cmmanager/cmmgr/cmmserver/src/cmmsession.cpp
changeset 27 489cf6208544
parent 20 9c97ad6591ae
child 40 c5b848e6c7d1
--- a/cmmanager/cmmgr/cmmserver/src/cmmsession.cpp	Fri May 14 16:15:46 2010 +0300
+++ b/cmmanager/cmmgr/cmmserver/src/cmmsession.cpp	Thu May 27 13:17:01 2010 +0300
@@ -207,6 +207,11 @@
             GetSupportedBearersL( aMessage );
             }
             break;
+        case ECmmGetUncategorizedIcon:
+            {
+            GetUncategorizedIconL( aMessage );
+            }
+            break;
         case ECmmReadDefaultConnection:
             {
             ReadDefaultConnectionL( aMessage );
@@ -269,6 +274,7 @@
         case EDestIsConnected:
         case EDestIsHidden:
         case EDestIsEqual:
+        case EDestGetIcon:
         case EDestAddConnMethod:
         case EDestAddEmbeddedDestination:
         case EDestDeleteConnMethod:
@@ -280,6 +286,7 @@
         case EDestSetHidden:
         case EDestUpdate:
         case EDestDelete:
+        case EDestSetIcon:
             {
             ServiceDestinationL( aMessage );
             }
@@ -682,7 +689,7 @@
     CleanupStack::PushL( result );
 
     TInt bufferLen = aMessage.GetDesMaxLength( 2 );
-    if ( result && result->Length() > bufferLen )
+    if ( result->Length() > bufferLen )
         {
         User::Leave( KErrArgument );
         }
@@ -714,7 +721,7 @@
     CleanupStack::PushL( result );
 
     TInt bufferLen = aMessage.GetDesMaxLength( 2 );
-    if ( result && result->Length() > bufferLen )
+    if ( result->Length() > bufferLen )
         {
         User::Leave( KErrArgument );
         }
@@ -782,7 +789,7 @@
     CleanupStack::PushL( result );
 
     TInt bufferLen = aMessage.GetDesMaxLength( 2 );
-    if ( result && result->Length() > bufferLen )
+    if ( result->Length() > bufferLen )
         {
         User::Leave( KErrArgument );
         }
@@ -814,7 +821,7 @@
     CleanupStack::PushL( result );
 
     TInt bufferLen = aMessage.GetDesMaxLength( 2 );
-    if ( result && result->Length() > bufferLen )
+    if ( result->Length() > bufferLen )
         {
         User::Leave( KErrArgument );
         }
@@ -1017,6 +1024,29 @@
     }
 
 // -----------------------------------------------------------------------------
+// CCmmSession::GetUncategorizedIconL
+// -----------------------------------------------------------------------------
+//
+void CCmmSession::GetUncategorizedIconL( const RMessage2& aMessage )
+    {
+    OstTraceFunctionEntry0( CCMMSESSION_GETUNCATEGORIZEDICONL_ENTRY );
+
+    HBufC* result = KNullDesC().AllocLC(); //TODO, Is there an uncategorized icon?
+
+    TInt bufferLen = aMessage.GetDesMaxLength( 0 );
+    if ( result->Length() > bufferLen )
+        {
+        User::Leave( KErrArgument );
+        }
+
+    TPtrC resultPtr = result->Des();
+    aMessage.WriteL( 0, resultPtr );
+    CleanupStack::PopAndDestroy( result );
+
+    OstTraceFunctionExit0( CCMMSESSION_GETUNCATEGORIZEDICONL_EXIT );
+    }
+
+// -----------------------------------------------------------------------------
 // CCmmSession::ReadDefaultConnectionL
 // -----------------------------------------------------------------------------
 //
@@ -1249,7 +1279,20 @@
         User::Leave( KErrArgument );
         }
 
-    //TODO, capability check, what to do if anything is protected.
+    // Check the protection level of the destination.
+    // And based on that check the needed capabilities from the client.
+    CMManager::TProtectionLevel protLevel( CMManager::EProtLevel0 );
+    destination->GetProtectionL( protLevel );
+    CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+    if ( protLevel == CMManager::EProtLevel1 )
+        {
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        }
+
+    if ( capabilities == CPolicyServer::EFail )
+        {
+        User::Leave( KErrPermissionDenied );
+        }
 
     // Add connection method into destination.
     TInt index = destination->AddConnMethodL( *connMethod );
@@ -1313,7 +1356,38 @@
         User::Leave( KErrInUse );
         }
 
-    //TODO, capability checks, what to do if anything is protected.
+    // Check the protection level of the source and target destination.
+    // And based on those check the needed capabilities from the client.
+    TBool protectionExists( EFalse );
+    CMManager::TProtectionLevel protLevelSource( CMManager::EProtLevel0 );
+    sourceDestination->GetProtectionL( protLevelSource );
+    if ( protLevelSource == CMManager::EProtLevel1 
+            || protLevelSource == CMManager::EProtLevel3 )
+        {
+        protectionExists = ETrue;
+        }
+
+    // If source destination is not protected check the target destination.
+    if ( !protectionExists )
+        {
+        CMManager::TProtectionLevel protLevelTarget( CMManager::EProtLevel0 );
+        targetDestination->GetProtectionL( protLevelTarget );
+        if ( protLevelTarget == CMManager::EProtLevel1 )
+            {
+            protectionExists = ETrue;
+            }
+        }
+
+    CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+    if ( protectionExists )
+        {
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        }
+
+    if ( capabilities == CPolicyServer::EFail )
+        {
+        User::Leave( KErrPermissionDenied );
+        }
 
     // Add connection method into target destination and update it.
     attributesPckg().iIndex = targetDestination->AddConnMethodL( *connMethod );
@@ -1343,7 +1417,20 @@
     CCmmConnMethodInstance* connMethodInstance =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int1() );
 
-    //TODO, capability checks
+    // Check the protection level of the destination.
+    // And based on that check the needed capabilities from the client.
+    CMManager::TProtectionLevel protLevel( CMManager::EProtLevel0 );
+    destinationInstance->GetProtectionL( protLevel );
+    CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+    if ( protLevel == CMManager::EProtLevel1 || protLevel == CMManager::EProtLevel3 )
+        {
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        }
+
+    if ( capabilities == CPolicyServer::EFail )
+        {
+        User::Leave( KErrPermissionDenied );
+        }
 
     destinationInstance->RemoveConnMethodFromDestinationL( *connMethodInstance );
     destinationInstance->UpdateL();
@@ -1363,6 +1450,20 @@
     CCmmConnMethodInstance* connMethodInstance =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int0() );
 
+    TBool capabilityCheckNeeded( EFalse );
+    iCache.CheckIfConnMethodBelongsToProtectedDestinationL(
+            *connMethodInstance,
+            capabilityCheckNeeded );
+    if ( capabilityCheckNeeded )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     iCache.CheckIfConnMethodReferencesCanBeRemovedL( *connMethodInstance );
     iCache.RemoveAllReferencesToConnMethodL( *connMethodInstance );
 
@@ -1454,6 +1555,11 @@
             DestinationIsEqualL( aMessage );
             }
             break;
+        case EDestGetIcon:
+            {
+            GetDestinationIconL( aMessage );
+            }
+            break;
         case EDestAddConnMethod:
             {
             DestAddConnMethodL( aMessage );
@@ -1509,6 +1615,11 @@
             DeleteDestinationL( aMessage );
             }
             break;
+        case EDestSetIcon:
+            {
+            SetDestinationIconL( aMessage );
+            }
+            break;
         default:
             {
             User::Leave( KErrNotSupported );
@@ -1847,6 +1958,33 @@
     }
 
 // -----------------------------------------------------------------------------
+// CCmmSession::GetDestinationIconL
+// -----------------------------------------------------------------------------
+//
+void CCmmSession::GetDestinationIconL( const RMessage2& aMessage )
+    {
+    OstTraceFunctionEntry0( CCMMSESSION_GETDESTINATIONICONL_ENTRY );
+
+    CCmmDestinationInstance* destinationInstance =
+            ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
+
+    HBufC* icon = destinationInstance->GetDestinationIconL();
+    CleanupStack::PushL( icon );
+    TPtrC iconPtr( icon->Des() );
+
+    TInt bufferLen = aMessage.GetDesMaxLength( 0 );
+    if ( iconPtr.Length() > bufferLen )
+        {
+        User::Leave( KErrArgument );
+        }
+
+    aMessage.WriteL( 0, iconPtr );
+    CleanupStack::PopAndDestroy( icon );
+
+    OstTraceFunctionExit0( CCMMSESSION_GETDESTINATIONICONL_EXIT );
+    }
+
+// -----------------------------------------------------------------------------
 // CCmmSession::GetDestinationIdL
 // -----------------------------------------------------------------------------
 //
@@ -2012,6 +2150,20 @@
 
     CCmmDestinationInstance* destination =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
+
+    // Check the protection and if protected check the needed capabilities.
+    CMManager::TProtectionLevel protLevel =
+            destination->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     CCmmConnMethodInstance* connMethod =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int0() );
 
@@ -2035,12 +2187,26 @@
     {
     OstTraceFunctionEntry0( CCMMSESSION_DESTADDEMBEDDEDDESTINATIONL_ENTRY );
 
-    CCmmDestinationInstance* destination =
+    CCmmDestinationInstance* destinationInstance =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
+
+    // Check the protection and if protected check the needed capabilities.
+    CMManager::TProtectionLevel protLevel = 
+            destinationInstance->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     CCmmDestinationInstance* embeddedDestination =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int0() );
 
-    TInt index = destination->AddEmbeddedDestinationL( *embeddedDestination );
+    TInt index = destinationInstance->AddEmbeddedDestinationL( *embeddedDestination );
     TPckg<TInt> indexPckg( index );
     aMessage.WriteL( 1, indexPckg );
 
@@ -2059,8 +2225,25 @@
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
     CCmmConnMethodInstance* connMethodInstance =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int0() );
-
-    //TODO, capability checks
+    
+    // Check the protection of destination and if protected check the needed
+    // capabilities.
+    CMManager::TProtectionLevel protLevel = 
+            destinationInstance->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 ||
+            protLevel == CMManager::EProtLevel3 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
+    // Check the protection of CM and if protected check the needed
+    // capabilities.
+    CheckCapabilitiesForProtectedCML( aMessage, connMethodInstance );
 
     destinationInstance->DeleteConnMethodFromDestinationL( *connMethodInstance );
 
@@ -2080,7 +2263,20 @@
     CCmmConnMethodInstance* connMethodInstance =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int0() );
 
-    //TODO, capability checks
+    // Check the protection of destination and if protected check the needed
+    // capabilities.
+    CMManager::TProtectionLevel protLevel = 
+            destinationInstance->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 ||
+            protLevel == CMManager::EProtLevel3 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
 
     destinationInstance->RemoveConnMethodFromDestinationL( *connMethodInstance );
 
@@ -2097,11 +2293,25 @@
 
     CCmmDestinationInstance* destinationInstance =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
+
+    // Check the protection of destination and if protected check the needed
+    // capabilities.
+    CMManager::TProtectionLevel protLevel = 
+            destinationInstance->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 ||
+            protLevel == CMManager::EProtLevel3 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     CCmmConnMethodInstance* connMethodInstance =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int0() );
 
-    //TODO, capability checks
-
     // Index values start from 0 (0 meaning highest priority).
     TUint index( ( TUint )aMessage.Int1() );
 
@@ -2121,6 +2331,28 @@
     CCmmDestinationInstance* destinationInstance =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
 
+    // Check that client does not try to change the name of the Internet Destination.
+    TUint32 metadata( 0 );
+    destinationInstance->GetMetadataL( CMManager::ESnapMetadataPurpose, metadata );
+    if ( metadata == CMManager::ESnapPurposeInternet )
+        {
+        User::Leave( KErrPermissionDenied );
+        }
+
+    // Check the protection and if protected check the needed capabilities.
+    CMManager::TProtectionLevel protLevel =
+            destinationInstance->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 ||
+            protLevel == CMManager::EProtLevel2 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     // Load and check name.
     TInt destNameLength = aMessage.GetDesLength( 0 );
     if ( destNameLength <= 0 )
@@ -2147,6 +2379,48 @@
     }
 
 // -----------------------------------------------------------------------------
+// CCmmSession::SetDestinationIconL
+// -----------------------------------------------------------------------------
+//
+void CCmmSession::SetDestinationIconL( const RMessage2& aMessage )
+    {
+    OstTraceFunctionEntry0( CCMMSESSION_SETDESTINATIONICONL_ENTRY );
+
+    CCmmDestinationInstance* destinationInstance =
+            ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
+
+    // Check the protection and if protected check the needed capabilities.
+    CMManager::TProtectionLevel protLevel =
+            destinationInstance->CurrentProtectionLevel(); //TODO, check the current level can't be altered without proper capas.
+    if ( protLevel == CMManager::EProtLevel1 ||
+            protLevel == CMManager::EProtLevel2 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
+    // Load and check name.
+    TInt destIconNameLength = aMessage.GetDesLength( 0 );
+    if ( destIconNameLength < 0 || destIconNameLength > KCmmStringLengthMax )
+        {
+        User::Leave( KErrArgument );
+        }
+
+    HBufC* newIconName = HBufC::NewLC( destIconNameLength );
+    TPtr ptrNewIconName = newIconName->Des();
+    aMessage.ReadL( 0, ptrNewIconName );
+
+    destinationInstance->SetDestinationIconL( *newIconName );
+    CleanupStack::PopAndDestroy( newIconName );
+
+    OstTraceFunctionExit0( CCMMSESSION_SETDESTINATIONICONL_EXIT );
+    }
+
+// -----------------------------------------------------------------------------
 // CCmmSession::SetDestinationMetadataL
 // -----------------------------------------------------------------------------
 //
@@ -2154,11 +2428,23 @@
     {
     OstTraceFunctionEntry0( CCMMSESSION_SETDESTINATIONMETADATAL_ENTRY );
 
-    //TODO, Capability check. Protection level or Internet destination.
-
     CCmmDestinationInstance* destinationInstance =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
 
+    // Check the protection and if protected check the needed capabilities.
+    CMManager::TProtectionLevel protLevel =
+            destinationInstance->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 ||
+            protLevel == CMManager::EProtLevel2 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     CMManager::TSnapMetadataField metadataField =
             ( CMManager::TSnapMetadataField )aMessage.Int0();
     TUint32 metadata = aMessage.Int1();
@@ -2176,7 +2462,13 @@
     {
     OstTraceFunctionEntry0( CCMMSESSION_SETDESTINATIONPROTECTIONL_ENTRY );
 
-    //TODO, Capability check: ECapabilityNetworkControl
+    // Check the needed capabilities.
+    CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+    capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+    if ( capabilities == CPolicyServer::EFail )
+        {
+        User::Leave( KErrPermissionDenied );
+        }
 
     CCmmDestinationInstance* destinationInstance =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
@@ -2198,6 +2490,20 @@
     CCmmDestinationInstance* destinationInstance =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
 
+    // Check the protection and if protected check the needed capabilities.
+    CMManager::TProtectionLevel protLevel =
+            destinationInstance->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 ||
+            protLevel == CMManager::EProtLevel2 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     TBool hidden = aMessage.Int0();
     destinationInstance->SetMetadataL( CMManager::ESnapMetadataHiddenAgent, hidden );
 
@@ -2214,6 +2520,22 @@
 
     CCmmDestinationInstance* destinationInstance =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
+
+    // Check the protection and if protected check the needed capabilities
+    CMManager::TProtectionLevel protLevel =
+            destinationInstance->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 ||
+         protLevel == CMManager::EProtLevel2 ||
+         protLevel == CMManager::EProtLevel3 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     destinationInstance->UpdateL();
 
     OstTraceFunctionExit0( CCMMSESSION_UPDATEDESTINATIONL_EXIT );
@@ -2230,6 +2552,22 @@
     CCmmDestinationInstance* destinationInstance =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( aMessage.Int3() );
 
+    // Check the protection of destination and if protected check the needed
+    // capabilities.
+    CMManager::TProtectionLevel protLevel =
+            destinationInstance->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 ||
+         protLevel == CMManager::EProtLevel2 ||
+         protLevel == CMManager::EProtLevel3 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     iCache.CheckIfDestinationCanBeDeletedL( *destinationInstance );
     iCache.DeleteDestinationL( *destinationInstance );
 
@@ -2380,13 +2718,14 @@
 
     TUint32 bearerType( aMessage.Int0() );
 
-    CCmmConnMethodInstance* connMethod = CCmmConnMethodInstance::NewLC( this, &iCache );
-    iCache.CreateConnMethodL( *connMethod, NULL, bearerType, 0 );
-
-    iConnMethodContainer->AddL( ( CObject* ) connMethod );
-    TInt handle = iConnMethodObjects->AddL( ( CObject* ) connMethod );
-    connMethod->SetHandle( handle );
-    CleanupStack::Pop( connMethod );
+    CCmmConnMethodInstance* connMethodInstance =
+            CCmmConnMethodInstance::NewLC( this, &iCache );
+    iCache.CreateConnMethodL( *connMethodInstance, NULL, bearerType, 0 );
+
+    iConnMethodContainer->AddL( ( CObject* ) connMethodInstance );
+    TInt handle = iConnMethodObjects->AddL( ( CObject* ) connMethodInstance );
+    connMethodInstance->SetHandle( handle );
+    CleanupStack::Pop( connMethodInstance );
 
     TPckg<TInt> handlePckg( handle );
     TInt error = aMessage.Write( 3, handlePckg );
@@ -2408,9 +2747,13 @@
     {
     OstTraceFunctionEntry0( CCMMSESSION_UPDATECONNMETHODL_ENTRY );
 
-    CCmmConnMethodInstance* connMethod =
+    CCmmConnMethodInstance* connMethodInstance =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int3() );
-    connMethod->UpdateL();
+
+    // Check if the Client has capabilities to delete this CM.
+    CheckCapabilitiesForProtectedCML( aMessage, connMethodInstance );
+
+    connMethodInstance->UpdateL();
 
     OstTraceFunctionExit0( CCMMSESSION_UPDATECONNMETHODL_EXIT );
     }
@@ -2435,7 +2778,7 @@
     }
 
 // -----------------------------------------------------------------------------
-// CCmmSession::ConnMethodUpdateL
+// CCmmSession::DeleteConnMethodL
 // -----------------------------------------------------------------------------
 //
 void CCmmSession::DeleteConnMethodL( const RMessage2& aMessage )
@@ -2445,6 +2788,9 @@
     CCmmConnMethodInstance* connMethodInstance =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int3() );
 
+    // Check if the Client has capabilities to delete this CM.
+    CheckCapabilitiesForProtectedCML( aMessage, connMethodInstance );
+
     iCache.CheckIfConnMethodCanBeDeletedL( *connMethodInstance );
     iCache.DeleteConnMethodL( *connMethodInstance );
     // Ignore the boolean return value. It is always true, or the
@@ -2583,7 +2929,7 @@
     CleanupStack::PushL( value );
     TPtrC valuePtr = value->Des();
 
-    // check the buffer length of the given buffer
+    // Check the buffer length of the given buffer.
     TInt bufferLen = aMessage.GetDesMaxLength( 1 );
     if ( valuePtr.Length() > bufferLen )
         {
@@ -2617,7 +2963,7 @@
     CleanupStack::PushL( value );
     TPtrC8 valuePtr = value->Des();
 
-    // check the buffer length of the given buffer
+    // Check the buffer length of the given buffer.
     TInt bufferLen = aMessage.GetDesMaxLength( 1 );
     if ( valuePtr.Length() > bufferLen )
         {
@@ -2641,6 +2987,10 @@
     CCmmConnMethodInstance* cm =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int3() );
 
+    // Check the capability needed if protected CM
+    // ECapabilityWriteDeviceData is checked earlier already.
+    CheckCapabilitiesForProtectedCML( aMessage, cm );
+
     TUint32 attribute( aMessage.Int0() );
     TUint32 value( aMessage.Int1() );
 
@@ -2660,6 +3010,10 @@
     CCmmConnMethodInstance* cm =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int3() );
 
+    // Check the capability needed if protected CM
+    // ECapabilityWriteDeviceData is checked earlier already.
+    CheckCapabilitiesForProtectedCML( aMessage, cm );
+
     TUint32 attribute( aMessage.Int0() );
     TBool value( aMessage.Int1() );
 
@@ -2679,6 +3033,10 @@
     CCmmConnMethodInstance* cm =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int3() );
 
+    // Check the capability needed if protected CM
+    // ECapabilityWriteDeviceData is checked earlier already.
+    CheckCapabilitiesForProtectedCML( aMessage, cm );
+
     TUint32 attribute( aMessage.Int0() );
 
     HBufC* value = HBufC::NewLC( aMessage.GetDesLengthL( 1 ) );
@@ -2703,6 +3061,10 @@
     CCmmConnMethodInstance* cm =
             ( CCmmConnMethodInstance* )iConnMethodObjects->AtL( aMessage.Int3() );
 
+    // Check the capability needed if protected CM
+    // ECapabilityWriteDeviceData is checked earlier already.
+    CheckCapabilitiesForProtectedCML( aMessage, cm );
+
     TUint32 attribute( aMessage.Int0() );
 
     HBufC8* value = HBufC8::NewLC( aMessage.GetDesLengthL( 1 ) );
@@ -2881,6 +3243,19 @@
     CCmmDestinationInstance* destination =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( destinationHandle );
 
+    // Check the protection and if protected check the needed capabilities.
+    CMManager::TProtectionLevel protLevel =
+            destination->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     CCmmConnMethodInstance* connMethod = CCmmConnMethodInstance::NewLC( this, &iCache );
     iCache.CreateConnMethodL( *connMethod, destination, bearerType, 0 );
 
@@ -2917,6 +3292,19 @@
     CCmmDestinationInstance* destination =
             ( CCmmDestinationInstance* )iDestinationObjects->AtL( destinationHandle );
 
+    // Check the protection and if protected check the needed capabilities.
+    CMManager::TProtectionLevel protLevel =
+            destination->CurrentProtectionLevel();
+    if ( protLevel == CMManager::EProtLevel1 )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
     CCmmConnMethodInstance* connMethod =
             CCmmConnMethodInstance::NewLC( this, &iCache );
     // Will check if ID is available.
@@ -3061,4 +3449,28 @@
     OstTraceFunctionExit0( CCMMSESSION_GETEMBEDDEDDESTINATIONL_EXIT );
     }
 
+// -----------------------------------------------------------------------------
+// Check if CM is protected and if so then check the needed capabilities.
+// -----------------------------------------------------------------------------
+//
+void CCmmSession::CheckCapabilitiesForProtectedCML(
+        const RMessage2& aMessage,
+        CCmmConnMethodInstance* aConnectionMethodInstance )
+    {
+    OstTraceFunctionEntry0( CCMMSESSION_CHECKCAPABILITIESFORPROTECTEDCML_ENTRY );
+
+    TBool prot = aConnectionMethodInstance->GetBoolAttributeL( CMManager::ECmProtected );
+    if ( prot )
+        {
+        CPolicyServer::TCustomResult capabilities( CPolicyServer::EPass );
+        capabilities = iServer.CapabilityCheckWithProtection( aMessage );
+        if ( capabilities == CPolicyServer::EFail )
+            {
+            User::Leave( KErrPermissionDenied );
+            }
+        }
+
+    OstTraceFunctionExit0( CCMMSESSION_CHECKCAPABILITIESFORPROTECTEDCML_EXIT );
+    }
+
 // End of file