|
1 /* |
|
2 * Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 #include <centralrepository.h> |
|
19 #include <e32std.h> |
|
20 |
|
21 #include "hspsthememanagement.h" |
|
22 #include "hspsodt.h" |
|
23 #include "hspsdefinitionrepository.h" |
|
24 #include "hspssecurityenforcer.h" |
|
25 #include "hspsserverutil.h" |
|
26 #include "hspsthemeserver.h" |
|
27 #ifdef HSPS_LOG_ACTIVE |
|
28 #include <hspslogbus.h> |
|
29 #endif |
|
30 |
|
31 |
|
32 // ============================ LOCAL FUNCTIONS =============================== |
|
33 |
|
34 // ----------------------------------------------------------------------------- |
|
35 // ResetAndDestroyArray Callback function for cleaning up the CArrayPtr. |
|
36 // Returns: void |
|
37 // ----------------------------------------------------------------------------- |
|
38 // |
|
39 LOCAL_C void ResetAndDestroyArray( TAny* aArray ) |
|
40 { |
|
41 CArrayPtrSeg<HBufC>* tmp = reinterpret_cast<CArrayPtrSeg<HBufC>*>( aArray ); |
|
42 tmp->ResetAndDestroy(); |
|
43 } |
|
44 |
|
45 // ============================ MEMBER FUNCTIONS =============================== |
|
46 |
|
47 // ----------------------------------------------------------------------------- |
|
48 // ChspsSecurityEnforcer::ChspsSecurityEnforcer |
|
49 // C++ default constructor can not contain any code, that |
|
50 // might leave. |
|
51 // ----------------------------------------------------------------------------- |
|
52 // |
|
53 ChspsSecurityEnforcer::ChspsSecurityEnforcer( |
|
54 ChspsDefinitionRepository& aDefRep, CRepository& aCenRep ) |
|
55 : iDefRep( aDefRep ), iCentralRepository( aCenRep ) |
|
56 { |
|
57 } |
|
58 |
|
59 // ----------------------------------------------------------------------------- |
|
60 // ChspsSecurityEnforcer::ConstructL |
|
61 // Symbian 2nd phase constructor can leave. |
|
62 // ----------------------------------------------------------------------------- |
|
63 // |
|
64 void ChspsSecurityEnforcer::ConstructL() |
|
65 { |
|
66 iAccessControlList.Reset(); |
|
67 TBuf8<KCenRepBufferSize> buf; |
|
68 iCentralRepository.Get(KCenrepKeyAccessControlList, buf ); |
|
69 HandleAccessControlListL(buf, iAccessControlList); |
|
70 } |
|
71 |
|
72 // ----------------------------------------------------------------------------- |
|
73 // ChspsSecurityEnforcer::NewL |
|
74 // Two-phased constructor. |
|
75 // ----------------------------------------------------------------------------- |
|
76 // |
|
77 ChspsSecurityEnforcer* ChspsSecurityEnforcer::NewL( ChspsDefinitionRepository& aDefRep, CRepository& aCenRep ) |
|
78 { |
|
79 ChspsSecurityEnforcer* self = new( ELeave ) ChspsSecurityEnforcer( aDefRep, aCenRep ); |
|
80 CleanupStack::PushL( self ); |
|
81 self->ConstructL(); |
|
82 CleanupStack::Pop( self ); |
|
83 |
|
84 return self; |
|
85 } |
|
86 |
|
87 |
|
88 // Destructor |
|
89 ChspsSecurityEnforcer::~ChspsSecurityEnforcer() |
|
90 { |
|
91 iAccessControlList.Close(); |
|
92 } |
|
93 |
|
94 // ----------------------------------------------------------------------------- |
|
95 // ChspsSecurityEnforcer::CheckIfLicenseeDefaultExistsL() |
|
96 // Checks if Licensee Default theme exists. Leaves if there doesn't exist a licensee |
|
97 // default theme that has the same AppUid and ThemeUid as aOdt. |
|
98 // (other items were commented in a header). |
|
99 // ----------------------------------------------------------------------------- |
|
100 // |
|
101 void ChspsSecurityEnforcer::CheckIfLicenseeDefaultExistsL( const ChspsODT& aOdt ) |
|
102 { |
|
103 CArrayPtrSeg<HBufC8>* headerDataList = new( ELeave ) CArrayPtrSeg<HBufC8>( |
|
104 KHeaderListGranularity ); |
|
105 CleanupStack::PushL( TCleanupItem( ResetAndDestroyArray, headerDataList ) ); |
|
106 TBool found( EFalse ); |
|
107 |
|
108 ChspsODT* tempMask = ChspsODT::NewL(); |
|
109 CleanupStack::PushL( tempMask ); |
|
110 tempMask->SetRootUid( aOdt.RootUid() ); |
|
111 tempMask->SetThemeUid( aOdt.ThemeUid() ); |
|
112 |
|
113 iDefRep.GetThemeListAsStreamL( *headerDataList, *tempMask ); |
|
114 CleanupStack::PopAndDestroy( tempMask ); |
|
115 |
|
116 for( TInt j = headerDataList->Count(); --j>=0; ) |
|
117 { |
|
118 TPtr8 h = headerDataList->At( j )->Des(); |
|
119 ChspsODT* odt = ChspsODT::UnMarshalHeaderLC( h ); |
|
120 if ( odt->Flags() & EhspsThemeStatusLicenceeDefault ) |
|
121 { |
|
122 found = ETrue; |
|
123 } |
|
124 CleanupStack::PopAndDestroy( odt ); |
|
125 } |
|
126 |
|
127 CleanupStack::Pop( headerDataList ); |
|
128 if ( headerDataList ) |
|
129 { |
|
130 headerDataList->ResetAndDestroy(); |
|
131 delete headerDataList; |
|
132 } |
|
133 |
|
134 if ( !found ) |
|
135 { |
|
136 User::LeaveIfError( KErrGeneral );//TO DO: Use HSPS error space |
|
137 } |
|
138 } |
|
139 |
|
140 |
|
141 // ----------------------------------------------------------------------------- |
|
142 // ChspsSecurityEnforcer::CheckThemeLockingL() |
|
143 // Checks if there exists a licencee default theme on ROM which has the same |
|
144 // identity and has the theme status locked. |
|
145 // (other items were commented in a header). |
|
146 // ----------------------------------------------------------------------------- |
|
147 // |
|
148 TBool ChspsSecurityEnforcer::CheckThemeLockingL( const ChspsODT& aOdt ) |
|
149 { |
|
150 CArrayPtrSeg<HBufC8>* headerDataList = new( ELeave ) CArrayPtrSeg<HBufC8>( |
|
151 KHeaderListGranularity ); |
|
152 CleanupStack::PushL( TCleanupItem( ResetAndDestroyArray, headerDataList ) ); |
|
153 TBool found( EFalse ); |
|
154 |
|
155 ChspsODT* tempMask = ChspsODT::NewL(); |
|
156 CleanupStack::PushL( tempMask ); |
|
157 tempMask->SetRootUid( aOdt.RootUid() ); |
|
158 tempMask->SetThemeUid( aOdt.ThemeUid() ); |
|
159 |
|
160 iDefRep.GetThemeListAsStreamL( *headerDataList, *tempMask ); |
|
161 CleanupStack::PopAndDestroy( tempMask ); |
|
162 |
|
163 for( TInt j = headerDataList->Count(); --j>=0; ) |
|
164 { |
|
165 TPtr8 h = headerDataList->At( j )->Des(); |
|
166 ChspsODT* odt = ChspsODT::UnMarshalHeaderLC( h ); |
|
167 if ( odt->Flags() & EhspsThemeStatusLocked && odt->Flags() & EhspsThemeStatusLicenceeDefault ) |
|
168 { |
|
169 found = ETrue; |
|
170 } |
|
171 CleanupStack::PopAndDestroy( odt ); |
|
172 } |
|
173 |
|
174 CleanupStack::Pop( headerDataList ); |
|
175 if ( headerDataList ) |
|
176 { |
|
177 headerDataList->ResetAndDestroy(); |
|
178 delete headerDataList; |
|
179 } |
|
180 |
|
181 return found; |
|
182 } |
|
183 |
|
184 // ----------------------------------------------------------------------------- |
|
185 // ChspsSecurityEnforcer::SetLogBus() |
|
186 // ----------------------------------------------------------------------------- |
|
187 // |
|
188 #ifdef HSPS_LOG_ACTIVE |
|
189 void ChspsSecurityEnforcer::SetLogBus( ChspsLogBus* aLogBus ) |
|
190 { |
|
191 iLogBus = aLogBus; |
|
192 } |
|
193 #endif |
|
194 |
|
195 //------------------------------------------------------------------------------ |
|
196 // ChspsSecurityEnforcer::HandleAccessControlListL() |
|
197 //------------------------------------------------------------------------------ |
|
198 // |
|
199 void ChspsSecurityEnforcer::HandleAccessControlListL( const TDesC8& aStrBuf, RArray<TInt>& aArray ) |
|
200 { |
|
201 TLex8 input( aStrBuf ); |
|
202 input.Mark(); |
|
203 |
|
204 while ( !input.Eos() ) |
|
205 { |
|
206 if( input.Peek() == ';') |
|
207 { |
|
208 TUint uid; |
|
209 User::LeaveIfError( hspsServerUtil::HexString2Uint( input.MarkedToken(), uid ) ); |
|
210 aArray.AppendL(uid); |
|
211 input.Inc(); |
|
212 input.Mark( ); |
|
213 } |
|
214 input.Inc(); |
|
215 } |
|
216 |
|
217 } |
|
218 |
|
219 //------------------------------------------------------------------------------ |
|
220 // ChspsSecurityEnforcer::CheckAccessControlListL() |
|
221 //------------------------------------------------------------------------------ |
|
222 // |
|
223 TBool ChspsSecurityEnforcer::CheckAccessControlListL( TInt aUid ) |
|
224 { |
|
225 |
|
226 TBool status(EFalse); |
|
227 #ifdef _hsps_INTERNAL_ |
|
228 if( aUid == KSecureId_EUnit.iUid ) |
|
229 { |
|
230 status = ETrue; |
|
231 return status; |
|
232 } |
|
233 #endif |
|
234 for( TInt i = 0; i < iAccessControlList.Count(); i++ ) |
|
235 { |
|
236 if( aUid == iAccessControlList[i] ) |
|
237 { |
|
238 status = ETrue; |
|
239 break; |
|
240 } |
|
241 } |
|
242 |
|
243 return status; |
|
244 } |
|
245 |
|
246 // ----------------------------------------------------------------------------- |
|
247 // ChspsSecurityEnforcer::CheckAccessRightsL() |
|
248 // This function is called by CPolicyServer when hspsThemeServer receives user request. |
|
249 // Access rights are hard-coded here for S60 3.1, however, in later versions |
|
250 // support for dynamic configuration of access rights must taken care. |
|
251 // This would be appropriate to solve together with TARM-policy implementation. |
|
252 // (other items were commented in a header). |
|
253 // ----------------------------------------------------------------------------- |
|
254 // |
|
255 #ifdef _hsps_SECURITY_NOT_IN_USE_ |
|
256 TBool ChspsSecurityEnforcer::CheckAccessRightsL( const RMessage2& /*aMessage*/ ) |
|
257 { |
|
258 return ETrue; |
|
259 } |
|
260 #else |
|
261 TBool ChspsSecurityEnforcer::CheckAccessRightsL( const RMessage2& aMessage ) |
|
262 { |
|
263 TBool passed = EFalse; |
|
264 TInt function = aMessage.Function(); |
|
265 TInt secure_id = aMessage.SecureId().iId; |
|
266 TInt vendor_id = aMessage.VendorId().iId; |
|
267 |
|
268 #ifdef HSPS_LOG_ACTIVE |
|
269 if( iLogBus ) |
|
270 { |
|
271 iLogBus->LogText( _L( "ChspsSecurityEnforcer::CheckAccessRightsL(): - SID: %d, VID: %d, function: %d" ), |
|
272 secure_id, |
|
273 vendor_id, |
|
274 function ); |
|
275 } |
|
276 #endif |
|
277 |
|
278 switch ( function ) |
|
279 { |
|
280 // installation: |
|
281 case EhspsInstallTheme: |
|
282 case EhspsInstallNextPhase: |
|
283 case EhspsCancelInstallTheme: |
|
284 case EhspsReinstallConf: |
|
285 { |
|
286 if( CheckAccessControlListL( secure_id ) ) |
|
287 { |
|
288 passed = ETrue; |
|
289 } |
|
290 else |
|
291 { |
|
292 passed = aMessage.HasCapability( ECapabilityWriteDeviceData ); |
|
293 } |
|
294 break; |
|
295 } |
|
296 // maintenance |
|
297 case EhspsGetListHeaders: |
|
298 case EhspsGetNextHeader: |
|
299 case EhspsCancelGetListHeaders: |
|
300 case EhspsSetActiveTheme: |
|
301 case EhspsRestoreDefault: |
|
302 case EhspsAddPlugin: |
|
303 case EhspsRemovePlugin: |
|
304 case EhspsSetPluginSettings: |
|
305 case EhspsGetPluginOdt: |
|
306 case EhspsSetActivePlugin: |
|
307 case EhspsMovePlugins: |
|
308 case EhspsReplacePlugin: |
|
309 case EhspsSetConfState: |
|
310 case EhspsRestoreActiveAppConf: |
|
311 case EhspsUpdatePluginConf: |
|
312 { |
|
313 if( CheckAccessControlListL( secure_id ) ) |
|
314 { |
|
315 passed = ETrue; |
|
316 } |
|
317 else |
|
318 { |
|
319 passed = aMessage.HasCapability( ECapabilityWriteDeviceData ); |
|
320 } |
|
321 break; |
|
322 } |
|
323 case EhspsRemoveTheme: |
|
324 { |
|
325 if( CheckAccessControlListL( secure_id ) ) |
|
326 { |
|
327 passed = ETrue; |
|
328 } |
|
329 else |
|
330 { |
|
331 passed = aMessage.HasCapability( ECapabilityWriteDeviceData ); |
|
332 } |
|
333 break; |
|
334 } |
|
335 // theme usage |
|
336 case EhspsGetODT: |
|
337 case EhspsGetODTUpdate: |
|
338 case EhspsCancelGetODTUpdate: |
|
339 case EhspsAccessResourceFile: |
|
340 case EhspsCopyResources: |
|
341 { |
|
342 if( CheckAccessControlListL( secure_id ) ) |
|
343 { |
|
344 passed = ETrue; |
|
345 } |
|
346 else |
|
347 { |
|
348 passed = aMessage.HasCapability( ECapabilityWriteDeviceData ); |
|
349 } |
|
350 break; |
|
351 } |
|
352 |
|
353 default: |
|
354 { |
|
355 passed = EFalse; |
|
356 break; |
|
357 } |
|
358 } |
|
359 |
|
360 #ifdef HSPS_LOG_ACTIVE |
|
361 if ( !passed ) |
|
362 { |
|
363 if( iLogBus ) |
|
364 { |
|
365 iLogBus->LogText( _L( "ChspsSecurityEnforcer::CheckAccessRightsL(): - security violation, client process is now frozen." ) ); |
|
366 } |
|
367 } |
|
368 #endif |
|
369 |
|
370 return passed; |
|
371 } |
|
372 #endif |
|
373 |
|
374 // end of file |