257
|
1 |
// Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies).
|
|
2 |
// All rights reserved.
|
|
3 |
// This component and the accompanying materials are made available
|
|
4 |
// under the terms of the License "Eclipse Public License v1.0"
|
|
5 |
// which accompanies this distribution, and is available
|
|
6 |
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
|
7 |
//
|
|
8 |
// Initial Contributors:
|
|
9 |
// Nokia Corporation - initial contribution.
|
|
10 |
//
|
|
11 |
// Contributors:
|
|
12 |
//
|
|
13 |
// Description:
|
|
14 |
// Provides the debug security server server implementation.
|
|
15 |
//
|
|
16 |
//
|
|
17 |
|
|
18 |
/**
|
|
19 |
@file
|
|
20 |
@internalTechnology
|
|
21 |
@released
|
|
22 |
*/
|
|
23 |
|
|
24 |
#include <e32base.h>
|
|
25 |
#include <e32base_private.h>
|
|
26 |
#include <rm_debug_api.h>
|
|
27 |
#include "c_process_pair.h"
|
|
28 |
#include "c_security_svr_session.h"
|
|
29 |
#include "c_security_svr_server.h"
|
|
30 |
#include "rm_debug_logging.h"
|
|
31 |
|
|
32 |
using namespace Debug;
|
|
33 |
|
|
34 |
/**
|
|
35 |
Server constructor, sessions are created as ESharableSessions, meaning that
|
|
36 |
each session will be used by at most one debug agent
|
|
37 |
*/
|
|
38 |
CSecuritySvrServer::CSecuritySvrServer(CActive::TPriority aActiveObjectPriority)
|
|
39 |
: CServer2(aActiveObjectPriority, ESharableSessions),
|
|
40 |
iSessionCount(0),
|
|
41 |
iShutdown()
|
|
42 |
{
|
|
43 |
LOG_MSG("CSecuritySvrServer::CSecuritySvrServer()\n");
|
|
44 |
}
|
|
45 |
|
|
46 |
/**
|
|
47 |
Standard implementation
|
|
48 |
|
|
49 |
@return pointer to new CSecuritySvrServer object
|
|
50 |
*/
|
|
51 |
CSecuritySvrServer* CSecuritySvrServer::NewLC()
|
|
52 |
{
|
|
53 |
LOG_MSG("CSecuritySvrServer::NewLC()\n");
|
|
54 |
|
|
55 |
CSecuritySvrServer* self=new(ELeave) CSecuritySvrServer(EPriorityStandard);
|
|
56 |
CleanupStack::PushL(self);
|
|
57 |
self->ConstructL();
|
|
58 |
return self;
|
|
59 |
}
|
|
60 |
|
|
61 |
/**
|
|
62 |
Server destructor, performs cleanup for the server
|
|
63 |
*/
|
|
64 |
CSecuritySvrServer::~CSecuritySvrServer()
|
|
65 |
{
|
|
66 |
LOG_MSG("CSecuritySvrServer::~CSecuritySvrServer()\n");
|
|
67 |
|
|
68 |
// stop the kernel side driver
|
|
69 |
iKernelDriver.Close();
|
|
70 |
User::FreeLogicalDevice(KDebugDriverName);
|
|
71 |
|
|
72 |
//deallocate both the debug maps
|
|
73 |
iPassiveDebugMap.ResetAndDestroy();
|
|
74 |
iActiveDebugMap.ResetAndDestroy();
|
|
75 |
}
|
|
76 |
|
|
77 |
/**
|
|
78 |
Starts the server and constructs and starts the servers shutdown timer
|
|
79 |
*/
|
|
80 |
void CSecuritySvrServer::ConstructL()
|
|
81 |
{
|
|
82 |
LOG_MSG("CSecuritySvrServer::ConstructL()");
|
|
83 |
|
|
84 |
StartL(KSecurityServerName);
|
|
85 |
iShutdown.ConstructL();
|
|
86 |
iShutdown.Start();
|
|
87 |
|
|
88 |
//load the kernel driver
|
|
89 |
TInt err = User::LoadLogicalDevice(KDebugDriverFileName);
|
|
90 |
if(! ((KErrNone == err) || (KErrAlreadyExists == err)))
|
|
91 |
{
|
|
92 |
User::Leave(err);
|
|
93 |
}
|
|
94 |
//create an information object for initialising the driver
|
|
95 |
TRM_DebugDriverInfo driverInfo;
|
|
96 |
driverInfo.iUserLibraryEnd = 0;
|
|
97 |
User::LeaveIfError(iKernelDriver.Open(driverInfo));
|
|
98 |
}
|
|
99 |
|
|
100 |
/**
|
|
101 |
Creates a new session with the DSS. A version check is done to ensure that an
|
|
102 |
up to date version of the DSS is available (according to the DA's needs).
|
|
103 |
The device driver is loaded if necessary and a session with the server and a
|
|
104 |
handle to the driver opened.
|
|
105 |
|
|
106 |
@param aRequiredVersion the minimal version of the DSS required by the DA
|
|
107 |
|
|
108 |
@return a pointer to the new sever session, or NULL if any of the
|
|
109 |
initialisation process failed
|
|
110 |
*/
|
|
111 |
CSession2* CSecuritySvrServer::NewSessionL(const TVersion& aRequiredVersion, const RMessage2& aMessage) const
|
|
112 |
//
|
|
113 |
// Session constructor
|
|
114 |
//
|
|
115 |
{
|
|
116 |
LOG_ARGS("version=%d.%d.%d", aRequiredVersion.iMajor, aRequiredVersion.iMinor, aRequiredVersion.iBuild);
|
|
117 |
|
|
118 |
//assert compatible version
|
|
119 |
TVersion currentVersion(KDebugServMajorVersionNumber, KDebugServMinorVersionNumber, KDebugServPatchVersionNumber);
|
|
120 |
if(!User::QueryVersionSupported(currentVersion, aRequiredVersion))
|
|
121 |
{
|
|
122 |
LOG_MSG("Requested version not compatible with this version. Asked for %d.%d.%d but this is %d.%d.%d", aRequiredVersion.iMajor, aRequiredVersion.iMinor, aRequiredVersion.iBuild, KDebugServMajorVersionNumber, KDebugServMinorVersionNumber, KDebugServPatchVersionNumber);
|
|
123 |
User::Leave(KErrNotSupported);
|
|
124 |
}
|
|
125 |
|
|
126 |
//create session
|
|
127 |
LOG_MSG("About to call new(ELeave) CSecuritySvrSession()");
|
|
128 |
CSecuritySvrSession* servSession = new(ELeave) CSecuritySvrSession();
|
|
129 |
|
|
130 |
CleanupStack::PushL(servSession);
|
|
131 |
servSession->ConstructL();
|
|
132 |
CleanupStack::Pop(servSession);
|
|
133 |
return servSession;
|
|
134 |
}
|
|
135 |
|
|
136 |
/**
|
|
137 |
Manages requests from debug agents to attach to target debug processes
|
|
138 |
|
|
139 |
Given the debug agent process ID and the target process name:
|
|
140 |
(1) checks whether the pair is already in either of the debug maps, if so
|
|
141 |
then returns KErrAlreadyExists
|
|
142 |
(2) if aPassive == ETrue then just add the pair to the passive map and return
|
|
143 |
whatever the return value of the array write was
|
|
144 |
(3) if aPassive == EFalse then check whether the target debug process is
|
|
145 |
already reserved by another debug agent. If it is then return KErrInUse,
|
|
146 |
otherwise add the pair to the active debug map and return the status
|
|
147 |
value of the array write.
|
|
148 |
|
|
149 |
@param aTargetProcessName original FileName of the process to attach to
|
|
150 |
@param aDebugAgentProcessId process ID of the debug agent
|
|
151 |
@param aPassive ETrue if wish to attach passively, EFalse otherwise
|
|
152 |
|
|
153 |
@return KErrNone if successfully attached, otherwise another system wide error
|
|
154 |
code as above
|
|
155 |
*/
|
|
156 |
TInt CSecuritySvrServer::AttachProcessL(const TDesC& aTargetProcessName, const TProcessId aDebugAgentProcessId, const TBool aPassive)
|
|
157 |
{
|
|
158 |
//store the pair of values
|
|
159 |
LOG_MSG( "CSecuritySvrServer::AttachProcessL()\n" );
|
|
160 |
|
|
161 |
CProcessPair *processPair = CProcessPair::NewL(aTargetProcessName, aDebugAgentProcessId);
|
|
162 |
if(processPair == NULL)
|
|
163 |
return KErrNoMemory;
|
|
164 |
|
|
165 |
//check whether the pair already exists in the active debug map
|
|
166 |
for(TInt i=0; i<iActiveDebugMap.Count(); i++)
|
|
167 |
{
|
|
168 |
if(*processPair == *(iActiveDebugMap[i]))
|
|
169 |
{
|
|
170 |
//process already exists
|
|
171 |
LOG_MSG( " AttachProcessL() error : KErrAlreadyExists in active map\n" );
|
|
172 |
delete processPair;
|
|
173 |
return KErrAlreadyExists;
|
|
174 |
}
|
|
175 |
}
|
|
176 |
|
|
177 |
//check whether the pair already exists in the passive map
|
|
178 |
for(TInt i=0; i<iPassiveDebugMap.Count(); i++)
|
|
179 |
{
|
|
180 |
if(*processPair == *(iPassiveDebugMap[i]))
|
|
181 |
{
|
|
182 |
//process already exists
|
|
183 |
LOG_MSG( " AttachProcessL() error : KErrAlreadyExists in passive map\n" );
|
|
184 |
delete processPair;
|
|
185 |
return KErrAlreadyExists;
|
|
186 |
}
|
|
187 |
}
|
|
188 |
|
|
189 |
if(aPassive)
|
|
190 |
{
|
|
191 |
//just add the pair and return
|
|
192 |
TInt err = iPassiveDebugMap.Append(processPair);
|
|
193 |
if(err != KErrNone)
|
|
194 |
{
|
|
195 |
// couldn't add pair for some unknown reason, so delete the pair
|
|
196 |
LOG_MSG2( " AttachProcessL() error %d appending passive process pair \n", err );
|
|
197 |
delete processPair;
|
|
198 |
}
|
|
199 |
return err;
|
|
200 |
}
|
|
201 |
else
|
|
202 |
{
|
|
203 |
//check whether the process Id has already been reserved
|
|
204 |
for(TInt i=0; i<iActiveDebugMap.Count(); i++)
|
|
205 |
{
|
|
206 |
if(processPair->ProcessNameMatches(*(iActiveDebugMap[i])))
|
|
207 |
{
|
|
208 |
//process already being debugged
|
|
209 |
LOG_MSG( " AttachProcessL() error : process already being debugged\n" );
|
|
210 |
delete processPair;
|
|
211 |
return KErrInUse;
|
|
212 |
}
|
|
213 |
}
|
|
214 |
//try to add the pair
|
|
215 |
TInt err = iActiveDebugMap.Append(processPair);
|
|
216 |
if(err != KErrNone)
|
|
217 |
{
|
|
218 |
// couldn't add pair for some unknown reason, so delete the pair
|
|
219 |
LOG_MSG2( " AttachProcessL() error %d appending active process pair \n", err );
|
|
220 |
delete processPair;
|
|
221 |
}
|
|
222 |
return err;
|
|
223 |
}
|
|
224 |
}
|
|
225 |
|
|
226 |
/*
|
|
227 |
Detach from debugging the specified process
|
|
228 |
|
|
229 |
@param aTargetProcessName name of the process to detach from
|
|
230 |
@param aDebugAgentProcessId process ID of the debug agent
|
|
231 |
|
|
232 |
@return KErrNone if successfully detached, KErrNotFound if an attempt is made
|
|
233 |
to detach from a process which the debug agent hasn't previously attached to
|
|
234 |
*/
|
|
235 |
TInt CSecuritySvrServer::DetachProcess(const TDesC& aTargetProcessName, const TProcessId aDebugAgentProcessId)
|
|
236 |
{
|
|
237 |
//check whether the pair is in the active debug map
|
|
238 |
for(TInt i=0; i<iActiveDebugMap.Count(); i++)
|
|
239 |
{
|
|
240 |
if(iActiveDebugMap[i]->Equals(aTargetProcessName, aDebugAgentProcessId))
|
|
241 |
{
|
|
242 |
//remove the process pair from the active debug map
|
|
243 |
delete iActiveDebugMap[i];
|
|
244 |
iActiveDebugMap.Remove(i);
|
|
245 |
return KErrNone;
|
|
246 |
}
|
|
247 |
}
|
|
248 |
|
|
249 |
//check whether the pair is in the passive debug map
|
|
250 |
for(TInt i=0; i<iPassiveDebugMap.Count(); i++)
|
|
251 |
{
|
|
252 |
if(iPassiveDebugMap[i]->Equals(aTargetProcessName, aDebugAgentProcessId))
|
|
253 |
{
|
|
254 |
//remove the process pair from the active debug map
|
|
255 |
delete iPassiveDebugMap[i];
|
|
256 |
iPassiveDebugMap.Remove(i);
|
|
257 |
return KErrNone;
|
|
258 |
}
|
|
259 |
}
|
|
260 |
|
|
261 |
//process pair wasn't in either map
|
|
262 |
return KErrNotFound;
|
|
263 |
}
|
|
264 |
|
|
265 |
/**
|
|
266 |
Given a debug agent process ID, removes all references to that debug agent
|
|
267 |
from the debug maps
|
|
268 |
|
|
269 |
@param aMessage message from the debug agent
|
|
270 |
|
|
271 |
@return returns KErrNone if successful, another system wide error code otherwise
|
|
272 |
*/
|
|
273 |
void CSecuritySvrServer::DetachAllProcesses(const TProcessId aDebugAgentProcessId)
|
|
274 |
{
|
|
275 |
//check whether the debug agent process ID is in the active debug map
|
|
276 |
for(TInt i=iActiveDebugMap.Count()-1; i>=0; i--)
|
|
277 |
{
|
|
278 |
if(iActiveDebugMap[i]->ProcessIdMatches(aDebugAgentProcessId))
|
|
279 |
{
|
|
280 |
//remove the process pair from the active debug map
|
|
281 |
delete iActiveDebugMap[i];
|
|
282 |
iActiveDebugMap.Remove(i);
|
|
283 |
}
|
|
284 |
}
|
|
285 |
|
|
286 |
//check whether the debug agent process ID is in the passive debug map
|
|
287 |
for(TInt i=iPassiveDebugMap.Count()-1; i>=0; i--)
|
|
288 |
{
|
|
289 |
if(iPassiveDebugMap[i]->ProcessIdMatches(aDebugAgentProcessId))
|
|
290 |
{
|
|
291 |
//remove the process pair from the passive debug map
|
|
292 |
delete iPassiveDebugMap[i];
|
|
293 |
iPassiveDebugMap.Remove(i);
|
|
294 |
}
|
|
295 |
}
|
|
296 |
}
|
|
297 |
|
|
298 |
/*
|
|
299 |
Check whether the specified debug agent is attaced to the specfied target
|
|
300 |
process.
|
|
301 |
|
|
302 |
@param aTargetThreadId thread ID of a thread in the target process
|
|
303 |
@param aMessage a message which originates with the debug agent
|
|
304 |
@param aPassive if EFalse then checks whether the debug agent is the active
|
|
305 |
debugger of the target process. If ETrue then checks whether the debug
|
|
306 |
agent is attached to the target process, irrespective of whether it is
|
|
307 |
attached passively or actively
|
|
308 |
|
|
309 |
@return ETrue if attached, EFalse otherwise
|
|
310 |
*/
|
|
311 |
TBool CSecuritySvrServer::CheckAttached(const TThreadId aTargetThreadId, const RMessage2& aMessage, const TBool aPassive)
|
|
312 |
{
|
|
313 |
|
|
314 |
//get a handle to the target thread
|
|
315 |
RThread targetThread;
|
|
316 |
TInt err = targetThread.Open(aTargetThreadId);
|
|
317 |
if(err != KErrNone)
|
|
318 |
{
|
|
319 |
return EFalse;
|
|
320 |
}
|
|
321 |
|
|
322 |
//get a handle to the target process
|
|
323 |
RProcess targetProcess;
|
|
324 |
err = targetThread.Process(targetProcess);
|
|
325 |
//finshed with the thread handle so close it
|
|
326 |
targetThread.Close();
|
|
327 |
if(err != KErrNone)
|
|
328 |
return EFalse;
|
|
329 |
|
|
330 |
//get the target process' file name
|
|
331 |
TFileName targetFileName = targetProcess.FileName();
|
|
332 |
|
|
333 |
// Tamperproofing. Ensure that the debug agent really has a superset
|
|
334 |
// of the target process PlatSec capabilities, as authorised
|
|
335 |
// by an OEM Debug Token (if any)
|
|
336 |
|
|
337 |
TSecurityInfo targetSecInfo(targetProcess);
|
|
338 |
|
|
339 |
// Now compare the capabilities, to ensure the DebugAgent has been authorised with
|
|
340 |
// sufficient capabilities from its OEM Debug token
|
|
341 |
CSecuritySvrSession* session = (CSecuritySvrSession*)aMessage.Session();
|
|
342 |
|
|
343 |
// Presume we need to check the target process is debuggable unless a valid OEM Debug token in effect?
|
|
344 |
if (!OEMTokenPermitsDebugL(session->GetOEMDebugCapabilities(), targetSecInfo.iCaps) )
|
|
345 |
{
|
|
346 |
// No debug token therefore check if the process is debuggable
|
|
347 |
err = iKernelDriver.IsDebuggable(targetProcess.Id());
|
|
348 |
}
|
|
349 |
|
|
350 |
//finished with the process handle so close it
|
|
351 |
targetProcess.Close();
|
|
352 |
|
|
353 |
if (err != KErrNone)
|
|
354 |
{
|
|
355 |
// The process was not marked as debuggable by the loader, and the OEM
|
|
356 |
// debug token did not override the lack of a debuggable bit.
|
|
357 |
// The process was not marked as debuggable by the loader
|
|
358 |
return EFalse;
|
|
359 |
}
|
|
360 |
|
|
361 |
return CheckAttachedProcess(targetFileName, aMessage, aPassive);
|
|
362 |
}
|
|
363 |
|
|
364 |
/*
|
|
365 |
Check whether the specified debug agent is attaced to the specfied target
|
|
366 |
process.
|
|
367 |
|
|
368 |
@param aTargetProcessId process ID of the target process
|
|
369 |
@param aMessage a message which originates with the debug agent
|
|
370 |
@param aPassive if EFalse then checks whether the debug agent is the active
|
|
371 |
debugger of the target process. If ETrue then checks whether the debug
|
|
372 |
agent is attached to the target process, irrespective of whether it is
|
|
373 |
attached passively or actively
|
|
374 |
|
|
375 |
@return ETrue if attached, EFalse otherwise
|
|
376 |
*/
|
|
377 |
TBool CSecuritySvrServer::CheckAttached(const TProcessId aTargetProcessId, const RMessage2& aMessage, const TBool aPassive)
|
|
378 |
{
|
|
379 |
//get a handle to the target process
|
|
380 |
RProcess targetProcess;
|
|
381 |
TInt err =targetProcess.Open(aTargetProcessId);
|
|
382 |
if(err != KErrNone)
|
|
383 |
{
|
|
384 |
return EFalse;
|
|
385 |
}
|
|
386 |
|
|
387 |
//get the target process' file name
|
|
388 |
TFileName targetFileName = targetProcess.FileName();
|
|
389 |
|
|
390 |
// Tamperproofing. Ensure that the debug agent really has a superset
|
|
391 |
// of the target process PlatSec capabilities, as authorised
|
|
392 |
// by an OEM Debug Token (if any)
|
|
393 |
|
|
394 |
TSecurityInfo targetSecInfo(targetProcess);
|
|
395 |
|
|
396 |
// Now compare the capabilities, to ensure the DebugAgent has been authorised with
|
|
397 |
// sufficient capabilities from its OEM Debug token
|
|
398 |
CSecuritySvrSession* session = (CSecuritySvrSession*)aMessage.Session();
|
|
399 |
|
|
400 |
// Presume we need to check the target process is debuggable unless a valid OEM Debug token in effect?
|
|
401 |
if ( !OEMTokenPermitsDebugL(session->GetOEMDebugCapabilities(), targetSecInfo.iCaps) )
|
|
402 |
{
|
|
403 |
// No debug token therefore check if the process is debuggable
|
|
404 |
err = iKernelDriver.IsDebuggable(targetProcess.Id());
|
|
405 |
}
|
|
406 |
|
|
407 |
//finished with the process handle so close it
|
|
408 |
targetProcess.Close();
|
|
409 |
|
|
410 |
if (err != KErrNone)
|
|
411 |
{
|
|
412 |
return EFalse;
|
|
413 |
}
|
|
414 |
|
|
415 |
return CheckAttachedProcess(targetFileName, aMessage, aPassive);
|
|
416 |
}
|
|
417 |
|
|
418 |
/*
|
|
419 |
Check whether the specified debug agent is attaced to the specfied target
|
|
420 |
process.
|
|
421 |
|
|
422 |
@param aTargetProcessName
|
|
423 |
@param aMessage a message which originates with the debug agent
|
|
424 |
|
|
425 |
@return ETrue if attached, EFalse otherwise
|
|
426 |
*/
|
|
427 |
TBool CSecuritySvrServer::CheckAttachedProcess(const TDesC& aTargetProcessName, const RMessage2& aMessage, const TBool aPassive) const
|
|
428 |
{
|
|
429 |
//get the debug agent's process id
|
|
430 |
TProcessId clientProcessId = 0;
|
|
431 |
TInt err = GetProcessIdFromMessage(clientProcessId, aMessage);
|
|
432 |
if(err != KErrNone)
|
|
433 |
return EFalse;
|
|
434 |
|
|
435 |
//check permissions
|
|
436 |
if(aPassive)
|
|
437 |
return IsDebugger(aTargetProcessName, clientProcessId);
|
|
438 |
else
|
|
439 |
return IsActiveDebugger(aTargetProcessName, clientProcessId);
|
|
440 |
}
|
|
441 |
|
|
442 |
/**
|
|
443 |
Tests whether the debug agent is attached actively to the target debug process
|
|
444 |
|
|
445 |
@param aTargetProcessName target debug process' FileName
|
|
446 |
@param aDebugAgentProcessId process ID of a debug agent
|
|
447 |
|
|
448 |
@return ETrue if the specified debug agent is actively attached to the
|
|
449 |
specified target debug process, EFalse otherwise
|
|
450 |
*/
|
|
451 |
TBool CSecuritySvrServer::IsActiveDebugger(const TDesC& aTargetProcessName, const TProcessId aDebugAgentProcessId) const
|
|
452 |
{
|
|
453 |
//check whether the pair is in the active debug map
|
|
454 |
for(TInt i=0; i<iActiveDebugMap.Count(); i++)
|
|
455 |
{
|
|
456 |
if(iActiveDebugMap[i]->Equals(aTargetProcessName, aDebugAgentProcessId))
|
|
457 |
return ETrue;
|
|
458 |
}
|
|
459 |
//not found so return false
|
|
460 |
return EFalse;
|
|
461 |
}
|
|
462 |
|
|
463 |
/**
|
|
464 |
Tests whether the target process is being debugged
|
|
465 |
|
|
466 |
@param aTargetProcessName target process' FileName
|
|
467 |
@param aPassive indicates whether to check for the process being actively debugged,
|
|
468 |
or passively debugged
|
|
469 |
|
|
470 |
@return ETrue if the specified target process is being debugged,
|
|
471 |
EFalse otherwise
|
|
472 |
*/
|
|
473 |
TBool CSecuritySvrServer::IsDebugged(const TDesC& aTargetProcessName, const TBool aPassive) const
|
|
474 |
{
|
|
475 |
//get a reference to the appropriate list
|
|
476 |
const RPointerArray<CProcessPair>& map = (aPassive) ? iPassiveDebugMap : iActiveDebugMap;
|
|
477 |
|
|
478 |
//iterate through the map trying to match the aTargetProcessName
|
|
479 |
for(TInt i=0; i<map.Count(); i++)
|
|
480 |
{
|
|
481 |
if(map[i]->ProcessNameMatches(aTargetProcessName))
|
|
482 |
{
|
|
483 |
return ETrue;
|
|
484 |
}
|
|
485 |
}
|
|
486 |
return EFalse;
|
|
487 |
}
|
|
488 |
|
|
489 |
/**
|
|
490 |
Tests whether the debug agent is attached to the target debug process
|
|
491 |
|
|
492 |
@param aTargetProcessName target debug process' FileName
|
|
493 |
@param aDebugAgentProcessId process ID of a debug agent
|
|
494 |
|
|
495 |
@return ETrue if the specified debug agent is attached to the
|
|
496 |
specified target debug process (regardless of whether it is attached
|
|
497 |
passively or actively), EFalse otherwise
|
|
498 |
*/
|
|
499 |
TBool CSecuritySvrServer::IsDebugger(const TDesC& aTargetProcessName, const TProcessId aDebugAgentProcessId) const
|
|
500 |
{
|
|
501 |
//check whether the pair is in the active debug map
|
|
502 |
if(IsActiveDebugger(aTargetProcessName, aDebugAgentProcessId))
|
|
503 |
return ETrue;
|
|
504 |
|
|
505 |
//check whether the pair is in the passive debug map
|
|
506 |
for(TInt i=0; i<iPassiveDebugMap.Count(); i++)
|
|
507 |
{
|
|
508 |
if(iPassiveDebugMap[i]->Equals(aTargetProcessName, aDebugAgentProcessId))
|
|
509 |
return ETrue;
|
|
510 |
}
|
|
511 |
//not found so return false
|
|
512 |
return EFalse;
|
|
513 |
}
|
|
514 |
|
|
515 |
/**
|
|
516 |
Decrements the server's count of how many sessions are connected to it and
|
|
517 |
starts the shutdown timer if there are no sessions connected
|
|
518 |
*/
|
|
519 |
void CSecuritySvrServer::SessionClosed()
|
|
520 |
{
|
|
521 |
if(--iSessionCount < 1)
|
|
522 |
{
|
|
523 |
iShutdown.Start();
|
|
524 |
}
|
|
525 |
}
|
|
526 |
|
|
527 |
/**
|
|
528 |
Increments the servers count of how many sessions are connected to it and
|
|
529 |
cancels the shutdown timer if it is running
|
|
530 |
*/
|
|
531 |
void CSecuritySvrServer::SessionOpened()
|
|
532 |
{
|
|
533 |
iSessionCount++;
|
|
534 |
iShutdown.Cancel();
|
|
535 |
}
|
|
536 |
|
|
537 |
/**
|
|
538 |
Get the process id of the thread which sent aMessage
|
|
539 |
@param aProcessId process id of the thread which sent aMessage
|
|
540 |
@param aMessage message object sent by thread
|
|
541 |
|
|
542 |
@return KErrNone if aProcessId could be set, or one of the system wide error codes if not
|
|
543 |
*/
|
|
544 |
TInt CSecuritySvrServer::GetProcessIdFromMessage(TProcessId& aProcessId, const RMessage2& aMessage) const
|
|
545 |
{
|
|
546 |
//get the debug agent's thread
|
|
547 |
RThread clientThread;
|
|
548 |
TInt err = aMessage.Client(clientThread);
|
|
549 |
if(err != KErrNone)
|
|
550 |
{
|
|
551 |
return err;
|
|
552 |
}
|
|
553 |
|
|
554 |
//get the debug agent's process
|
|
555 |
RProcess clientProcess;
|
|
556 |
err = clientThread.Process(clientProcess);
|
|
557 |
|
|
558 |
//finished with the thread handle so close it
|
|
559 |
clientThread.Close();
|
|
560 |
|
|
561 |
//check if there was an error from getting the process
|
|
562 |
if(err != KErrNone)
|
|
563 |
{
|
|
564 |
return err;
|
|
565 |
}
|
|
566 |
|
|
567 |
//get the debug agent's process id
|
|
568 |
aProcessId = clientProcess.Id();
|
|
569 |
|
|
570 |
//finished with the process handle so close it
|
|
571 |
clientProcess.Close();
|
|
572 |
|
|
573 |
return KErrNone;
|
|
574 |
}
|
|
575 |
|
|
576 |
/**
|
|
577 |
Helper function which determines whether the capabilities of the
|
|
578 |
OEM Token are sufficient to permit debug of an application.
|
|
579 |
|
|
580 |
Normally, we use the AllFiles capability as a proxy which
|
|
581 |
means a Debug Agent can debug non-debuggable executables,
|
|
582 |
provided it has a superset of the capabilities of the executable
|
|
583 |
to be debugged.
|
|
584 |
|
|
585 |
However, this causes the problem that all OEM Debug Tokens implicitly
|
|
586 |
give the power to debug an AllFiles executable, even if all that
|
|
587 |
is really needed is the power to debug an app with no capabilities,
|
|
588 |
or capabilities other than AllFiles.
|
|
589 |
|
|
590 |
To address this, we treat the AllFiles capability in a special way.
|
|
591 |
The AllFiles capability in a token is taken to mean that an OEM has
|
|
592 |
signed the token, and hence can debug other executables. But this does
|
|
593 |
not inclue the ability to debug an AllFiles executable. To debug an AllFiles
|
|
594 |
executable, the token must also have TCB.
|
|
595 |
|
|
596 |
@param aTokenCaps - The PlatSec capabilities of a token
|
|
597 |
@param aTargetCaps - The PlatSec capabilities of a target app to be debugged
|
|
598 |
|
|
599 |
@return ETrue if authorised for debugging, EFalse otherwise.
|
|
600 |
|
|
601 |
@leave Any system error code.
|
|
602 |
*/
|
|
603 |
TBool CSecuritySvrServer::OEMTokenPermitsDebugL(const TCapabilitySet aTokenCaps, const TCapabilitySet aTargetCaps)
|
|
604 |
{
|
|
605 |
LOG_MSG("CSecuritySvrSession::OEMTokenPermitsDebugL\n");
|
|
606 |
|
|
607 |
// Is the token valid - i.e. does it have AllFiles.
|
|
608 |
if ( !aTokenCaps.HasCapability(ECapabilityAllFiles) )
|
|
609 |
{
|
|
610 |
// Token is not valid, as it does not have AllFiles.
|
|
611 |
LOG_MSG("CSecuritySvrSession::OEMTokenPermitsDebugL - Token does not have AllFiles\n");
|
|
612 |
|
|
613 |
return EFalse;
|
|
614 |
}
|
|
615 |
|
|
616 |
// Token MUST have a strict superset of capabilities
|
|
617 |
if ( !aTokenCaps.HasCapabilities(aTargetCaps) )
|
|
618 |
{
|
|
619 |
// Token does not have at least all the capabilities of the target
|
|
620 |
LOG_MSG("CSecuritySvrSession::OEMTokenPermitsDebugL - Token does not have superset of target capabilities\n");
|
|
621 |
|
|
622 |
return EFalse;
|
|
623 |
}
|
|
624 |
|
|
625 |
// Special case: If the target has AllFiles, the Token must have TCB
|
|
626 |
if ( aTargetCaps.HasCapability(ECapabilityAllFiles) )
|
|
627 |
{
|
|
628 |
// Target has AllFiles, so does the Token have TCB?
|
|
629 |
if ( !aTokenCaps.HasCapability(ECapabilityTCB) )
|
|
630 |
{
|
|
631 |
// Token does not have TCB.
|
|
632 |
LOG_MSG("CSecuritySvrSession::OEMTokenPermitsDebugL - Token does not have TCB when target has AllFiles\n");
|
|
633 |
|
|
634 |
return EFalse;
|
|
635 |
}
|
|
636 |
}
|
|
637 |
|
|
638 |
// If we have passed all the above tests, the token permits debug
|
|
639 |
return ETrue;
|
|
640 |
}
|
|
641 |
|
|
642 |
/**
|
|
643 |
* This looks at a debug tokens capability and ensures it is sufficient
|
|
644 |
* to provide access to the flash partition
|
|
645 |
* @param aTokenCaps Capabilties of the Token
|
|
646 |
* @return TBool Whether or not flash access is permitted
|
|
647 |
*/
|
|
648 |
TBool CSecuritySvrServer::OEMTokenPermitsFlashAccessL(const TCapabilitySet aTokenCaps)
|
|
649 |
{
|
|
650 |
//Must have TCB to access flash
|
|
651 |
return aTokenCaps.HasCapability(ECapabilityTCB);
|
|
652 |
}
|
|
653 |
|
|
654 |
//eof
|
|
655 |
|