|
0
|
1 |
// Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
|
|
|
2 |
// All rights reserved.
|
|
|
3 |
// This component and the accompanying materials are made available
|
|
|
4 |
// under the terms of the License "Eclipse Public License v1.0"
|
|
|
5 |
// which accompanies this distribution, and is available
|
|
|
6 |
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
|
|
7 |
//
|
|
|
8 |
// Initial Contributors:
|
|
|
9 |
// Nokia Corporation - initial contribution.
|
|
|
10 |
//
|
|
|
11 |
// Contributors:
|
|
|
12 |
//
|
|
|
13 |
// Description:
|
|
|
14 |
// e32\include\e32capability.h
|
|
|
15 |
// Platform security capability definitions
|
|
|
16 |
// Used by both source code and tools
|
|
|
17 |
// This file can be directly included into C++ tools such as ROMBUILD to allow
|
|
|
18 |
// capabilities to be specified by name. To do the same for MAKMAKE (in MMP
|
|
|
19 |
// files) some perl code will be needed to parse this file and extract the
|
|
|
20 |
// capability names and values.
|
|
|
21 |
//
|
|
|
22 |
//
|
|
|
23 |
|
|
|
24 |
#ifndef __E32CAPABILITY_H__
|
|
|
25 |
#define __E32CAPABILITY_H__
|
|
|
26 |
|
|
|
27 |
/**
|
|
|
28 |
An enumeration that defines the set of all supported capabilities.
|
|
|
29 |
|
|
|
30 |
@publishedAll
|
|
|
31 |
@released
|
|
|
32 |
*/
|
|
|
33 |
enum TCapability
|
|
|
34 |
{
|
|
|
35 |
/**
|
|
|
36 |
Grants write access to executables and shared read-only resources.
|
|
|
37 |
|
|
|
38 |
This is the most critical capability as it grants access to executables and
|
|
|
39 |
therefore to their capabilities. It also grants write access to
|
|
|
40 |
the /sys and /resource directories.
|
|
|
41 |
*/
|
|
|
42 |
ECapabilityTCB = 0,
|
|
|
43 |
|
|
|
44 |
|
|
|
45 |
/**
|
|
|
46 |
Grants direct access to all communication device drivers. This includes:
|
|
|
47 |
the EComm, Ethernet, USB device drivers etc.
|
|
|
48 |
*/
|
|
|
49 |
ECapabilityCommDD = 1,
|
|
|
50 |
|
|
|
51 |
|
|
|
52 |
/**
|
|
|
53 |
Grants the right:
|
|
|
54 |
|
|
|
55 |
- to kill any process in the system
|
|
|
56 |
- to power off unused peripherals
|
|
|
57 |
- to switch the machine into standby state
|
|
|
58 |
- to wake the machine up
|
|
|
59 |
- to power the machine down completely.
|
|
|
60 |
|
|
|
61 |
Note that this does not control access to anything and everything
|
|
|
62 |
that might drain battery power.
|
|
|
63 |
*/
|
|
|
64 |
ECapabilityPowerMgmt = 2,
|
|
|
65 |
|
|
|
66 |
|
|
|
67 |
/**
|
|
|
68 |
Grants direct access to all multimedia device drivers.
|
|
|
69 |
|
|
|
70 |
This includes the sound, camera, video device drivers etc.
|
|
|
71 |
*/
|
|
|
72 |
ECapabilityMultimediaDD = 3,
|
|
|
73 |
|
|
|
74 |
|
|
|
75 |
/**
|
|
|
76 |
Grants read access to network operator, phone manufacturer and device
|
|
|
77 |
confidential settings or data.
|
|
|
78 |
|
|
|
79 |
For example, the pin lock code, the list of applications that are installed.
|
|
|
80 |
*/
|
|
|
81 |
ECapabilityReadDeviceData = 4,
|
|
|
82 |
|
|
|
83 |
|
|
|
84 |
/**
|
|
|
85 |
Grants write access to settings that control the behaviour of the device.
|
|
|
86 |
|
|
|
87 |
For example, device lock settings, system time, time zone, alarms, etc.
|
|
|
88 |
*/
|
|
|
89 |
ECapabilityWriteDeviceData = 5,
|
|
|
90 |
|
|
|
91 |
|
|
|
92 |
/**
|
|
|
93 |
Grants access to protected content.
|
|
|
94 |
|
|
|
95 |
DRM (Digital Rights Management) agents use this capability to decide whether
|
|
|
96 |
or not an application should have access to DRM content.
|
|
|
97 |
Applications granted DRM are trusted to respect the rights associated
|
|
|
98 |
with the content.
|
|
|
99 |
*/
|
|
|
100 |
ECapabilityDRM = 6,
|
|
|
101 |
|
|
|
102 |
|
|
|
103 |
/**
|
|
|
104 |
Grants the right to create a trusted UI session, and therefore to display
|
|
|
105 |
dialogs in a secure UI environment.
|
|
|
106 |
|
|
|
107 |
Trusted UI dialogs are rare. They must be used only when confidentiality
|
|
|
108 |
and security are critical; for example, for password dialogs.
|
|
|
109 |
|
|
|
110 |
Normal access to the user interface and the screen does not require
|
|
|
111 |
this capability.
|
|
|
112 |
*/
|
|
|
113 |
ECapabilityTrustedUI = 7,
|
|
|
114 |
|
|
|
115 |
|
|
|
116 |
/**
|
|
|
117 |
Grants the right to a server to register with a protected name.
|
|
|
118 |
|
|
|
119 |
Currently, protected names start with a "!" character. The kernel prevents
|
|
|
120 |
servers without this capability from using such a name, and therefore
|
|
|
121 |
prevents protected servers from being impersonated.
|
|
|
122 |
*/
|
|
|
123 |
ECapabilityProtServ = 8,
|
|
|
124 |
|
|
|
125 |
|
|
|
126 |
/**
|
|
|
127 |
Grants access to disk administration operations that affect more than one
|
|
|
128 |
file or one directory (or overall filesystem integrity/behaviour, etc).
|
|
|
129 |
|
|
|
130 |
For examples, reformatting a disk partition.
|
|
|
131 |
*/
|
|
|
132 |
ECapabilityDiskAdmin = 9,
|
|
|
133 |
|
|
|
134 |
|
|
|
135 |
/**
|
|
|
136 |
Grants the right to modify or access network protocol controls.
|
|
|
137 |
|
|
|
138 |
Typically when an action can change the behaviour of all existing and
|
|
|
139 |
future connections, it should be protected by this capability.
|
|
|
140 |
|
|
|
141 |
For example, forcing all existing connections on a specific protocol
|
|
|
142 |
to be dropped, or changing the priority of a call.
|
|
|
143 |
*/
|
|
|
144 |
ECapabilityNetworkControl = 10,
|
|
|
145 |
|
|
|
146 |
|
|
|
147 |
/**
|
|
|
148 |
Grants read access to the entire file system; grants write access to
|
|
|
149 |
the private directories of other processes.
|
|
|
150 |
|
|
|
151 |
This capability is very strictly controlled and should rarely be granted.
|
|
|
152 |
*/
|
|
|
153 |
ECapabilityAllFiles = 11,
|
|
|
154 |
|
|
|
155 |
|
|
|
156 |
/**
|
|
|
157 |
Grants the right to generate software key & pen events, and to capture any
|
|
|
158 |
of them regardless of the status of the application.
|
|
|
159 |
|
|
|
160 |
Note that after obtaining the focus, normal applications do not need this
|
|
|
161 |
capability to be dispatched key and pen events.
|
|
|
162 |
*/
|
|
|
163 |
ECapabilitySwEvent = 12,
|
|
|
164 |
|
|
|
165 |
|
|
|
166 |
/**
|
|
|
167 |
A user capability that grants access to remote services without any
|
|
|
168 |
restriction on its physical location.
|
|
|
169 |
|
|
|
170 |
Typically, such a location is unknown to the phone user, and such services
|
|
|
171 |
may incur cost for the phone user.
|
|
|
172 |
|
|
|
173 |
Voice calls, SMS, and internet services are good examples of
|
|
|
174 |
such network services. They are supported by GSM, CDMA and all IP transport
|
|
|
175 |
protocols including Bluetooth profiles over IP.
|
|
|
176 |
*/
|
|
|
177 |
ECapabilityNetworkServices = 13,
|
|
|
178 |
|
|
|
179 |
|
|
|
180 |
/**
|
|
|
181 |
A user capability that grants access to remote services in the close
|
|
|
182 |
vicinity of the phone.
|
|
|
183 |
|
|
|
184 |
The location of the remote service is well-known to the phone user, and in
|
|
|
185 |
most cases, such services will not incur cost for the phone user.
|
|
|
186 |
*/
|
|
|
187 |
ECapabilityLocalServices = 14,
|
|
|
188 |
|
|
|
189 |
|
|
|
190 |
/**
|
|
|
191 |
A user capability that grants read access to data that is confidential to
|
|
|
192 |
the phone user.
|
|
|
193 |
|
|
|
194 |
This capability supports the management of the user's privacy.
|
|
|
195 |
|
|
|
196 |
Typically, contacts, messages and appointments are always seen user
|
|
|
197 |
confidential data.
|
|
|
198 |
*/
|
|
|
199 |
ECapabilityReadUserData = 15,
|
|
|
200 |
|
|
|
201 |
|
|
|
202 |
/**
|
|
|
203 |
A user capability that grants write access to user data.
|
|
|
204 |
|
|
|
205 |
This capability supports the management of the integrity of user data.
|
|
|
206 |
|
|
|
207 |
Note that this capability is not symmetric with the ECapabilityReadUserData
|
|
|
208 |
capability. For example, you may want to prevent rogue applications from
|
|
|
209 |
deleting music tracks but you may not want to restrict read access to them.
|
|
|
210 |
*/
|
|
|
211 |
ECapabilityWriteUserData = 16,
|
|
|
212 |
|
|
|
213 |
|
|
|
214 |
/**
|
|
|
215 |
A user capability that grants access to the location of the device.
|
|
|
216 |
|
|
|
217 |
This capability supports the management of the user's privacy with regard
|
|
|
218 |
to the phone location.
|
|
|
219 |
*/
|
|
|
220 |
ECapabilityLocation = 17,
|
|
|
221 |
|
|
|
222 |
|
|
|
223 |
/**
|
|
|
224 |
Grants access to logical device drivers that provide input information about
|
|
|
225 |
the surroundings of the device.
|
|
|
226 |
|
|
|
227 |
Good examples of drivers that require this capability would be GPS and biometrics
|
|
|
228 |
device drivers. For complex multimedia logical device drivers that provide both
|
|
|
229 |
input and output functions, such as Sound device driver, the MultimediaDD
|
|
|
230 |
capability should be used if it is too difficult to separate the input from the
|
|
|
231 |
output calls at its API level.
|
|
|
232 |
*/
|
|
|
233 |
ECapabilitySurroundingsDD = 18,
|
|
|
234 |
|
|
|
235 |
|
|
|
236 |
/**
|
|
|
237 |
Grants access to live confidential information about the user and his/her
|
|
|
238 |
immediate environment. This capability protect the user's privacy.
|
|
|
239 |
|
|
|
240 |
Examples are audio, picture and video recording, biometrics (such as blood
|
|
|
241 |
pressure) recording.
|
|
|
242 |
|
|
|
243 |
Please note that the location of the device is excluded from this capability.
|
|
|
244 |
The protection of this is achieved by using the dedicated capability Location
|
|
|
245 |
*/
|
|
|
246 |
ECapabilityUserEnvironment = 19,
|
|
|
247 |
|
|
|
248 |
|
|
|
249 |
ECapability_Limit, /**< @internalTechnology */
|
|
|
250 |
|
|
|
251 |
ECapability_HardLimit = 255, /**< @internalTechnology */
|
|
|
252 |
|
|
|
253 |
ECapability_None = -1, /**< Special value used to specify 'do not care' or 'no capability'.*/
|
|
|
254 |
|
|
|
255 |
ECapability_Denied = -2 /**< Special value used to indicate a capability that is never granted. */
|
|
|
256 |
};
|
|
|
257 |
|
|
|
258 |
|
|
|
259 |
/** Define this macro to reference the names of the capabilities. This is here so
|
|
|
260 |
that ROMBUILD can accept capability names.
|
|
|
261 |
*/
|
|
|
262 |
#ifdef __REFERENCE_CAPABILITY_NAMES__
|
|
|
263 |
|
|
|
264 |
extern const char* const CapabilityNames[ECapability_Limit];
|
|
|
265 |
|
|
|
266 |
#endif // __REFERENCE_CAPABILITY_NAMES__
|
|
|
267 |
|
|
|
268 |
/** Define this macro to include the names of the capabilities. This is here so
|
|
|
269 |
that ROMBUILD can accept capability names.
|
|
|
270 |
*/
|
|
|
271 |
#ifdef __INCLUDE_CAPABILITY_NAMES__
|
|
|
272 |
|
|
|
273 |
/** List of names of all supported capabilities
|
|
|
274 |
Must be in the same order as the enumerators in TCapability
|
|
|
275 |
|
|
|
276 |
@publishedAll
|
|
|
277 |
@released
|
|
|
278 |
*/
|
|
|
279 |
extern const char* const CapabilityNames[ECapability_Limit] =
|
|
|
280 |
{
|
|
|
281 |
"TCB",
|
|
|
282 |
"CommDD",
|
|
|
283 |
"PowerMgmt",
|
|
|
284 |
"MultimediaDD",
|
|
|
285 |
"ReadDeviceData",
|
|
|
286 |
"WriteDeviceData",
|
|
|
287 |
"DRM",
|
|
|
288 |
"TrustedUI",
|
|
|
289 |
"ProtServ",
|
|
|
290 |
"DiskAdmin",
|
|
|
291 |
"NetworkControl",
|
|
|
292 |
"AllFiles",
|
|
|
293 |
"SwEvent",
|
|
|
294 |
"NetworkServices",
|
|
|
295 |
"LocalServices",
|
|
|
296 |
"ReadUserData",
|
|
|
297 |
"WriteUserData",
|
|
|
298 |
"Location",
|
|
|
299 |
"SurroundingsDD",
|
|
|
300 |
"UserEnvironment"
|
|
|
301 |
};
|
|
|
302 |
|
|
|
303 |
#endif // __INCLUDE_CAPABILITY_NAMES__
|
|
|
304 |
|
|
|
305 |
#endif // __E32CAPABILITY_H__
|