williamr@2: // Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). williamr@2: // All rights reserved. williamr@2: // This component and the accompanying materials are made available williamr@4: // under the terms of the License "Eclipse Public License v1.0" williamr@2: // which accompanies this distribution, and is available williamr@4: // at the URL "http://www.eclipse.org/legal/epl-v10.html". williamr@2: // williamr@2: // Initial Contributors: williamr@2: // Nokia Corporation - initial contribution. williamr@2: // williamr@2: // Contributors: williamr@2: // williamr@2: // Description: williamr@2: // e32\include\e32capability.h williamr@2: // Platform security capability definitions williamr@2: // Used by both source code and tools williamr@2: // This file can be directly included into C++ tools such as ROMBUILD to allow williamr@2: // capabilities to be specified by name. To do the same for MAKMAKE (in MMP williamr@2: // files) some perl code will be needed to parse this file and extract the williamr@2: // capability names and values. williamr@2: // williamr@2: // williamr@2: williamr@2: #ifndef __E32CAPABILITY_H__ williamr@2: #define __E32CAPABILITY_H__ williamr@2: williamr@2: /** williamr@2: An enumeration that defines the set of all supported capabilities. williamr@2: williamr@2: @publishedAll williamr@2: @released williamr@2: */ williamr@2: enum TCapability williamr@2: { williamr@2: /** williamr@2: Grants write access to executables and shared read-only resources. williamr@2: williamr@2: This is the most critical capability as it grants access to executables and williamr@2: therefore to their capabilities. It also grants write access to williamr@2: the /sys and /resource directories. williamr@2: */ williamr@2: ECapabilityTCB = 0, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants direct access to all communication device drivers. This includes: williamr@2: the EComm, Ethernet, USB device drivers etc. williamr@2: */ williamr@2: ECapabilityCommDD = 1, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants the right: williamr@2: williamr@2: - to kill any process in the system williamr@2: - to power off unused peripherals williamr@2: - to switch the machine into standby state williamr@2: - to wake the machine up williamr@2: - to power the machine down completely. williamr@2: williamr@2: Note that this does not control access to anything and everything williamr@2: that might drain battery power. williamr@2: */ williamr@2: ECapabilityPowerMgmt = 2, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants direct access to all multimedia device drivers. williamr@2: williamr@2: This includes the sound, camera, video device drivers etc. williamr@2: */ williamr@2: ECapabilityMultimediaDD = 3, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants read access to network operator, phone manufacturer and device williamr@2: confidential settings or data. williamr@2: williamr@2: For example, the pin lock code, the list of applications that are installed. williamr@2: */ williamr@2: ECapabilityReadDeviceData = 4, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants write access to settings that control the behaviour of the device. williamr@2: williamr@2: For example, device lock settings, system time, time zone, alarms, etc. williamr@2: */ williamr@2: ECapabilityWriteDeviceData = 5, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants access to protected content. williamr@2: williamr@2: DRM (Digital Rights Management) agents use this capability to decide whether williamr@2: or not an application should have access to DRM content. williamr@2: Applications granted DRM are trusted to respect the rights associated williamr@2: with the content. williamr@2: */ williamr@2: ECapabilityDRM = 6, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants the right to create a trusted UI session, and therefore to display williamr@2: dialogs in a secure UI environment. williamr@2: williamr@2: Trusted UI dialogs are rare. They must be used only when confidentiality williamr@2: and security are critical; for example, for password dialogs. williamr@2: williamr@2: Normal access to the user interface and the screen does not require williamr@2: this capability. williamr@2: */ williamr@2: ECapabilityTrustedUI = 7, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants the right to a server to register with a protected name. williamr@2: williamr@2: Currently, protected names start with a "!" character. The kernel prevents williamr@2: servers without this capability from using such a name, and therefore williamr@2: prevents protected servers from being impersonated. williamr@2: */ williamr@2: ECapabilityProtServ = 8, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants access to disk administration operations that affect more than one williamr@2: file or one directory (or overall filesystem integrity/behaviour, etc). williamr@2: williamr@2: For examples, reformatting a disk partition. williamr@2: */ williamr@2: ECapabilityDiskAdmin = 9, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants the right to modify or access network protocol controls. williamr@2: williamr@2: Typically when an action can change the behaviour of all existing and williamr@2: future connections, it should be protected by this capability. williamr@2: williamr@2: For example, forcing all existing connections on a specific protocol williamr@2: to be dropped, or changing the priority of a call. williamr@2: */ williamr@2: ECapabilityNetworkControl = 10, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants read access to the entire file system; grants write access to williamr@2: the private directories of other processes. williamr@2: williamr@2: This capability is very strictly controlled and should rarely be granted. williamr@2: */ williamr@2: ECapabilityAllFiles = 11, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants the right to generate software key & pen events, and to capture any williamr@2: of them regardless of the status of the application. williamr@2: williamr@2: Note that after obtaining the focus, normal applications do not need this williamr@2: capability to be dispatched key and pen events. williamr@2: */ williamr@2: ECapabilitySwEvent = 12, williamr@2: williamr@2: williamr@2: /** williamr@2: A user capability that grants access to remote services without any williamr@2: restriction on its physical location. williamr@2: williamr@2: Typically, such a location is unknown to the phone user, and such services williamr@2: may incur cost for the phone user. williamr@2: williamr@2: Voice calls, SMS, and internet services are good examples of williamr@2: such network services. They are supported by GSM, CDMA and all IP transport williamr@2: protocols including Bluetooth profiles over IP. williamr@2: */ williamr@2: ECapabilityNetworkServices = 13, williamr@2: williamr@2: williamr@2: /** williamr@2: A user capability that grants access to remote services in the close williamr@2: vicinity of the phone. williamr@2: williamr@2: The location of the remote service is well-known to the phone user, and in williamr@2: most cases, such services will not incur cost for the phone user. williamr@2: */ williamr@2: ECapabilityLocalServices = 14, williamr@2: williamr@2: williamr@2: /** williamr@2: A user capability that grants read access to data that is confidential to williamr@2: the phone user. williamr@2: williamr@2: This capability supports the management of the user's privacy. williamr@2: williamr@2: Typically, contacts, messages and appointments are always seen user williamr@2: confidential data. williamr@2: */ williamr@2: ECapabilityReadUserData = 15, williamr@2: williamr@2: williamr@2: /** williamr@2: A user capability that grants write access to user data. williamr@2: williamr@2: This capability supports the management of the integrity of user data. williamr@2: williamr@2: Note that this capability is not symmetric with the ECapabilityReadUserData williamr@2: capability. For example, you may want to prevent rogue applications from williamr@2: deleting music tracks but you may not want to restrict read access to them. williamr@2: */ williamr@2: ECapabilityWriteUserData = 16, williamr@2: williamr@2: williamr@2: /** williamr@2: A user capability that grants access to the location of the device. williamr@2: williamr@2: This capability supports the management of the user's privacy with regard williamr@2: to the phone location. williamr@2: */ williamr@2: ECapabilityLocation = 17, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants access to logical device drivers that provide input information about williamr@2: the surroundings of the device. williamr@2: williamr@2: Good examples of drivers that require this capability would be GPS and biometrics williamr@2: device drivers. For complex multimedia logical device drivers that provide both williamr@2: input and output functions, such as Sound device driver, the MultimediaDD williamr@2: capability should be used if it is too difficult to separate the input from the williamr@2: output calls at its API level. williamr@2: */ williamr@2: ECapabilitySurroundingsDD = 18, williamr@2: williamr@2: williamr@2: /** williamr@2: Grants access to live confidential information about the user and his/her williamr@2: immediate environment. This capability protect the user's privacy. williamr@2: williamr@2: Examples are audio, picture and video recording, biometrics (such as blood williamr@2: pressure) recording. williamr@2: williamr@2: Please note that the location of the device is excluded from this capability. williamr@2: The protection of this is achieved by using the dedicated capability Location williamr@2: */ williamr@2: ECapabilityUserEnvironment = 19, williamr@2: williamr@2: williamr@2: ECapability_Limit, /**< @internalTechnology */ williamr@2: williamr@2: ECapability_HardLimit = 255, /**< @internalTechnology */ williamr@2: williamr@2: ECapability_None = -1, /**< Special value used to specify 'do not care' or 'no capability'.*/ williamr@2: williamr@2: ECapability_Denied = -2 /**< Special value used to indicate a capability that is never granted. */ williamr@2: }; williamr@2: williamr@2: williamr@2: /** Define this macro to reference the names of the capabilities. This is here so williamr@2: that ROMBUILD can accept capability names. williamr@2: */ williamr@2: #ifdef __REFERENCE_CAPABILITY_NAMES__ williamr@2: williamr@2: extern const char* const CapabilityNames[ECapability_Limit]; williamr@2: williamr@2: #endif // __REFERENCE_CAPABILITY_NAMES__ williamr@2: williamr@2: /** Define this macro to include the names of the capabilities. This is here so williamr@2: that ROMBUILD can accept capability names. williamr@2: */ williamr@2: #ifdef __INCLUDE_CAPABILITY_NAMES__ williamr@2: williamr@2: /** List of names of all supported capabilities williamr@2: Must be in the same order as the enumerators in TCapability williamr@2: williamr@2: @publishedAll williamr@2: @released williamr@2: */ williamr@2: extern const char* const CapabilityNames[ECapability_Limit] = williamr@2: { williamr@2: "TCB", williamr@2: "CommDD", williamr@2: "PowerMgmt", williamr@2: "MultimediaDD", williamr@2: "ReadDeviceData", williamr@2: "WriteDeviceData", williamr@2: "DRM", williamr@2: "TrustedUI", williamr@2: "ProtServ", williamr@2: "DiskAdmin", williamr@2: "NetworkControl", williamr@2: "AllFiles", williamr@2: "SwEvent", williamr@2: "NetworkServices", williamr@2: "LocalServices", williamr@2: "ReadUserData", williamr@2: "WriteUserData", williamr@2: "Location", williamr@2: "SurroundingsDD", williamr@2: "UserEnvironment" williamr@2: }; williamr@2: williamr@2: #endif // __INCLUDE_CAPABILITY_NAMES__ williamr@2: williamr@2: #endif // __E32CAPABILITY_H__