--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/policymanagement/policyengine/policyengineserver/src/PolicyProcessor.cpp Thu Dec 17 09:07:52 2009 +0200
@@ -0,0 +1,1228 @@
+/*
+* Copyright (c) 2002-2004 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: Implementation of policymanagement components
+*
+*/
+
+
+// INCLUDE FILES
+
+#include "PolicyProcessor.h"
+#include "PolicyStorage.h"
+#include "PolicyParser.h"
+#include "elements.h"
+#include "ElementBase.h"
+#include "DataTypes.h"
+#include "ErrorCodes.h"
+#include "TrustedSession.h"
+#include "XACMLconstants.h"
+#include "PolicyEngineServer.h"
+#include "PolicyEngineClientServer.h"
+#include "debug.h"
+
+#include "PolicyEngineUi.h"
+
+// CONSTANTS
+const TUid KUidPolicyEngineUi = { 0x10207817 };
+
+
+// -----------------------------------------------------------------------------
+// RAttributeContainer::AppendL()
+// -----------------------------------------------------------------------------
+//
+void RAttributeContainer::AppendL( AttributeContainerHelper::TAttributeTypes aAttributeTypes, CAttribute* aAttribute)
+{
+ //temporary to cleanup stack
+ CleanupStack::PushL( aAttribute);
+
+ //create container for attribute
+ AttributeContainerHelper::TContainer * container = new (ELeave) AttributeContainerHelper::TContainer;
+ CleanupStack::PushL( container);
+
+ //set container properties
+ container->iAttribute = aAttribute;
+ container->iAttributeType = aAttributeTypes;
+
+ //append to list
+ RArray::AppendL( container);
+
+ //remove from cleanup
+ CleanupStack::Pop( 2, aAttribute);
+}
+
+// -----------------------------------------------------------------------------
+// RAttributeContainer::Close()
+// -----------------------------------------------------------------------------
+//
+void RAttributeContainer::Close()
+{
+ //delete attributes and container...
+ for ( TInt i(0); i < Count(); i++)
+ {
+ AttributeContainerHelper::TContainer * container = operator[]( i);
+ delete container->iAttribute;
+ delete container;
+ }
+
+ RArray::Close();
+}
+
+
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::CPolicyProcessor()
+// -----------------------------------------------------------------------------
+//
+
+CPolicyProcessor::CPolicyProcessor()
+ : CActive( EPriorityStandard)
+{
+}
+
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::NewL()
+// -----------------------------------------------------------------------------
+//
+
+CPolicyProcessor * CPolicyProcessor::NewL()
+{
+ CPolicyProcessor * self = new(ELeave) CPolicyProcessor();
+
+ CleanupStack::PushL( self);
+ self->ConstructL();
+ CleanupStack::Pop( self);
+
+ return self;
+
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::~CPolicyProcessor()
+// -----------------------------------------------------------------------------
+//
+
+CPolicyProcessor::~CPolicyProcessor()
+{
+ ResetRequestContext();
+ delete iRequestBuffer;
+
+ CPolicyEngineServer::RemoveActiveObject( this);
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::ConstructL()
+// -----------------------------------------------------------------------------
+//
+
+void CPolicyProcessor::ConstructL()
+{
+ CPolicyEngineServer::AddActiveObjectL( this);
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::HandleErrorL()
+// -----------------------------------------------------------------------------
+//
+
+void CPolicyProcessor::HandleErrorL( const TDesC8& aText )
+{
+ RDEBUG("CPolicyProcessor::HandleErrorL");
+ //error handling for processor
+ RDEBUG_2("XACML request indeterminate: %S", &aText);
+ User::Leave( KErrAbort);
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::ResetRequestContext()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::ResetRequestContext()
+{
+ if ( iDeleteAttributes )
+ {
+ //delete subject attributes and closes RArray
+ for ( TInt i(0); i < iSubjects.Count(); i++)
+ {
+ CAttribute * attribute = iSubjects[i];
+ delete attribute;
+ }
+
+ //delete actions attributes and closes RArray
+ for ( TInt i(0); i < iActions.Count(); i++)
+ {
+ CAttribute * attribute = iActions[i];
+ delete attribute;
+ }
+
+ //delete resources attributes and closes RArray
+ for ( TInt i(0); i < iResources.Count(); i++)
+ {
+ CAttribute * attribute = iResources[i];
+ delete attribute;
+ }
+
+ //delete environments attributes and closes RArray
+ for ( TInt i(0); i < iEnvironments.Count(); i++)
+ {
+ CAttribute * attribute = iEnvironments[i];
+ delete attribute;
+ }
+ }
+
+ iSubjects.Close();
+ iActions.Close();
+ iResources.Close();
+ iEnvironments.Close();
+}
+
+
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::ResetRequestContext()
+// -----------------------------------------------------------------------------
+//
+TPtrC8 CPolicyProcessor::NextToken( TPtrC8& aText)
+{
+ if ( !aText.Length() ) return aText;
+
+ //remove first delimiter
+ if ( aText[0] == KMessageDelimiterChar)
+ {
+ aText.Set( aText.Mid(1));
+ }
+
+ //find next delimiter
+ TPtrC8 retVal = aText;
+ TInt index = aText.Locate( KMessageDelimiterChar);
+
+ if ( index != KErrNotFound )
+ {
+ //set retVal to point token and aText to remaining part
+ retVal.Set( aText.Left( index));
+ aText.Set( aText.Mid( index ));
+ }
+
+ return retVal;
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::ExecuteRequestL()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::ExecuteRequestL( RAttributeContainer &aAttributes, TMatchResponse &aResponse)
+{
+ iDeleteAttributes = EFalse;
+ iUseEditedElements = ETrue;
+
+ //reset request context
+ ResetRequestContext();
+
+ for ( TInt i(0); i < aAttributes.Count(); i++)
+ {
+ RAttributeList * list = 0;
+
+ using namespace AttributeContainerHelper;
+ TContainer * container = aAttributes[i];
+
+ switch ( container->iAttributeType )
+ {
+ case ESubjectAttributes :
+ {
+ list = &iSubjects;
+ break;
+ }
+ case EActionAttributes :
+ {
+ list = &iActions;
+ break;
+ }
+ case EResourceAttributes :
+ {
+ list = &iResources;
+ break;
+ }
+ case EEnvironmentAttributes :
+ {
+ list = &iEnvironments;
+ break;
+ }
+ default:
+ User::Panic( PolicyParserPanic, KErrCorrupt);
+ break;
+ }
+
+ //append attribute to attribute list
+ list->AppendL( container->iAttribute);
+ }
+
+ //make request
+ DoRequestExecutionL( aResponse, ETrue);
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::ExecuteRequestL()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::ExecuteRequestL( const RMessage2& aMessage)
+{
+ iUseEditedElements = EFalse;
+ iDeleteAttributes = ETrue;
+
+
+ RDEBUG("PolicyEngineServer: CPolicyProcessor::ExecuteRequestL");
+
+
+ //reset request context
+ ResetRequestContext();
+
+ iMessage = &aMessage;
+ iProcessorState = 0;
+
+ //Add object to active scheduler
+ if ( !IsAdded())
+ {
+ CActiveScheduler::Add( this);
+ }
+
+ //complete own request
+ SetActive();
+ TRequestStatus * status = &iStatus;
+ User::RequestComplete( status, KErrNone);
+}
+
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::RunL()
+// -----------------------------------------------------------------------------
+//
+
+void CPolicyProcessor::RunL()
+{
+ RDEBUG("PolicyEngineServer: CPolicyProcessor::RunL");
+
+ CPolicyEngineServer::SetActiveSubSession( this);
+
+ if ( iProcessorState == 0)
+ {
+ //Read request context from client
+ delete iRequestBuffer;
+ iRequestBuffer = NULL;
+ iRequestBuffer = HBufC8::NewL( iMessage->GetDesLength(0));
+ TPtr8 msg = iRequestBuffer->Des();
+ iMessage->ReadL(0, msg, 0);
+ TPtrC8 ptr = msg;
+
+ TBool continueLoop( ETrue);
+
+ //read msg from client, msg contain request attributes
+ while ( continueLoop )
+ {
+ TPtrC8 type = NextToken( ptr);
+ RAttributeList * list;
+
+ //identifie attribute type (subject, action, resource or env)
+ if ( type == _L8("S"))
+ {
+ list = &iSubjects;
+ }
+ else
+ if ( type == _L8("A"))
+ {
+ list = &iActions;
+ }
+ else
+ if ( type == _L8("R"))
+ {
+ list = &iResources;
+ }
+ else
+ if ( type == _L8("E"))
+ {
+ list = &iEnvironments;
+ }
+ else
+ {
+ //no more attributes
+ continueLoop = EFalse;
+ }
+
+ if ( continueLoop )
+ {
+ //read attribute id, value and datatype
+ TPtrC8 aAttributeId( NextToken( ptr));
+ TPtrC8 aAttributeValue( NextToken( ptr));
+ TPtrC8 aDataType( CPolicyParser::ConvertValues( EXACML, NextToken( ptr)));
+
+ //types, which contains default values must be converted to native language
+ if ( aDataType == PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType )
+ {
+ aAttributeValue.Set( CPolicyParser::ConvertValues( EXACML, aAttributeValue));
+ }
+
+ CAttribute * attribute = CAttribute::NewL( aAttributeId,
+ aAttributeValue,
+ aDataType);
+
+ //append attribute to attribute list
+ list->AppendL( attribute);
+ }
+ }
+
+ iProcessorState++;
+ SetActive();
+ TRequestStatus * status = &iStatus;
+ User::RequestComplete( status, KErrNone);
+ return;
+ }
+
+ if ( CPolicyEngineServer::StatusFlags()->iProcessorActive && !CPolicyEngineServer::StatusFlags()->iUiActive )
+ {
+ //Start new execution only if no other executions active or
+ //if execution is ongoing in state
+ SetActive();
+ TRequestStatus * status = &iStatus;
+ User::RequestComplete( status, KErrNone);
+ return;
+ }
+
+ //tell other processors that processor is reserved
+ CPolicyEngineServer::StatusFlags()->iProcessorActive = ETrue;
+
+ //make request
+ TMatchResponse matchResponse;
+ RDEBUG("PolicyEngineServer: RunL - start request execution");
+ TRAPD( err, DoRequestExecutionL( matchResponse, EFalse));
+ RDEBUG("PolicyEngineServer: RunL - stop request execution");
+
+ if ( err != KErrNone)
+ {
+ matchResponse = EIndeterminate;
+ }
+
+ //set default response
+ TResponse response;
+ response.SetResponseValue( EResponseIndeterminate);
+
+
+ //convert internal response to external response
+ switch ( matchResponse )
+ {
+ case EDeny :
+ {
+ RDEBUG("PolicyEngineServer: Request executed - response deny");
+ response.SetResponseValue( EResponseDeny);
+ break;
+ }
+ case EPermit :
+ {
+ RDEBUG("PolicyEngineServer: Request executed - response permit");
+ response.SetResponseValue( EResponsePermit);
+ break;
+ }
+ case ENotApplicable :
+ {
+ RDEBUG("PolicyEngineServer: Request executed - response not applicable");
+ response.SetResponseValue( EResponseNotApplicable);
+ break;
+ }
+ case EIndeterminate :
+ {
+ RDEBUG("PolicyEngineServer: Request executed - response indeterminate");
+ response.SetResponseValue( EResponseIndeterminate);
+ break;
+ }
+ default:
+ {
+ RDEBUG("PolicyEngineServer: Request executed - response indeterminate");
+ response.SetResponseValue( EResponseIndeterminate);
+ break;
+ }
+ }
+
+ //tell other processors that processor is free
+ CPolicyEngineServer::StatusFlags()->iProcessorActive = EFalse;
+
+ CompleteMessage( KErrNone, response);
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::DoCancel()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::DoCancel()
+{
+ RunError( KErrAbort);
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::RunError()
+// -----------------------------------------------------------------------------
+//
+TInt CPolicyProcessor::RunError( TInt /*aError*/)
+{
+ TResponse resp;
+ resp.SetResponseValue( EResponseIndeterminate);
+ CompleteMessage( KErrAbort, resp );
+
+ return KErrNone;
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::CompleteMessage()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::CompleteMessage( TInt aError, TResponse aResponse)
+ {
+ RDEBUG_2("PolicyEngineServer: CPolicyProcessor::CompleteMessage( %d )", aError );
+
+ delete iRequestBuffer;
+ iRequestBuffer = NULL;
+
+ //write response to msg (to client side)
+ TPckg< TResponse> pack( aResponse);
+ TRAPD( err, iMessage->WriteL(1, pack) );
+ if( err != KErrNone )
+ {
+ iMessage->Complete( err );
+ }
+ else
+ {
+ iMessage->Complete( aError );
+ }
+
+ RDEBUG("PolicyEngineServer: CPolicyProcessor::CompleteMessage - end");
+ }
+
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::DoRequestExecutionL()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::DoRequestExecutionL( TMatchResponse &aResponse, TBool iUseEditableElements)
+{
+ RDEBUG("PolicyEngineServer: CPolicyProcessor::DoRequestExecutionL");
+
+
+
+ //get root element, execution starts from root
+ CElementBase * rootElement = 0;
+
+ if ( iUseEditableElements )
+ {
+ rootElement = CPolicyStorage::PolicyStorage()->GetEditableElementL( PolicyLanguage::Constants::RootElement);
+ }
+ else
+ {
+ rootElement = CPolicyStorage::PolicyStorage()->GetElementL( PolicyLanguage::Constants::RootElement);
+ }
+
+ aResponse = EIndeterminate;
+
+ //if root found
+ if ( rootElement )
+ {
+ //reserve element from storage and check match to root policy
+ TElementReserver rootReserver( rootElement);
+ aResponse = rootElement->MatchL( this);
+ rootReserver.Release();
+ //execution runs recursive inside MatchL-function to correct branches and elements in policy system
+ //response is result of many element combination
+ RDEBUG("PolicyEngineServer: DoRequestExecutionL - Match evaluated");
+ }
+
+ RDEBUG("PolicyEngineServer: CPolicyProcessor::DoRequestExecutionL - end");
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::FunctionL()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::FunctionL( const TDesC8 &aFunctionId, RParameterList& aParams, CAttributeValue* aResponseElement)
+{
+ RDEBUG("PolicyEngineServer: CPolicyProcessor::FunctionL");
+
+ //executes correct function call
+ if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionAnd)
+ {
+ RDEBUG("PolicyEngineServer: AND-function start");
+ AndFunctionL( aParams, aResponseElement);
+ RDEBUG("PolicyEngineServer: AND-function end");
+ }
+ else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionOr)
+ {
+ RDEBUG("PolicyEngineServer: OR-function start");
+ OrFunctionL( aParams, aResponseElement);
+ RDEBUG("PolicyEngineServer: OR-function end");
+ }
+ else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionNot)
+ {
+ RDEBUG("PolicyEngineServer: NOT-function start");
+ NotFunctionL( aParams, aResponseElement);
+ RDEBUG("PolicyEngineServer: NOT-function end");
+ }
+ else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionRuleTargetStructure)
+ {
+ RDEBUG("PolicyEngineServer: Rule target structure-function start");
+ RuleTargetStructureFunctionL( aParams, aResponseElement);
+ RDEBUG("PolicyEngineServer: Rule target structure-function end");
+ }
+ else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionUserAcceptCorpPolicy)
+ {
+ RDEBUG("PolicyEngineServer: User accept corporate-function start");
+ CorporateUserAcceptFunctionL( aParams, aResponseElement);
+ RDEBUG("PolicyEngineServer: User accept corporate-function end");
+ }
+ else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionCertificatedSession)
+ {
+ RDEBUG("PolicyEngineServer: Certificate for session-function start");
+ CertificateForSessionL( aResponseElement);
+ RDEBUG("PolicyEngineServer: Certificate for session-function end");
+ }
+ else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionStringEqualId ||
+ aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionBooleanEqualId)
+ {
+ RDEBUG("PolicyEngineServer: Equal-function start");
+ EqualFunctionsL( aParams, aResponseElement);
+ RDEBUG("PolicyEngineServer: Equal-function end");
+ }
+ else
+ {
+ RDEBUG("PolicyEngineServer: Function is not allowed!");
+ HandleErrorL( RequestErrors::FunctionIsNotAllowed);
+ }
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::BooleanFunction()
+// -----------------------------------------------------------------------------
+//
+
+TBool CPolicyProcessor::MatchFunctionL( const TDesC8 &aFunctionId, CDataType * data1, CDataType * data2)
+{
+ RDEBUG("PolicyEngineServer: CPolicyProcessor::MatchFunctionL");
+
+ //data1 is policy context value
+ //data2 is request context value
+
+ TBool retVal(EFalse);
+
+ //execute function
+ if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionStringEqualId ||
+ aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionBooleanEqualId )
+ {
+ TInt value = data1->Compare( data2);
+ retVal = ( 0 == value);
+ }
+ else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::TrustedSubjectMatch)
+ {
+ //compare trusted subjects...
+ retVal = iTrustedSession->CertMatchL( data1->Value(), data2->Value(), iUseEditedElements);
+ }
+ else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::TrustedRoleMatch)
+ {
+ //compare roles and subjects...
+ retVal = iTrustedSession->RoleMatchL( data2->Value(), data1->Value(), iUseEditedElements);
+ }
+ else
+ {
+ User::Panic(PolicyParserPanic, KErrCorrupt);
+ }
+
+
+
+ return retVal;
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::Subjects()
+// -----------------------------------------------------------------------------
+//
+CPolicyProcessor::RAttributeList * CPolicyProcessor::Subjects()
+{
+ return &iSubjects;
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::Actions()
+// -----------------------------------------------------------------------------
+//
+CPolicyProcessor::RAttributeList * CPolicyProcessor::Actions()
+{
+ return &iActions;
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::Resources()
+// -----------------------------------------------------------------------------
+//
+CPolicyProcessor::RAttributeList * CPolicyProcessor::Resources()
+{
+ return &iResources;
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::Environments()
+// -----------------------------------------------------------------------------
+//
+CPolicyProcessor::RAttributeList * CPolicyProcessor::Environments()
+{
+ return &iEnvironments;
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::SetTargetElement()
+// -----------------------------------------------------------------------------
+//
+
+void CPolicyProcessor::SetTargetElement( CElementBase * aElement)
+{
+ iManagementTargetPolicy = aElement;
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::SetSessionTrust()
+// -----------------------------------------------------------------------------
+//
+
+void CPolicyProcessor::SetSessionTrust( CTrustedSession * aTrustedSession)
+{
+ iTrustedSession = aTrustedSession;
+}
+
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::MakeBooleanResponseL()
+// -----------------------------------------------------------------------------
+//
+
+
+void CPolicyProcessor::MakeBooleanResponseL( const TBool aValue, CAttributeValue* aResponseElement )
+{
+ if ( aValue )
+ {
+ RDEBUG("PolicyEngineServer: Boolean response TRUE");
+ aResponseElement->SetDataL( PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue,
+ PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType);
+ }
+ else
+ {
+ RDEBUG("PolicyEngineServer: Boolean response FALSE");
+ aResponseElement->SetDataL( PolicyLanguage::NativeLanguage::AttributeValues::BooleanFalse,
+ PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType);
+ }
+}
+
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::CorporateUserAcceptFunctionL()
+// -----------------------------------------------------------------------------
+//
+
+void CPolicyProcessor::CorporateUserAcceptFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement )
+{
+ RDEBUG("PolicyEngineServer: CPolicyProcessor::CorporateUserAcceptFunctionL");
+
+ if ( !aParams.Count())
+ {
+ HandleErrorL( RequestErrors::FunctionIsNotAllowed);
+ }
+
+ //Get trusted subject
+ CAttributeValue * attributeValue = aParams[0];
+ TDesC8& trustedSubject = attributeValue->Data()->Value();
+
+ //resolve name and fingerprint
+ const TDesC8& name = iTrustedSession->CommonNameForSubjectL( trustedSubject, iUseEditedElements);
+ const TDesC8& fingerPrint = iTrustedSession->FingerPrintForSubjectL( trustedSubject, iUseEditedElements);
+
+ TUserResponse response = EUserDeny;
+
+ if ( name.Length() && fingerPrint.Length())
+ {
+ //create notifier
+ RNotifier notifier;
+ CleanupClosePushL( notifier);
+ User::LeaveIfError( notifier.Connect() );
+
+ //create parameter descriptor
+ TBuf8<100> responseBuf;
+ HBufC8 * data = HBufC8::NewLC( name.Length() + fingerPrint.Length() + 1);
+ TPtr8 ptr = data->Des();
+ ptr.Append(name);
+ ptr.Append(KDelimeterChar);
+ ptr.Append(fingerPrint.Left(4));
+
+ //create CAsyncHandler to Auto start/stop CActiveScheduler
+ CASyncHandler * async = CASyncHandler::NewLC();
+ notifier.StartNotifierAndGetResponse( async->GetRequestStatus(), KUidPolicyEngineUi, ptr, responseBuf);
+
+ //Start CActiveScheduler and execute stop when request is completed
+ async->WaitForRequest();
+ CPolicyEngineServer::SetActiveSubSession( this);
+
+
+ if ( async->GetRequestStatus() > 0) //request pending...
+ {
+ notifier.CancelNotifier( KUidPolicyEngineUi);
+ }
+ else
+ {
+ //Check response
+ if ( responseBuf == KUserAcceptMark)
+ {
+ RDEBUG("PolicyEngineServer: CPolicyProcessor user accept corporate policy!");
+ response = EUserAccept;
+ }
+ }
+
+ CleanupStack::PopAndDestroy( 3, ¬ifier); //notifier, data, CASyncHandler
+
+
+ }
+
+ MakeBooleanResponseL( response == EUserAccept, aResponseElement);
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::OrFunctionL()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::OrFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement )
+{
+ TBool valueTrue = EFalse;
+ for ( TInt i(0); i < aParams.Count(); i++)
+ {
+ CAttributeValue * attribute = aParams[i];
+ __ASSERT_ALWAYS ( attribute, User::Panic(PolicyParserPanic, KErrCorrupt));
+
+
+ if ( attribute->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType)
+ {
+ HandleErrorL( ParserErrors::IncombatibleDataType);
+ }
+
+ if ( attribute->Data()->Value() == PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue )
+ {
+ valueTrue = ETrue;
+ break;
+ }
+ }
+
+ MakeBooleanResponseL( valueTrue, aResponseElement);
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::EqualFunctionsL()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::EqualFunctionsL( const RParameterList& aParams, CAttributeValue* aResponseElement )
+ {
+ TInt count = aParams.Count();
+ if( count <= 1 )
+ {
+ MakeBooleanResponseL( EFalse, aResponseElement );
+ }
+ else
+ {
+ __ASSERT_ALWAYS ( aParams.Count() == 2, User::Panic(PolicyParserPanic, KErrCorrupt));
+
+ CAttributeValue * value1 = aParams[0];
+ CAttributeValue * value2 = aParams[1];
+ __ASSERT_ALWAYS ( value1, User::Panic(PolicyParserPanic, KErrCorrupt));
+ __ASSERT_ALWAYS ( value2, User::Panic(PolicyParserPanic, KErrCorrupt));
+
+ TInt value = value1->Data()->Compare( value2->Data());
+
+ MakeBooleanResponseL( 0 == value, aResponseElement );
+ }
+ }
+
+
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::AndFunctionL()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::AndFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement )
+{
+ TBool valueTrue = ETrue;
+ for ( TInt i(0); i < aParams.Count(); i++)
+ {
+ CAttributeValue * attribute = aParams[i];
+ __ASSERT_ALWAYS ( attribute, User::Panic(PolicyParserPanic, KErrCorrupt));
+
+ if ( attribute->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType)
+ {
+ HandleErrorL( ParserErrors::IncombatibleDataType);
+ }
+
+ if ( attribute->Data()->Value() != PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue )
+ {
+ valueTrue = EFalse;
+ break;
+ }
+ }
+
+ MakeBooleanResponseL( valueTrue, aResponseElement);
+
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::NotFunctionL()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::NotFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement )
+{
+ if ( aParams.Count() != 1)
+ {
+ HandleErrorL( ParserErrors::IncombatibleParameters);
+ }
+
+ CAttributeValue * attribute = aParams[0];
+ __ASSERT_ALWAYS ( attribute, User::Panic(PolicyParserPanic, KErrCorrupt));
+
+
+ if ( attribute->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType)
+ {
+ HandleErrorL( ParserErrors::IncombatibleDataType);
+ }
+
+ MakeBooleanResponseL( aParams[0]->Data()->Value() != PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue, aResponseElement);
+
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::RuleTargetStructureFunctionL()
+// -----------------------------------------------------------------------------
+//
+void CPolicyProcessor::RuleTargetStructureFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement )
+{
+ //We expect that param count is 3n...
+ if ( (aParams.Count() % 3) != 0)
+ {
+ HandleErrorL( ParserErrors::IncombatibleParameters);
+ }
+
+ if ( !iManagementTargetPolicy )
+ {
+ HandleErrorL( RequestErrors::FunctionIsNotAllowed);
+ }
+
+ TBool validRule = EFalse;
+
+ //this operation is only valid for rules
+ if ( iManagementTargetPolicy->ElementType() == ERule )
+ {
+ CRule * rule = (CRule*)iManagementTargetPolicy;
+ CTarget * target = rule->GetTarget();
+ __ASSERT_ALWAYS ( target, User::Panic(PolicyParserPanic, KErrCorrupt));
+
+ for ( TInt i = 0; i < aParams.Count(); i++)
+ {
+ if ( aParams[i]->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::StringDataType)
+ {
+ HandleErrorL( ParserErrors::IncombatibleDataType);
+ }
+ }
+
+ //get subject/actions/resource/environment and compare their match content to parameters
+ RMatchObjectArray container;
+ CleanupClosePushL( container);
+ target->GetMatchContainersL( container);
+
+ validRule = ETrue;
+
+ //read one subject/action/resource/environment group at time
+ for ( TInt i = 0; i < aParams.Count() / 3 && validRule; i++)
+ {
+ validRule = EFalse;
+ for ( TInt j = 0; j < container.Count() && !validRule; j++)
+ {
+ validRule = container[j]->CheckMatchObject( aParams[ i*3]->Data()->Value(),
+ aParams[ (i*3)+1]->Data()->Value(),
+ aParams[ (i*3)+2]->Data()->Value());
+ }
+ }
+
+ CleanupStack::PopAndDestroy( &container);
+ }
+
+ MakeBooleanResponseL( validRule, aResponseElement);
+}
+
+// -----------------------------------------------------------------------------
+// CPolicyProcessor::CertificateForSessionL()
+// -----------------------------------------------------------------------------
+//
+
+void CPolicyProcessor::CertificateForSessionL( CAttributeValue* aResponseElement )
+{
+
+ if ( !iTrustedSession)
+ {
+ HandleErrorL( RequestErrors::FunctionIsNotAllowed);
+ }
+
+ MakeBooleanResponseL( iTrustedSession->CertificatedSession(), aResponseElement);
+}
+
+
+
+// -----------------------------------------------------------------------------
+// TCombiningAlgorith::TCombiningAlgorith()
+// -----------------------------------------------------------------------------
+//
+TCombiningAlgorith::TCombiningAlgorith( const TDesC8 &aAlgorithId)
+{
+ //set properties
+ iResultReady = iAtLeastOneError = iPotentialDeny = EFalse;
+ iPotentialPermit = iAtLeastOneDeny = iAtLeastOnePermit = EFalse;
+
+ //set algorithm specific properties....
+ if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::RuleDenyOverrides)
+ {
+ iAlgorithm = ERuleDenyOverrides;
+ iCurrentResponse = ENotApplicable;
+ }
+ else
+ if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::PolicyDenyOverrides)
+ {
+ iAlgorithm = EPolicyDenyOverrides;
+ iCurrentResponse = ENotApplicable;
+ }
+ else
+ if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::RulePermitOverrides)
+ {
+ iAlgorithm = ERulePermitOverrides;
+ iCurrentResponse = ENotApplicable;
+ }
+ else
+ if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::PolicyPermitOverrides)
+ {
+ iAlgorithm = EPolicyPermitOverrides;
+ iCurrentResponse = ENotApplicable;
+ }
+
+
+ iResultReady = EFalse;
+}
+
+// -----------------------------------------------------------------------------
+// TCombiningAlgorith::AddInput()
+// -----------------------------------------------------------------------------
+//
+
+TBool TCombiningAlgorith::AddInput( const TMatchResponse& aInput, const TMatchResponse& aEffect)
+{
+ //for rule algorithms, also "aEffect" has effect to result
+
+ //if result is ready return it...
+ if ( iResultReady )
+ {
+ return iResultReady;
+ }
+
+ //select algorithm...
+ switch ( iAlgorithm)
+ {
+ case ERuleDenyOverrides:
+ {
+ //algorithm specific handling....
+ if ( aInput == EDeny )
+ {
+ iCurrentResponse = EDeny;
+ iResultReady = ETrue;
+ }
+ else if ( aInput == EIndeterminate)
+ {
+ iAtLeastOneError = ETrue;
+ if ( aEffect == EDeny )
+ {
+ iPotentialDeny = ETrue;
+ }
+ }
+ else if ( aInput == EPermit)
+ {
+ iAtLeastOnePermit = ETrue;
+ }
+ }
+ break;
+ case ERulePermitOverrides:
+ {
+ //algorithm specific handling....
+ if ( aInput == EPermit )
+ {
+ iCurrentResponse = EPermit;
+ iResultReady = ETrue;
+ }
+ else if ( aInput == EIndeterminate)
+ {
+ iAtLeastOneError = ETrue;
+ if ( aEffect == EPermit )
+ {
+ iPotentialPermit = ETrue;
+ }
+ }
+ else if ( aInput == EDeny)
+ {
+ iAtLeastOneDeny = ETrue;
+ }
+ }
+ }
+
+ return iResultReady;
+}
+
+// -----------------------------------------------------------------------------
+// TCombiningAlgorith::AddInput()
+// -----------------------------------------------------------------------------
+//
+
+TBool TCombiningAlgorith::AddInput( const TMatchResponse& aInput)
+{
+ //for policy algorithms
+
+ //if result is ready return it...
+ if ( iResultReady )
+ {
+ return iResultReady;
+ }
+
+ switch ( iAlgorithm)
+ {
+ case EPolicyDenyOverrides:
+ {
+ //algorithm specific handling....
+ if ( aInput == EDeny || aInput == EIndeterminate)
+ {
+ iCurrentResponse = EDeny;
+ iResultReady = ETrue;
+ }
+ else if ( aInput == EPermit)
+ {
+ iAtLeastOnePermit = ETrue;
+ }
+ }
+ break;
+ case EPolicyPermitOverrides:
+ {
+ //algorithm specific handling....
+ if ( aInput == EPermit )
+ {
+ iCurrentResponse = EPermit;
+ iResultReady = ETrue;
+ }
+ else if ( aInput == EDeny)
+ {
+ iAtLeastOneDeny = ETrue;
+ }
+ else if ( aInput == EIndeterminate)
+ {
+ iAtLeastOneError = ETrue;
+ }
+ }
+ break;
+ }
+
+ return iResultReady;
+}
+
+// -----------------------------------------------------------------------------
+// TCombiningAlgorith::ResultReady()
+// -----------------------------------------------------------------------------
+//
+
+TBool TCombiningAlgorith::ResultReady()
+{
+ return iResultReady;
+}
+
+// -----------------------------------------------------------------------------
+// TCombiningAlgorith::Result()
+// -----------------------------------------------------------------------------
+//
+
+TMatchResponse TCombiningAlgorith::Result()
+{
+ //default...
+ TMatchResponse response( ENotApplicable);
+
+ if ( !iResultReady)
+ {
+ //if result is not ready
+ switch ( iAlgorithm)
+ {
+ case ERuleDenyOverrides:
+ {
+ //algorithm specific handling....
+ if ( iPotentialDeny ) response = EIndeterminate; else
+ if ( iAtLeastOnePermit ) response = EPermit; else
+ if ( iAtLeastOneError ) response = EIndeterminate;
+ }
+ break;
+ case ERulePermitOverrides:
+ {
+ //algorithm specific handling....
+ if ( iPotentialPermit ) response = EIndeterminate; else
+ if ( iAtLeastOneDeny ) response = EDeny; else
+ if ( iAtLeastOneError ) response = EIndeterminate;
+ }
+ break;
+ case EPolicyDenyOverrides:
+ {
+ //algorithm specific handling....
+ if ( iAtLeastOnePermit ) response = EPermit;
+ }
+ break;
+ case EPolicyPermitOverrides:
+ {
+ //algorithm specific handling....
+ if ( iAtLeastOneDeny ) response = EDeny; else
+ if ( iAtLeastOneError ) response = EIndeterminate;
+ }
+ break;
+ }
+
+ iCurrentResponse = response;
+ iResultReady = ETrue;
+
+ }
+ else
+ {
+ //and if result is ready return it
+ response = iCurrentResponse;
+ }
+
+#ifdef _DEBUG
+ switch ( response)
+ {
+ case EDeny:
+ RDEBUG("PolicyEngineServer: DENY");
+ break;
+ case EPermit:
+ RDEBUG("PolicyEngineServer: PERMIT");
+ break;
+ case EIndeterminate:
+ RDEBUG("PolicyEngineServer: INDETERMINATE");
+ break;
+ default:
+ RDEBUG("PolicyEngineServer: NOT APPLICABLE");
+ break;
+ };
+#endif
+
+ return response;
+}
+