|
1 // Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // |
|
15 |
|
16 #ifndef __D32SECURITY_H__ |
|
17 #define __D32SECURITY_H__ |
|
18 |
|
19 #include "D32Assert.h" |
|
20 |
|
21 //Forward declarations |
|
22 class RFs; |
|
23 |
|
24 /** |
|
25 DBSC namespace is a placeholder for security policy framework. |
|
26 DBSC stands for [D]ata[B]ase [S]e[C]urity. |
|
27 @internalComponent |
|
28 */ |
|
29 namespace DBSC |
|
30 { |
|
31 |
|
32 /** |
|
33 KPolicyTypesCount specifies how many different policy type are maintained by the system. |
|
34 @internalComponent |
|
35 */ |
|
36 const TInt KPolicyTypesCount = 3; |
|
37 |
|
38 /** |
|
39 Each secure shared database/table have a security policy associated with it. |
|
40 There are three security policy types:"READ" - EPTRead - for any database/table read operation, |
|
41 "WRITE"- EPTWrite - for any database/table write operation. |
|
42 "SCHEMA"- EPTSchema - for any database admin operation. |
|
43 To execute particular DBMS operation, the caller must have a set of Capabilities/SID/VID, |
|
44 which must satisfy related R/W/S security policies of the database/table, on which the operation |
|
45 has to be performed. |
|
46 @internalComponent |
|
47 */ |
|
48 typedef enum |
|
49 { |
|
50 EPTNone = 0, |
|
51 EPTRead = 1 << 0, |
|
52 EPTWrite = 1 << 1, |
|
53 EPTSchema = 1 << 2, |
|
54 EPTLast = 1 << (KPolicyTypesCount - 1) |
|
55 } TPolicyType; |
|
56 |
|
57 /** |
|
58 Type of the controled by the security policy object: database or table |
|
59 @internalComponent |
|
60 */ |
|
61 typedef enum |
|
62 { |
|
63 EPOTNone, |
|
64 EPOTDatabase, |
|
65 EPOTTable |
|
66 } TPolicyObjType; |
|
67 |
|
68 /** |
|
69 This enum represents possible type of the requested access when opening/creating a database |
|
70 on the server side: |
|
71 EATNonSecure - non-secure access to private/legacy/shared-non-secure database |
|
72 EATSecure - secure access to shared-secure database |
|
73 @internalComponent |
|
74 */ |
|
75 typedef enum |
|
76 { |
|
77 EATNonSecure, |
|
78 EATSecure |
|
79 } TAccessType; |
|
80 |
|
81 /** |
|
82 This structure packs together the uid from the database format string and |
|
83 requested access type to the database. |
|
84 @internalComponent |
|
85 */ |
|
86 struct TDbPolicyRequest |
|
87 { |
|
88 TUid iUid; |
|
89 TAccessType iAccessType; |
|
90 }; |
|
91 |
|
92 /** |
|
93 MPolicy interface is used to check DBMS client capabilities against the security policy |
|
94 managed by this interface. |
|
95 The Check() method parameter, aPolicyType, specifies against which policy (R/W/S) caller |
|
96 capabilities/SID/VID have to be asserted. |
|
97 Do not put MPolicy interfaces in the CleanupStack! MPolicySpace instance will |
|
98 take care about them. |
|
99 Using MPolicy::Dump() method you can dump the content of the controled object |
|
100 into a text file. Note that the dump works only if you have __DBDUMP__ macro defined. |
|
101 @internalComponent |
|
102 */ |
|
103 class MPolicy |
|
104 { |
|
105 public: |
|
106 virtual TBool Check(const RMessage2& aMessage, TPolicyType aPolicyType) const = 0; |
|
107 virtual TInt Get(TPolicyType aPolicyType, TSecurityPolicy& aPolicy) const = 0; |
|
108 DECLARE_DB_DUMP(aFile) |
|
109 }; |
|
110 |
|
111 /** |
|
112 MPolicySpace interface represents an interface to the security policiy space, which manages |
|
113 all the security policies, presented in the system. |
|
114 It can be used to retrieve MPolicy interface for particular database/table object or |
|
115 getting the backup&restore security ID. |
|
116 MPolicySpace interface manages static data structure, created during the DBMS startup. |
|
117 The data in this structure will never be modified during the DBMS server life time. |
|
118 DbPolicyL() and TblPolicyL() leave with KErrArgument error, if there is no policy for |
|
119 the database/table object, represented in the method arguments. |
|
120 @internalComponent |
|
121 */ |
|
122 class MPolicySpace |
|
123 { |
|
124 public: |
|
125 virtual void Release() = 0; |
|
126 virtual const MPolicy* DbPolicyL(const TDbPolicyRequest& aDbPolicyRequest) const = 0; |
|
127 virtual const MPolicy* TblPolicyL(const TDbPolicyRequest& aDbPolicyRequest, const TDesC& aTblName) const = 0; |
|
128 virtual TSecureId BackupSIDL(TUid aDbUid) const = 0; |
|
129 }; |
|
130 |
|
131 /** |
|
132 TPolicySpaceFactory is a factory class, used for creating an object, which implements |
|
133 MPolicySpace interface. |
|
134 Do not forget that MPolicySpace is a "M" interface, so if |
|
135 you want to push it in the Cleanup Stack, you should use CleanupReleasePushL() call, but not |
|
136 CleanupStack::PushL(). |
|
137 @internalComponent |
|
138 */ |
|
139 class TPolicySpaceFactory |
|
140 { |
|
141 public: |
|
142 static MPolicySpace* NewPolicySpaceL(RFs& aFs, const TDesC& aPrivatePath); |
|
143 }; |
|
144 |
|
145 } //end of - namespace DBSC |
|
146 |
|
147 #endif//__D32SECURITY_H__ |