|
1 // Copyright (c) 2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // This class wraps up the security policy for native software installation. |
|
15 // |
|
16 |
|
17 |
|
18 |
|
19 /** |
|
20 @file |
|
21 @internalComponent |
|
22 */ |
|
23 |
|
24 #ifndef __SECURITYPOLICY_H__ |
|
25 #define __SECURITYPOLICY_H__ |
|
26 |
|
27 #include <e32base.h> |
|
28 |
|
29 // file duplicated from swi\\inc\\swi |
|
30 namespace Swi |
|
31 { |
|
32 |
|
33 _LIT(KSwisPolicyFile, "z:\\system\\data\\swipolicy.ini"); |
|
34 |
|
35 _LIT8(KAllowUnsigned, "AllowUnsigned"); |
|
36 _LIT8(KMandatePolicies, "MandatePolicies"); |
|
37 _LIT8(KDRMEnabled, "DRMEnabled"); |
|
38 _LIT8(KDRMIntent, "DRMIntent"); |
|
39 _LIT8(KMandateCodeSigningExtension, "MandateCodeSigningExtension"); |
|
40 _LIT8(KOid, "Oid"); |
|
41 _LIT8(KOcspMandatory, "OcspMandatory"); |
|
42 _LIT8(KOcspEnabled, "OcspEnabled"); |
|
43 _LIT8(KAllowGrantUserCaps, "AllowGrantUserCapabilities"); |
|
44 _LIT8(KUserCapabilities, "UserCapabilities"); |
|
45 _LIT8(KAllowOrphanedOverwrite, "AllowOrphanedOverwrite"); // This flag allows orphaned files to be overwritten when set |
|
46 _LIT8(KAllowPackagePropagate, "AllowPackagePropagate"); // Allows SWI to write stub SIS files to removable media cards |
|
47 _LIT8(KApplicationShutdownTimeout, "ApplicationShutdownTimeoutSeconds"); // Timeout for shutting down Apps during install/uninstall |
|
48 _LIT8(KRunWaitTimeout, "RunWaitTimeoutSeconds"); // Timeout to allow completion of apps/exes launched with RunWait option |
|
49 _LIT8(KAllowRunOnInstallUninstall, "AllowRunOnInstallUninstall"); |
|
50 _LIT8(KReplacePath, "ReplacePath"); |
|
51 _LIT8(KDeletePreinstalledFilesOnUninstall, "DeletePreinstalledFilesOnUninstall"); |
|
52 _LIT8(KPhoneTsyName, "PhoneTsyName"); |
|
53 _LIT8(KAllowOverwriteOnRestore, "AllowOverwriteOnRestore"); |
|
54 /** When true this flag allows orphaned files residing in private/xxxxxxxx/import, /resource or /sys/bin directories to be |
|
55 overwritten or eclipsed under user permission. |
|
56 */ |
|
57 _LIT8(KAllowProtectedOrphanOverwrite, "AllowProtectedOrphanOverwrite"); |
|
58 /** |
|
59 When true this flag allows to delay the uninstallation of embedded packages |
|
60 until all their dependent packages have been uninstalled. |
|
61 */ |
|
62 _LIT8(KRemoveOnlyWithLastDependent, "RemoveOnlyWithLastDependent"); |
|
63 /** |
|
64 If defined in the ini file, this specifies the ECOM plugin which is used |
|
65 to filter the OCSP request HTTP headers. |
|
66 */ |
|
67 _LIT8(KOcspHttpHeaderFilter, "OcspHttpHeaderFilter"); |
|
68 |
|
69 // This flag defines whether a SIS file will be considered compatible with the device if no target devices are listed in the package. |
|
70 _LIT8(KSISCompatibleIfNoTargetDevices, "SISCompatibleIfNoTargetDevices"); |
|
71 _LIT8(KAlternativeCodeSigningOid, "AlternativeCodeSigningOID"); |
|
72 |
|
73 _LIT8(KMaxNumOfLogEntries , "MaxNumOfLogEntries"); |
|
74 |
|
75 |
|
76 NONSHARABLE_CLASS(CPathReplaceEntry) : public CBase |
|
77 /** |
|
78 Used internally by CSecurityPolicy to manage replacement |
|
79 key, value pairs. |
|
80 |
|
81 @internalComponent |
|
82 */ |
|
83 { |
|
84 public: |
|
85 CPathReplaceEntry(HBufC* aFindPath, HBufC* aReplacePath); |
|
86 virtual ~CPathReplaceEntry(); |
|
87 |
|
88 public: |
|
89 /** Drive-qualified directory to match on target LHS. */ |
|
90 HBufC*const iFindPath; |
|
91 /** Drive-qualified replacement directory. */ |
|
92 HBufC*const iReplacePath; |
|
93 }; |
|
94 |
|
95 /** |
|
96 * This class represents some settings that control the behaviour |
|
97 * when installing a SIS file. The settings are stored in a resource |
|
98 * files and are retrieved at construction time. |
|
99 * |
|
100 * This class is implemented as a Singleton class. So only one instance |
|
101 * of this class will be created per thread (Per Thread because TLS is used to |
|
102 * store the instance of this class) |
|
103 */ |
|
104 class CSecurityPolicy : public CBase |
|
105 { |
|
106 public: |
|
107 ~CSecurityPolicy(); |
|
108 |
|
109 /** |
|
110 * This function checks if the installer should allow unisgned SIS files |
|
111 * to be installed. |
|
112 * @return ETrue Unsigned SIS file may be installed. |
|
113 * @return EFalse Unsigned SIS files must not be installed. |
|
114 */ |
|
115 IMPORT_C TBool AllowUnsigned() const; |
|
116 |
|
117 /** |
|
118 * This function checks if the end-entity certificates corresponding to |
|
119 * the private keys used to sign the SIS file must contain the |
|
120 * codesigning extension. |
|
121 * @return ETrue The certificates must contain the codesigning extension. |
|
122 * If they don't the SIS file will not be installed. |
|
123 * @return EFalse It doesn't matter whether the certificates contain |
|
124 * this extension or not. |
|
125 */ |
|
126 IMPORT_C TBool MandateCodesigningExtension() const; |
|
127 |
|
128 /** |
|
129 * This function checks if all the certificates (except the root) in the |
|
130 * chains corresponding to the private keys used to sign the SIS file must |
|
131 * have a Policy extension containing one of the OID defined in the resource |
|
132 * file. |
|
133 * @return ETrue The certificates must contain one of the OID defined in |
|
134 * the resource file. If they don't the SIS file will not be installed. |
|
135 * @return EFalse The presence or absence of the OID don't affect |
|
136 * the installation. The installer may still display this |
|
137 * information to the user. |
|
138 */ |
|
139 IMPORT_C TBool MandateCertificatePolicies() const; |
|
140 |
|
141 /** |
|
142 * ROM time specified extension OIDs which are compulsory for SWI |
|
143 * certificates. |
|
144 * |
|
145 * @return A list of OIDs which are mandatory for SWI certificates |
|
146 */ |
|
147 IMPORT_C const RPointerArray<HBufC> Oids() const; |
|
148 |
|
149 /** |
|
150 * Returns a boolean flag to indicate whether DRM is enabled. |
|
151 * |
|
152 * @return ETrue if DRM is enabled, EFalse otherwise |
|
153 */ |
|
154 IMPORT_C TBool DrmEnabled() const; |
|
155 |
|
156 /** |
|
157 * Returns an integer indicating which DRM intent should be used |
|
158 * for evaluation and execution of rights. |
|
159 */ |
|
160 IMPORT_C TInt DrmIntent() const; |
|
161 |
|
162 /** |
|
163 * This function returns whether OCSP is enabled during Software Install. |
|
164 * |
|
165 * @return ETrue if OSCP is enabled, EFalse otherwise. |
|
166 */ |
|
167 IMPORT_C TBool OcspEnabled() const; |
|
168 |
|
169 /** |
|
170 * This function returns whether OCSP is mandatory during Software Install. |
|
171 * |
|
172 * @return ETrue if OSCP is enabled, EFalse otherwise. |
|
173 */ |
|
174 IMPORT_C TBool OcspMandatory() const; |
|
175 |
|
176 /** |
|
177 * This function returns whether Software Install should allow the |
|
178 * granting of user capabilities, during install. |
|
179 * |
|
180 * @return ETrue if user capabilities are allowed to be granted, |
|
181 * EFalse otherwise. |
|
182 */ |
|
183 IMPORT_C TBool AllowGrantUserCaps() const; |
|
184 |
|
185 /** |
|
186 * This function returns a list of capabilities which Software Install |
|
187 * considers to be user capabilities. This list is read from the |
|
188 * policy ini file. |
|
189 * |
|
190 * @return The list of capabilities Software Install considers to be |
|
191 * user capabilities. |
|
192 */ |
|
193 IMPORT_C TCapabilitySet UserCapabilities() const; |
|
194 |
|
195 /** |
|
196 * This function returns whether Software Install should ask the user |
|
197 * if orphaned files should be overwritten during install. |
|
198 * |
|
199 * @return ETrue if the user should be asked about orphaned files, |
|
200 * EFalse otherwise. |
|
201 */ |
|
202 IMPORT_C TBool AllowOrphanedOverwrite() const; |
|
203 |
|
204 /** This function returns whether Software Install should create |
|
205 SIS stub files on removable media when a SIS file is installed to the |
|
206 removable media. |
|
207 @return ETrue if stubs are to be created, EFalse otherwise |
|
208 */ |
|
209 IMPORT_C TBool AllowPackagePropagate() const; |
|
210 |
|
211 /** |
|
212 * This function returns an integer indicating the maximum allowed |
|
213 * shutdown time for applications which are shut down during an upgrade |
|
214 * or uninstall. |
|
215 * @return Timeout in microseconds for apps shut down during upgrade |
|
216 * or uninstall. |
|
217 */ |
|
218 IMPORT_C TInt ApplicationShutdownTimeout() const; |
|
219 |
|
220 /** |
|
221 * This function returns an integer indicating the maximum time to wait |
|
222 * for completion of execution of files launched with the RunWait file |
|
223 * option during an install/uninstall. |
|
224 * @return Timeout in microseconds for apps shut down during upgrade |
|
225 * or uninstall. |
|
226 */ |
|
227 IMPORT_C TInt RunWaitTimeout() const; |
|
228 |
|
229 /** |
|
230 * This function returns a boolean indicating whether a SIS file with |
|
231 * no target devices listed should be considered compatible with |
|
232 * the device. |
|
233 * @return ETrue if SIS files with no target devices listed are to |
|
234 * be considered compatible, EFalse otherwise. |
|
235 */ |
|
236 IMPORT_C TBool SISCompatibleIfNoTargetDevices() const; |
|
237 |
|
238 /** |
|
239 * This function returns a boolean indicating whether the applications contained in |
|
240 * the SIS file are allowed to run when being installed or uninstalled. |
|
241 * |
|
242 * @return ETrue if SIS files with no target devices listed are to |
|
243 * be considered compatible, EFalse otherwise. |
|
244 */ |
|
245 IMPORT_C TBool AllowRunOnInstallUninstall() const; |
|
246 |
|
247 IMPORT_C TUint32 OcspHttpHeaderFilter() const; |
|
248 |
|
249 IMPORT_C HBufC* ResolveTargetFileNameLC( |
|
250 const TDesC& aMmpName, TText aDrive) const; |
|
251 IMPORT_C HBufC* ResolveTargetFileNameL( |
|
252 const TDesC& aMmpName, TText aDrive) const; |
|
253 |
|
254 IMPORT_C TBool DeletePreinstalledFilesOnUninstall() const; |
|
255 |
|
256 /** When true this flag allows orphaned files residing in |
|
257 * /private/xxxxxxxx/import, /resource or /sys/bin directories to be |
|
258 * overwritten or eclipsed (under user permission). |
|
259 * A file is considered orphaned if it does not belong to any installed |
|
260 * package in the registry. This value defaults to true; |
|
261 * |
|
262 * @return ETrue if the Software Install should overwrite or eclipse |
|
263 * orphaned files in protected directories, EFalse otherwise. |
|
264 */ |
|
265 IMPORT_C TBool AllowProtectedOrphanOverwrite() const; |
|
266 |
|
267 /** |
|
268 This function is used to retrieve a list of alternate code signing |
|
269 OIDs. These values are in addition to the OID existing in |
|
270 securitydefs.h. Allows additional user defined OID to be |
|
271 specified for code signing. |
|
272 @return A list of the alternative code oid references |
|
273 */ |
|
274 IMPORT_C const RPointerArray<HBufC> AlternativeCodeSigningOid() const; |
|
275 |
|
276 /** |
|
277 This function is used to retrieve the value of iRemoveOnlyWithLastDependent member. |
|
278 When true an embedded package can be uninstalled only if the last dependent has been uninstalled |
|
279 */ |
|
280 IMPORT_C TBool RemoveOnlyWithLastDependent() const; |
|
281 |
|
282 IMPORT_C static void ReleaseResource(); |
|
283 |
|
284 /** |
|
285 * This function is used to access the instance of this class. If |
|
286 * the instance is not created then this will create the instance |
|
287 * and return. TLS is used to store pointer of the instance. |
|
288 * |
|
289 * ReleaseResource function should be by the owner of this instance |
|
290 * after the use of this class. |
|
291 */ |
|
292 IMPORT_C static CSecurityPolicy* GetSecurityPolicyL(); |
|
293 |
|
294 /** |
|
295 * This function gets the maximum number of entries allowed in the log file |
|
296 * SisRegistryServer produce logfile , during install,Uninstall and Upgrade. |
|
297 * |
|
298 * @return maximum number of entries in logfile, 0 if no entries or |
|
299 * logging is disabled, |
|
300 * |
|
301 */ |
|
302 |
|
303 IMPORT_C TInt MaxNumOfLogEntries() const; |
|
304 |
|
305 IMPORT_C const TDesC& PhoneTsyName() const; |
|
306 |
|
307 /** |
|
308 Indicates whether the restore process should overwrite an application that is already installed |
|
309 if the same item appears in the backup e.g. if the system drive has not been reformatted. |
|
310 @return ETrue, if the restore process should overwrite applications; otherwise, EFalse is returned. |
|
311 */ |
|
312 IMPORT_C TBool AllowOverwriteOnRestore() const; |
|
313 private: |
|
314 CSecurityPolicy(); |
|
315 |
|
316 /** |
|
317 * The second-phase constructor. It reads the settings from |
|
318 * the resource file. |
|
319 */ |
|
320 void ConstructL(); |
|
321 |
|
322 /** |
|
323 Retrieves the next line of text from a buffer. Blank lines are skipped. |
|
324 |
|
325 @param aBuffer The buffer to parse. |
|
326 @param aPos The position to start reading from. This IN/OUT parameter |
|
327 should be initialised to zero on the first call. |
|
328 @param aLine An out parameter that will be set to point to the next line |
|
329 of text IF found. |
|
330 @return Whether a line of text was successfully read. |
|
331 */ |
|
332 TBool ReadLineL(const TDesC8& aBuffer, TInt& aPos, TPtrC8& aLine) const; |
|
333 |
|
334 /** |
|
335 * This function adds a user capability to iUserCapabilities from |
|
336 * a descriptor containing the name of the capability to add. |
|
337 */ |
|
338 void AddUserCapability(const TDesC8& aCapabilityName); |
|
339 |
|
340 void ReadReplacementPathsL(const TDesC8& aLine); |
|
341 |
|
342 /** |
|
343 * This function adds an alternative oid to iAlternativeCodeSigningOids from |
|
344 * a descriptor containing the alternative oid to add. Does not allow any duplication. |
|
345 */ |
|
346 void AddAlternativeCodeSigningOidL(const TDesC8& aAlternativeCodeSigningOid); |
|
347 |
|
348 private: |
|
349 TBool iIsInitialized; |
|
350 |
|
351 /** |
|
352 * This is set to ETrue if the installer must accept to install unsigned |
|
353 * SIS file. It is set to EFalse if only SIS files that are signed are |
|
354 * allowed to be installed. |
|
355 */ |
|
356 TBool iAllowUnsigned; |
|
357 |
|
358 /** |
|
359 * This is set to ETrue if the end-entity certificates corresponding |
|
360 * to the private keys used to sign the SIS files must have a codesigning |
|
361 * extension. If this is set and the certificates don't have this extension |
|
362 * the SIS file will not be installed. |
|
363 * If this is set to EFalse then the certificates may or may not have a |
|
364 * a codesigning extension. |
|
365 */ |
|
366 TBool iMandateCodesigningExtension; |
|
367 |
|
368 /** |
|
369 * This is set to ETrue if all the certificates (except the root) in the |
|
370 * chains corresponding to the private keys used to sign the SIS file must |
|
371 * have a Policy extension containing one of the OID defined in the resource |
|
372 * file. |
|
373 * This is set to EFalse if the presence of OID doesn't affect the |
|
374 * installation. |
|
375 */ |
|
376 TBool iMandateCertificatePolicies; |
|
377 |
|
378 /** |
|
379 * A List of custom OIDs which are mandatory for certificates used to |
|
380 * sign applications. |
|
381 * |
|
382 */ |
|
383 RPointerArray<HBufC> iCustomOids; |
|
384 |
|
385 /** |
|
386 * A boolean flag to indicate whether DRM is enabled. |
|
387 */ |
|
388 TBool iDrmEnabled; |
|
389 |
|
390 /** |
|
391 * The DRM intent to execute and evaluate if DRM is enabled. |
|
392 */ |
|
393 TInt iDrmIntent; |
|
394 |
|
395 /** |
|
396 * This is set to ETrue if OCSP is enabled, and software Install will |
|
397 * carry out an OCSP check during the installation. Failure of the OCSP |
|
398 * check does not necessarily cause installation to fail. |
|
399 */ |
|
400 TBool iOcspEnabled; |
|
401 |
|
402 /** |
|
403 * This is set to ETrue if ocsp check success is mandatory before install |
|
404 * can be carried out. |
|
405 */ |
|
406 TBool iOcspMandatory; |
|
407 |
|
408 /** |
|
409 * This is set to ETrue if Software Install will allow the user to grant |
|
410 * user capabilities to an executable, which are not signed for. |
|
411 */ |
|
412 TBool iAllowGrantUserCaps; |
|
413 |
|
414 /** |
|
415 * User capabilities, read from the policy file. |
|
416 */ |
|
417 TCapabilitySet iUserCapabilities; |
|
418 |
|
419 /** |
|
420 * This flag if set indicates that an orphaned file can be overwritten |
|
421 * during the install. The user is asked before the old file is deleted. |
|
422 * A file is considered orphaned if it does not belong to any installed |
|
423 * package in the registry. |
|
424 */ |
|
425 TBool iAllowOrphanedOverwrite; |
|
426 |
|
427 /** |
|
428 * This flag is set if SWI is allows to write sis stub files to removable |
|
429 * media cards. If a normal SIS file is installed on a removable device |
|
430 * appending the stub allows it to be in-place installed when the media |
|
431 * card is placed into another Symbian OS device |
|
432 */ |
|
433 TBool iAllowPackagePropagate; |
|
434 |
|
435 /** |
|
436 * The time in microseconds to allow applications to shutdown during |
|
437 * uninstall or upgrade operations. Applications which handle shut down |
|
438 * events are sent such an event; the upgrade/uninstall operation will |
|
439 * abort if they fail to shut down within this time. |
|
440 */ |
|
441 TInt iApplicationShutdownTimeout; |
|
442 |
|
443 /** |
|
444 * The time in microseconds to wait for the completion of execution of |
|
445 * files launched with the RunWait file option during an install/uninstall. |
|
446 */ |
|
447 TInt iRunWaitTimeout; |
|
448 |
|
449 /** |
|
450 * This is set to ETrue if SIS files with no target devices listed are to |
|
451 * be considered compatible. |
|
452 */ |
|
453 TBool iSISCompatibleIfNoTargetDevices; |
|
454 |
|
455 /** |
|
456 * This is set to ETrue if applications are allowed to run when being installed |
|
457 * or uninstalled. |
|
458 */ |
|
459 TBool iAllowRunOnInstallUninstall; |
|
460 |
|
461 /** Set of replacement paths. */ |
|
462 RPointerArray<CPathReplaceEntry> iReplEntries; |
|
463 |
|
464 |
|
465 /** |
|
466 ECOM plugin which implements HTTP header filter for OCSP requests. |
|
467 Zero means no plugin was specified. |
|
468 */ |
|
469 TUint32 iOcspHttpHeaderFilter; |
|
470 |
|
471 /** |
|
472 * This is set to ETrue if pre-installed files are to be deleted on |
|
473 * on uninstall, if the stub sis file used to install the package |
|
474 * is not read-only. |
|
475 */ |
|
476 TBool iDeletePreinstalledFilesOnUninstall; |
|
477 |
|
478 /** Reference count used by RSecPolHandle. */ |
|
479 mutable TInt iRefCount; |
|
480 |
|
481 /** |
|
482 * This member indicates whether Software Install should allow |
|
483 * orphaned files in private directories to be overwritten or |
|
484 * eclipsed during install. |
|
485 * |
|
486 */ |
|
487 TBool iAllowProtectedOrphanOverwrite; |
|
488 |
|
489 /** |
|
490 A list of alternative OIDs for code signing. |
|
491 */ |
|
492 RPointerArray<HBufC> iAlternativeCodeSigningOids; |
|
493 |
|
494 /** |
|
495 Set this option to ETrue to delay the uninstallation of embedded packages |
|
496 until all their dependent packages have been uninstalled. |
|
497 */ |
|
498 TBool iRemoveOnlyWithLastDependent; |
|
499 |
|
500 /** |
|
501 * The maximum number of log entries allowed. Zero if logging disabled. |
|
502 */ |
|
503 TInt iMaxNumOfLogEntries; |
|
504 |
|
505 /** |
|
506 Whether the restore process should overwrite applications on writeable media if they |
|
507 already exist. |
|
508 */ |
|
509 TBool iAllowOverwriteOnRestore; |
|
510 |
|
511 // 50 equivalent to KCommsDbSvrMaxFieldLength |
|
512 TBuf<50> iPhoneTsyName; |
|
513 |
|
514 friend class RSecPolHandle; |
|
515 |
|
516 #ifdef _DEBUG |
|
517 enum TPanic |
|
518 { |
|
519 ERRPFindPathNoDelim = 0x10, ERRPFindTooShort, ERRPFindNoLeadBackslash, |
|
520 ERRPFindNoTrailBackslash, ERRPRepTooShort, ERRPRepInvalidDrive, |
|
521 ERRPNoRepColonBackslash, ERRPRepNoTrailBackslash |
|
522 }; |
|
523 static void Panic(TPanic aPanic); |
|
524 #endif |
|
525 }; |
|
526 |
|
527 class RSecPolHandle |
|
528 /** |
|
529 This handle class provides access to a single |
|
530 immutable instance of CSecurityPolicy. This |
|
531 instance is reference counted and stored in |
|
532 sisregistryclient's thread-local storage. |
|
533 |
|
534 An instance of this object can be used in place |
|
535 of CSecurityPolicy::NewL(), but has the advantage |
|
536 that, providing it is opened once, the policy |
|
537 object can be accessed without continually re-reading |
|
538 and parsing the ini file, or maintaining a complex |
|
539 web of references or pointers. |
|
540 */ |
|
541 { |
|
542 public: |
|
543 IMPORT_C RSecPolHandle(); |
|
544 IMPORT_C void OpenL(); |
|
545 IMPORT_C void OpenLC(); |
|
546 IMPORT_C void Close(); |
|
547 |
|
548 inline const CSecurityPolicy& operator()() const; |
|
549 |
|
550 private: |
|
551 #ifdef _DEBUG |
|
552 enum TPanic |
|
553 { |
|
554 EOpnAlreadyOpen = 0x10 |
|
555 }; |
|
556 static void Panic(TPanic aPanic); |
|
557 #endif |
|
558 private: |
|
559 /** Reference counted policy object. */ |
|
560 const CSecurityPolicy* iSecPol; |
|
561 }; |
|
562 |
|
563 |
|
564 inline const CSecurityPolicy& RSecPolHandle::operator()() const |
|
565 /** |
|
566 Accessor function provides access to the security policy |
|
567 object which this handle reference counts. |
|
568 |
|
569 @return const reference to underlying |
|
570 CSecurityPolicy object. |
|
571 */ |
|
572 { |
|
573 return *iSecPol; |
|
574 } |
|
575 |
|
576 } // namespace SWI |
|
577 |
|
578 #endif // __SECURITYPOLICY_H__ |