42
|
1 |
// Copyright (c) 2006-2010 Nokia Corporation and/or its subsidiary(-ies).
|
|
2 |
// All rights reserved.
|
|
3 |
// This component and the accompanying materials are made available
|
56
|
4 |
// under the terms of "Eclipse Public License v1.0"
|
42
|
5 |
// which accompanies this distribution, and is available
|
|
6 |
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
|
|
7 |
//
|
|
8 |
// Initial Contributors:
|
|
9 |
// Nokia Corporation - initial contribution.
|
|
10 |
//
|
|
11 |
// Contributors:
|
|
12 |
//
|
|
13 |
// Description:
|
|
14 |
// Definitions for the security server server side session.
|
|
15 |
//
|
|
16 |
//
|
|
17 |
|
|
18 |
#ifndef C_SECURITY_SVR_SESSION_H
|
|
19 |
#define C_SECURITY_SVR_SESSION_H
|
|
20 |
|
|
21 |
// forward declaration
|
|
22 |
class CSecuritySvrAsync;
|
|
23 |
|
|
24 |
#include "c_security_svr_async.h"
|
|
25 |
#include <f32file.h>
|
|
26 |
#include <d32locd.h>
|
|
27 |
|
|
28 |
#include <rm_debug_api.h>
|
|
29 |
|
|
30 |
#include "rm_debug_kerneldriver.h"
|
|
31 |
|
|
32 |
// Server name
|
|
33 |
_LIT(KDebugDriverName,"RunMode Debug Driver");
|
|
34 |
|
|
35 |
class CSecuritySvrServer;
|
|
36 |
|
|
37 |
/**
|
|
38 |
Debug Security Server session. Manages the session with one debug agent and
|
|
39 |
as many target executables as it has attached to.
|
|
40 |
*/
|
|
41 |
class CSecuritySvrSession : public CSession2
|
|
42 |
{
|
|
43 |
public:
|
|
44 |
CSecuritySvrSession(const TProcessId& aDebugAgentProcessId);
|
|
45 |
~CSecuritySvrSession();
|
|
46 |
void ConstructL ();
|
|
47 |
void CreateL();
|
|
48 |
|
|
49 |
TInt OpenHandle(const TRM_DebugDriverInfo& aDriverInfo);
|
|
50 |
void ServiceL(const RMessage2& aMessage);
|
|
51 |
void ServiceError(const RMessage2 &aMessage, TInt aError);
|
|
52 |
|
|
53 |
void ResumeThreadL(const RMessage2& aMessage);
|
|
54 |
void SuspendThreadL(const RMessage2& aMessage);
|
|
55 |
//break
|
|
56 |
void SetBreakL(const RMessage2& aMessage);
|
|
57 |
void ClearBreakL(const RMessage2& aMessage);
|
|
58 |
void ModifyBreakL(const RMessage2& aMessage);
|
|
59 |
void BreakInfoL(const RMessage2& aMessage);
|
|
60 |
|
|
61 |
void StepRangeL(const RMessage2& aMessage);
|
|
62 |
|
|
63 |
void GetEventL(const RMessage2& aMessage);
|
|
64 |
void CancelGetEventL(const RMessage2& aMessage);
|
|
65 |
|
|
66 |
void AttachProcessL(const RMessage2& aMessage);
|
|
67 |
void DetachProcessL(const RMessage2& aMessage);
|
|
68 |
|
|
69 |
void AttachAllL(const RMessage2& aMessage);
|
|
70 |
void DetachAllL(const RMessage2& aMessage);
|
|
71 |
|
|
72 |
//debug functionality
|
|
73 |
void GetDebugFunctionalityBufSizeL(const RMessage2& aMessage);
|
|
74 |
void GetDebugFunctionalityL(const RMessage2& aMessage);
|
|
75 |
//memory
|
|
76 |
void ReadMemoryL(const RMessage2& aMessage);
|
|
77 |
void WriteMemoryL(const RMessage2& aMessage);
|
|
78 |
//registers
|
|
79 |
void ReadRegistersL(const RMessage2& aMessage);
|
|
80 |
void WriteRegistersL(const RMessage2& aMessage);
|
|
81 |
//event
|
|
82 |
void SetEventActionL(const RMessage2& aMessage);
|
|
83 |
|
|
84 |
void GetListL(const RMessage2& aMessage);
|
|
85 |
void StepL(const RMessage2& aMessage);
|
|
86 |
void TraceExecutableL(const RMessage2& aMessage);
|
|
87 |
|
|
88 |
//crash log
|
|
89 |
void ReadCrashLogL(const RMessage2& aMessage);
|
|
90 |
void WriteCrashConfigL(const RMessage2& aMessage);
|
|
91 |
void EraseCrashLogL(const RMessage2& aMessage);
|
|
92 |
void EraseEntireCrashLogL(const RMessage2& aMessage);
|
|
93 |
|
|
94 |
void SetProcessBreakL(const RMessage2& aMessage);
|
|
95 |
void ModifyProcessBreakL(const RMessage2& aMessage);
|
|
96 |
void ProcessBreakInfoL(const RMessage2& aMessage);
|
|
97 |
|
|
98 |
void KillProcessL(const RMessage2& aMessage);
|
|
99 |
|
|
100 |
TCapabilitySet GetOEMDebugCapabilities(void) const { return iOEMDebugCapabilities; };
|
|
101 |
|
|
102 |
#ifdef _DEBUG
|
|
103 |
void DoFailAlloc(const RMessage2& aMessage);
|
|
104 |
#endif
|
|
105 |
|
|
106 |
private:
|
|
107 |
CSecuritySvrServer& Server() const;
|
|
108 |
void HeapWatcher(const TUint32 aFunction, const TBool aEntry) const;
|
|
109 |
void WriteDataL(const RMessage2& aMessage, const TInt aIndex, const TAny* aPtr, const TUint32 aPtrSize) const;
|
|
110 |
void CheckAttachedL(const TThreadId aThreadId, const RMessage2& aMessage, const TBool aPassive) const;
|
|
111 |
void CheckAttachedL(const TProcessId aProcessId, const RMessage2& aMessage, const TBool aPassive) const;
|
|
112 |
TBool PermitDebugL(const TProcessId aDebugAgentProcessId, const TDesC& aTargetProcessName) const;
|
|
113 |
TBool IsDebugged(const TDesC& aFileName, const TBool aPassive) const;
|
|
114 |
void OpenFileHandleL(const TDesC& aFileName, RFs& aFs, RFile& aFileHandle);
|
|
115 |
TBool IsTraceBitSet(const TDesC8& aHeaderData, const TBool aXip);
|
|
116 |
TBool IsDebugBitSet(const TDesC8& aHeaderData, const TBool aXip);
|
|
117 |
TBool CheckSufficientData(const TDesC8& aHeaderData, const TBool aXip) const;
|
|
118 |
|
|
119 |
void ValidateMemoryInfoL(const TThreadId aThreadId, const Debug::TMemoryInfo &aMemoryInfo, const TBool aReadOperation);
|
|
120 |
void ValidateRegisterBuffersL(const RMessage2& aMessage, TUint32& aNumberOfRegisters);
|
|
121 |
|
|
122 |
TInt GetExecutablesListL(TDes8& aBuffer, TUint32& aSize) const;
|
|
123 |
void AppendExecutableData(TDes8& aBuffer, TUint32& aSize, const TDesC& aEntryName) const;
|
|
124 |
void GetSecureIdL(const TDesC& aFileName, TUid& aSecureId);
|
|
125 |
TUid GetSecureIdL(const TDesC8& aHeaderData, TBool aXip);
|
|
126 |
|
|
127 |
void IsDebuggableL(const TDesC& aFileName);
|
|
128 |
TThreadId ReadTThreadIdL(const RMessagePtr2& aMessage, const TInt aIndex) const;
|
|
129 |
TProcessId ReadTProcessIdL(const RMessagePtr2& aMessage, const TInt aIndex) const;
|
|
130 |
TBool IsExecutableXipL(RFile& aExecutable);
|
|
131 |
|
|
132 |
void ConnectCrashPartitionL(void);
|
|
133 |
|
|
134 |
void GetDebugAgentOEMTokenCapsL();
|
|
135 |
TInt CheckFlashAccessPermissionL(const RThread& aClientThread);
|
|
136 |
|
|
137 |
// Declare the CSecuritySvrAsync as a friend so it can use the iKernelDriver too
|
|
138 |
friend class CSecuritySvrAsync;
|
|
139 |
|
|
140 |
private:
|
|
141 |
/**
|
|
142 |
The TProcessId of the Debug Agent associated with this session. A convenience to
|
|
143 |
save looking it up repeatedly.
|
|
144 |
*/
|
|
145 |
TProcessId iDebugAgentProcessId;
|
|
146 |
/**
|
|
147 |
Need an array of async completion objects, one for each target executable.
|
|
148 |
*/
|
|
149 |
RPointerArray<CSecuritySvrAsync> iAsyncHandlers;
|
|
150 |
|
|
151 |
/**
|
|
152 |
Used to track whether the Debug Agent has been notified when closing the session.
|
|
153 |
*/
|
|
154 |
TBool iServerNotified;
|
|
155 |
|
|
156 |
/**
|
|
157 |
OEM Debug token support. This is only used when the Debug Agent has OEM debug
|
|
158 |
authority provided by a specific authorisation token file. This token confers
|
|
159 |
the ability to debug certain executables which have not been built as 'Debuggable'.
|
|
160 |
|
|
161 |
The OEM Debug token executable must be marked with 'AllFiles', as this is analogous
|
|
162 |
to looking 'inside' executables - with AllFiles, it could read all the data out of an
|
|
163 |
executable in \sys\bin\. In addition, since debug control of an executable implies the
|
|
164 |
ability to execute arbitrary code within the target process space, this would imply that
|
|
165 |
a Debug Agent could use any PlatSec capability which that target process possessed.
|
|
166 |
|
|
167 |
Therefore, we require that the OEM Debug Token must also be marked with a superset of
|
|
168 |
the PlatSec capabilities of the executable which is to be debugged. This means the
|
|
169 |
Debug Agent is not granted more access/PlatSec capabilities than its authorisation
|
|
170 |
token allows, and cannot exploit a target executable to leverage greater access than
|
|
171 |
should be permitted.
|
|
172 |
|
|
173 |
iTargetCapabilities tracks which PlatSec capabilities the target executables may
|
|
174 |
possess and still be debugged by this debug agent. The capabilities are NOT those
|
|
175 |
of the debug agent process, they are the capabilites indicated in the OEM Debug Token
|
|
176 |
which describe the capabilities the debug agent is authorised to debug. E.g. a Debug
|
|
177 |
Agent might use CommsDD, but wish to debug a DRM capable executable. In that case, the
|
|
178 |
Debug Agent exe must be signed with CommsDD, but the OEM Debug Token need only possess
|
|
179 |
DRM and AllFiles (permission to look inside another executable).
|
|
180 |
*/
|
|
181 |
TCapabilitySet iOEMDebugCapabilities;
|
|
182 |
|
|
183 |
//RLocalDrive to access the crash Flash
|
|
184 |
RLocalDrive iLocalDrive;
|
|
185 |
|
|
186 |
//For NOR flash
|
|
187 |
TLocalDriveCapsV2 iCaps;
|
|
188 |
|
|
189 |
/**
|
|
190 |
* If true means the local drive connected to the crash partition else connect
|
|
191 |
* when access required to crash flash partition for read operation
|
|
192 |
*/
|
|
193 |
TBool iCrashConnected;
|
|
194 |
};
|
|
195 |
|
|
196 |
|
|
197 |
#endif // C_SECURITY_SVR_SESSION_H
|
|
198 |
|