diff -r 675a964f4eb5 -r 35751d3474b7 securityanddataprivacytools/securitytools/certapp/store--/e32capability.h --- a/securityanddataprivacytools/securitytools/certapp/store--/e32capability.h Tue Jul 21 01:04:32 2009 +0100 +++ b/securityanddataprivacytools/securitytools/certapp/store--/e32capability.h Thu Sep 10 14:01:51 2009 +0300 @@ -1,308 +1,308 @@ -/* -* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). -* All rights reserved. -* This component and the accompanying materials are made available -* under the terms of the License "Eclipse Public License v1.0" -* which accompanies this distribution, and is available -* at the URL "http://www.eclipse.org/legal/epl-v10.html". -* -* Initial Contributors: -* Nokia Corporation - initial contribution. -* -* Contributors: -* -* Description: -* e32\include\e32capability.h -* Platform security capability definitions -* Used by both source code and tools -* This file can be directly included into C++ tools such as ROMBUILD to allow -* capabilities to be specified by name. To do the same for MAKMAKE (in MMP -* files) some perl code will be needed to parse this file and extract the -* capability names and values. -* -*/ - - -#ifndef __E32CAPABILITY_H__ -#define __E32CAPABILITY_H__ - -/** - * @file - * @internalComponent - */ - -/** -An enumeration that defines the set of all supported capabilities. - -*/ -enum TCapability - { - /** - Grants write access to executables and shared read-only resources. - - This is the most critical capability as it grants access to executables and - therefore to their capabilities. It also grants write access to - the /sys and /resource directories. - */ - ECapabilityTCB = 0, - - - /** - Grants direct access to all communication device drivers. This includes: - the EComm, Ethernet, USB device drivers etc. - */ - ECapabilityCommDD = 1, - - - /** - Grants the right: - - - to kill any process in the system - - to power off unused peripherals - - to switch the machine into standby state - - to wake the machine up - - to power the machine down completely. - - Note that this does not control access to anything and everything - that might drain battery power. - */ - ECapabilityPowerMgmt = 2, - - - /** - Grants direct access to all multimedia device drivers. - - This includes the sound, camera, video device drivers etc. - */ - ECapabilityMultimediaDD = 3, - - - /** - Grants read access to network operator, phone manufacturer and device - confidential settings or data. - - For example, the pin lock code, the list of applications that are installed. - */ - ECapabilityReadDeviceData = 4, - - - /** - Grants write access to settings that control the behaviour of the device. - - For example, device lock settings, system time, time zone, alarms, etc. - */ - ECapabilityWriteDeviceData = 5, - - - /** - Grants access to protected content. - - DRM (Digital Rights Management) agents use this capability to decide whether - or not an application should have access to DRM content. - Applications granted DRM are trusted to respect the rights associated - with the content. - */ - ECapabilityDRM = 6, - - - /** - Grants the right to create a trusted UI session, and therefore to display - dialogs in a secure UI environment. - - Trusted UI dialogs are rare. They must be used only when confidentiality - and security are critical; for example, for password dialogs. - - Normal access to the user interface and the screen does not require - this capability. - */ - ECapabilityTrustedUI = 7, - - - /** - Grants the right to a server to register with a protected name. - - Currently, protected names start with a "!" character. The kernel prevents - servers without this capability from using such a name, and therefore - prevents protected servers from being impersonated. - */ - ECapabilityProtServ = 8, - - - /** - Grants access to disk administration operations that affect more than one - file or one directory (or overall filesystem integrity/behaviour, etc). - - For examples, reformatting a disk partition. - */ - ECapabilityDiskAdmin = 9, - - - /** - Grants the right to modify or access network protocol controls. - - Typically when an action can change the behaviour of all existing and - future connections, it should be protected by this capability. - - For example, forcing all existing connections on a specific protocol - to be dropped, or changing the priority of a call. - */ - ECapabilityNetworkControl = 10, - - - /** - Grants read access to the entire file system; grants write access to - the private directories of other processes. - - This capability is very strictly controlled and should rarely be granted. - */ - ECapabilityAllFiles = 11, - - - /** - Grants the right to generate software key & pen events, and to capture any - of them regardless of the status of the application. - - Note that after obtaining the focus, normal applications do not need this - capability to be dispatched key and pen events. - */ - ECapabilitySwEvent = 12, - - - /** - A user capability that grants access to remote services without any - restriction on its physical location. - - Typically, such a location is unknown to the phone user, and such services - may incur cost for the phone user. - - Voice calls, SMS, and internet services are good examples of - such network services. They are supported by GSM, CDMA and all IP transport - protocols including Bluetooth profiles over IP. - */ - ECapabilityNetworkServices = 13, - - - /** - A user capability that grants access to remote services in the close - vicinity of the phone. - - The location of the remote service is well-known to the phone user, and in - most cases, such services will not incur cost for the phone user. - */ - ECapabilityLocalServices = 14, - - - /** - A user capability that grants read access to data that is confidential to - the phone user. - - This capability supports the management of the user's privacy. - - Typically, contacts, messages and appointments are always seen user - confidential data. - */ - ECapabilityReadUserData = 15, - - - /** - A user capability that grants write access to user data. - - This capability supports the management of the integrity of user data. - - Note that this capability is not symmetric with the ECapabilityReadUserData - capability. For example, you may want to prevent rogue applications from - deleting music tracks but you may not want to restrict read access to them. - */ - ECapabilityWriteUserData = 16, - - - /** - A user capability that grants access to the location of the device. - - This capability supports the management of the user's privacy with regard - to the phone location. - */ - ECapabilityLocation = 17, - - - /** - Grants access to logical device drivers that provide input information about - the surroundings of the device. - - Good examples of drivers that require this capability would be GPS and biometrics - device drivers. For complex multimedia logical device drivers that provide both - input and output functions, such as Sound device driver, the MultimediaDD - capability should be used if it is too difficult to separate the input from the - output calls at its API level. - */ - ECapabilitySurroundingsDD = 18, - - - /** - Grants access to live confidential information about the user and his/her - immediate environment. This capability protect the user's privacy. - - Examples are audio, picture and video recording, biometrics (such as blood - pressure) recording. - - Please note that the location of the device is excluded from this capability. - The protection of this is achieved by using the dedicated capability Location - */ - ECapabilityUserEnvironment = 19, - - - ECapability_Limit, /**< @internalTechnology */ - - ECapability_HardLimit = 255, /**< @internalTechnology */ - - ECapability_None = -1, /**< Special value used to specify 'do not care' or 'no capability'.*/ - - ECapability_Denied = -2 /**< Special value used to indicate a capability that is never granted. */ - }; - - -/** Define this macro to reference the names of the capabilities. This is here so - that ROMBUILD can accept capability names. -*/ -#ifdef __REFERENCE_CAPABILITY_NAMES__ - -extern const char* const CapabilityNames[ECapability_Limit]; - -#endif // __REFERENCE_CAPABILITY_NAMES__ - -/** Define this macro to include the names of the capabilities. This is here so - that ROMBUILD can accept capability names. -*/ -#ifdef __INCLUDE_CAPABILITY_NAMES__ - -/** List of names of all supported capabilities - Must be in the same order as the enumerators in TCapability - -*/ -extern const char* const CapabilityNames[ECapability_Limit] = - { - "TCB", - "CommDD", - "PowerMgmt", - "MultimediaDD", - "ReadDeviceData", - "WriteDeviceData", - "DRM", - "TrustedUI", - "ProtServ", - "DiskAdmin", - "NetworkControl", - "AllFiles", - "SwEvent", - "NetworkServices", - "LocalServices", - "ReadUserData", - "WriteUserData", - "Location", - "SurroundingsDD", - "UserEnvironment" - }; - -#endif // __INCLUDE_CAPABILITY_NAMES__ - -#endif // __E32CAPABILITY_H__ +/* +* Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of the License "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: +* e32\include\e32capability.h +* Platform security capability definitions +* Used by both source code and tools +* This file can be directly included into C++ tools such as ROMBUILD to allow +* capabilities to be specified by name. To do the same for MAKMAKE (in MMP +* files) some perl code will be needed to parse this file and extract the +* capability names and values. +* +*/ + + +#ifndef __E32CAPABILITY_H__ +#define __E32CAPABILITY_H__ + +/** + * @file + * @internalComponent + */ + +/** +An enumeration that defines the set of all supported capabilities. + +*/ +enum TCapability + { + /** + Grants write access to executables and shared read-only resources. + + This is the most critical capability as it grants access to executables and + therefore to their capabilities. It also grants write access to + the /sys and /resource directories. + */ + ECapabilityTCB = 0, + + + /** + Grants direct access to all communication device drivers. This includes: + the EComm, Ethernet, USB device drivers etc. + */ + ECapabilityCommDD = 1, + + + /** + Grants the right: + + - to kill any process in the system + - to power off unused peripherals + - to switch the machine into standby state + - to wake the machine up + - to power the machine down completely. + + Note that this does not control access to anything and everything + that might drain battery power. + */ + ECapabilityPowerMgmt = 2, + + + /** + Grants direct access to all multimedia device drivers. + + This includes the sound, camera, video device drivers etc. + */ + ECapabilityMultimediaDD = 3, + + + /** + Grants read access to network operator, phone manufacturer and device + confidential settings or data. + + For example, the pin lock code, the list of applications that are installed. + */ + ECapabilityReadDeviceData = 4, + + + /** + Grants write access to settings that control the behaviour of the device. + + For example, device lock settings, system time, time zone, alarms, etc. + */ + ECapabilityWriteDeviceData = 5, + + + /** + Grants access to protected content. + + DRM (Digital Rights Management) agents use this capability to decide whether + or not an application should have access to DRM content. + Applications granted DRM are trusted to respect the rights associated + with the content. + */ + ECapabilityDRM = 6, + + + /** + Grants the right to create a trusted UI session, and therefore to display + dialogs in a secure UI environment. + + Trusted UI dialogs are rare. They must be used only when confidentiality + and security are critical; for example, for password dialogs. + + Normal access to the user interface and the screen does not require + this capability. + */ + ECapabilityTrustedUI = 7, + + + /** + Grants the right to a server to register with a protected name. + + Currently, protected names start with a "!" character. The kernel prevents + servers without this capability from using such a name, and therefore + prevents protected servers from being impersonated. + */ + ECapabilityProtServ = 8, + + + /** + Grants access to disk administration operations that affect more than one + file or one directory (or overall filesystem integrity/behaviour, etc). + + For examples, reformatting a disk partition. + */ + ECapabilityDiskAdmin = 9, + + + /** + Grants the right to modify or access network protocol controls. + + Typically when an action can change the behaviour of all existing and + future connections, it should be protected by this capability. + + For example, forcing all existing connections on a specific protocol + to be dropped, or changing the priority of a call. + */ + ECapabilityNetworkControl = 10, + + + /** + Grants read access to the entire file system; grants write access to + the private directories of other processes. + + This capability is very strictly controlled and should rarely be granted. + */ + ECapabilityAllFiles = 11, + + + /** + Grants the right to generate software key & pen events, and to capture any + of them regardless of the status of the application. + + Note that after obtaining the focus, normal applications do not need this + capability to be dispatched key and pen events. + */ + ECapabilitySwEvent = 12, + + + /** + A user capability that grants access to remote services without any + restriction on its physical location. + + Typically, such a location is unknown to the phone user, and such services + may incur cost for the phone user. + + Voice calls, SMS, and internet services are good examples of + such network services. They are supported by GSM, CDMA and all IP transport + protocols including Bluetooth profiles over IP. + */ + ECapabilityNetworkServices = 13, + + + /** + A user capability that grants access to remote services in the close + vicinity of the phone. + + The location of the remote service is well-known to the phone user, and in + most cases, such services will not incur cost for the phone user. + */ + ECapabilityLocalServices = 14, + + + /** + A user capability that grants read access to data that is confidential to + the phone user. + + This capability supports the management of the user's privacy. + + Typically, contacts, messages and appointments are always seen user + confidential data. + */ + ECapabilityReadUserData = 15, + + + /** + A user capability that grants write access to user data. + + This capability supports the management of the integrity of user data. + + Note that this capability is not symmetric with the ECapabilityReadUserData + capability. For example, you may want to prevent rogue applications from + deleting music tracks but you may not want to restrict read access to them. + */ + ECapabilityWriteUserData = 16, + + + /** + A user capability that grants access to the location of the device. + + This capability supports the management of the user's privacy with regard + to the phone location. + */ + ECapabilityLocation = 17, + + + /** + Grants access to logical device drivers that provide input information about + the surroundings of the device. + + Good examples of drivers that require this capability would be GPS and biometrics + device drivers. For complex multimedia logical device drivers that provide both + input and output functions, such as Sound device driver, the MultimediaDD + capability should be used if it is too difficult to separate the input from the + output calls at its API level. + */ + ECapabilitySurroundingsDD = 18, + + + /** + Grants access to live confidential information about the user and his/her + immediate environment. This capability protect the user's privacy. + + Examples are audio, picture and video recording, biometrics (such as blood + pressure) recording. + + Please note that the location of the device is excluded from this capability. + The protection of this is achieved by using the dedicated capability Location + */ + ECapabilityUserEnvironment = 19, + + + ECapability_Limit, /**< @internalTechnology */ + + ECapability_HardLimit = 255, /**< @internalTechnology */ + + ECapability_None = -1, /**< Special value used to specify 'do not care' or 'no capability'.*/ + + ECapability_Denied = -2 /**< Special value used to indicate a capability that is never granted. */ + }; + + +/** Define this macro to reference the names of the capabilities. This is here so + that ROMBUILD can accept capability names. +*/ +#ifdef __REFERENCE_CAPABILITY_NAMES__ + +extern const char* const CapabilityNames[ECapability_Limit]; + +#endif // __REFERENCE_CAPABILITY_NAMES__ + +/** Define this macro to include the names of the capabilities. This is here so + that ROMBUILD can accept capability names. +*/ +#ifdef __INCLUDE_CAPABILITY_NAMES__ + +/** List of names of all supported capabilities + Must be in the same order as the enumerators in TCapability + +*/ +extern const char* const CapabilityNames[ECapability_Limit] = + { + "TCB", + "CommDD", + "PowerMgmt", + "MultimediaDD", + "ReadDeviceData", + "WriteDeviceData", + "DRM", + "TrustedUI", + "ProtServ", + "DiskAdmin", + "NetworkControl", + "AllFiles", + "SwEvent", + "NetworkServices", + "LocalServices", + "ReadUserData", + "WriteUserData", + "Location", + "SurroundingsDD", + "UserEnvironment" + }; + +#endif // __INCLUDE_CAPABILITY_NAMES__ + +#endif // __E32CAPABILITY_H__