sl@0: // Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). sl@0: // All rights reserved. sl@0: // This component and the accompanying materials are made available sl@0: // under the terms of the License "Eclipse Public License v1.0" sl@0: // which accompanies this distribution, and is available sl@0: // at the URL "http://www.eclipse.org/legal/epl-v10.html". sl@0: // sl@0: // Initial Contributors: sl@0: // Nokia Corporation - initial contribution. sl@0: // sl@0: // Contributors: sl@0: // sl@0: // Description: sl@0: // e32\include\e32capability.h sl@0: // Platform security capability definitions sl@0: // Used by both source code and tools sl@0: // This file can be directly included into C++ tools such as ROMBUILD to allow sl@0: // capabilities to be specified by name. To do the same for MAKMAKE (in MMP sl@0: // files) some perl code will be needed to parse this file and extract the sl@0: // capability names and values. sl@0: // sl@0: // sl@0: sl@0: #ifndef __E32CAPABILITY_H__ sl@0: #define __E32CAPABILITY_H__ sl@0: sl@0: /** sl@0: An enumeration that defines the set of all supported capabilities. sl@0: sl@0: @publishedAll sl@0: @released sl@0: */ sl@0: enum TCapability sl@0: { sl@0: /** sl@0: Grants write access to executables and shared read-only resources. sl@0: sl@0: This is the most critical capability as it grants access to executables and sl@0: therefore to their capabilities. It also grants write access to sl@0: the /sys and /resource directories. sl@0: */ sl@0: ECapabilityTCB = 0, sl@0: sl@0: sl@0: /** sl@0: Grants direct access to all communication device drivers. This includes: sl@0: the EComm, Ethernet, USB device drivers etc. sl@0: */ sl@0: ECapabilityCommDD = 1, sl@0: sl@0: sl@0: /** sl@0: Grants the right: sl@0: sl@0: - to kill any process in the system sl@0: - to power off unused peripherals sl@0: - to switch the machine into standby state sl@0: - to wake the machine up sl@0: - to power the machine down completely. sl@0: sl@0: Note that this does not control access to anything and everything sl@0: that might drain battery power. sl@0: */ sl@0: ECapabilityPowerMgmt = 2, sl@0: sl@0: sl@0: /** sl@0: Grants direct access to all multimedia device drivers. sl@0: sl@0: This includes the sound, camera, video device drivers etc. sl@0: */ sl@0: ECapabilityMultimediaDD = 3, sl@0: sl@0: sl@0: /** sl@0: Grants read access to network operator, phone manufacturer and device sl@0: confidential settings or data. sl@0: sl@0: For example, the pin lock code, the list of applications that are installed. sl@0: */ sl@0: ECapabilityReadDeviceData = 4, sl@0: sl@0: sl@0: /** sl@0: Grants write access to settings that control the behaviour of the device. sl@0: sl@0: For example, device lock settings, system time, time zone, alarms, etc. sl@0: */ sl@0: ECapabilityWriteDeviceData = 5, sl@0: sl@0: sl@0: /** sl@0: Grants access to protected content. sl@0: sl@0: DRM (Digital Rights Management) agents use this capability to decide whether sl@0: or not an application should have access to DRM content. sl@0: Applications granted DRM are trusted to respect the rights associated sl@0: with the content. sl@0: */ sl@0: ECapabilityDRM = 6, sl@0: sl@0: sl@0: /** sl@0: Grants the right to create a trusted UI session, and therefore to display sl@0: dialogs in a secure UI environment. sl@0: sl@0: Trusted UI dialogs are rare. They must be used only when confidentiality sl@0: and security are critical; for example, for password dialogs. sl@0: sl@0: Normal access to the user interface and the screen does not require sl@0: this capability. sl@0: */ sl@0: ECapabilityTrustedUI = 7, sl@0: sl@0: sl@0: /** sl@0: Grants the right to a server to register with a protected name. sl@0: sl@0: Currently, protected names start with a "!" character. The kernel prevents sl@0: servers without this capability from using such a name, and therefore sl@0: prevents protected servers from being impersonated. sl@0: */ sl@0: ECapabilityProtServ = 8, sl@0: sl@0: sl@0: /** sl@0: Grants access to disk administration operations that affect more than one sl@0: file or one directory (or overall filesystem integrity/behaviour, etc). sl@0: sl@0: For examples, reformatting a disk partition. sl@0: */ sl@0: ECapabilityDiskAdmin = 9, sl@0: sl@0: sl@0: /** sl@0: Grants the right to modify or access network protocol controls. sl@0: sl@0: Typically when an action can change the behaviour of all existing and sl@0: future connections, it should be protected by this capability. sl@0: sl@0: For example, forcing all existing connections on a specific protocol sl@0: to be dropped, or changing the priority of a call. sl@0: */ sl@0: ECapabilityNetworkControl = 10, sl@0: sl@0: sl@0: /** sl@0: Grants read access to the entire file system; grants write access to sl@0: the private directories of other processes. sl@0: sl@0: This capability is very strictly controlled and should rarely be granted. sl@0: */ sl@0: ECapabilityAllFiles = 11, sl@0: sl@0: sl@0: /** sl@0: Grants the right to generate software key & pen events, and to capture any sl@0: of them regardless of the status of the application. sl@0: sl@0: Note that after obtaining the focus, normal applications do not need this sl@0: capability to be dispatched key and pen events. sl@0: */ sl@0: ECapabilitySwEvent = 12, sl@0: sl@0: sl@0: /** sl@0: A user capability that grants access to remote services without any sl@0: restriction on its physical location. sl@0: sl@0: Typically, such a location is unknown to the phone user, and such services sl@0: may incur cost for the phone user. sl@0: sl@0: Voice calls, SMS, and internet services are good examples of sl@0: such network services. They are supported by GSM, CDMA and all IP transport sl@0: protocols including Bluetooth profiles over IP. sl@0: */ sl@0: ECapabilityNetworkServices = 13, sl@0: sl@0: sl@0: /** sl@0: A user capability that grants access to remote services in the close sl@0: vicinity of the phone. sl@0: sl@0: The location of the remote service is well-known to the phone user, and in sl@0: most cases, such services will not incur cost for the phone user. sl@0: */ sl@0: ECapabilityLocalServices = 14, sl@0: sl@0: sl@0: /** sl@0: A user capability that grants read access to data that is confidential to sl@0: the phone user. sl@0: sl@0: This capability supports the management of the user's privacy. sl@0: sl@0: Typically, contacts, messages and appointments are always seen user sl@0: confidential data. sl@0: */ sl@0: ECapabilityReadUserData = 15, sl@0: sl@0: sl@0: /** sl@0: A user capability that grants write access to user data. sl@0: sl@0: This capability supports the management of the integrity of user data. sl@0: sl@0: Note that this capability is not symmetric with the ECapabilityReadUserData sl@0: capability. For example, you may want to prevent rogue applications from sl@0: deleting music tracks but you may not want to restrict read access to them. sl@0: */ sl@0: ECapabilityWriteUserData = 16, sl@0: sl@0: sl@0: /** sl@0: A user capability that grants access to the location of the device. sl@0: sl@0: This capability supports the management of the user's privacy with regard sl@0: to the phone location. sl@0: */ sl@0: ECapabilityLocation = 17, sl@0: sl@0: sl@0: /** sl@0: Grants access to logical device drivers that provide input information about sl@0: the surroundings of the device. sl@0: sl@0: Good examples of drivers that require this capability would be GPS and biometrics sl@0: device drivers. For complex multimedia logical device drivers that provide both sl@0: input and output functions, such as Sound device driver, the MultimediaDD sl@0: capability should be used if it is too difficult to separate the input from the sl@0: output calls at its API level. sl@0: */ sl@0: ECapabilitySurroundingsDD = 18, sl@0: sl@0: sl@0: /** sl@0: Grants access to live confidential information about the user and his/her sl@0: immediate environment. This capability protect the user's privacy. sl@0: sl@0: Examples are audio, picture and video recording, biometrics (such as blood sl@0: pressure) recording. sl@0: sl@0: Please note that the location of the device is excluded from this capability. sl@0: The protection of this is achieved by using the dedicated capability Location sl@0: */ sl@0: ECapabilityUserEnvironment = 19, sl@0: sl@0: sl@0: ECapability_Limit, /**< @internalTechnology */ sl@0: sl@0: ECapability_HardLimit = 255, /**< @internalTechnology */ sl@0: sl@0: ECapability_None = -1, /**< Special value used to specify 'do not care' or 'no capability'.*/ sl@0: sl@0: ECapability_Denied = -2 /**< Special value used to indicate a capability that is never granted. */ sl@0: }; sl@0: sl@0: sl@0: /** Define this macro to reference the names of the capabilities. This is here so sl@0: that ROMBUILD can accept capability names. sl@0: */ sl@0: #ifdef __REFERENCE_CAPABILITY_NAMES__ sl@0: sl@0: extern const char* const CapabilityNames[ECapability_Limit]; sl@0: sl@0: #endif // __REFERENCE_CAPABILITY_NAMES__ sl@0: sl@0: /** Define this macro to include the names of the capabilities. This is here so sl@0: that ROMBUILD can accept capability names. sl@0: */ sl@0: #ifdef __INCLUDE_CAPABILITY_NAMES__ sl@0: sl@0: /** List of names of all supported capabilities sl@0: Must be in the same order as the enumerators in TCapability sl@0: sl@0: @publishedAll sl@0: @released sl@0: */ sl@0: extern const char* const CapabilityNames[ECapability_Limit] = sl@0: { sl@0: "TCB", sl@0: "CommDD", sl@0: "PowerMgmt", sl@0: "MultimediaDD", sl@0: "ReadDeviceData", sl@0: "WriteDeviceData", sl@0: "DRM", sl@0: "TrustedUI", sl@0: "ProtServ", sl@0: "DiskAdmin", sl@0: "NetworkControl", sl@0: "AllFiles", sl@0: "SwEvent", sl@0: "NetworkServices", sl@0: "LocalServices", sl@0: "ReadUserData", sl@0: "WriteUserData", sl@0: "Location", sl@0: "SurroundingsDD", sl@0: "UserEnvironment" sl@0: }; sl@0: sl@0: #endif // __INCLUDE_CAPABILITY_NAMES__ sl@0: sl@0: #endif // __E32CAPABILITY_H__