9 --> |
9 --> |
10 <!DOCTYPE concept |
10 <!DOCTYPE concept |
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
12 <concept id="GUID-43080A86-72D3-5422-953E-A5EF79961D7B" xml:lang="en"><title>Writing |
12 <concept id="GUID-43080A86-72D3-5422-953E-A5EF79961D7B" xml:lang="en"><title>Writing |
13 a UPS Policy Evaluator</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
13 a UPS Policy Evaluator</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
14 <section><title>Introduction</title> <p>Policy Evaluators are ECOM plug-ins. |
14 <section id="GUID-56EDF170-1A32-4275-8799-99D13C485E1E"><title>Introduction</title> <p>Policy Evaluators are ECOM plug-ins. |
15 They allow security decisions to be specific to the data on which the service |
15 They allow security decisions to be specific to the data on which the service |
16 acts instead of simply granting full access to the service, for example "Allow |
16 acts instead of simply granting full access to the service, for example "Allow |
17 application X to send SMS messages to 01234567". This is supported through |
17 application X to send SMS messages to 01234567". This is supported through |
18 the fingerprint functionality. They allow a security decision to be specific |
18 the fingerprint functionality. They allow a security decision to be specific |
19 to an individual script executing within a scripting host. This is supported |
19 to an individual script executing within a scripting host. This is supported |
37 <li id="GUID-8B26DA57-A9DF-5D99-A259-2E6DF7C4DCCE"><p>Allow a prompt to be |
37 <li id="GUID-8B26DA57-A9DF-5D99-A259-2E6DF7C4DCCE"><p>Allow a prompt to be |
38 displayed even if the user selected "Always" or "Never". This could be based |
38 displayed even if the user selected "Always" or "Never". This could be based |
39 on a usage threshold or simply as additional confirmation if the user selected |
39 on a usage threshold or simply as additional confirmation if the user selected |
40 "Never". This is supported via the force prompt functionality. </p> </li> |
40 "Never". This is supported via the force prompt functionality. </p> </li> |
41 </ul> </section> |
41 </ul> </section> |
42 <section><title>Procedure</title> <p>Writing policy evaluator includes the |
42 <section id="GUID-CCBB139D-0F1C-4AD4-B2F2-062CF660A0DE"><title>Procedure</title> <p>Writing policy evaluator includes the |
43 following: </p> <ol id="GUID-F50174F6-3619-545A-8844-D4DA64B1B339"> |
43 following: </p> <ol id="GUID-F50174F6-3619-545A-8844-D4DA64B1B339"> |
44 <li id="GUID-246EF2AB-23D9-5B1B-BC4C-8CCFB545C307"><p>Generating fingerprints </p> </li> |
44 <li id="GUID-246EF2AB-23D9-5B1B-BC4C-8CCFB545C307"><p>Generating fingerprints </p> </li> |
45 <li id="GUID-4427FF70-9461-566A-8567-FC6EEF879475"><p>Forcing prompts </p> </li> |
45 <li id="GUID-4427FF70-9461-566A-8567-FC6EEF879475"><p>Forcing prompts </p> </li> |
46 <li id="GUID-703D9B83-78A0-5EA6-8D1C-685D2BC847EA"><p>Defining default policy |
46 <li id="GUID-703D9B83-78A0-5EA6-8D1C-685D2BC847EA"><p>Defining default policy |
47 evaluator </p> </li> |
47 evaluator </p> </li> |
179 } |
179 } |
180 </codeblock> <p><b>Defining default policy evaluator</b> </p> <p>If device |
180 </codeblock> <p><b>Defining default policy evaluator</b> </p> <p>If device |
181 creators do not define a policy evaluator, a default (internal) policy evaluator |
181 creators do not define a policy evaluator, a default (internal) policy evaluator |
182 is returned. The default policy evaluator returns a single, null fingerprint. |
182 is returned. The default policy evaluator returns a single, null fingerprint. |
183 The default policy evaluator does not override the <codeph>ForcePromptL()</codeph> API. </p> </section> |
183 The default policy evaluator does not override the <codeph>ForcePromptL()</codeph> API. </p> </section> |
184 <section><title> Upgrading policy evaluators </title> <p>A policy evaluator |
184 <section id="GUID-987ECDA9-5728-4A7A-AB38-D58A7CC097AC"><title> Upgrading policy evaluators </title> <p>A policy evaluator |
185 can be overwritten or eclipsed without restarting the UPS, if it is delivered |
185 can be overwritten or eclipsed without restarting the UPS, if it is delivered |
186 through an appropriately signed upgrade. </p> <ul> |
186 through an appropriately signed upgrade. </p> <ul> |
187 <li id="GUID-086FABB6-13C0-5D98-8B2A-1D38BD620EB5"><p>The ECOM plug-in will |
187 <li id="GUID-086FABB6-13C0-5D98-8B2A-1D38BD620EB5"><p>The ECOM plug-in will |
188 be reloaded only when there are no active <codeph>RUpsSubsession::Authorise()</codeph> requests. </p> </li> |
188 be reloaded only when there are no active <codeph>RUpsSubsession::Authorise()</codeph> requests. </p> </li> |
189 <li id="GUID-CD95EB32-9438-5AA1-BA80-8C90DC304642"><p>The decision records |
189 <li id="GUID-CD95EB32-9438-5AA1-BA80-8C90DC304642"><p>The decision records |
192 should be delivered. </p> </li> |
192 should be delivered. </p> </li> |
193 <li id="GUID-DC1804B8-A052-52AC-96DC-32C3BBADE2A8"><p>SWI Observer informs |
193 <li id="GUID-DC1804B8-A052-52AC-96DC-32C3BBADE2A8"><p>SWI Observer informs |
194 the UPS that the plug-ins may have changed whenever Software Install modifies <filepath>sys\bin</filepath> on |
194 the UPS that the plug-ins may have changed whenever Software Install modifies <filepath>sys\bin</filepath> on |
195 the system drive. There is no need to explicitly register changes to plug-ins. </p> </li> |
195 the system drive. There is no need to explicitly register changes to plug-ins. </p> </li> |
196 </ul> </section> |
196 </ul> </section> |
197 <section><title> Policy evaluator example</title> <p>The following code shows |
197 <section id="GUID-48624948-C1C9-4DEA-A6E1-6E4B9AC72E8E"><title> Policy evaluator example</title> <p>The following code shows |
198 an example of a full implementation of the policy evaluator file: </p> <codeblock id="GUID-D1615A8D-334C-5718-BFD6-EC3004A09F3A" xml:space="preserve">// Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
198 an example of a full implementation of the policy evaluator file: </p> <codeblock id="GUID-D1615A8D-334C-5718-BFD6-EC3004A09F3A" xml:space="preserve">#include "refpolicyevaluator.h" |
199 // All rights reserved. |
|
200 // This component and the accompanying materials are made available |
|
201 // under the terms of the License "Symbian Foundation License v1.0" |
|
202 // which accompanies this distribution, and is available |
|
203 // at the URL "http://www.symbianfoundation.org/legal/sfl-v10.html". |
|
204 // |
|
205 // Initial Contributors: |
|
206 // Nokia Corporation - initial contribution. |
|
207 |
|
208 // refpolicyevaluator.cpp |
|
209 |
|
210 #include "refpolicyevaluator.h" |
|
211 #include <ecom/implementationproxy.h> |
199 #include <ecom/implementationproxy.h> |
212 #include <ups/cliententity.h> |
200 #include <ups/cliententity.h> |
213 #include <ups/fingerprint.h> |
201 #include <ups/fingerprint.h> |
214 #include <ups/upsdb.h> |
202 #include <ups/upsdb.h> |
215 |
203 |