// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
// All rights reserved.
// This component and the accompanying materials are made available
// under the terms of "Eclipse Public License v1.0"
// which accompanies this distribution, and is available
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
//
// Initial Contributors:
// Nokia Corporation - initial contribution.
//
// Contributors:
//
// Description:
//
/**
@file
@internalTechnology
*/
#ifndef __btmanserversecuritypolicy_h__
#define __btmanserversecuritypolicy_h__
const TUint KBtmanServerRangeCount = 17;
/**
N.B.
1.) Functions labelled 'Always fail' are not supported by BTManServer currently.
2.) Functions labelled 'Always pass' can only be issued once a valid sessionhandle is obtained
(EBTManCreateRegistrySubSession), in which case we know that the client has the
LocalServices capability so we do not have to check capabilties again.
3.) All other Functions are labelled with the capability that is required to execute them.
**/
const TInt KBtmanServerRanges[KBtmanServerRangeCount] =
{
EBTManCreateHostResolverSubSession, // 0 = Alway fail
EBTManCreateRegistrySubSession, // 1 = Local Services
EBTManRegistrySearch, // 2 = Always pass
EBTRegistryRetrieveDevice, // 3 = Always fail
EBTRegistryAddDevice, // 4 = Always pass
EBTRegistryModifyBluetoothName, // 5 = Write Device Data
EBTRegistryModifyFriendlyName, // 6 = Always pass
EBTRegistryModifyNamelessDevice, // 7 = Write Device Data
EBTRegistryDeleteDevices, // 8 = Always pass
EBTRegistryDeleteLinkKey, // 9 = Write Device Data
EBTRegistryCloseView, // 10 = Always pass
EBTRegistryUpdateLocalDevice, // 11 = Write Device Data
EBTRegistryGetCommPortSettings, // 12 = Always pass
EBTHostResolverDeviceRequest, // 13 = Always fail
EBTManSetHeapFailure, // 14 = Local Services
EBTRegistryNotifyViewChange, // 15 = Always pass
// If new function enums are added, the following value needs to
// increase to be <last function number> + 1.
// This defines a final range that extends from the first invalid
// function number to KMaxTInt, and protects against attempts to
// attack the server with invalid functions.
EBTRegistryNotifyViewChange + 1 // 16 = CPolicyServer::ENotSupported for all other fns.
};
/** Index numbers into KBtmanServerElements[] */
const TInt policyAlwaysFail = 0;
const TInt policyLocalServices = 1;
const TInt policyAlwaysPass = 2;
const TInt policyWriteDeviceData = 3;
/**Mapping IPCs to policy element */
const TUint8 KBtmanServerElementsIndex[KBtmanServerRangeCount] =
{
policyAlwaysFail, /** EBTManCreateHostResolverSubSession */
policyLocalServices, /** EBTManCreateRegistrySubSession */
/** EBTManCreateCommPortSettingsSubSession */
/** EBTManCreateLocalDeviceSubSession */
policyAlwaysPass, /** EBTManRegistrySearch */
/** EBTManExtractRegistryDataIntoServer */
/** EBTManRetrieveRegistryData */
/** EBTManCloseSubSession */
/** EBTManCancelRequest */
policyAlwaysFail, /** EBTRegistryRetrieveDevice */
policyAlwaysPass, /** EBTRegistryAddDevice */
/** EBTRegistryGetNamelessDevice */
policyWriteDeviceData, /** EBTRegistryModifyBluetoothName */
policyAlwaysPass, /** EBTRegistryModifyFriendlyName */
policyWriteDeviceData, /** EBTRegistryModifyNamelessDevice */
policyAlwaysPass, /** EBTRegistryDeleteDevices */
policyWriteDeviceData, /** EBTRegistryDeleteLinkKey */
/** EBTRegistryUnpairView */
policyAlwaysPass, /** EBTRegistryCloseView */
/** EBTRegistryGetLocalDevice */
policyWriteDeviceData, /** EBTRegistryUpdateLocalDevice */
policyAlwaysPass, /** EBTRegistryGetCommPortSettings */
/** EBTRegistryUpdateCommPortSettings */
/** EBTRegistryDeleteCommPortSettings */
policyAlwaysFail, /** EBTHostResolverDeviceRequest */
/** EBTHostResolverGetNextDeviceRequest */
/** EBTHostResolverDeviceModifyDevice */
/** EBTHostResolverNotifyRequest */
policyLocalServices, /** EBTManSetHeapFailure */
/** EBTManSubSessionCount */
policyAlwaysPass, /** EBTRegistryNotifyViewChange */
CPolicyServer::ENotSupported /** EBTManCreateSecManSubSession */
/** EBTManCreateSecuritySettingsSubSession */
/** EBTManCreateBasebandSecuritySubSession */
/** EBTSecManAccessRequest */
/** EBTSecuritySettingsRegister */
/** EBTSecuritySettingsUnregister */
/** EBTBasebandSecurityLinkKeyRequest */
/** EBTBasebandSecurityNewLinkKey */
/** EBTBasebandSecurityPinRequest */
/** EBTBasebandSecurityNewLinkState */
/** EBTBasebandSecurityHCIRequestHandler */
/** EBTBasebandSecurityNameRequestResponse */
/** ...and onwards to KMaxTInt */
};
/** Individual policy elements */
const CPolicyServer::TPolicyElement KBtmanServerElements[] =
{
/** the EFailClient means that the if the check fails the CheckFailed method with return KErrPermissionDenied */
{ _INIT_SECURITY_POLICY_FAIL }, /** policyAlwaysFail */
{ _INIT_SECURITY_POLICY_C1(ECapabilityLocalServices), CPolicyServer::EFailClient }, /** policyLocalService */
{ _INIT_SECURITY_POLICY_PASS }, /** policyAlwaysPass */
{ _INIT_SECURITY_POLICY_C1(ECapabilityWriteDeviceData), CPolicyServer::EFailClient } /** policyWriteDevData */
};
/** Main policy */
const CPolicyServer::TPolicy KBtmanServerPolicy =
{
CPolicyServer::EAlwaysPass, /** Specifies all connect attempts should pass */
KBtmanServerRangeCount,
KBtmanServerRanges,
KBtmanServerElementsIndex,
KBtmanServerElements,
};
#endif //__btmanserversecuritypolicy_h__