1.1 --- a/epoc32/include/e32capability.h Tue Nov 24 13:55:44 2009 +0000
1.2 +++ b/epoc32/include/e32capability.h Tue Mar 16 16:12:26 2010 +0000
1.3 @@ -1,1 +1,305 @@
1.4 -e32capability.h
1.5 +// Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
1.6 +// All rights reserved.
1.7 +// This component and the accompanying materials are made available
1.8 +// under the terms of the License "Symbian Foundation License v1.0" to Symbian Foundation members and "Symbian Foundation End User License Agreement v1.0" to non-members
1.9 +// which accompanies this distribution, and is available
1.10 +// at the URL "http://www.symbianfoundation.org/legal/licencesv10.html".
1.11 +//
1.12 +// Initial Contributors:
1.13 +// Nokia Corporation - initial contribution.
1.14 +//
1.15 +// Contributors:
1.16 +//
1.17 +// Description:
1.18 +// e32\include\e32capability.h
1.19 +// Platform security capability definitions
1.20 +// Used by both source code and tools
1.21 +// This file can be directly included into C++ tools such as ROMBUILD to allow
1.22 +// capabilities to be specified by name. To do the same for MAKMAKE (in MMP
1.23 +// files) some perl code will be needed to parse this file and extract the
1.24 +// capability names and values.
1.25 +//
1.26 +//
1.27 +
1.28 +#ifndef __E32CAPABILITY_H__
1.29 +#define __E32CAPABILITY_H__
1.30 +
1.31 +/**
1.32 +An enumeration that defines the set of all supported capabilities.
1.33 +
1.34 +@publishedAll
1.35 +@released
1.36 +*/
1.37 +enum TCapability
1.38 + {
1.39 + /**
1.40 + Grants write access to executables and shared read-only resources.
1.41 +
1.42 + This is the most critical capability as it grants access to executables and
1.43 + therefore to their capabilities. It also grants write access to
1.44 + the /sys and /resource directories.
1.45 + */
1.46 + ECapabilityTCB = 0,
1.47 +
1.48 +
1.49 + /**
1.50 + Grants direct access to all communication device drivers. This includes:
1.51 + the EComm, Ethernet, USB device drivers etc.
1.52 + */
1.53 + ECapabilityCommDD = 1,
1.54 +
1.55 +
1.56 + /**
1.57 + Grants the right:
1.58 +
1.59 + - to kill any process in the system
1.60 + - to power off unused peripherals
1.61 + - to switch the machine into standby state
1.62 + - to wake the machine up
1.63 + - to power the machine down completely.
1.64 +
1.65 + Note that this does not control access to anything and everything
1.66 + that might drain battery power.
1.67 + */
1.68 + ECapabilityPowerMgmt = 2,
1.69 +
1.70 +
1.71 + /**
1.72 + Grants direct access to all multimedia device drivers.
1.73 +
1.74 + This includes the sound, camera, video device drivers etc.
1.75 + */
1.76 + ECapabilityMultimediaDD = 3,
1.77 +
1.78 +
1.79 + /**
1.80 + Grants read access to network operator, phone manufacturer and device
1.81 + confidential settings or data.
1.82 +
1.83 + For example, the pin lock code, the list of applications that are installed.
1.84 + */
1.85 + ECapabilityReadDeviceData = 4,
1.86 +
1.87 +
1.88 + /**
1.89 + Grants write access to settings that control the behaviour of the device.
1.90 +
1.91 + For example, device lock settings, system time, time zone, alarms, etc.
1.92 + */
1.93 + ECapabilityWriteDeviceData = 5,
1.94 +
1.95 +
1.96 + /**
1.97 + Grants access to protected content.
1.98 +
1.99 + DRM (Digital Rights Management) agents use this capability to decide whether
1.100 + or not an application should have access to DRM content.
1.101 + Applications granted DRM are trusted to respect the rights associated
1.102 + with the content.
1.103 + */
1.104 + ECapabilityDRM = 6,
1.105 +
1.106 +
1.107 + /**
1.108 + Grants the right to create a trusted UI session, and therefore to display
1.109 + dialogs in a secure UI environment.
1.110 +
1.111 + Trusted UI dialogs are rare. They must be used only when confidentiality
1.112 + and security are critical; for example, for password dialogs.
1.113 +
1.114 + Normal access to the user interface and the screen does not require
1.115 + this capability.
1.116 + */
1.117 + ECapabilityTrustedUI = 7,
1.118 +
1.119 +
1.120 + /**
1.121 + Grants the right to a server to register with a protected name.
1.122 +
1.123 + Currently, protected names start with a "!" character. The kernel prevents
1.124 + servers without this capability from using such a name, and therefore
1.125 + prevents protected servers from being impersonated.
1.126 + */
1.127 + ECapabilityProtServ = 8,
1.128 +
1.129 +
1.130 + /**
1.131 + Grants access to disk administration operations that affect more than one
1.132 + file or one directory (or overall filesystem integrity/behaviour, etc).
1.133 +
1.134 + For examples, reformatting a disk partition.
1.135 + */
1.136 + ECapabilityDiskAdmin = 9,
1.137 +
1.138 +
1.139 + /**
1.140 + Grants the right to modify or access network protocol controls.
1.141 +
1.142 + Typically when an action can change the behaviour of all existing and
1.143 + future connections, it should be protected by this capability.
1.144 +
1.145 + For example, forcing all existing connections on a specific protocol
1.146 + to be dropped, or changing the priority of a call.
1.147 + */
1.148 + ECapabilityNetworkControl = 10,
1.149 +
1.150 +
1.151 + /**
1.152 + Grants read access to the entire file system; grants write access to
1.153 + the private directories of other processes.
1.154 +
1.155 + This capability is very strictly controlled and should rarely be granted.
1.156 + */
1.157 + ECapabilityAllFiles = 11,
1.158 +
1.159 +
1.160 + /**
1.161 + Grants the right to generate software key & pen events, and to capture any
1.162 + of them regardless of the status of the application.
1.163 +
1.164 + Note that after obtaining the focus, normal applications do not need this
1.165 + capability to be dispatched key and pen events.
1.166 + */
1.167 + ECapabilitySwEvent = 12,
1.168 +
1.169 +
1.170 + /**
1.171 + A user capability that grants access to remote services without any
1.172 + restriction on its physical location.
1.173 +
1.174 + Typically, such a location is unknown to the phone user, and such services
1.175 + may incur cost for the phone user.
1.176 +
1.177 + Voice calls, SMS, and internet services are good examples of
1.178 + such network services. They are supported by GSM, CDMA and all IP transport
1.179 + protocols including Bluetooth profiles over IP.
1.180 + */
1.181 + ECapabilityNetworkServices = 13,
1.182 +
1.183 +
1.184 + /**
1.185 + A user capability that grants access to remote services in the close
1.186 + vicinity of the phone.
1.187 +
1.188 + The location of the remote service is well-known to the phone user, and in
1.189 + most cases, such services will not incur cost for the phone user.
1.190 + */
1.191 + ECapabilityLocalServices = 14,
1.192 +
1.193 +
1.194 + /**
1.195 + A user capability that grants read access to data that is confidential to
1.196 + the phone user.
1.197 +
1.198 + This capability supports the management of the user's privacy.
1.199 +
1.200 + Typically, contacts, messages and appointments are always seen user
1.201 + confidential data.
1.202 + */
1.203 + ECapabilityReadUserData = 15,
1.204 +
1.205 +
1.206 + /**
1.207 + A user capability that grants write access to user data.
1.208 +
1.209 + This capability supports the management of the integrity of user data.
1.210 +
1.211 + Note that this capability is not symmetric with the ECapabilityReadUserData
1.212 + capability. For example, you may want to prevent rogue applications from
1.213 + deleting music tracks but you may not want to restrict read access to them.
1.214 + */
1.215 + ECapabilityWriteUserData = 16,
1.216 +
1.217 +
1.218 + /**
1.219 + A user capability that grants access to the location of the device.
1.220 +
1.221 + This capability supports the management of the user's privacy with regard
1.222 + to the phone location.
1.223 + */
1.224 + ECapabilityLocation = 17,
1.225 +
1.226 +
1.227 + /**
1.228 + Grants access to logical device drivers that provide input information about
1.229 + the surroundings of the device.
1.230 +
1.231 + Good examples of drivers that require this capability would be GPS and biometrics
1.232 + device drivers. For complex multimedia logical device drivers that provide both
1.233 + input and output functions, such as Sound device driver, the MultimediaDD
1.234 + capability should be used if it is too difficult to separate the input from the
1.235 + output calls at its API level.
1.236 + */
1.237 + ECapabilitySurroundingsDD = 18,
1.238 +
1.239 +
1.240 + /**
1.241 + Grants access to live confidential information about the user and his/her
1.242 + immediate environment. This capability protect the user's privacy.
1.243 +
1.244 + Examples are audio, picture and video recording, biometrics (such as blood
1.245 + pressure) recording.
1.246 +
1.247 + Please note that the location of the device is excluded from this capability.
1.248 + The protection of this is achieved by using the dedicated capability Location
1.249 + */
1.250 + ECapabilityUserEnvironment = 19,
1.251 +
1.252 +
1.253 + ECapability_Limit, /**< @internalTechnology */
1.254 +
1.255 + ECapability_HardLimit = 255, /**< @internalTechnology */
1.256 +
1.257 + ECapability_None = -1, /**< Special value used to specify 'do not care' or 'no capability'.*/
1.258 +
1.259 + ECapability_Denied = -2 /**< Special value used to indicate a capability that is never granted. */
1.260 + };
1.261 +
1.262 +
1.263 +/** Define this macro to reference the names of the capabilities. This is here so
1.264 + that ROMBUILD can accept capability names.
1.265 +*/
1.266 +#ifdef __REFERENCE_CAPABILITY_NAMES__
1.267 +
1.268 +extern const char* const CapabilityNames[ECapability_Limit];
1.269 +
1.270 +#endif // __REFERENCE_CAPABILITY_NAMES__
1.271 +
1.272 +/** Define this macro to include the names of the capabilities. This is here so
1.273 + that ROMBUILD can accept capability names.
1.274 +*/
1.275 +#ifdef __INCLUDE_CAPABILITY_NAMES__
1.276 +
1.277 +/** List of names of all supported capabilities
1.278 + Must be in the same order as the enumerators in TCapability
1.279 +
1.280 +@publishedAll
1.281 +@released
1.282 +*/
1.283 +extern const char* const CapabilityNames[ECapability_Limit] =
1.284 + {
1.285 + "TCB",
1.286 + "CommDD",
1.287 + "PowerMgmt",
1.288 + "MultimediaDD",
1.289 + "ReadDeviceData",
1.290 + "WriteDeviceData",
1.291 + "DRM",
1.292 + "TrustedUI",
1.293 + "ProtServ",
1.294 + "DiskAdmin",
1.295 + "NetworkControl",
1.296 + "AllFiles",
1.297 + "SwEvent",
1.298 + "NetworkServices",
1.299 + "LocalServices",
1.300 + "ReadUserData",
1.301 + "WriteUserData",
1.302 + "Location",
1.303 + "SurroundingsDD",
1.304 + "UserEnvironment"
1.305 + };
1.306 +
1.307 +#endif // __INCLUDE_CAPABILITY_NAMES__
1.308 +
1.309 +#endif // __E32CAPABILITY_H__