(const TParameterDetails& aParam, TInt aParamIndex,
154 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
158 This class implements the behaviour for a read only 16 bit
159 descriptor parameter type. The ValidateL function checks that the length
160 of the descriptor argument in the client’s process does not exceed iMax
161 defined in the message schema.
164 NONSHARABLE_CLASS(CDes16ReadParameter) : public CMessageParameterBase
167 static CMessageParameterBase* NewL(const TParameterDetails& aParam, TInt aParamIndex,
168 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
169 virtual ~CDes16ReadParameter();
170 virtual void ValidateL();
171 virtual const TDesC& GetDes16L();
172 virtual TInt GetDesLengthL();
173 virtual void ReadL(TDes& aDes, TInt aOffset);
177 CDes16ReadParameter(const TParameterDetails& aParam, TInt aParamIndex,
178 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
181 //On validation this descriptor is instantiated and the contents or the client
182 //descriptor are read into the local descriptor
187 This class implements the behaviour for a read\write 16 bit
188 descriptor parameter type. The ValidateL function checks that the MaxLength
189 of the descriptor in the client’s process is not less than iMin and that the
190 length of the descriptor does not exceed iMax defined in the message schema.
193 NONSHARABLE_CLASS(CDes16Parameter) : public CMessageParameterBase
196 static CMessageParameterBase* NewL(const TParameterDetails& aParam, TInt aParamIndex,
197 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
198 virtual ~CDes16Parameter();
199 virtual void ValidateL();
200 virtual void WriteL(const TDesC& aDes, TInt aOffset);
201 virtual void ReadL(TDes& aDes, TInt aOffset);
202 virtual TInt GetDesLengthL();
203 virtual TInt GetDesMaxLengthL();
206 CDes16Parameter(const TParameterDetails& aParam, TInt aParamIndex,
207 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
212 This class implements the behaviour for a generic TPckg<>
213 parameter type. The ValidateL function calls the custom validation function
214 passed in to the object on creation.
217 NONSHARABLE_CLASS(CPckgParameter) : public CDes8Parameter
220 static CMessageParameterBase* NewL(const TParameterDetails& aParam, TInt aParamIndex,
221 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
222 virtual ~CPckgParameter();
223 virtual void ValidateL();
226 CPckgParameter(const TParameterDetails& aParam, TInt aParamIndex,
227 const RMessage2& aMessage, TCustomValidationFn aValidationFn );
232 This class implements the behaviour for a Ptr parameter type.
233 The ValidateL function reads the TAny* from the clients message and stores it for
237 NONSHARABLE_CLASS(CPtrParameter) : public CMessageParameterBase
240 static CMessageParameterBase* NewL(const TParameterDetails& aParam, TInt aParamIndex,
241 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
244 Destructor for CPtrParameter class.
246 virtual ~CPtrParameter(){};
247 virtual void ValidateL();
248 virtual const TAny* GetPtrL();
253 Constructor for CPtrParameter class.
255 CPtrParameter(const TParameterDetails& aParam, TInt aParamIndex,
256 const RMessage2& aMessage, TCustomValidationFn aValidationFn);
259 //This stores the TAny* value read from the client message during validation
264 This typedef is used to simplify the declaration of the message schema
265 table defined by the server.
268 typedef CMessageParameterBase* (*TMessageParameterFactoryFn)(const TParameterDetails& aParam,
269 TInt aParamIndex, const RMessage2& aMessage, TCustomValidationFn aValidationFn);