/*
* Copyright (c) 2007-2008 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description: Client side proxy class representing script session
*
*/
#ifndef _CRTSECMGRSCRIPTSESSION_H_
#define _CRTSECMGRSCRIPTSESSION_H_
#include <rtsecmanager.rsg>
#include <rtsecmgrcommondef.h>
#include <rtsecmgrpermission.h>
#include <rtsecmgrscript.h>
#include <rtsecmgrtrustinfo.h>
class CCoeEnv;
class CRTSecMgrSubSessionProxy;
/**
* Type holding data to be used while prompting.
*
* The default or custom (runtime over-ridden) prompt handler requires the permission
* type to prompt and the user-selection to be returned to security
* manager for access permission check
*
* @lib rtsecmgrclient.lib
*/
class CPromptData : public CBase
{
public:
/**
* Two-phased constructor
*
* Constructs a CPromptData instance
*
* @return pointer to an instance of CPromptData
*/
static CPromptData* NewL()
{
CPromptData* self = CPromptData::NewLC ();
CleanupStack::Pop (self);
return self;
}
/**
* Two-phased constructor
*
* Constructs a CPromptData instance and leaves the created instance
* onto the cleanupstack.
*
* @return pointer to an instance of CPromptData
*/
static CPromptData* NewLC()
{
CPromptData* self = new (ELeave) CPromptData();
CleanupStack::PushL (self);
self->ConstructL ();
return self;
}
/**
* Destructor
*
*/
~CPromptData()
{
if(iPermission)
delete iPermission;
}
/*
*
*
*/
void ConstructL()
{
}
/**
* Returns permission data
*
* @return an object containing the permission data
*/
inline CPermission* Permission() const
{
return iPermission;
}
/**
* Sets the user-selection data
*
* @param aUserSelection TUserPromptOption user-selected data value
*/
inline void SetUserSelection(TUserPromptOption aUserSelection)
{
iUserSelection = aUserSelection;
}
/**
* Sets the permission value of the domain
*
* @param aPermission CPermission permission value of the domain
*/
inline void SetPermissions(CPermission& aPermission)
{
if(iPermission)
{
delete iPermission;
iPermission = NULL;
}
iPermission = CPermission::NewL(aPermission);
//iPermission = &aPermission;
}
private:
//private default constructor
CPromptData::CPromptData() :
iUserSelection(RTUserPrompt_UnDefined)
{
}
//private permission data
CPermission* iPermission;
//private user-selection
TUserPromptOption iUserSelection;
friend class CRTSecMgrScriptSession;
};
//typdef to model list of prompt data structure
typedef RPointerArray<CPromptData> RPromptDataList;
typedef RArray<TInt> RResourceArray;
/*
* Prompt callback handler class.
*
* Runtimes should implement the prompt handler function to prompt the user
* and to obtain the user option chosen. The prompt data are used by
* runtime security manager for further access permission check.
*
* If runtimes do not override prompt handling, security manager component
* would then provide default prompt handler functionality.
*
* @lib rtsecmgrclient.lib
*/
class MSecMgrPromptHandler
{
public:
/**
* Prompts the user.
*
* @param aPromptDataList RPromptDataList list of prompt data used by
* prompt callback handler to show to the user
*
* @return KErrNone if prompting successful; In case of failure, one of
* system wide error codes
*/
virtual TInt Prompt(RPromptDataList& aPromptDataList , TExecutableID aExecID = KAnonymousScript) =0;
/**
* Sets the user chosen prompt selection.
*
* @param aPromptUiOption TSecMgrPromptUIOption prompt selection
*/
virtual void SetPromptOption(TSecMgrPromptUIOption aPromptUiOption) =0;
/**
* Returns the prompt selection
*
* @return TSecMgrPromptUIOption the prompt selection
*/
virtual TSecMgrPromptUIOption PromptOption() const =0;
};
struct TPermanentInfo
{
TPermGrant iAllowedBits; //permanent allowed caps
TPermGrant iDeniedBits; //permanent denied caps
RProviderArray iAllowedProviders; //permanent allowed providers
RProviderArray iDeniedProviders; //permanent denied providers
};
struct TSessionInfo
{
TCapabilityBitSet AllowedCaps; //caps allowed for this session (caps allowed for this session & perm allowed)
TCapabilityBitSet DeniedCaps; //caps denied for this sesion (caps denied for this session & perm denied)
RProviderArray AllowedProviders;//providers allowed for this session
RProviderArray DeniedProviders;//providers denied for this session
};
/**
*
* Thin proxy to the client side sub-session handle.
*
* This class implements the default prompt handling functionality. In addition, the main
* functionality of native platform access check is performed by CRTSecMgrScriptSession.
*
* @lib rtsecmgrclient.lib
*
*/
NONSHARABLE_CLASS(CRTSecMgrScriptSession) : public CBase, MSecMgrPromptHandler
{
public:
/**
* Two-phased constructor
*
* Constructs a CRTSecMgrScriptSession instance
*
* Initializes client side script sub-session.
*
* @param MSecMgrPromptHandler pointer to a prompt handler callback
*
* @return pointer to an instance of CRTSecMgrScriptSession if succesful;
* Otherwise NULL
*/
static CRTSecMgrScriptSession* NewL(MSecMgrPromptHandler* aPromptHdlr=0);
/**
* Two-phased constructor
*
* Constructs a CRTSecMgrScriptSession instance and leaves the created instance
* on the cleanupstack
*
* Initializes client side script sub-session.
*
* @param MSecMgrPromptHandler pointer to a prompt handler callback
*
* @return pointer to an instance of CRTSecMgrScriptSession if succesful;
* Otherwise NULL
*/
static CRTSecMgrScriptSession* NewLC(MSecMgrPromptHandler* aPromptHdlr=0);
/**
* Callback funciton for moreinfo link in advanced prompt
*
* Calls the moreinfo function for indivudual capability or for a alias group
*
* @param aCallbackParam TAny* pointer to TCallbackParam
*
*/
static TInt LinkCallback(TAny *aCallbackParam);
/**
* Destructor
*
* Closes the sub-session
*
*/
IMPORT_C ~CRTSecMgrScriptSession();
/**
* Opens security manager script sub-session. This method in turn opens a
* sub-session on the server side, by bringing script related data onto the cache.
*
* @param aParentSession RSessionBase handle to parent security manager session
* @param aPolicyID TPolicyID policy identifier of the script associated with this script session
* @param aExecID TExecutableID identifier of the script associated with this script session
*
* @return KErrNone if successful; In case of failure, one of system wide error cods
*/
TInt Open(const RSessionBase& aParentSession,TPolicyID aPolicyID,TExecutableID aExecID);
/**
* Opens security manager script sub-session. This method in turn opens a
* sub-session on the server side, by bringing script related data onto the cache.
*
* @param aParentSession RSessionBase handle to parent security manager session
* @param aPolicyID TPolicyID policy identifier of the script associated with this script session
* @param aExecID TExecutableID identifier of the script associated with this script session
* @param aHashValue TDesC hash value of the scrpt passed while registering the script
*
* @return KErrNone if successful; In case of failure, one of system wide error cods
*/
TInt Open(const RSessionBase& aParentSession,TPolicyID aPolicyID,TExecutableID aExecID,const TDesC& aHashValue);
/**
* Opens security manager script sub-session. This method in turn opens a
* sub-session on the server side, by bringing script related data onto the cache.
*
* @param aParentSession RSessionBase handle to parent security manager session
* @param aPolicyID TPolicyID policy identifier of the script associated with this script session
* @param aExecID TExecutableID identifier of the script associated with this script session
* @param aTrustInfo CTrustInfo trust data structure
*
* @return KErrNone if successful; In case of failure, one of system wide error cods
*/
TInt Open(const RSessionBase& aParentSession,TPolicyID aPolicyID,TExecutableID aExecID,const CTrustInfo& aTrustInfo);
/**
* Performs access permission check
*
* This method evaluates access permission by comparing the expected capabilities
* to perform service invocation with the capabilities of the script. The
* capabilities of the script is computed as sum of :
*
* - default allowed capabilities as specified in security access policy
* - user-granted capabilities, allowed by user while prompting
*
* The capabilities allowed by the user could be of various durations, like
* session-based, blanket/permanent and the one valid for the current invocation only
* (one-shot)
*
* @param aCapabilitiesToCheck RCapabilityArray list of capabilities to be checked against
* script's capbilities
*
* @return EAccessOk if the access permission check is successful; Else, EAccessNOk
*/
IMPORT_C TInt IsAllowed(const RCapabilityArray& aCapabilitiesToCheck);
/**
* Performs access permission check
*
* This overloaded method evaluates access permission by comparing the expected capabilities
* to perform service invocation with the capabilities of the script. The
* capabilities of the script is computed as sum of :
*
* - default allowed capabilities as specified in security access policy
* - user-granted capabilities, allowed by user while prompting
*
* The capabilities allowed by the user could be of various durations, like
* session-based, blanket/permanent and the one valid for the current invocation only
* (one-shot)
*
* This overloaded version returns the list of capabilities that do not match after
* access permission check. This can be used by the client to display to the user the
* list of unmatched capabilities
*
* @param aCapabilitiesToCheck RCapabilityArray list of capabilities to be checked against
* script's capbilities
* @param aUnMatchedCapabilities RCapabilityArray list of unmatched capabilities
*
* @return EAccessOk if the access permission check is successful; Else, EAccessNOk
*/
IMPORT_C TInt IsAllowed(const RCapabilityArray& aCapabilitiesToCheck,RCapabilityArray& aUnMatchedCapabilities);
/**
* Performs access permission check
*
* This overloaded method evaluates access permission by comparing the expected capabilities
* to perform service invocation with the capabilities of the script. The
* capabilities of the script is computed as sum of :
*
* - default allowed capabilities as specified in security access policy
* - user-granted capabilities, allowed by user while prompting
*
* The capabilities allowed by the user could be of various durations, like
* session-based, blanket/permanent and the one valid for the current invocation only
* (one-shot)
*
* This overloaded version returns the list of capabilities that do not match after
* access permission check. This can be used by the client to display to the user the
* list of unmatched capabilities
*
* @param aCapabilitiesToCheck RCapabilityArray list of capabilities to be checked against
* script's capbilities
* @param aProviderUid TProviderUid The provider that is being loaded
* @param aResourceFilePath TFileName resource file containing the string to prompt.
*
* @return EAccessOk if the access permission check is successful; Else, EAccessNOk
*/
IMPORT_C TInt IsAllowed(const RCapabilityArray& aCapabilitiesToCheck, TProviderUid aProviderUid, TFileName aResourceFileName);
/**
* Definition of default prompt handler.
*
* @param aPromptDataList RPromptDataList list of prompt data used by
* prompt callback handler to show to the user
*
* @return KErrNone if prompting successful; In case of failure, one of
* system wide error codes
*
*/
TInt Prompt(RPromptDataList& aPromptDataList , TExecutableID aExecID = KAnonymousScript);
/**
* Definition of cost notification.
*
*/
void PromptCostL() ;
/**
* Gets the underlying script object
*
* This method is to be used by components, such as application manager,
* that are interested in displaying script related information to the user.
*
* Following are the script related information:
*
* - Capabilities allowed by default
* - User-grantable capabilities
* - Currently allowed or denied blanket permissions
*
* Note that this method should not be used by runtimes unless and until there is
* a strong design justification
*
* @return a reference to underlying script object
*/
inline CScript& CRTSecMgrScriptSession::Script()
{
return *iScript;
}
/**
* Returns prompt handler reference
*
* @return reference to prompt handler
*/
inline MSecMgrPromptHandler* PromptHandler() const
{
return iPromptHdlr;
}
/**
* Sets prompt UI option. The supported prompt options are :
*
* - Basic/Default
* - Advanced
*
* The difference between the basic and advanced prompt option
* reisdes in the fact the number of prompt options and the corresponding
* prompt texts displayed would be different.
*
* If not explictly, the default prompt UI option is set to basic/default prompt UI.
*
* @param aUIPromptOption TSecMgrPromptUIOption basic/advanced prompt UI option
*/
inline void SetPromptOption(TSecMgrPromptUIOption aUIPromptOption)
{
iUIPromptOption = aUIPromptOption;
}
/**
* Gets prompt UI option. The supported prompt options are :
*
* - Basic/Default
* - Advanced
*
* The difference between the basic and advanced prompt option
* reisdes in the fact the number of prompt options and the corresponding
* prompt texts displayed would be different.
*
* @return aUIPromptOption TSecMgrPromptUIOption basic/advanced prompt UI option
*/
inline TSecMgrPromptUIOption PromptOption() const
{
return iUIPromptOption;
}
/**
* Sets the application name to the value passed by the runtime.
* The name is displayed as part of the prompt for provider based prompting.
* If name is not set then the default name is used.
*
* @param aName TDesC& name of the application.
*/
IMPORT_C void SetApplicationNameL(const TDesC& aName);
private:
/*
* Default private constructor
*
*/
CRTSecMgrScriptSession(MSecMgrPromptHandler* aPromptHdlr=0);
/*
* Two phased constructor
*
*/
void ConstructL();
/*
* Contains prompt logic
*
*/
TInt Prompt(CPromptData* aPromptData);
/*
* Private default implementation for advanced prompt UI option
*
*/
TInt PromptAdvanced(CPromptData* aPromptData);
/*
* Logic for displaying more inormation when the user selects more info
*
*/
TInt MoreInfoL(CPromptData& aPromptData);
/*
* Logic identifying the user-selection of prompt
* duration
*
*/
void HandleGrantChosen(CPromptData* aPromptData,
TCapabilityBitSet aCapBitSet, TCapabilityBitSet& aAllowedCaps,
TBool& aIsPermGrantModified);
/*
* Private implementation to update blanket permission data
*
*/
void UpdatePermGrant();
/*
* Conversion utility to convert a single 32-bit value to the list of
* capabilities (RArray<TCapability>)
*
*/
void BuildCapsL(TCapabilityBitSet aCapBitSet, RCapabilityArray& aInOutTCapList);
/*
* Private implementation to evaluate access permission check
*
*/
TInt IsAllowed(const RCapabilityArray& aCapsToCheck,RPromptDataList& aPromptDataList,TCapabilityBitSet& aUnMatchedCapBits);
/*
* Private implementation to evaluate access permission check. This
* overloaded version additionally returns the unmatched capabilities
*
*/
TInt IsAllowed(const RCapabilityArray& aCapsToCheck,TCapabilityBitSet& aUnMatchedCapBits);
/*
* Conversion utility to generate an unsigned 32-bit value toggling the individual bits
* to the corresponding TCapability value
*
*/
void AddCapability(TCapabilityBitSet& aInOutCapBitSet, TCapability aCapToSet);
/*
* Attempts to close the script sub-session
*
*/
void Close();
/*
* Function to add the security manager resource file to the CONE environment
*/
void AddResourceFiles();
/*
* Function to add the provider's resource file from which the body of the prompt is populated.
*
* @param aResourceFileName TFileName The resource file to be added to the CONE environment
*/
TInt AddProviderResourceFile(TFileName aResourceFileName);
/*
* Close all the resource files added to the CONE environment
*/
void CloseResourceFiles();
private:
/*
* permissions allowed or denied for the current session
* The lifetime of this data structure is associated
* with this script session
*
*/
struct
{
TSessionInfo* sessionInfo; //Information about what is allowed for this session (caps/providers allowed for this session & perm allowed)
TCapabilityBitSet DeniedCaps; //Information about what is denied for this session (caps/providers denied for this session & perm denied)
}_sessionData;
/*
* anonymous enumerations for selection index
*
*/
enum
{
PROMPT_SELIDX_ZERO = 0,
PROMPT_SELIDX_ONE = PROMPT_SELIDX_ZERO + 1,
PROMPT_SELIDX_TWO = PROMPT_SELIDX_ZERO + 2,
PROMPT_SELIDX_THREE = PROMPT_SELIDX_ZERO + 3,
PROMPT_SELIDX_FOUR = PROMPT_SELIDX_ZERO + 4,
PROMPT_SELIDX_FIVE = PROMPT_SELIDX_ZERO + 5
};
/*
* private script reference
*
*/
CScript* iScript;
/*
* permanently allowed capability bits
*
*/
TPermanentInfo* _permanentInfo; //perm allowed information, persistently stored for this script
/*
* Generic data about the script session
*
*/
HBufC* iSessionData;
/*
* reference to prompt handler instance
*
*/
MSecMgrPromptHandler* iPromptHdlr;
/*
* sub-session proxy pointer
*
*/
CRTSecMgrSubSessionProxy* iSubSessionProxy;
/*
* pointer to Coe environment
*/
CCoeEnv* iCoeEnv;
/*
* security manager resource file offset value
*
*/
RResourceArray iResourceOffsetArray;
/*
* Prompt UI option
*
*/
TSecMgrPromptUIOption iUIPromptOption;
/*
* Custom prompt flag
*
*/
TBool isCustomPrompt;
};
#endif //_CRTSECMGRSCRIPTSESSION_H_