sl@0: // Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). sl@0: // All rights reserved. sl@0: // This component and the accompanying materials are made available sl@0: // under the terms of "Eclipse Public License v1.0" sl@0: // which accompanies this distribution, and is available sl@0: // at the URL "http://www.eclipse.org/legal/epl-v10.html". sl@0: // sl@0: // Initial Contributors: sl@0: // Nokia Corporation - initial contribution. sl@0: // sl@0: // Contributors: sl@0: // sl@0: // Description: sl@0: // sl@0: sl@0: #ifndef __D32SECURITY_H__ sl@0: #define __D32SECURITY_H__ sl@0: sl@0: #include "D32Assert.h" sl@0: sl@0: //Forward declarations sl@0: class RFs; sl@0: sl@0: /** sl@0: DBSC namespace is a placeholder for security policy framework. sl@0: DBSC stands for [D]ata[B]ase [S]e[C]urity. sl@0: @internalComponent sl@0: */ sl@0: namespace DBSC sl@0: { sl@0: sl@0: /** sl@0: KPolicyTypesCount specifies how many different policy type are maintained by the system. sl@0: @internalComponent sl@0: */ sl@0: const TInt KPolicyTypesCount = 3; sl@0: sl@0: /** sl@0: Each secure shared database/table have a security policy associated with it. sl@0: There are three security policy types:"READ" - EPTRead - for any database/table read operation, sl@0: "WRITE"- EPTWrite - for any database/table write operation. sl@0: "SCHEMA"- EPTSchema - for any database admin operation. sl@0: To execute particular DBMS operation, the caller must have a set of Capabilities/SID/VID, sl@0: which must satisfy related R/W/S security policies of the database/table, on which the operation sl@0: has to be performed. sl@0: @internalComponent sl@0: */ sl@0: typedef enum sl@0: { sl@0: EPTNone = 0, sl@0: EPTRead = 1 << 0, sl@0: EPTWrite = 1 << 1, sl@0: EPTSchema = 1 << 2, sl@0: EPTLast = 1 << (KPolicyTypesCount - 1) sl@0: } TPolicyType; sl@0: sl@0: /** sl@0: Type of the controled by the security policy object: database or table sl@0: @internalComponent sl@0: */ sl@0: typedef enum sl@0: { sl@0: EPOTNone, sl@0: EPOTDatabase, sl@0: EPOTTable sl@0: } TPolicyObjType; sl@0: sl@0: /** sl@0: This enum represents possible type of the requested access when opening/creating a database sl@0: on the server side: sl@0: EATNonSecure - non-secure access to private/legacy/shared-non-secure database sl@0: EATSecure - secure access to shared-secure database sl@0: @internalComponent sl@0: */ sl@0: typedef enum sl@0: { sl@0: EATNonSecure, sl@0: EATSecure sl@0: } TAccessType; sl@0: sl@0: /** sl@0: This structure packs together the uid from the database format string and sl@0: requested access type to the database. sl@0: @internalComponent sl@0: */ sl@0: struct TDbPolicyRequest sl@0: { sl@0: TUid iUid; sl@0: TAccessType iAccessType; sl@0: }; sl@0: sl@0: /** sl@0: MPolicy interface is used to check DBMS client capabilities against the security policy sl@0: managed by this interface. sl@0: The Check() method parameter, aPolicyType, specifies against which policy (R/W/S) caller sl@0: capabilities/SID/VID have to be asserted. sl@0: Do not put MPolicy interfaces in the CleanupStack! MPolicySpace instance will sl@0: take care about them. sl@0: Using MPolicy::Dump() method you can dump the content of the controled object sl@0: into a text file. Note that the dump works only if you have __DBDUMP__ macro defined. sl@0: @internalComponent sl@0: */ sl@0: class MPolicy sl@0: { sl@0: public: sl@0: virtual TBool Check(const RMessage2& aMessage, TPolicyType aPolicyType) const = 0; sl@0: virtual TInt Get(TPolicyType aPolicyType, TSecurityPolicy& aPolicy) const = 0; sl@0: DECLARE_DB_DUMP(aFile) sl@0: }; sl@0: sl@0: /** sl@0: MPolicySpace interface represents an interface to the security policiy space, which manages sl@0: all the security policies, presented in the system. sl@0: It can be used to retrieve MPolicy interface for particular database/table object or sl@0: getting the backup&restore security ID. sl@0: MPolicySpace interface manages static data structure, created during the DBMS startup. sl@0: The data in this structure will never be modified during the DBMS server life time. sl@0: DbPolicyL() and TblPolicyL() leave with KErrArgument error, if there is no policy for sl@0: the database/table object, represented in the method arguments. sl@0: @internalComponent sl@0: */ sl@0: class MPolicySpace sl@0: { sl@0: public: sl@0: virtual void Release() = 0; sl@0: virtual const MPolicy* DbPolicyL(const TDbPolicyRequest& aDbPolicyRequest) const = 0; sl@0: virtual const MPolicy* TblPolicyL(const TDbPolicyRequest& aDbPolicyRequest, const TDesC& aTblName) const = 0; sl@0: virtual TSecureId BackupSIDL(TUid aDbUid) const = 0; sl@0: }; sl@0: sl@0: /** sl@0: TPolicySpaceFactory is a factory class, used for creating an object, which implements sl@0: MPolicySpace interface. sl@0: Do not forget that MPolicySpace is a "M" interface, so if sl@0: you want to push it in the Cleanup Stack, you should use CleanupReleasePushL() call, but not sl@0: CleanupStack::PushL(). sl@0: @internalComponent sl@0: */ sl@0: class TPolicySpaceFactory sl@0: { sl@0: public: sl@0: static MPolicySpace* NewPolicySpaceL(RFs& aFs, const TDesC& aPrivatePath); sl@0: }; sl@0: sl@0: } //end of - namespace DBSC sl@0: sl@0: #endif//__D32SECURITY_H__