|
1 /* |
|
2 * Copyright (c) 2007-2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Client side proxy class representing script session |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 |
|
20 |
|
21 |
|
22 |
|
23 |
|
24 #ifndef _CRTSECMGRSCRIPTSESSION_H_ |
|
25 #define _CRTSECMGRSCRIPTSESSION_H_ |
|
26 |
|
27 #include <rtsecmanager.rsg> |
|
28 #include <rtsecmgrcommondef.h> |
|
29 #include <rtsecmgrpermission.h> |
|
30 #include <rtsecmgrscript.h> |
|
31 #include <rtsecmgrtrustinfo.h> |
|
32 |
|
33 class CCoeEnv; |
|
34 class CRTSecMgrSubSessionProxy; |
|
35 |
|
36 /** |
|
37 * Type holding data to be used while prompting. |
|
38 * |
|
39 * The default or custom (runtime over-ridden) prompt handler requires the permission |
|
40 * type to prompt and the user-selection to be returned to security |
|
41 * manager for access permission check |
|
42 * |
|
43 * @lib rtsecmgrclient.lib |
|
44 */ |
|
45 class CPromptData : public CBase |
|
46 { |
|
47 public: |
|
48 |
|
49 /** |
|
50 * Two-phased constructor |
|
51 * |
|
52 * Constructs a CPromptData instance |
|
53 * |
|
54 * @return pointer to an instance of CPromptData |
|
55 */ |
|
56 static CPromptData* NewL() |
|
57 { |
|
58 CPromptData* self = CPromptData::NewLC (); |
|
59 CleanupStack::Pop (self); |
|
60 return self; |
|
61 } |
|
62 |
|
63 /** |
|
64 * Two-phased constructor |
|
65 * |
|
66 * Constructs a CPromptData instance and leaves the created instance |
|
67 * onto the cleanupstack. |
|
68 * |
|
69 * @return pointer to an instance of CPromptData |
|
70 */ |
|
71 |
|
72 static CPromptData* NewLC() |
|
73 { |
|
74 CPromptData* self = new (ELeave) CPromptData(); |
|
75 CleanupStack::PushL (self); |
|
76 self->ConstructL (); |
|
77 return self; |
|
78 } |
|
79 |
|
80 |
|
81 /** |
|
82 * Destructor |
|
83 * |
|
84 */ |
|
85 ~CPromptData() |
|
86 { |
|
87 if(iPermission) |
|
88 delete iPermission; |
|
89 |
|
90 } |
|
91 |
|
92 |
|
93 /* |
|
94 * |
|
95 * |
|
96 */ |
|
97 void ConstructL() |
|
98 { |
|
99 |
|
100 } |
|
101 |
|
102 /** |
|
103 * Returns permission data |
|
104 * |
|
105 * @return an object containing the permission data |
|
106 */ |
|
107 inline CPermission* Permission() const |
|
108 { |
|
109 return iPermission; |
|
110 } |
|
111 |
|
112 /** |
|
113 * Sets the user-selection data |
|
114 * |
|
115 * @param aUserSelection TUserPromptOption user-selected data value |
|
116 */ |
|
117 inline void SetUserSelection(TUserPromptOption aUserSelection) |
|
118 { |
|
119 iUserSelection = aUserSelection; |
|
120 } |
|
121 |
|
122 /** |
|
123 * Sets the permission value of the domain |
|
124 * |
|
125 * @param aPermission CPermission permission value of the domain |
|
126 */ |
|
127 |
|
128 inline void SetPermissions(CPermission& aPermission) |
|
129 { |
|
130 if(iPermission) |
|
131 { |
|
132 delete iPermission; |
|
133 iPermission = NULL; |
|
134 } |
|
135 |
|
136 iPermission = CPermission::NewL(aPermission); |
|
137 //iPermission = &aPermission; |
|
138 } |
|
139 private: |
|
140 //private default constructor |
|
141 CPromptData::CPromptData() : |
|
142 iUserSelection(RTUserPrompt_UnDefined) |
|
143 { |
|
144 } |
|
145 |
|
146 //private permission data |
|
147 CPermission* iPermission; |
|
148 |
|
149 //private user-selection |
|
150 TUserPromptOption iUserSelection; |
|
151 |
|
152 friend class CRTSecMgrScriptSession; |
|
153 }; |
|
154 |
|
155 //typdef to model list of prompt data structure |
|
156 typedef RPointerArray<CPromptData> RPromptDataList; |
|
157 |
|
158 /* |
|
159 * Prompt callback handler class. |
|
160 * |
|
161 * Runtimes should implement the prompt handler function to prompt the user |
|
162 * and to obtain the user option chosen. The prompt data are used by |
|
163 * runtime security manager for further access permission check. |
|
164 * |
|
165 * If runtimes do not override prompt handling, security manager component |
|
166 * would then provide default prompt handler functionality. |
|
167 * |
|
168 * @lib rtsecmgrclient.lib |
|
169 */ |
|
170 class MSecMgrPromptHandler |
|
171 { |
|
172 public: |
|
173 /** |
|
174 * Prompts the user. |
|
175 * |
|
176 * @param aPromptDataList RPromptDataList list of prompt data used by |
|
177 * prompt callback handler to show to the user |
|
178 * |
|
179 * @return KErrNone if prompting successful; In case of failure, one of |
|
180 * system wide error codes |
|
181 */ |
|
182 virtual TInt Prompt(RPromptDataList& aPromptDataList , TExecutableID aExecID = KAnonymousScript) =0; |
|
183 |
|
184 /** |
|
185 * Sets the user chosen prompt selection. |
|
186 * |
|
187 * @param aPromptUiOption TSecMgrPromptUIOption prompt selection |
|
188 */ |
|
189 virtual void SetPromptOption(TSecMgrPromptUIOption aPromptUiOption) =0; |
|
190 /** |
|
191 * Returns the prompt selection |
|
192 * |
|
193 * @return TSecMgrPromptUIOption the prompt selection |
|
194 */ |
|
195 virtual TSecMgrPromptUIOption PromptOption() const =0; |
|
196 }; |
|
197 |
|
198 /** |
|
199 * |
|
200 * Thin proxy to the client side sub-session handle. |
|
201 * |
|
202 * This class implements the default prompt handling functionality. In addition, the main |
|
203 * functionality of native platform access check is performed by CRTSecMgrScriptSession. |
|
204 * |
|
205 * @lib rtsecmgrclient.lib |
|
206 * |
|
207 */ |
|
208 NONSHARABLE_CLASS(CRTSecMgrScriptSession) : public CBase, MSecMgrPromptHandler |
|
209 { |
|
210 public: |
|
211 /** |
|
212 * Two-phased constructor |
|
213 * |
|
214 * Constructs a CRTSecMgrScriptSession instance |
|
215 * |
|
216 * Initializes client side script sub-session. |
|
217 * |
|
218 * @param MSecMgrPromptHandler pointer to a prompt handler callback |
|
219 * |
|
220 * @return pointer to an instance of CRTSecMgrScriptSession if succesful; |
|
221 * Otherwise NULL |
|
222 */ |
|
223 static CRTSecMgrScriptSession* NewL(MSecMgrPromptHandler* aPromptHdlr=0); |
|
224 |
|
225 /** |
|
226 * Two-phased constructor |
|
227 * |
|
228 * Constructs a CRTSecMgrScriptSession instance and leaves the created instance |
|
229 * on the cleanupstack |
|
230 * |
|
231 * Initializes client side script sub-session. |
|
232 * |
|
233 * @param MSecMgrPromptHandler pointer to a prompt handler callback |
|
234 * |
|
235 * @return pointer to an instance of CRTSecMgrScriptSession if succesful; |
|
236 * Otherwise NULL |
|
237 */ |
|
238 static CRTSecMgrScriptSession* NewLC(MSecMgrPromptHandler* aPromptHdlr=0); |
|
239 |
|
240 /** |
|
241 * Callback funciton for moreinfo link in advanced prompt |
|
242 * |
|
243 * Calls the moreinfo function for indivudual capability or for a alias group |
|
244 * |
|
245 * @param aCallbackParam TAny* pointer to TCallbackParam |
|
246 * |
|
247 */ |
|
248 static TInt LinkCallback(TAny *aCallbackParam); |
|
249 |
|
250 /** |
|
251 * Destructor |
|
252 * |
|
253 * Closes the sub-session |
|
254 * |
|
255 */ |
|
256 IMPORT_C ~CRTSecMgrScriptSession(); |
|
257 |
|
258 /** |
|
259 * Opens security manager script sub-session. This method in turn opens a |
|
260 * sub-session on the server side, by bringing script related data onto the cache. |
|
261 * |
|
262 * @param aParentSession RSessionBase handle to parent security manager session |
|
263 * @param aPolicyID TPolicyID policy identifier of the script associated with this script session |
|
264 * @param aExecID TExecutableID identifier of the script associated with this script session |
|
265 * |
|
266 * @return KErrNone if successful; In case of failure, one of system wide error cods |
|
267 */ |
|
268 TInt Open(const RSessionBase& aParentSession,TPolicyID aPolicyID,TExecutableID aExecID); |
|
269 |
|
270 /** |
|
271 * Opens security manager script sub-session. This method in turn opens a |
|
272 * sub-session on the server side, by bringing script related data onto the cache. |
|
273 * |
|
274 * @param aParentSession RSessionBase handle to parent security manager session |
|
275 * @param aPolicyID TPolicyID policy identifier of the script associated with this script session |
|
276 * @param aExecID TExecutableID identifier of the script associated with this script session |
|
277 * @param aHashValue TDesC hash value of the scrpt passed while registering the script |
|
278 * |
|
279 * @return KErrNone if successful; In case of failure, one of system wide error cods |
|
280 */ |
|
281 TInt Open(const RSessionBase& aParentSession,TPolicyID aPolicyID,TExecutableID aExecID,const TDesC& aHashValue); |
|
282 |
|
283 /** |
|
284 * Opens security manager script sub-session. This method in turn opens a |
|
285 * sub-session on the server side, by bringing script related data onto the cache. |
|
286 * |
|
287 * @param aParentSession RSessionBase handle to parent security manager session |
|
288 * @param aPolicyID TPolicyID policy identifier of the script associated with this script session |
|
289 * @param aExecID TExecutableID identifier of the script associated with this script session |
|
290 * @param aTrustInfo CTrustInfo trust data structure |
|
291 * |
|
292 * @return KErrNone if successful; In case of failure, one of system wide error cods |
|
293 */ |
|
294 TInt Open(const RSessionBase& aParentSession,TPolicyID aPolicyID,TExecutableID aExecID,const CTrustInfo& aTrustInfo); |
|
295 |
|
296 /** |
|
297 * Performs access permission check |
|
298 * |
|
299 * This method evaluates access permission by comparing the expected capabilities |
|
300 * to perform service invocation with the capabilities of the script. The |
|
301 * capabilities of the script is computed as sum of : |
|
302 * |
|
303 * - default allowed capabilities as specified in security access policy |
|
304 * - user-granted capabilities, allowed by user while prompting |
|
305 * |
|
306 * The capabilities allowed by the user could be of various durations, like |
|
307 * session-based, blanket/permanent and the one valid for the current invocation only |
|
308 * (one-shot) |
|
309 * |
|
310 * @param aCapabilitiesToCheck RCapabilityArray list of capabilities to be checked against |
|
311 * script's capbilities |
|
312 * |
|
313 * @return EAccessOk if the access permission check is successful; Else, EAccessNOk |
|
314 */ |
|
315 IMPORT_C TInt IsAllowed(const RCapabilityArray& aCapabilitiesToCheck); |
|
316 |
|
317 /** |
|
318 * Performs access permission check |
|
319 * |
|
320 * This overloaded method evaluates access permission by comparing the expected capabilities |
|
321 * to perform service invocation with the capabilities of the script. The |
|
322 * capabilities of the script is computed as sum of : |
|
323 * |
|
324 * - default allowed capabilities as specified in security access policy |
|
325 * - user-granted capabilities, allowed by user while prompting |
|
326 * |
|
327 * The capabilities allowed by the user could be of various durations, like |
|
328 * session-based, blanket/permanent and the one valid for the current invocation only |
|
329 * (one-shot) |
|
330 * |
|
331 * This overloaded version returns the list of capabilities that do not match after |
|
332 * access permission check. This can be used by the client to display to the user the |
|
333 * list of unmatched capabilities |
|
334 * |
|
335 * @param aCapabilitiesToCheck RCapabilityArray list of capabilities to be checked against |
|
336 * script's capbilities |
|
337 * @param aUnMatchedCapabilities RCapabilityArray list of unmatched capabilities |
|
338 * |
|
339 * @return EAccessOk if the access permission check is successful; Else, EAccessNOk |
|
340 */ |
|
341 IMPORT_C TInt IsAllowed(const RCapabilityArray& aCapabilitiesToCheck,RCapabilityArray& aUnMatchedCapabilities); |
|
342 |
|
343 /** |
|
344 * Definition of default prompt handler. |
|
345 * |
|
346 * @param aPromptDataList RPromptDataList list of prompt data used by |
|
347 * prompt callback handler to show to the user |
|
348 * |
|
349 * @return KErrNone if prompting successful; In case of failure, one of |
|
350 * system wide error codes |
|
351 * |
|
352 */ |
|
353 TInt Prompt(RPromptDataList& aPromptDataList , TExecutableID aExecID = KAnonymousScript); |
|
354 |
|
355 /** |
|
356 * Definition of cost notification. |
|
357 * |
|
358 */ |
|
359 void PromptCostL() ; |
|
360 |
|
361 /** |
|
362 * Gets the underlying script object |
|
363 * |
|
364 * This method is to be used by components, such as application manager, |
|
365 * that are interested in displaying script related information to the user. |
|
366 * |
|
367 * Following are the script related information: |
|
368 * |
|
369 * - Capabilities allowed by default |
|
370 * - User-grantable capabilities |
|
371 * - Currently allowed or denied blanket permissions |
|
372 * |
|
373 * Note that this method should not be used by runtimes unless and until there is |
|
374 * a strong design justification |
|
375 * |
|
376 * @return a reference to underlying script object |
|
377 */ |
|
378 inline CScript& CRTSecMgrScriptSession::Script() |
|
379 { |
|
380 return *iScript; |
|
381 } |
|
382 |
|
383 /** |
|
384 * Returns prompt handler reference |
|
385 * |
|
386 * @return reference to prompt handler |
|
387 */ |
|
388 inline MSecMgrPromptHandler* PromptHandler() const |
|
389 { |
|
390 return iPromptHdlr; |
|
391 } |
|
392 |
|
393 /** |
|
394 * Sets prompt UI option. The supported prompt options are : |
|
395 * |
|
396 * - Basic/Default |
|
397 * - Advanced |
|
398 * |
|
399 * The difference between the basic and advanced prompt option |
|
400 * reisdes in the fact the number of prompt options and the corresponding |
|
401 * prompt texts displayed would be different. |
|
402 * |
|
403 * If not explictly, the default prompt UI option is set to basic/default prompt UI. |
|
404 * |
|
405 * @param aUIPromptOption TSecMgrPromptUIOption basic/advanced prompt UI option |
|
406 */ |
|
407 inline void SetPromptOption(TSecMgrPromptUIOption aUIPromptOption) |
|
408 { |
|
409 iUIPromptOption = aUIPromptOption; |
|
410 } |
|
411 |
|
412 /** |
|
413 * Gets prompt UI option. The supported prompt options are : |
|
414 * |
|
415 * - Basic/Default |
|
416 * - Advanced |
|
417 * |
|
418 * The difference between the basic and advanced prompt option |
|
419 * reisdes in the fact the number of prompt options and the corresponding |
|
420 * prompt texts displayed would be different. |
|
421 * |
|
422 * @return aUIPromptOption TSecMgrPromptUIOption basic/advanced prompt UI option |
|
423 */ |
|
424 inline TSecMgrPromptUIOption PromptOption() const |
|
425 { |
|
426 return iUIPromptOption; |
|
427 } |
|
428 |
|
429 private: |
|
430 /* |
|
431 * Default private constructor |
|
432 * |
|
433 */ |
|
434 CRTSecMgrScriptSession(MSecMgrPromptHandler* aPromptHdlr=0); |
|
435 |
|
436 /* |
|
437 * Two phased constructor |
|
438 * |
|
439 */ |
|
440 void ConstructL(); |
|
441 |
|
442 /* |
|
443 * Contains prompt logic |
|
444 * |
|
445 */ |
|
446 TInt Prompt(CPromptData* aPromptData); |
|
447 |
|
448 /* |
|
449 * Private default implementation for advanced prompt UI option |
|
450 * |
|
451 */ |
|
452 TInt PromptAdvanced(CPromptData* aPromptData); |
|
453 |
|
454 /* |
|
455 * Logic for displaying more inormation when the user selects more info |
|
456 * |
|
457 */ |
|
458 TInt MoreInfoL(CPromptData& aPromptData); |
|
459 |
|
460 /* |
|
461 * Logic identifying the user-selection of prompt |
|
462 * duration |
|
463 * |
|
464 */ |
|
465 void HandleGrantChosen(CPromptData* aPromptData, |
|
466 TCapabilityBitSet aCapBitSet, TCapabilityBitSet& aAllowedCaps, |
|
467 TBool& aIsPermGrantModified); |
|
468 |
|
469 /* |
|
470 * Private implementation to update blanket permission data |
|
471 * |
|
472 */ |
|
473 void UpdatePermGrant(); |
|
474 |
|
475 /* |
|
476 * Conversion utility to convert a single 32-bit value to the list of |
|
477 * capabilities (RArray<TCapability>) |
|
478 * |
|
479 */ |
|
480 void BuildCapsL(TCapabilityBitSet aCapBitSet, RCapabilityArray& aInOutTCapList); |
|
481 |
|
482 /* |
|
483 * Private implementation to evaluate access permission check |
|
484 * |
|
485 */ |
|
486 TInt IsAllowed(const RCapabilityArray& aCapsToCheck,RPromptDataList& aPromptDataList,TCapabilityBitSet& aUnMatchedCapBits); |
|
487 |
|
488 /* |
|
489 * Private implementation to evaluate access permission check. This |
|
490 * overloaded version additionally returns the unmatched capabilities |
|
491 * |
|
492 */ |
|
493 TInt IsAllowed(const RCapabilityArray& aCapsToCheck,TCapabilityBitSet& aUnMatchedCapBits); |
|
494 |
|
495 /* |
|
496 * Conversion utility to generate an unsigned 32-bit value toggling the individual bits |
|
497 * to the corresponding TCapability value |
|
498 * |
|
499 */ |
|
500 void AddCapability(TCapabilityBitSet& aInOutCapBitSet, TCapability aCapToSet); |
|
501 |
|
502 /* |
|
503 * Attempts to close the script sub-session |
|
504 * |
|
505 */ |
|
506 void Close(); |
|
507 |
|
508 void AddResourceFiles(); |
|
509 void CloseResourceFiles(); |
|
510 |
|
511 private: |
|
512 /* |
|
513 * permissions allowed or denied for the current session |
|
514 * The lifetime of this data structure is associated |
|
515 * with this script session |
|
516 * |
|
517 */ |
|
518 struct |
|
519 { |
|
520 TCapabilityBitSet AllowedCaps; //caps allowed for this session (caps allowed for this session & perm allowed) |
|
521 TCapabilityBitSet DeniedCaps; //caps denied for this sesion (caps denied for this session & perm denied) |
|
522 }_sessionInfo; |
|
523 |
|
524 /* |
|
525 * anonymous enumerations for selection index |
|
526 * |
|
527 */ |
|
528 enum |
|
529 { |
|
530 PROMPT_SELIDX_ZERO = 0, |
|
531 PROMPT_SELIDX_ONE = PROMPT_SELIDX_ZERO + 1, |
|
532 PROMPT_SELIDX_TWO = PROMPT_SELIDX_ZERO + 2, |
|
533 PROMPT_SELIDX_THREE = PROMPT_SELIDX_ZERO + 3, |
|
534 PROMPT_SELIDX_FOUR = PROMPT_SELIDX_ZERO + 4, |
|
535 PROMPT_SELIDX_FIVE = PROMPT_SELIDX_ZERO + 5 |
|
536 }; |
|
537 |
|
538 /* |
|
539 * private script reference |
|
540 * |
|
541 */ |
|
542 CScript* iScript; |
|
543 |
|
544 /* |
|
545 * permanently allowed capability bits |
|
546 * |
|
547 */ |
|
548 TPermGrant iPermBits; //perm allowed caps, persistently stored for this script |
|
549 |
|
550 /* |
|
551 * permanently denied capability bits |
|
552 * |
|
553 */ |
|
554 TPermGrant iDeniedBits; //perm denied caps, persistently stored for this script |
|
555 |
|
556 /* |
|
557 * reference to prompt handler instance |
|
558 * |
|
559 */ |
|
560 MSecMgrPromptHandler* iPromptHdlr; |
|
561 |
|
562 /* |
|
563 * sub-session proxy pointer |
|
564 * |
|
565 */ |
|
566 CRTSecMgrSubSessionProxy* iSubSessionProxy; |
|
567 |
|
568 /* |
|
569 * pointer to Coe environment |
|
570 */ |
|
571 CCoeEnv* iCoeEnv; |
|
572 |
|
573 /* |
|
574 * security manager resource file offset value |
|
575 * |
|
576 */ |
|
577 TInt iResourceOffset; |
|
578 |
|
579 /* |
|
580 * Prompt UI option |
|
581 * |
|
582 */ |
|
583 TSecMgrPromptUIOption iUIPromptOption; |
|
584 |
|
585 /* |
|
586 * Custom prompt flag |
|
587 * |
|
588 */ |
|
589 TBool isCustomPrompt; |
|
590 }; |
|
591 |
|
592 #endif //_CRTSECMGRSCRIPTSESSION_H_ |
|
593 |