// Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies).
// All rights reserved.
// This component and the accompanying materials are made available
// under the terms of "Eclipse Public License v1.0"
// which accompanies this distribution, and is available
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
//
// Initial Contributors:
// Nokia Corporation - initial contribution.
//
// Contributors:
//
// Description:
//
#include "logservsecurity.h"
#include <e32capability.h>
#include "LogServResourceInterpreter.h"
#include "LogCliServShared.h"
#include "logservpanic.h"
/**
The max number of TCapability(s) that can be used to instantiate a TSecurityPolicy
@internalComponent
*/
const TInt KMaxCapsPerOp = 7;
///////////////////////////////////////////////////////////////////////////////
// TCaps class - declaration and implementation
/**
The class represents a static array of TCapability items (it can't grow or shrink).
The class should be used every time when there is a need of a static TCapability array.
It offers an overloaded "[]" operator with run-time bounds checks.
@internalComponent
*/
class TCaps
{
public:
TCaps();
inline TInt MaxSize() const
{
return KMaxCapsPerOp;
}
inline TCapability& operator [](TInt aIndex)
{
__ASSERT_DEBUG(aIndex >= 0 && aIndex < MaxSize(), User::Invariant());
return iItems[aIndex];
}
inline const TCapability& operator [](TInt aIndex) const
{
__ASSERT_DEBUG(aIndex >= 0 && aIndex < MaxSize(), User::Invariant());
return iItems[aIndex];
}
private:
TCapability iItems[KMaxCapsPerOp];
};
/**
The controlled capabilities are initialized with ECapability_None value.
*/
TCaps::TCaps()
{
for(TInt i=0;i<MaxSize();++i)
{
iItems[i] = ECapability_None;
}
}
///////////////////////////////////////////////////////////////////////////////
// TEventPolicy structure - declaration and implementation
/**
Each LogEngServer event defined in Logwrap.rss has two associated
TSecurityPolicy(s) - one each for read/write operations. This structure
contains one read and one write policy per defined LogEngServer event.
@internalComponent
*/
struct TEventPolicy
{
TEventPolicy(TUid aEventType, const TCaps& aReadCaps, const TCaps& aWriteCaps);
TUid iEventType;// event type defined in LOGWRAP.RSS
TSecurityPolicy iReadPolicy;
TSecurityPolicy iWritePolicy;
};
/**
@param aEventType Event type. It could be one of the following: KLogCallEventType,
KLogDataEventType, KLogFaxEventType, KLogShortMessageEventType,
KLogMailEventType, KLogTaskSchedulerEventType, KLogPacketDataEventType.
See LOGWRAP.RSS file where these constants are defined.
@param aReadCaps Read capablities for aEventType argument. The client, who wants to use
that event type ("read" operations), must satisfy aRead set of capabilities.
@param aWriteCaps Write capablities for aEventType argument. The client, who wants to use
that event type ("write" operations), must satisfy aWrite set of capabilities.
*/
TEventPolicy::TEventPolicy(TUid aEventType, const TCaps& aReadCaps, const TCaps& aWriteCaps) :
iEventType(aEventType),
iReadPolicy(aReadCaps[0],aReadCaps[1],aReadCaps[2],aReadCaps[3],aReadCaps[4],aReadCaps[5],aReadCaps[6]),
iWritePolicy(aWriteCaps[0],aWriteCaps[1],aWriteCaps[2],aWriteCaps[3],aWriteCaps[4],aWriteCaps[5],aWriteCaps[6])
{
}
///////////////////////////////////////////////////////////////////////////////
// TSecurityInfoReader class declaration
//Forward declaration
class CLogServSecurityImpl;
/**
The class manages the reading of the Security policy data from Logwrap.rss and storing
it in the supplied as an argument CLogServSecurityImpl object.
@internalComponent
*/
class TSecurityInfoReader
{
public:
TSecurityInfoReader(CLogServResourceInterpreter& aResourceInterface,
CLogServSecurityImpl& aLogServSecurity);
void ReadL();
private:
TInt GetEventTypeCountL();
void GetCapabilities(TResourceReader& aReader, TCaps& aCaps);
private:
CLogServResourceInterpreter& iResourceInterface;
CLogServSecurityImpl& iLogServSecurity;
};
///////////////////////////////////////////////////////////////////////////////
// CLogServSecurityImpl class declaration and implementation.
/**
The class implements pure virtual methods in CLogServSecurity class.
All functionality, related to processing the data in LogEngServer resource file,
is delegated to an instance of TSecurityInfoReader class.
@internalComponent
*/
class CLogServSecurityImpl : public CLogServSecurity
{
friend class TSecurityInfoReader;
public:
static CLogServSecurityImpl* NewL(CLogServResourceInterpreter& aResourceInterface);
virtual ~CLogServSecurityImpl();
virtual TBool IsAllowed(const RMessage2& aMsg, TUid aEventType, TEventOp aEventOp, const char* aDiagnostic);
#ifdef LOGSERV_CAPABILITY_TEST
virtual TSecurityPolicy SecurityPolicy(TUid aEventType, TEventOp aEventOp);
#endif //LOGSERV_CAPABILITY_TEST
private:
CLogServSecurityImpl();
void ConstructL(CLogServResourceInterpreter& aResourceInterface);
const TSecurityPolicy& FindPolicy(TUid aEventType, TEventOp aEventOp) const;
private:
RArray<TEventPolicy> iPolicyCon;
TSecurityPolicy iPassAllPolicy;
};
/**
Standard, phase-one factory method for creation of objects of CLogServSecurityImpl type.
@param aResourceInterface A reference to CLogServResourceInterpreter object used for reading
the LogEngServer resource file (logwrap.rss). It is used only durring
the construction phase of CLogServSecurityImpl instance.
@return A pointer to the created CLogServSecurityImpl instance.
@leave System-wide error codes, including KErrNoMemory and reading file errors.
*/
CLogServSecurityImpl* CLogServSecurityImpl::NewL(CLogServResourceInterpreter& aResourceInterface)
{
CLogServSecurityImpl* self = new (ELeave) CLogServSecurityImpl;
CleanupStack::PushL(self);
self->ConstructL(aResourceInterface);
CleanupStack::Pop(self);
return self;
}
/**
*/
CLogServSecurityImpl::~CLogServSecurityImpl()
{
iPolicyCon.Close();
}
/**
The method compares the caller's capabilities against the set of capabilities,
required for that kind of operation (read or write) and returns ETrue or EFalse.
@param aMsg The message, containing the caller capabilities which have to be checked.
@param aEventType Event type. For more details see LOGWRAP.RSS file where the
UID constants are defined.
@param aEventOp The type of the operation which is about to be performed by the
caller. It could be EReadOp or EWriteOp.
@return ETrue - the caller is allowed to execute the operation, EFalse - the caller's
capabilities do not match the required set of capabilities for that
kind of operation (read or write).
Note: Only built-in types (included in logwrap.rss) are policed.
So, return ETrue if TUid argument isn't a built-in type.
*/
TBool CLogServSecurityImpl::IsAllowed(const RMessage2& aMsg, TUid aEventType, TEventOp aEventOp, const char* aDiagnostic)
{
const TSecurityPolicy& policy = FindPolicy(aEventType, aEventOp);
return policy.CheckPolicy(aMsg, aDiagnostic);
}
#ifdef LOGSERV_CAPABILITY_TEST
/**
This method is declared and implemented only if "LOGSERV_CAPABILITY_TEST" macro is defined
@param aEventType Event type. For more details see LOGWRAP.RSS file where the
UID constants are defined.
@param aEventOp The type of the event operation: EReadOp or EWriteOp.
@return The related with {aEventType, aEventOp} pair TSecurityPOlicy object.
*/
TSecurityPolicy CLogServSecurityImpl::SecurityPolicy(TUid aEventType, TEventOp aEventOp)
{
const TSecurityPolicy& policy = FindPolicy(aEventType, aEventOp);
return policy;
}
#endif //LOGSERV_CAPABILITY_TEST
/**
*/
CLogServSecurityImpl::CLogServSecurityImpl() :
iPassAllPolicy(TSecurityPolicy::EAlwaysPass)
{
}
/**
Standard, phase-two construction method for creation of CLogServSecurityImpl objects.
@param aResourceInterface A reference to CLogServResourceInterpreter object used for reading
the LogEngServer resource file (logwrap.rss). It is used only durring
the construction phase of CLogServSecurityImpl instance.
@leave System-wide error codes, including KErrNoMemory and reading file errors.
*/
void CLogServSecurityImpl::ConstructL(CLogServResourceInterpreter& aResourceInterface)
{
TSecurityInfoReader reader(aResourceInterface, *this);
reader.ReadL();
}
/**
The method performs a search for the related to {aEventType, aOperationType} pair
TSecurityPolicy object. If there is no registered TSecurityPolicy object for the
supplied pair of arguments (which is possible, if aEventType argument is not a
built-in type, specified in LOGWRAP.RSS file), then the method returns a reference
to pass-all TSecurityPolicy object.
@param aEventType Event type. For more details see LOGWRAP.RSS file where the
UID constants are defined.
@param aAccessType The type of the operation which is about to be performed by the
caller. It could be ERead or EWrite.
@return A const reference to TSecurityPolicy object, which defines a set of capabilities,
required for that kind of operation (read or write).
*/
const TSecurityPolicy& CLogServSecurityImpl::FindPolicy(TUid aEventType, TEventOp aEventOp) const
{
for(TInt i=iPolicyCon.Count()-1;i>=0;--i)
{
const TEventPolicy& eventPolicy = iPolicyCon[i];
if(eventPolicy.iEventType == aEventType)
{
return aEventOp == EWriteOp ? eventPolicy.iWritePolicy : eventPolicy.iReadPolicy;
}
}
// aEventType wasn't found - it doesn't represent a policed event type.
return iPassAllPolicy;
}
///////////////////////////////////////////////////////////////////////////////
// CLogServSecurity implementation
/**
Standard, phase-one factory method for creation of objects of CLogServSecurity type.
@param aResourceInterface A reference to CLogServResourceInterpreter object used for reading
the LogEngServer resource file (logwrap.rss).
@return A pointer to the created CLogServSecurity instance.
@leave System-wide error codes, including KErrNoMemory and reading file errors.
*/
CLogServSecurity* CLogServSecurity::NewL(CLogServResourceInterpreter& aResourceInterface)
{
return CLogServSecurityImpl::NewL(aResourceInterface);
}
/**
*/
CLogServSecurity::~CLogServSecurity()
{
}
///////////////////////////////////////////////////////////////////////////////
// TSecurityInfoReader class implementation
/**
@param aResourceInterface A reference to CLogServResourceInterpreter object used for reading
the LogEngServer resource file (logwrap.rss).
@param aLogServSecurity A reference to CLogServSecurityImpl instance, which internal content
will be initialized with the related information from the
LogEngServer resource file.
*/
TSecurityInfoReader::TSecurityInfoReader(CLogServResourceInterpreter& aResourceInterface,
CLogServSecurityImpl& aLogServSecurity) :
iResourceInterface(aResourceInterface),
iLogServSecurity(aLogServSecurity)
{
}
/**
The method reads the LogEngServer events capabilities from the resource file and
initializes with them iLogServSecurity data member;
@leave System-wide error codes, including KErrNoMemory and reading file errors.
@panic ELogSecurityCapabilitiesUndefined (107) if the total number of event types
don't match the total number of the event capability sets.
*/
void TSecurityInfoReader::ReadL()
{
TInt eventTypeCount = GetEventTypeCountL();
TResourceReader reader;
iResourceInterface.CreateResourceReaderLC(reader, R_LOG_SECURITY);
TInt securityNodeCount = reader.ReadInt16();
// For all built-in event types there _MUST_ be a corresponding set of
// capabilities defined in logwrap.rss.
__ASSERT_ALWAYS(eventTypeCount == securityNodeCount, Panic(ELogSecurityCapabilitiesUndefined));
iLogServSecurity.iPolicyCon.ReserveL(eventTypeCount);
for(TInt i=0;i<eventTypeCount;++i)
{
TUid eventType = {reader.ReadUint32()};
TCaps readCaps;
GetCapabilities(reader, readCaps);
TCaps writeCaps;
GetCapabilities(reader, writeCaps);
TInt err = iLogServSecurity.iPolicyCon.Append(TEventPolicy(eventType, readCaps, writeCaps));
__ASSERT_ALWAYS(err == KErrNone, Panic(ELogArrayReserved));
}
CleanupStack::PopAndDestroy(); // the resource reader
}
/**
The method returns the number of built-in event types defined for the LogEngServer
in logwrap.rss - see section entitled 'r_log_initial_events'.
@return An integer number representing the number of the event types found in the
resource file.
@leave System-wide error codes, including KErrNoMemory and reading file errors.
*/
TInt TSecurityInfoReader::GetEventTypeCountL()
{
TResourceReader reader;
iResourceInterface.CreateResourceReaderLC(reader, R_LOG_INITIAL_EVENTS);
TInt count = reader.ReadInt16();
CleanupStack::PopAndDestroy();
return count;
}
/**
The method reads the capabilities for the currently processed event.
@param aReader TResourceReader object used for reading the related resource file entries.
@param aCaps An output parameter, reference to the array where the capabilities will be
stored.
@panic ELogTooManyCapabilities (108) if the number of the capabilities in the resource
file exceeds the max allowed number, which is currently set to KMaxCapsPerOp (7).
@panic ELogUnknownCapability (109) if the found capability is of unknown type.
*/
void TSecurityInfoReader::GetCapabilities(TResourceReader& aReader, TCaps& aCaps)
{
TInt capsCount = aReader.ReadInt16();
__ASSERT_ALWAYS((TUint)capsCount <= aCaps.MaxSize(), Panic(ELogTooManyCapabilities));
for(TInt i=0;i<capsCount;++i)
{
TInt n = aReader.ReadInt32();
__ASSERT_ALWAYS(n >= ECapability_None && n < ECapability_Limit, Panic(ELogUnknownCapability));// its not in e32capability.h !
aCaps[i] = TCapability(n);
}
}