1 /* |
|
2 * Copyright (c) 2007-2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Security Manager Client Side sub-Session Class |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 |
|
22 |
|
23 #ifndef _R_RSECMGRSESSION_H_ |
|
24 #define _R_RSECMGRSESSION_H_ |
|
25 |
|
26 #include <e32base.h> |
|
27 #include <e32std.h> |
|
28 #include <f32file.h> |
|
29 |
|
30 #include <rtsecmgrcommondef.h> |
|
31 #include <rtsecmgrtrustinfo.h> |
|
32 #include <rtsecmgrutility.h> |
|
33 |
|
34 class CTrustInfo; |
|
35 class CScript; |
|
36 class CEikonEnv; |
|
37 |
|
38 /** |
|
39 * |
|
40 * RSecMgrSession represents the client side session handle. |
|
41 * |
|
42 * This class mainly communicates with the corresponding server side session object. |
|
43 * The main reponsibility of this class is to package the input parameters, |
|
44 * invoke a server request and unpack the server response appropriately. |
|
45 * |
|
46 * @lib rtsecmgrclient.lib |
|
47 */ |
|
48 NONSHARABLE_CLASS(RSecMgrSession) : public RSessionBase |
|
49 { |
|
50 public: |
|
51 |
|
52 /** |
|
53 * Default constructor |
|
54 * |
|
55 */ |
|
56 RSecMgrSession(); |
|
57 |
|
58 /** |
|
59 * Connects to the runtime security manager server resulting in the creation |
|
60 * of peer server side session object |
|
61 * |
|
62 * @return TInt KErrNone if successful; In case of failure, one of system-wide |
|
63 * error codes |
|
64 * |
|
65 */ |
|
66 TInt Connect(); |
|
67 |
|
68 /** |
|
69 * Gets the version of runtime security manager component |
|
70 * |
|
71 * @return TVersion version of runtime security manager |
|
72 * |
|
73 */ |
|
74 TVersion Version() const; |
|
75 |
|
76 /** |
|
77 * Closes the session with the runtime security manager server |
|
78 * |
|
79 */ |
|
80 void Close(); |
|
81 |
|
82 /** |
|
83 * Registers the runtime security policy with security manager. This method |
|
84 * packs the message parameters required for registering the policy. |
|
85 * |
|
86 * The various parameters required for SetPolicy operation are : |
|
87 * |
|
88 * Operation Code : ESetPolicy |
|
89 * IPC Argument[0] : Policy Identifier (as inOut parameter) |
|
90 * IPC Argument[1] : SecurityPolicy FileHandle |
|
91 * IPC Argument[2] : SecurityPolicy FileSession object |
|
92 * IPC Argument[3] : none |
|
93 * |
|
94 * @param aSecPolicy RFile Handle to security policy file |
|
95 * |
|
96 * @return TPolicyID generated policy identifier if successul; Otherwise one of |
|
97 * system wide error codes |
|
98 * |
|
99 */ |
|
100 TPolicyID SetPolicy(const RFile& aSecPolicy); |
|
101 |
|
102 /** |
|
103 * Registers the runtime security policy with security manager. This method |
|
104 * packs the message parameters required for registering the policy. |
|
105 * |
|
106 * The various parameters required for SetPolicy operation are : |
|
107 * |
|
108 * Operation Code : ESetPolicy |
|
109 * IPC Argument[0] : Policy Identifier (as inOut parameter) |
|
110 * IPC Argument[1] : PolicyBuffer |
|
111 * IPC Argument[2] : SecurityPolicy FileSession object |
|
112 * IPC Argument[3] : none |
|
113 * |
|
114 * @param aSecPolicy RFile Handle to security policy file |
|
115 * |
|
116 * @return TPolicyID generated policy identifier if successul; Otherwise one of |
|
117 * system wide error codes |
|
118 * |
|
119 */ |
|
120 TPolicyID SetPolicy(const TDesC8& aPolicyBuffer); |
|
121 |
|
122 /** |
|
123 * UnRegisters a registered security policy. Runtimes should call this function |
|
124 * to de-register the already registered security policy. |
|
125 * |
|
126 * The various parameters required for UnSetPolicy operation are : |
|
127 * |
|
128 * Operation Code : EUnsetPolicy |
|
129 * IPC Argument[0] : Policy Identifier to un-register |
|
130 * IPC Argument[1] : Successcode (as inOut parameter) |
|
131 * IPC Argument[2] : none |
|
132 * IPC Argument[3] : none |
|
133 * |
|
134 * @param aPolicyID TPolicyID Policy identifier previously generated with SetPolicy |
|
135 * |
|
136 * @return TInt One of sytem wide error codes in case of failure; Otherwise KErrNone |
|
137 * |
|
138 */ |
|
139 TInt UnSetPolicy(TPolicyID aPolicyID); |
|
140 |
|
141 /** |
|
142 * Updates an already registered security policy. Runtimes should call this function |
|
143 * to update their policy. |
|
144 * |
|
145 * The various parameters required for UpdatePolicy operation are : |
|
146 * |
|
147 * Operation Code : EUpdatePolicy |
|
148 * IPC Argument[0] : Policy Identifier |
|
149 * IPC Argument[1] : SecurityPolicy FileHandle |
|
150 * IPC Argument[2] : SecurityPolicy FileSession object |
|
151 * IPC Argument[3] : none |
|
152 * |
|
153 * @param aPolicyID TPolicyID Policy identifier previously generated with SetPolicy |
|
154 * @param aSecPolicy RFile Handle to security policy file |
|
155 * |
|
156 * @see SetPolicy for file session pre-conditions |
|
157 * |
|
158 * @return TPolicyID One of sytem wide error codes in case of failure; Otherwise the passed policyID |
|
159 * |
|
160 */ |
|
161 TPolicyID UpdatePolicy(TPolicyID aPolicyID, const RFile& aSecPolicy); |
|
162 |
|
163 /** |
|
164 * Updates an already registered security policy. Runtimes should call this function |
|
165 * to update their policy. |
|
166 * |
|
167 * The various parameters required for UpdatePolicy operation are : |
|
168 * |
|
169 * Operation Code : EUpdatePolicy |
|
170 * IPC Argument[0] : Policy Identifier |
|
171 * IPC Argument[1] : SecurityPolicy FileBuffer |
|
172 * IPC Argument[2] : SecurityPolicy FileSession object |
|
173 * IPC Argument[3] : none |
|
174 * |
|
175 * @param aPolicyID TPolicyID Policy identifier previously generated with SetPolicy |
|
176 * @param aSecPolicy RFile Handle to security policy file |
|
177 * |
|
178 * @see SetPolicy for file session pre-conditions |
|
179 * |
|
180 * @return TPolicyID One of sytem wide error codes in case of failure; Otherwise the passed policyID |
|
181 * |
|
182 */ |
|
183 TPolicyID UpdatePolicy(TPolicyID aPolicyID, const TDesC8& aPolicyBuffer); |
|
184 |
|
185 /** |
|
186 * Registers a script/executable. Runtimes should specify the trust information |
|
187 * of the script to be registered. |
|
188 * |
|
189 * Operation Code : ERegisterScript |
|
190 * IPC Argument[0] : Policy Identifier |
|
191 * IPC Argument[1] : Script Identifier (as inOut Parameter) |
|
192 * IPC Argument[2] : none |
|
193 * IPC Argument[3] : none |
|
194 * |
|
195 * @param aPolicyID TPolicyID Runtime's registered policy identifier |
|
196 * @param aTrustInfo CTrustInfo a valid instance of CTrustInfo object |
|
197 * |
|
198 * @return TExecutableID generated executable identifier if successul; Otherwise one of |
|
199 * system wide error codes |
|
200 * |
|
201 */ |
|
202 TExecutableID RegisterScript(TPolicyID aPolicyID, |
|
203 const CTrustInfo& aTrustInfo); |
|
204 |
|
205 /** |
|
206 * Registers a script/executable. Runtimes should specify the trust information |
|
207 * of the script to be registered. |
|
208 * |
|
209 * Operation Code : ERegisterScript |
|
210 * IPC Argument[0] : Policy Identifier |
|
211 * IPC Argument[1] : Script Identifier (as inOut Parameter) |
|
212 * IPC Argument[2] : hash value of script |
|
213 * IPC Argument[3] : none |
|
214 * |
|
215 * |
|
216 * @param aPolicyID TPolicyID Runtime's registered policy identifier |
|
217 * @param aHashMarker const TDesC& Hash value to identify script when starting script session |
|
218 * @param aTrustInfo CTrustInfo a valid instance of CTrustInfo object |
|
219 * |
|
220 * @return TExecutableID generated executable identifier if successul; Otherwise one of |
|
221 * system wide error codes |
|
222 * |
|
223 */ |
|
224 TExecutableID RegisterScript(TPolicyID aPolicyID, const TDesC& aHashMarker, |
|
225 const CTrustInfo& aTrustInfo); |
|
226 |
|
227 /** |
|
228 * De-Registers a script/executable. Runtimes should pass the previously registered |
|
229 * script identifier corresponding to the script to be de-registered. |
|
230 * |
|
231 * Operation Code : EUnRegisterScript |
|
232 * IPC Argument[0] : Script Identifier |
|
233 * IPC Argument[1] : Policy Identifier |
|
234 * IPC Argument[2] : Success code (as inOut parameter) |
|
235 * IPC Argument[3] : none |
|
236 * |
|
237 * |
|
238 * @param aExeID TExecutableID A valid script identifier |
|
239 * |
|
240 * @return TInt One of sytem wide error codes in case of failure; Otherwise KErrNone |
|
241 * |
|
242 */ |
|
243 TInt UnRegisterScript(TExecutableID aExeID, TPolicyID aPolicyID); |
|
244 |
|
245 |
|
246 private: |
|
247 |
|
248 /** |
|
249 * Starts security manager server if it is not already started |
|
250 * |
|
251 * @return TInt One of sytem wide error codes in case of failure; Otherwise KErrNone |
|
252 * |
|
253 */ |
|
254 TInt StartSecManagerServer() const; |
|
255 |
|
256 /** |
|
257 * Returns security manager server location |
|
258 * |
|
259 * @return TFullName Server location path |
|
260 * |
|
261 */ |
|
262 TFullName ServerLocation() const; |
|
263 }; |
|
264 |
|
265 /** |
|
266 * |
|
267 * Represents the client side sub-session handle. This class mainly |
|
268 * communicates with the corresponding server side sub-session handle. |
|
269 * |
|
270 * The main reponsibilities of this class are : |
|
271 * |
|
272 * - to store the pre-computed capability set of the script associated with the session object |
|
273 * - to invoke the prompt handler |
|
274 * - to notify the server sub-session object in case of permanent grant change |
|
275 * |
|
276 * @lib rtsecmgrclient.lib |
|
277 */ |
|
278 NONSHARABLE_CLASS(RSecMgrSubSession) : public RSubSessionBase |
|
279 { |
|
280 public: |
|
281 |
|
282 RSecMgrSubSession(); |
|
283 |
|
284 /** |
|
285 * Opens client-side sub-session. The script session is modelled as a |
|
286 * client side sub-session with a peer server side sub-session. |
|
287 * |
|
288 * @param aSession RSessionBase handle to client side session |
|
289 * @param aScriptInfo CScript the underlying script object |
|
290 * @param aPolicyID TPolicyID policy identifier of the runtime security policy associated with the |
|
291 * script |
|
292 * |
|
293 * @return KErrNone if creation of sub-session is successful; In case of failure, |
|
294 * one of system-wide error codes |
|
295 */ |
|
296 TInt Open(const RSessionBase& aSession, CScript& aScriptInfo, |
|
297 TPolicyID aPolicyID, const TDesC& aHashValue = KNullDesC()); |
|
298 |
|
299 /** |
|
300 * Opens client-side sub-session for an un-registered trusted script. The script session is modelled as a |
|
301 * client side sub-session with a peer server side sub-session. |
|
302 * |
|
303 * @param aSession RSessionBase handle to client side session |
|
304 * @param aScriptInfo CScript the underlying script object |
|
305 * @param aPolicyID TPolicyID policy identifier of the runtime security policy associated with the |
|
306 * script |
|
307 * @param aTrustInfo CTrustInfo trust data structure |
|
308 * |
|
309 * @return KErrNone if creation of sub-session is successful; In case of failure, |
|
310 * one of system-wide error codes |
|
311 */ |
|
312 TInt Open(const RSessionBase& aServer, CScript& aScriptInfo, |
|
313 TPolicyID aPolicyID,const CTrustInfo& aTrustInfo); |
|
314 |
|
315 /** |
|
316 * Closes the script session, inturn closing the sub-session on |
|
317 * either side of client and server |
|
318 * |
|
319 */ |
|
320 void Close(); |
|
321 |
|
322 /** |
|
323 * Updates the blanket permission data of the script |
|
324 * |
|
325 * @param aScriptID TExecutableID Identifier of the scipt |
|
326 * @param aPermGrant TPermGrant Blanket allowed data |
|
327 * @param aPermDenied TPermGrant Blanket denied data |
|
328 * |
|
329 * @return KErrNone if update of blanket permission successul; Otherwise one of |
|
330 * system wide error codes |
|
331 * |
|
332 */ |
|
333 TInt UpdatePermGrant(TExecutableID aScriptID, TPermGrant aPermGrant, |
|
334 TPermGrant aPermDenied) const; |
|
335 |
|
336 /** |
|
337 * Updates the blanket permission data of the script |
|
338 * |
|
339 * @param aScriptID TExecutableID Identifier of the scipt |
|
340 * @param aAllowedProviders RProviderArray Blanket allowed providers |
|
341 * @param aDeniedProviders RProviderArray Blanket denied providers |
|
342 * |
|
343 * @return KErrNone if update of blanket permission successul; Otherwise one of |
|
344 * system wide error codes |
|
345 * |
|
346 */ |
|
347 TInt UpdatePermGrant(TExecutableID aScriptID, RProviderArray aAllowedProviders, RProviderArray aDeniedProviders) const; |
|
348 |
|
349 |
|
350 private: |
|
351 |
|
352 //CEikonEnv* iEnv; |
|
353 |
|
354 RFs iFs; |
|
355 }; |
|
356 |
|
357 #endif //_R_RSECMGRSESSION_H_ |
|
358 |
|