--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/homescreenpluginsrv/hspsmanager/src/hspssecurityenforcer.cpp Thu Dec 17 08:54:17 2009 +0200
@@ -0,0 +1,374 @@
+/*
+* Copyright (c) 2008 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description:
+*
+*/
+
+#include <centralrepository.h>
+#include <e32std.h>
+
+#include "hspsthememanagement.h"
+#include "hspsodt.h"
+#include "hspsdefinitionrepository.h"
+#include "hspssecurityenforcer.h"
+#include "hspsserverutil.h"
+#include "hspsthemeserver.h"
+#ifdef HSPS_LOG_ACTIVE
+#include <hspslogbus.h>
+#endif
+
+
+// ============================ LOCAL FUNCTIONS ===============================
+
+// -----------------------------------------------------------------------------
+// ResetAndDestroyArray Callback function for cleaning up the CArrayPtr.
+// Returns: void
+// -----------------------------------------------------------------------------
+//
+LOCAL_C void ResetAndDestroyArray( TAny* aArray )
+ {
+ CArrayPtrSeg<HBufC>* tmp = reinterpret_cast<CArrayPtrSeg<HBufC>*>( aArray );
+ tmp->ResetAndDestroy();
+ }
+
+// ============================ MEMBER FUNCTIONS ===============================
+
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::ChspsSecurityEnforcer
+// C++ default constructor can not contain any code, that
+// might leave.
+// -----------------------------------------------------------------------------
+//
+ChspsSecurityEnforcer::ChspsSecurityEnforcer(
+ ChspsDefinitionRepository& aDefRep, CRepository& aCenRep )
+: iDefRep( aDefRep ), iCentralRepository( aCenRep )
+ {
+ }
+
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::ConstructL
+// Symbian 2nd phase constructor can leave.
+// -----------------------------------------------------------------------------
+//
+void ChspsSecurityEnforcer::ConstructL()
+ {
+ iAccessControlList.Reset();
+ TBuf8<KCenRepBufferSize> buf;
+ iCentralRepository.Get(KCenrepKeyAccessControlList, buf );
+ HandleAccessControlListL(buf, iAccessControlList);
+ }
+
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::NewL
+// Two-phased constructor.
+// -----------------------------------------------------------------------------
+//
+ChspsSecurityEnforcer* ChspsSecurityEnforcer::NewL( ChspsDefinitionRepository& aDefRep, CRepository& aCenRep )
+ {
+ ChspsSecurityEnforcer* self = new( ELeave ) ChspsSecurityEnforcer( aDefRep, aCenRep );
+ CleanupStack::PushL( self );
+ self->ConstructL();
+ CleanupStack::Pop( self );
+
+ return self;
+ }
+
+
+// Destructor
+ChspsSecurityEnforcer::~ChspsSecurityEnforcer()
+ {
+ iAccessControlList.Close();
+ }
+
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::CheckIfLicenseeDefaultExistsL()
+// Checks if Licensee Default theme exists. Leaves if there doesn't exist a licensee
+// default theme that has the same AppUid and ThemeUid as aOdt.
+// (other items were commented in a header).
+// -----------------------------------------------------------------------------
+//
+void ChspsSecurityEnforcer::CheckIfLicenseeDefaultExistsL( const ChspsODT& aOdt )
+ {
+ CArrayPtrSeg<HBufC8>* headerDataList = new( ELeave ) CArrayPtrSeg<HBufC8>(
+ KHeaderListGranularity );
+ CleanupStack::PushL( TCleanupItem( ResetAndDestroyArray, headerDataList ) );
+ TBool found( EFalse );
+
+ ChspsODT* tempMask = ChspsODT::NewL();
+ CleanupStack::PushL( tempMask );
+ tempMask->SetRootUid( aOdt.RootUid() );
+ tempMask->SetThemeUid( aOdt.ThemeUid() );
+
+ iDefRep.GetThemeListAsStreamL( *headerDataList, *tempMask );
+ CleanupStack::PopAndDestroy( tempMask );
+
+ for( TInt j = headerDataList->Count(); --j>=0; )
+ {
+ TPtr8 h = headerDataList->At( j )->Des();
+ ChspsODT* odt = ChspsODT::UnMarshalHeaderLC( h );
+ if ( odt->Flags() & EhspsThemeStatusLicenceeDefault )
+ {
+ found = ETrue;
+ }
+ CleanupStack::PopAndDestroy( odt );
+ }
+
+ CleanupStack::Pop( headerDataList );
+ if ( headerDataList )
+ {
+ headerDataList->ResetAndDestroy();
+ delete headerDataList;
+ }
+
+ if ( !found )
+ {
+ User::LeaveIfError( KErrGeneral );//TO DO: Use HSPS error space
+ }
+ }
+
+
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::CheckThemeLockingL()
+// Checks if there exists a licencee default theme on ROM which has the same
+// identity and has the theme status locked.
+// (other items were commented in a header).
+// -----------------------------------------------------------------------------
+//
+TBool ChspsSecurityEnforcer::CheckThemeLockingL( const ChspsODT& aOdt )
+ {
+ CArrayPtrSeg<HBufC8>* headerDataList = new( ELeave ) CArrayPtrSeg<HBufC8>(
+ KHeaderListGranularity );
+ CleanupStack::PushL( TCleanupItem( ResetAndDestroyArray, headerDataList ) );
+ TBool found( EFalse );
+
+ ChspsODT* tempMask = ChspsODT::NewL();
+ CleanupStack::PushL( tempMask );
+ tempMask->SetRootUid( aOdt.RootUid() );
+ tempMask->SetThemeUid( aOdt.ThemeUid() );
+
+ iDefRep.GetThemeListAsStreamL( *headerDataList, *tempMask );
+ CleanupStack::PopAndDestroy( tempMask );
+
+ for( TInt j = headerDataList->Count(); --j>=0; )
+ {
+ TPtr8 h = headerDataList->At( j )->Des();
+ ChspsODT* odt = ChspsODT::UnMarshalHeaderLC( h );
+ if ( odt->Flags() & EhspsThemeStatusLocked && odt->Flags() & EhspsThemeStatusLicenceeDefault )
+ {
+ found = ETrue;
+ }
+ CleanupStack::PopAndDestroy( odt );
+ }
+
+ CleanupStack::Pop( headerDataList );
+ if ( headerDataList )
+ {
+ headerDataList->ResetAndDestroy();
+ delete headerDataList;
+ }
+
+ return found;
+ }
+
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::SetLogBus()
+// -----------------------------------------------------------------------------
+//
+#ifdef HSPS_LOG_ACTIVE
+void ChspsSecurityEnforcer::SetLogBus( ChspsLogBus* aLogBus )
+ {
+ iLogBus = aLogBus;
+ }
+#endif
+
+//------------------------------------------------------------------------------
+// ChspsSecurityEnforcer::HandleAccessControlListL()
+//------------------------------------------------------------------------------
+//
+void ChspsSecurityEnforcer::HandleAccessControlListL( const TDesC8& aStrBuf, RArray<TInt>& aArray )
+ {
+ TLex8 input( aStrBuf );
+ input.Mark();
+
+ while ( !input.Eos() )
+ {
+ if( input.Peek() == ';')
+ {
+ TUint uid;
+ User::LeaveIfError( hspsServerUtil::HexString2Uint( input.MarkedToken(), uid ) );
+ aArray.AppendL(uid);
+ input.Inc();
+ input.Mark( );
+ }
+ input.Inc();
+ }
+
+ }
+
+//------------------------------------------------------------------------------
+// ChspsSecurityEnforcer::CheckAccessControlListL()
+//------------------------------------------------------------------------------
+//
+TBool ChspsSecurityEnforcer::CheckAccessControlListL( TInt aUid )
+ {
+
+ TBool status(EFalse);
+#ifdef _hsps_INTERNAL_
+ if( aUid == KSecureId_EUnit.iUid )
+ {
+ status = ETrue;
+ return status;
+ }
+#endif
+ for( TInt i = 0; i < iAccessControlList.Count(); i++ )
+ {
+ if( aUid == iAccessControlList[i] )
+ {
+ status = ETrue;
+ break;
+ }
+ }
+
+ return status;
+ }
+
+// -----------------------------------------------------------------------------
+// ChspsSecurityEnforcer::CheckAccessRightsL()
+// This function is called by CPolicyServer when hspsThemeServer receives user request.
+// Access rights are hard-coded here for S60 3.1, however, in later versions
+// support for dynamic configuration of access rights must taken care.
+// This would be appropriate to solve together with TARM-policy implementation.
+// (other items were commented in a header).
+// -----------------------------------------------------------------------------
+//
+#ifdef _hsps_SECURITY_NOT_IN_USE_
+TBool ChspsSecurityEnforcer::CheckAccessRightsL( const RMessage2& /*aMessage*/ )
+ {
+ return ETrue;
+ }
+#else
+TBool ChspsSecurityEnforcer::CheckAccessRightsL( const RMessage2& aMessage )
+ {
+ TBool passed = EFalse;
+ TInt function = aMessage.Function();
+ TInt secure_id = aMessage.SecureId().iId;
+ TInt vendor_id = aMessage.VendorId().iId;
+
+#ifdef HSPS_LOG_ACTIVE
+ if( iLogBus )
+ {
+ iLogBus->LogText( _L( "ChspsSecurityEnforcer::CheckAccessRightsL(): - SID: %d, VID: %d, function: %d" ),
+ secure_id,
+ vendor_id,
+ function );
+ }
+#endif
+
+ switch ( function )
+ {
+ // installation:
+ case EhspsInstallTheme:
+ case EhspsInstallNextPhase:
+ case EhspsCancelInstallTheme:
+ case EhspsReinstallConf:
+ {
+ if( CheckAccessControlListL( secure_id ) )
+ {
+ passed = ETrue;
+ }
+ else
+ {
+ passed = aMessage.HasCapability( ECapabilityWriteDeviceData );
+ }
+ break;
+ }
+ // maintenance
+ case EhspsGetListHeaders:
+ case EhspsGetNextHeader:
+ case EhspsCancelGetListHeaders:
+ case EhspsSetActiveTheme:
+ case EhspsRestoreDefault:
+ case EhspsAddPlugin:
+ case EhspsRemovePlugin:
+ case EhspsSetPluginSettings:
+ case EhspsGetPluginOdt:
+ case EhspsSetActivePlugin:
+ case EhspsMovePlugins:
+ case EhspsReplacePlugin:
+ case EhspsSetConfState:
+ case EhspsRestoreActiveAppConf:
+ case EhspsUpdatePluginConf:
+ {
+ if( CheckAccessControlListL( secure_id ) )
+ {
+ passed = ETrue;
+ }
+ else
+ {
+ passed = aMessage.HasCapability( ECapabilityWriteDeviceData );
+ }
+ break;
+ }
+ case EhspsRemoveTheme:
+ {
+ if( CheckAccessControlListL( secure_id ) )
+ {
+ passed = ETrue;
+ }
+ else
+ {
+ passed = aMessage.HasCapability( ECapabilityWriteDeviceData );
+ }
+ break;
+ }
+ // theme usage
+ case EhspsGetODT:
+ case EhspsGetODTUpdate:
+ case EhspsCancelGetODTUpdate:
+ case EhspsAccessResourceFile:
+ case EhspsCopyResources:
+ {
+ if( CheckAccessControlListL( secure_id ) )
+ {
+ passed = ETrue;
+ }
+ else
+ {
+ passed = aMessage.HasCapability( ECapabilityWriteDeviceData );
+ }
+ break;
+ }
+
+ default:
+ {
+ passed = EFalse;
+ break;
+ }
+ }
+
+#ifdef HSPS_LOG_ACTIVE
+ if ( !passed )
+ {
+ if( iLogBus )
+ {
+ iLogBus->LogText( _L( "ChspsSecurityEnforcer::CheckAccessRightsL(): - security violation, client process is now frozen." ) );
+ }
+ }
+#endif
+
+ return passed;
+ }
+#endif
+
+// end of file