1 // Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).

     2 // All rights reserved.

     3 // This component and the accompanying materials are made available

     4 // under the terms of "Eclipse Public License v1.0"

     5 // which accompanies this distribution, and is available

     6 // at the URL "http://www.eclipse.org/legal/epl-v10.html".

     7 //

     8 // Initial Contributors:

     9 // Nokia Corporation - initial contribution.

    10 //

    11 // Contributors:

    12 //

    13 // Description:

    14 // Security Policy definitions for Platform security.

    15 //

    16 //

    17 

    18 /**

    19  @file SS_SECPOL.CPP

    20  @internalComponent

    21 */

    22 

    23 #include <e32base.h>

    24 #include <ss_std.h>

    25 #ifdef SYMBIAN_ENABLE_SPLIT_HEADERS

    26 #include <es_sock_partner.h>

    27 #include <es_sock_internal.h>

    28 #endif

    29 #include <comms-infras/sockmes.h>

    30 #include <comms-infras/es_connectionservermessages.h>

    31 #include "ss_secpol.h"

    32 

    33 namespace ESock

    34 {

    35 

    36 // NOTE: why does the following generate an error in ARMv5 indicating that esocksvr.dll

    37 // has initialised data ?

    38 //		_LIT_VENDOR_ID(KSymbianVID,0x70000001);

    39 //

    40 

    41 /** The Symbian Vendor ID. */

    42 const TUint KSymbianVID = 0x70000001;

    43 

    44 /** Socket Server Security Policy Definitions */

    45 const TUint SocketServerRangeCount = 5;

    46 

    47 //

    48 

    49 /** Definition of IPC ranges that each cover the same policy */

    50 const TInt SocketServerRanges[SocketServerRangeCount] = 

    51 	{

    52 	ESSInstallExtension,	// policyNetworkControl

    53 	ECNControl,				// policyCustom

    54 	ESoCreate,				// policyDeferred

    55 //- To the system "deferred" and "pass" are identical, so no separate range to check

    56 //-	ESSNumProtocols,		// policyPass

    57 	ESSDbgMarkHeap,			// policyVIDandNetworkControl

    58 	ESSInvalidFunction		// fail (to KMaxTInt) 

    59 	};

    60 

    61 /** Index numbers into SocketServerElements[] */	

    62 const TInt policyNetworkControl = 0;

    63 const TInt policyPass = 1;

    64 const TInt policyDeferred = policyPass;

    65 const TInt policyVIDandNetworkControl = 2;

    66 const TInt policyCustom = CPolicyServer::ECustomCheck;

    67 

    68 /** Mapping of IPCs to policy elements */

    69 const TUint8 SocketServerElementsIndex[SocketServerRangeCount] = 

    70 	{

    71 	policyNetworkControl,		/** ESSInstallExtension */

    72 	policyCustom,				/** ECNControl */

    73 	policyDeferred,				/** ESoCreate */

    74 	policyVIDandNetworkControl,	/** ESSDbgMarkHeap */

    75  	CPolicyServer::ENotSupported/** ESSInvalidFunction to KMaxTInt */

    76 	};

    77 

    78 /** Individual policy elements */	

    79 const CPolicyServer::TPolicyElement SocketServerElements[] = 

    80 	{

    81 	{ _INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl), CPolicyServer::EFailClient },

    82 	{ _INIT_SECURITY_POLICY_PASS },

    83 	{ _INIT_SECURITY_POLICY_V1(KSymbianVID,ECapabilityNetworkControl), CPolicyServer::EFailClient }

    84 	};

    85 

    86 /** Main policy */

    87 const CPolicyServer::TPolicy SocketServerPolicy =

    88 	{

    89 	CPolicyServer::EAlwaysPass, 	/** Specifies all connect attempts should pass */

    90 	SocketServerRangeCount,					

    91 	SocketServerRanges,

    92 	SocketServerElementsIndex,

    93 	SocketServerElements

    94 	};

    95 

    96 /** Connection Server Security Policy Definitions */

    97 const TUint ConnectionServerRangeCount = 8;

    98 

    99 /** Definition of IPC ranges that each cover the same policy */

   100 const TInt ConnectionServerRanges[ConnectionServerRangeCount] = 

   101 	{

   102 	ECMCreate,

   103 	ECMAttachToTierManager + 1,

   104 

   105 	ECMAccessPointStatusQuery_DoThenGetResultOrSize,

   106 	ECMAccessPointStatusQuery_Cancel + 1,

   107 

   108 	ECMAccessPointNotification_SetupThenAwaitThenGetResultOrSize,

   109 	ECMAccessPointNotification_Cancel + 1,

   110 	

   111 	ECMApiExtBindIface,

   112 	ECMApiExtIfaceClose + 1

   113 	};

   114 

   115 /** Index numbers into ConnectionServerElements[] */	

   116 const TInt csPolicyNetworkServices = 0;

   117 //const TInt csPolicyVIDandNetworkServices = 1;

   118 

   119 /** Mapping of IPCs to policy elements */

   120 const TUint8 ConnectionServerElementsIndex[ConnectionServerRangeCount] = 

   121 	{

   122 	csPolicyNetworkServices,	/** ECMCreate */

   123 								/** ECMClose */

   124 								/** ECMAttachToTierManager */

   125 	CPolicyServer::ENotSupported,   /**  gap */

   126 	csPolicyNetworkServices,	/** ECMAccessPointStatusQuery_DoThenGetResultOrSize */

   127 								/** ECMAccessPointStatusQuery_GetResult	*/

   128 								/** ECMAccessPointStatusQuery_Cancel */

   129 	CPolicyServer::ENotSupported,   /**  gap */

   130 	csPolicyNetworkServices,	/** ECMAccessPointNotification_SetupThenAwaitThenGetResultOrSize */

   131 								/** ECMAccessPointNotification_AwaitThenGetResultOrSize */

   132 								/** ECMAccessPointNotification_GetResult */

   133 								/** ECMAccessPointNotification_Cancel */

   134 	CPolicyServer::ENotSupported ,  /** gap */

   135 	csPolicyNetworkServices,	/** ECMApiExtBindIface */

   136 								/** ECMApiExtBindSendReceive */

   137 	CPolicyServer::ENotSupported   /** _last_ + 1 to KMaxTInt */

   138 	};

   139 

   140 /** Individual policy elements */	

   141 const CPolicyServer::TPolicyElement ConnectionServerElements[] = 

   142 	{

   143 	{ _INIT_SECURITY_POLICY_C1(ECapabilityNetworkServices), CPolicyServer::EFailClient },

   144 //	{ _INIT_SECURITY_POLICY_V1(KSymbianVID,ECapabilityNetworkServices), CPolicyServer::EFailClient }

   145 	};

   146 

   147 /** Main policy */

   148 const CPolicyServer::TPolicy ConnectionServerPolicy =

   149 	{

   150 	CPolicyServer::EAlwaysPass, 	/** Specifies all connect attempts should pass */

   151 	ConnectionServerRangeCount,					

   152 	ConnectionServerRanges,

   153 	ConnectionServerElementsIndex,

   154 	ConnectionServerElements

   155 	};

   156 

   157 }

   158 

   159 CPolicyServer::TCustomResult

   160 CSocketServer::CustomSecurityCheckL(const RMessage2& aMsg, TInt& /*aAction*/, TSecurityInfo& /*aMissing*/)

   161 /**

   162 Implement custom security checking for IPCs marked with TSpecialCase::ECustomCheck

   163 

   164 Note that this only polices certain RConnection::Control(KCOLConnection) options that

   165 are implemented within ESOCK.  NIFMAN will police the remainder of the options.

   166 

   167 */

   168 	{

   169 	__ASSERT_ALWAYS(aMsg.Function() == ECNControl, Fault(ENotImplementedYet));

   170 

   171    TInt optionLevel = aMsg.Int0();

   172 

   173 	if (optionLevel == KCOLConnection)

   174 		{

   175       TInt optionName = aMsg.Int1();

   176 

   177 		switch(optionName)

   178 			{

   179 			case KCoEnumerateConnectionClients:

   180 			case KCoGetConnectionClientInfo:

   181 			case KCoEnumerateConnectionSockets:

   182 			case KCoGetConnectionSocketInfo:

   183 				{

   184 				return (ESock::SocketServerElements[ESock::policyNetworkControl].iPolicy.CheckPolicy(aMsg)) ? EPass : EFail;

   185 				}

   186 			default:

   187 				return EPass;

   188 			}

   189 		}

   190 

   191 	return EPass;

   192 	}

   193