|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 * |
|
17 */ |
|
18 |
|
19 |
|
20 #ifndef hspsSECURITYENFORCER_H |
|
21 #define hspsSECURITYENFORCER_H |
|
22 |
|
23 #include <e32base.h> |
|
24 |
|
25 #include "hsps_builds_cfg.hrh" |
|
26 |
|
27 #ifdef HSPS_LOG_ACTIVE |
|
28 class ChspsLogBus; |
|
29 #endif |
|
30 |
|
31 class ChspsODT; |
|
32 class ChspsDefinitionRepository; |
|
33 class CRepository; |
|
34 |
|
35 /** |
|
36 * ChspsSecurityEnforcer performs all security related functions in HSPS. |
|
37 * These functions are the following: |
|
38 * - control user access on service request, and |
|
39 * - adjust user access in queries. |
|
40 * |
|
41 * Function are explained below: |
|
42 * |
|
43 * CheckAccessRightsL() |
|
44 * -------------------- |
|
45 * CheckAccessRightsL() function is called by CPolicyServer when hspsThemeServer |
|
46 * receives user request. |
|
47 * Access rights are hard-coded here for S60 5.0, however, in later versions |
|
48 * support for dynamic configuration of access rights must atken care. |
|
49 * This would be appropriate to solve together TARM-policy implementation. |
|
50 * |
|
51 * CheckQueryValidityL() |
|
52 * ------------------- |
|
53 * CheckQueryValidityL() function is called by hsps Theme Server's service handlers |
|
54 * (ChspsInstallionHandler, ChspsMaintenanceHandler, and ChspsClientRequestHandler) for adjusting |
|
55 * user request to match the access rights level that user actually have. |
|
56 * This function is to be called immediately when actual ODT is known. |
|
57 * In the istallation cases, ODT is known after manifest-file parsing. |
|
58 * In the maintenanace cases, ODT is known immediately on query. |
|
59 * In the theme usage cases, ODT is known when it application theme has retrieved from |
|
60 * UI Definition Repository. |
|
61 * For instance, if user is requesting the theme listing (message hspsGetListHeaders) with |
|
62 * application UID set to 0 in query meaning that the query concerns all themes in storage. |
|
63 * However, if user is not S60 Personalisation Application, the query must be restricted to |
|
64 * the themes which belongs to the this particular client only. |
|
65 * This solution follows the recilient server approach; when function is called, the user |
|
66 * access rights are already checked by CheckUserAccessRightsL() function. In this sense, |
|
67 * offering recilient service by adjusting user access insteads of denying it is reasonable |
|
68 * resolution. |
|
69 * @ingroup group_hspsserver |
|
70 * @lib hspsThemeServer.exe |
|
71 * @since S60 5.0 |
|
72 */ |
|
73 class ChspsSecurityEnforcer: public CBase, public MhspsSecurityService |
|
74 { |
|
75 public: // Destructor |
|
76 |
|
77 static ChspsSecurityEnforcer* NewL( ChspsDefinitionRepository& aDefRep, CRepository& aCenRep ); |
|
78 |
|
79 /** |
|
80 * Destructor. |
|
81 */ |
|
82 virtual ~ChspsSecurityEnforcer(); |
|
83 |
|
84 public: // Functions from base classes |
|
85 |
|
86 /** |
|
87 * From MhspsSecurityService |
|
88 * Checks if Licensee Default theme exists. This method is used if a theme that |
|
89 * is either User or Operator Default is installed. |
|
90 * @since S60 5.0 |
|
91 * @param aODT ODT of the installed theme |
|
92 * @return void |
|
93 */ |
|
94 void CheckIfLicenseeDefaultExistsL( const ChspsODT& aOdt ); |
|
95 |
|
96 /** |
|
97 * From MhspsSecurityService CheckAccessRightsL |
|
98 * @since S60 5.0 |
|
99 * @param aMessage is the RMessage2 containing the client request data. |
|
100 * Client's access rights in requesting a service of hsps Theme Server |
|
101 * is to be checked. |
|
102 * @return ETrue if request has passed the access rights check, otherwise returns EFalse. |
|
103 */ |
|
104 TBool CheckAccessRightsL( const RMessage2& aMessage ); |
|
105 |
|
106 TBool CheckThemeLockingL( const ChspsODT& aOdt ); |
|
107 |
|
108 #ifdef HSPS_LOG_ACTIVE |
|
109 /** |
|
110 * Set log bus. |
|
111 */ |
|
112 void SetLogBus( ChspsLogBus* aLogBus ); |
|
113 #endif |
|
114 |
|
115 private: |
|
116 /** |
|
117 * ChspsSecurityEnforcer |
|
118 * C++ default constructor |
|
119 * @since S60 5.0 |
|
120 */ |
|
121 ChspsSecurityEnforcer( ChspsDefinitionRepository& aDefRep, CRepository& aCenRep ); |
|
122 |
|
123 /** |
|
124 * ConstructL. |
|
125 * By default Symbian 2nd phase constructor is private. |
|
126 * @since S60 5.0 |
|
127 */ |
|
128 void ConstructL(); |
|
129 |
|
130 /** |
|
131 * HandleAccessControlListL |
|
132 * Parse UIDs from descriptor buffer aStrBuf to array of intergers. |
|
133 */ |
|
134 void HandleAccessControlListL(const TDesC8& aStrBuf, RArray<TInt>& aArray); |
|
135 |
|
136 /** |
|
137 * CheckAccessControlListL |
|
138 * Checks whether aUid found in access control list. |
|
139 * returns ETrue if uid is found |
|
140 */ |
|
141 TBool CheckAccessControlListL( TInt aUid ); |
|
142 |
|
143 private: |
|
144 // Reference to definition repository |
|
145 ChspsDefinitionRepository& iDefRep; |
|
146 |
|
147 // Reference to central repository |
|
148 CRepository& iCentralRepository; |
|
149 |
|
150 // Access control list |
|
151 RArray<TInt> iAccessControlList; |
|
152 #ifdef HSPS_LOG_ACTIVE |
|
153 // Log bus. Not owned. |
|
154 ChspsLogBus* iLogBus; |
|
155 #endif |
|
156 }; |
|
157 |
|
158 #endif // hspsSECURITYENFORCER_H |
|
159 |
|
160 // End of File |