MCL/sf/mw/homescreensrv: comparison homescreenpluginsrv/hspsmanager/src/hspssecurityenforcer.cpp

equal deleted inserted replaced

--1:000000000000
+:79c6a41cd166
+/*
+* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+#include <centralrepository.h>
+#include <e32std.h>
+#include "hspsthememanagement.h"
+#include "hspsodt.h"
+#include "hspsdefinitionrepository.h"
+#include "hspssecurityenforcer.h"
+#include "hspsserverutil.h"
+#include "hspsthemeserver.h"
+#ifdef HSPS_LOG_ACTIVE
+#include <hspslogbus.h>
+#endif
+// ============================ LOCAL FUNCTIONS ===============================
+// -----------------------------------------------------------------------------
+// ResetAndDestroyArray Callback function for cleaning up the CArrayPtr.
+// Returns: void
+// -----------------------------------------------------------------------------
+//
+LOCAL_C void ResetAndDestroyArray( TAny* aArray )
+{
+CArrayPtrSeg<HBufC>* tmp = reinterpret_cast<CArrayPtrSeg<HBufC>*>( aArray );
+tmp->ResetAndDestroy();
+}
+// ============================ MEMBER FUNCTIONS ===============================
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::ChspsSecurityEnforcer
+// C++ default constructor can not contain any code, that
+// might leave.
+// -----------------------------------------------------------------------------
+//
+ChspsSecurityEnforcer::ChspsSecurityEnforcer(
+ChspsDefinitionRepository& aDefRep, CRepository& aCenRep )
+: iDefRep( aDefRep ), iCentralRepository( aCenRep )
+{
+}
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::ConstructL
+// Symbian 2nd phase constructor can leave.
+// -----------------------------------------------------------------------------
+//
+void ChspsSecurityEnforcer::ConstructL()
+{
+iAccessControlList.Reset();
+TBuf8<KCenRepBufferSize> buf;
+iCentralRepository.Get(KCenrepKeyAccessControlList, buf );
+HandleAccessControlListL(buf, iAccessControlList);
+}
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::NewL
+// Two-phased constructor.
+// -----------------------------------------------------------------------------
+//
+ChspsSecurityEnforcer* ChspsSecurityEnforcer::NewL( ChspsDefinitionRepository& aDefRep, CRepository& aCenRep )
+{
+ChspsSecurityEnforcer* self = new( ELeave ) ChspsSecurityEnforcer( aDefRep, aCenRep );
+CleanupStack::PushL( self );
+self->ConstructL();
+CleanupStack::Pop( self );
+return self;
+}
+// Destructor
+ChspsSecurityEnforcer::~ChspsSecurityEnforcer()
+{
+iAccessControlList.Close();
+}
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::CheckIfLicenseeDefaultExistsL()
+// Checks if Licensee Default theme exists. Leaves if there doesn't exist a licensee
+// default theme that has the same AppUid and ThemeUid as aOdt.
+// (other items were commented in a header).
+// -----------------------------------------------------------------------------
+//
+void ChspsSecurityEnforcer::CheckIfLicenseeDefaultExistsL( const ChspsODT& aOdt )
+{
+CArrayPtrSeg<HBufC8>* headerDataList = new( ELeave ) CArrayPtrSeg<HBufC8>(
+KHeaderListGranularity );
+CleanupStack::PushL( TCleanupItem( ResetAndDestroyArray, headerDataList ) );
+TBool found( EFalse );
+ChspsODT* tempMask = ChspsODT::NewL();
+CleanupStack::PushL( tempMask );
+tempMask->SetRootUid( aOdt.RootUid() );
+tempMask->SetThemeUid( aOdt.ThemeUid() );
+iDefRep.GetThemeListAsStreamL( *headerDataList, *tempMask );
+CleanupStack::PopAndDestroy( tempMask );
+for( TInt j = headerDataList->Count(); --j>=0; )
+{
+TPtr8 h = headerDataList->At( j )->Des();
+ChspsODT* odt = ChspsODT::UnMarshalHeaderLC( h );
+if ( odt->Flags() & EhspsThemeStatusLicenceeDefault )
+{
+found = ETrue;
+}
+CleanupStack::PopAndDestroy( odt );
+}
+CleanupStack::Pop( headerDataList );
+if ( headerDataList )
+{
+headerDataList->ResetAndDestroy();
+delete headerDataList;
+}
+if ( !found )
+{
+User::LeaveIfError( KErrGeneral );//TO DO: Use HSPS error space
+}
+}
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::CheckThemeLockingL()
+// Checks if there exists a licencee default theme on ROM which has the same
+// identity and has the theme status locked.
+// (other items were commented in a header).
+// -----------------------------------------------------------------------------
+//
+TBool ChspsSecurityEnforcer::CheckThemeLockingL( const ChspsODT& aOdt )
+{
+CArrayPtrSeg<HBufC8>* headerDataList = new( ELeave ) CArrayPtrSeg<HBufC8>(
+KHeaderListGranularity );
+CleanupStack::PushL( TCleanupItem( ResetAndDestroyArray, headerDataList ) );
+TBool found( EFalse );
+ChspsODT* tempMask = ChspsODT::NewL();
+CleanupStack::PushL( tempMask );
+tempMask->SetRootUid( aOdt.RootUid() );
+tempMask->SetThemeUid( aOdt.ThemeUid() );
+iDefRep.GetThemeListAsStreamL( *headerDataList, *tempMask );
+CleanupStack::PopAndDestroy( tempMask );
+for( TInt j = headerDataList->Count(); --j>=0; )
+{
+TPtr8 h = headerDataList->At( j )->Des();
+ChspsODT* odt = ChspsODT::UnMarshalHeaderLC( h );
+if ( odt->Flags() & EhspsThemeStatusLocked && odt->Flags() & EhspsThemeStatusLicenceeDefault )
+{
+found = ETrue;
+}
+CleanupStack::PopAndDestroy( odt );
+}
+CleanupStack::Pop( headerDataList );
+if ( headerDataList )
+{
+headerDataList->ResetAndDestroy();
+delete headerDataList;
+}
+return found;
+}
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::SetLogBus()
+// -----------------------------------------------------------------------------
+//
+#ifdef HSPS_LOG_ACTIVE
+void ChspsSecurityEnforcer::SetLogBus( ChspsLogBus* aLogBus )
+{
+iLogBus = aLogBus;
+}
+#endif
+//------------------------------------------------------------------------------
+// ChspsSecurityEnforcer::HandleAccessControlListL()
+//------------------------------------------------------------------------------
+//
+void ChspsSecurityEnforcer::HandleAccessControlListL( const TDesC8& aStrBuf, RArray<TInt>& aArray )
+{
+TLex8 input( aStrBuf );
+input.Mark();
+while ( !input.Eos() )
+{
+if( input.Peek() == ';')
+{
+TUint uid;
+User::LeaveIfError( hspsServerUtil::HexString2Uint( input.MarkedToken(), uid ) );
+aArray.AppendL(uid);
+input.Inc();
+input.Mark( );
+}
+input.Inc();
+}
+}
+//------------------------------------------------------------------------------
+// ChspsSecurityEnforcer::CheckAccessControlListL()
+//------------------------------------------------------------------------------
+//
+TBool ChspsSecurityEnforcer::CheckAccessControlListL( TInt aUid )
+{
+TBool status(EFalse);
+#ifdef _hsps_INTERNAL_
+if( aUid == KSecureId_EUnit.iUid )
+{
+status = ETrue;
+return status;
+}
+#endif
+for( TInt i = 0; i < iAccessControlList.Count(); i++ )
+{
+if( aUid == iAccessControlList[i] )
+{
+status = ETrue;
+break;
+}
+}
+return status;
+}
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::CheckAccessRightsL()
+// This function is called by CPolicyServer when hspsThemeServer receives user request.
+// Access rights are hard-coded here for S60 3.1, however, in later versions
+// support for dynamic configuration of access rights must taken care.
+// This would be appropriate to solve together with TARM-policy implementation.
+// (other items were commented in a header).
+// -----------------------------------------------------------------------------
+//
+#ifdef _hsps_SECURITY_NOT_IN_USE_
+TBool ChspsSecurityEnforcer::CheckAccessRightsL( const RMessage2& /*aMessage*/ )
+{
+return ETrue;
+}
+#else
+TBool ChspsSecurityEnforcer::CheckAccessRightsL( const RMessage2& aMessage )
+{
+TBool passed = EFalse;
+TInt function = aMessage.Function();
+TInt secure_id = aMessage.SecureId().iId;
+TInt vendor_id = aMessage.VendorId().iId;
+#ifdef HSPS_LOG_ACTIVE
+if( iLogBus )
+{
+iLogBus->LogText( _L( "ChspsSecurityEnforcer::CheckAccessRightsL(): - SID: %d, VID: %d, function: %d" ),
+secure_id,
+vendor_id,
+function );
+}
+#endif
+switch ( function )
+{
+// installation:
+case EhspsInstallTheme:
+case EhspsInstallNextPhase:
+case EhspsCancelInstallTheme:
+case EhspsReinstallConf:
+{
+if( CheckAccessControlListL( secure_id ) )
+{
+passed = ETrue;
+}
+else
+{
+passed = aMessage.HasCapability( ECapabilityWriteDeviceData );
+}
+break;
+}
+// maintenance
+case EhspsGetListHeaders:
+case EhspsGetNextHeader:
+case EhspsCancelGetListHeaders:
+case EhspsSetActiveTheme:
+case EhspsRestoreDefault:
+case EhspsAddPlugin:
+case EhspsRemovePlugin:
+case EhspsSetPluginSettings:
+case EhspsGetPluginOdt:
+case EhspsSetActivePlugin:
+case EhspsMovePlugins:
+case EhspsReplacePlugin:
+case EhspsSetConfState:
+case EhspsRestoreActiveAppConf:
+case EhspsUpdatePluginConf:
+{
+if( CheckAccessControlListL( secure_id ) )
+{
+passed = ETrue;
+}
+else
+{
+passed = aMessage.HasCapability( ECapabilityWriteDeviceData );
+}
+break;
+}
+case EhspsRemoveTheme:
+{
+if( CheckAccessControlListL( secure_id ) )
+{
+passed = ETrue;
+}
+else
+{
+passed = aMessage.HasCapability( ECapabilityWriteDeviceData );
+}
+break;
+}
+// theme usage
+case EhspsGetODT:
+case EhspsGetODTUpdate:
+case EhspsCancelGetODTUpdate:
+case EhspsAccessResourceFile:
+case EhspsCopyResources:
+{
+if( CheckAccessControlListL( secure_id ) )
+{
+passed = ETrue;
+}
+else
+{
+passed = aMessage.HasCapability( ECapabilityWriteDeviceData );
+}
+break;
+}
+default:
+{
+passed = EFalse;
+break;
+}
+}
+#ifdef HSPS_LOG_ACTIVE
+if ( !passed )
+{
+if( iLogBus )
+{
+iLogBus->LogText( _L( "ChspsSecurityEnforcer::CheckAccessRightsL(): - security violation, client process is now frozen." ) );
+}
+}
+#endif
+return passed;
+}
+#endif
+// end of file

changeset 0	79c6a41cd166
child 4	1a2a00e78665