|
1 /* |
|
2 * Copyright (c) 2002-2004 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Implementation of policymanagement components |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // INCLUDE FILES |
|
20 |
|
21 #include "PolicyProcessor.h" |
|
22 #include "PolicyStorage.h" |
|
23 #include "PolicyParser.h" |
|
24 #include "elements.h" |
|
25 #include "ElementBase.h" |
|
26 #include "DataTypes.h" |
|
27 #include "ErrorCodes.h" |
|
28 #include "TrustedSession.h" |
|
29 #include "XACMLconstants.h" |
|
30 #include "PolicyEngineServer.h" |
|
31 #include "PolicyEngineClientServer.h" |
|
32 #include "debug.h" |
|
33 |
|
34 #include "PolicyEngineUi.h" |
|
35 |
|
36 // CONSTANTS |
|
37 const TUid KUidPolicyEngineUi = { 0x10207817 }; |
|
38 |
|
39 |
|
40 // ----------------------------------------------------------------------------- |
|
41 // RAttributeContainer::AppendL() |
|
42 // ----------------------------------------------------------------------------- |
|
43 // |
|
44 void RAttributeContainer::AppendL( AttributeContainerHelper::TAttributeTypes aAttributeTypes, CAttribute* aAttribute) |
|
45 { |
|
46 //temporary to cleanup stack |
|
47 CleanupStack::PushL( aAttribute); |
|
48 |
|
49 //create container for attribute |
|
50 AttributeContainerHelper::TContainer * container = new (ELeave) AttributeContainerHelper::TContainer; |
|
51 CleanupStack::PushL( container); |
|
52 |
|
53 //set container properties |
|
54 container->iAttribute = aAttribute; |
|
55 container->iAttributeType = aAttributeTypes; |
|
56 |
|
57 //append to list |
|
58 RArray::AppendL( container); |
|
59 |
|
60 //remove from cleanup |
|
61 CleanupStack::Pop( 2, aAttribute); |
|
62 } |
|
63 |
|
64 // ----------------------------------------------------------------------------- |
|
65 // RAttributeContainer::Close() |
|
66 // ----------------------------------------------------------------------------- |
|
67 // |
|
68 void RAttributeContainer::Close() |
|
69 { |
|
70 //delete attributes and container... |
|
71 for ( TInt i(0); i < Count(); i++) |
|
72 { |
|
73 AttributeContainerHelper::TContainer * container = operator[]( i); |
|
74 delete container->iAttribute; |
|
75 delete container; |
|
76 } |
|
77 |
|
78 RArray::Close(); |
|
79 } |
|
80 |
|
81 |
|
82 |
|
83 // ----------------------------------------------------------------------------- |
|
84 // CPolicyProcessor::CPolicyProcessor() |
|
85 // ----------------------------------------------------------------------------- |
|
86 // |
|
87 |
|
88 CPolicyProcessor::CPolicyProcessor() |
|
89 : CActive( EPriorityStandard) |
|
90 { |
|
91 } |
|
92 |
|
93 |
|
94 // ----------------------------------------------------------------------------- |
|
95 // CPolicyProcessor::NewL() |
|
96 // ----------------------------------------------------------------------------- |
|
97 // |
|
98 |
|
99 CPolicyProcessor * CPolicyProcessor::NewL() |
|
100 { |
|
101 CPolicyProcessor * self = new(ELeave) CPolicyProcessor(); |
|
102 |
|
103 CleanupStack::PushL( self); |
|
104 self->ConstructL(); |
|
105 CleanupStack::Pop( self); |
|
106 |
|
107 return self; |
|
108 |
|
109 } |
|
110 |
|
111 // ----------------------------------------------------------------------------- |
|
112 // CPolicyProcessor::~CPolicyProcessor() |
|
113 // ----------------------------------------------------------------------------- |
|
114 // |
|
115 |
|
116 CPolicyProcessor::~CPolicyProcessor() |
|
117 { |
|
118 ResetRequestContext(); |
|
119 delete iRequestBuffer; |
|
120 |
|
121 CPolicyEngineServer::RemoveActiveObject( this); |
|
122 } |
|
123 |
|
124 // ----------------------------------------------------------------------------- |
|
125 // CPolicyProcessor::ConstructL() |
|
126 // ----------------------------------------------------------------------------- |
|
127 // |
|
128 |
|
129 void CPolicyProcessor::ConstructL() |
|
130 { |
|
131 CPolicyEngineServer::AddActiveObjectL( this); |
|
132 } |
|
133 |
|
134 // ----------------------------------------------------------------------------- |
|
135 // CPolicyProcessor::HandleErrorL() |
|
136 // ----------------------------------------------------------------------------- |
|
137 // |
|
138 |
|
139 void CPolicyProcessor::HandleErrorL( const TDesC8& aText ) |
|
140 { |
|
141 RDEBUG("CPolicyProcessor::HandleErrorL"); |
|
142 //error handling for processor |
|
143 RDEBUG_2("XACML request indeterminate: %S", &aText); |
|
144 User::Leave( KErrAbort); |
|
145 } |
|
146 |
|
147 // ----------------------------------------------------------------------------- |
|
148 // CPolicyProcessor::ResetRequestContext() |
|
149 // ----------------------------------------------------------------------------- |
|
150 // |
|
151 void CPolicyProcessor::ResetRequestContext() |
|
152 { |
|
153 if ( iDeleteAttributes ) |
|
154 { |
|
155 //delete subject attributes and closes RArray |
|
156 for ( TInt i(0); i < iSubjects.Count(); i++) |
|
157 { |
|
158 CAttribute * attribute = iSubjects[i]; |
|
159 delete attribute; |
|
160 } |
|
161 |
|
162 //delete actions attributes and closes RArray |
|
163 for ( TInt i(0); i < iActions.Count(); i++) |
|
164 { |
|
165 CAttribute * attribute = iActions[i]; |
|
166 delete attribute; |
|
167 } |
|
168 |
|
169 //delete resources attributes and closes RArray |
|
170 for ( TInt i(0); i < iResources.Count(); i++) |
|
171 { |
|
172 CAttribute * attribute = iResources[i]; |
|
173 delete attribute; |
|
174 } |
|
175 |
|
176 //delete environments attributes and closes RArray |
|
177 for ( TInt i(0); i < iEnvironments.Count(); i++) |
|
178 { |
|
179 CAttribute * attribute = iEnvironments[i]; |
|
180 delete attribute; |
|
181 } |
|
182 } |
|
183 |
|
184 iSubjects.Close(); |
|
185 iActions.Close(); |
|
186 iResources.Close(); |
|
187 iEnvironments.Close(); |
|
188 } |
|
189 |
|
190 |
|
191 |
|
192 // ----------------------------------------------------------------------------- |
|
193 // CPolicyProcessor::ResetRequestContext() |
|
194 // ----------------------------------------------------------------------------- |
|
195 // |
|
196 TPtrC8 CPolicyProcessor::NextToken( TPtrC8& aText) |
|
197 { |
|
198 if ( !aText.Length() ) return aText; |
|
199 |
|
200 //remove first delimiter |
|
201 if ( aText[0] == KMessageDelimiterChar) |
|
202 { |
|
203 aText.Set( aText.Mid(1)); |
|
204 } |
|
205 |
|
206 //find next delimiter |
|
207 TPtrC8 retVal = aText; |
|
208 TInt index = aText.Locate( KMessageDelimiterChar); |
|
209 |
|
210 if ( index != KErrNotFound ) |
|
211 { |
|
212 //set retVal to point token and aText to remaining part |
|
213 retVal.Set( aText.Left( index)); |
|
214 aText.Set( aText.Mid( index )); |
|
215 } |
|
216 |
|
217 return retVal; |
|
218 } |
|
219 |
|
220 // ----------------------------------------------------------------------------- |
|
221 // CPolicyProcessor::ExecuteRequestL() |
|
222 // ----------------------------------------------------------------------------- |
|
223 // |
|
224 void CPolicyProcessor::ExecuteRequestL( RAttributeContainer &aAttributes, TMatchResponse &aResponse) |
|
225 { |
|
226 iDeleteAttributes = EFalse; |
|
227 iUseEditedElements = ETrue; |
|
228 |
|
229 //reset request context |
|
230 ResetRequestContext(); |
|
231 |
|
232 for ( TInt i(0); i < aAttributes.Count(); i++) |
|
233 { |
|
234 RAttributeList * list = 0; |
|
235 |
|
236 using namespace AttributeContainerHelper; |
|
237 TContainer * container = aAttributes[i]; |
|
238 |
|
239 switch ( container->iAttributeType ) |
|
240 { |
|
241 case ESubjectAttributes : |
|
242 { |
|
243 list = &iSubjects; |
|
244 break; |
|
245 } |
|
246 case EActionAttributes : |
|
247 { |
|
248 list = &iActions; |
|
249 break; |
|
250 } |
|
251 case EResourceAttributes : |
|
252 { |
|
253 list = &iResources; |
|
254 break; |
|
255 } |
|
256 case EEnvironmentAttributes : |
|
257 { |
|
258 list = &iEnvironments; |
|
259 break; |
|
260 } |
|
261 default: |
|
262 User::Panic( PolicyParserPanic, KErrCorrupt); |
|
263 break; |
|
264 } |
|
265 |
|
266 //append attribute to attribute list |
|
267 list->AppendL( container->iAttribute); |
|
268 } |
|
269 |
|
270 //make request |
|
271 DoRequestExecutionL( aResponse, ETrue); |
|
272 } |
|
273 |
|
274 // ----------------------------------------------------------------------------- |
|
275 // CPolicyProcessor::ExecuteRequestL() |
|
276 // ----------------------------------------------------------------------------- |
|
277 // |
|
278 void CPolicyProcessor::ExecuteRequestL( const RMessage2& aMessage) |
|
279 { |
|
280 iUseEditedElements = EFalse; |
|
281 iDeleteAttributes = ETrue; |
|
282 |
|
283 |
|
284 RDEBUG("PolicyEngineServer: CPolicyProcessor::ExecuteRequestL"); |
|
285 |
|
286 |
|
287 //reset request context |
|
288 ResetRequestContext(); |
|
289 |
|
290 iMessage = &aMessage; |
|
291 iProcessorState = 0; |
|
292 |
|
293 //Add object to active scheduler |
|
294 if ( !IsAdded()) |
|
295 { |
|
296 CActiveScheduler::Add( this); |
|
297 } |
|
298 |
|
299 //complete own request |
|
300 SetActive(); |
|
301 TRequestStatus * status = &iStatus; |
|
302 User::RequestComplete( status, KErrNone); |
|
303 } |
|
304 |
|
305 |
|
306 // ----------------------------------------------------------------------------- |
|
307 // CPolicyProcessor::RunL() |
|
308 // ----------------------------------------------------------------------------- |
|
309 // |
|
310 |
|
311 void CPolicyProcessor::RunL() |
|
312 { |
|
313 RDEBUG("PolicyEngineServer: CPolicyProcessor::RunL"); |
|
314 |
|
315 CPolicyEngineServer::SetActiveSubSession( this); |
|
316 |
|
317 if ( iProcessorState == 0) |
|
318 { |
|
319 //Read request context from client |
|
320 delete iRequestBuffer; |
|
321 iRequestBuffer = NULL; |
|
322 iRequestBuffer = HBufC8::NewL( iMessage->GetDesLength(0)); |
|
323 TPtr8 msg = iRequestBuffer->Des(); |
|
324 iMessage->ReadL(0, msg, 0); |
|
325 TPtrC8 ptr = msg; |
|
326 |
|
327 TBool continueLoop( ETrue); |
|
328 |
|
329 //read msg from client, msg contain request attributes |
|
330 while ( continueLoop ) |
|
331 { |
|
332 TPtrC8 type = NextToken( ptr); |
|
333 RAttributeList * list; |
|
334 |
|
335 //identifie attribute type (subject, action, resource or env) |
|
336 if ( type == _L8("S")) |
|
337 { |
|
338 list = &iSubjects; |
|
339 } |
|
340 else |
|
341 if ( type == _L8("A")) |
|
342 { |
|
343 list = &iActions; |
|
344 } |
|
345 else |
|
346 if ( type == _L8("R")) |
|
347 { |
|
348 list = &iResources; |
|
349 } |
|
350 else |
|
351 if ( type == _L8("E")) |
|
352 { |
|
353 list = &iEnvironments; |
|
354 } |
|
355 else |
|
356 { |
|
357 //no more attributes |
|
358 continueLoop = EFalse; |
|
359 } |
|
360 |
|
361 if ( continueLoop ) |
|
362 { |
|
363 //read attribute id, value and datatype |
|
364 TPtrC8 aAttributeId( NextToken( ptr)); |
|
365 TPtrC8 aAttributeValue( NextToken( ptr)); |
|
366 TPtrC8 aDataType( CPolicyParser::ConvertValues( EXACML, NextToken( ptr))); |
|
367 |
|
368 //types, which contains default values must be converted to native language |
|
369 if ( aDataType == PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType ) |
|
370 { |
|
371 aAttributeValue.Set( CPolicyParser::ConvertValues( EXACML, aAttributeValue)); |
|
372 } |
|
373 |
|
374 CAttribute * attribute = CAttribute::NewL( aAttributeId, |
|
375 aAttributeValue, |
|
376 aDataType); |
|
377 |
|
378 //append attribute to attribute list |
|
379 list->AppendL( attribute); |
|
380 } |
|
381 } |
|
382 |
|
383 iProcessorState++; |
|
384 SetActive(); |
|
385 TRequestStatus * status = &iStatus; |
|
386 User::RequestComplete( status, KErrNone); |
|
387 return; |
|
388 } |
|
389 |
|
390 if ( CPolicyEngineServer::StatusFlags()->iProcessorActive && !CPolicyEngineServer::StatusFlags()->iUiActive ) |
|
391 { |
|
392 //Start new execution only if no other executions active or |
|
393 //if execution is ongoing in state |
|
394 SetActive(); |
|
395 TRequestStatus * status = &iStatus; |
|
396 User::RequestComplete( status, KErrNone); |
|
397 return; |
|
398 } |
|
399 |
|
400 //tell other processors that processor is reserved |
|
401 CPolicyEngineServer::StatusFlags()->iProcessorActive = ETrue; |
|
402 |
|
403 //make request |
|
404 TMatchResponse matchResponse; |
|
405 RDEBUG("PolicyEngineServer: RunL - start request execution"); |
|
406 TRAPD( err, DoRequestExecutionL( matchResponse, EFalse)); |
|
407 RDEBUG("PolicyEngineServer: RunL - stop request execution"); |
|
408 |
|
409 if ( err != KErrNone) |
|
410 { |
|
411 matchResponse = EIndeterminate; |
|
412 } |
|
413 |
|
414 //set default response |
|
415 TResponse response; |
|
416 response.SetResponseValue( EResponseIndeterminate); |
|
417 |
|
418 |
|
419 //convert internal response to external response |
|
420 switch ( matchResponse ) |
|
421 { |
|
422 case EDeny : |
|
423 { |
|
424 RDEBUG("PolicyEngineServer: Request executed - response deny"); |
|
425 response.SetResponseValue( EResponseDeny); |
|
426 break; |
|
427 } |
|
428 case EPermit : |
|
429 { |
|
430 RDEBUG("PolicyEngineServer: Request executed - response permit"); |
|
431 response.SetResponseValue( EResponsePermit); |
|
432 break; |
|
433 } |
|
434 case ENotApplicable : |
|
435 { |
|
436 RDEBUG("PolicyEngineServer: Request executed - response not applicable"); |
|
437 response.SetResponseValue( EResponseNotApplicable); |
|
438 break; |
|
439 } |
|
440 case EIndeterminate : |
|
441 { |
|
442 RDEBUG("PolicyEngineServer: Request executed - response indeterminate"); |
|
443 response.SetResponseValue( EResponseIndeterminate); |
|
444 break; |
|
445 } |
|
446 default: |
|
447 { |
|
448 RDEBUG("PolicyEngineServer: Request executed - response indeterminate"); |
|
449 response.SetResponseValue( EResponseIndeterminate); |
|
450 break; |
|
451 } |
|
452 } |
|
453 |
|
454 //tell other processors that processor is free |
|
455 CPolicyEngineServer::StatusFlags()->iProcessorActive = EFalse; |
|
456 |
|
457 CompleteMessage( KErrNone, response); |
|
458 } |
|
459 |
|
460 // ----------------------------------------------------------------------------- |
|
461 // CPolicyProcessor::DoCancel() |
|
462 // ----------------------------------------------------------------------------- |
|
463 // |
|
464 void CPolicyProcessor::DoCancel() |
|
465 { |
|
466 RunError( KErrAbort); |
|
467 } |
|
468 |
|
469 // ----------------------------------------------------------------------------- |
|
470 // CPolicyProcessor::RunError() |
|
471 // ----------------------------------------------------------------------------- |
|
472 // |
|
473 TInt CPolicyProcessor::RunError( TInt /*aError*/) |
|
474 { |
|
475 TResponse resp; |
|
476 resp.SetResponseValue( EResponseIndeterminate); |
|
477 CompleteMessage( KErrAbort, resp ); |
|
478 |
|
479 return KErrNone; |
|
480 } |
|
481 |
|
482 // ----------------------------------------------------------------------------- |
|
483 // CPolicyProcessor::CompleteMessage() |
|
484 // ----------------------------------------------------------------------------- |
|
485 // |
|
486 void CPolicyProcessor::CompleteMessage( TInt aError, TResponse aResponse) |
|
487 { |
|
488 RDEBUG_2("PolicyEngineServer: CPolicyProcessor::CompleteMessage( %d )", aError ); |
|
489 |
|
490 delete iRequestBuffer; |
|
491 iRequestBuffer = NULL; |
|
492 |
|
493 //write response to msg (to client side) |
|
494 TPckg< TResponse> pack( aResponse); |
|
495 TRAPD( err, iMessage->WriteL(1, pack) ); |
|
496 if( err != KErrNone ) |
|
497 { |
|
498 iMessage->Complete( err ); |
|
499 } |
|
500 else |
|
501 { |
|
502 iMessage->Complete( aError ); |
|
503 } |
|
504 |
|
505 RDEBUG("PolicyEngineServer: CPolicyProcessor::CompleteMessage - end"); |
|
506 } |
|
507 |
|
508 |
|
509 // ----------------------------------------------------------------------------- |
|
510 // CPolicyProcessor::DoRequestExecutionL() |
|
511 // ----------------------------------------------------------------------------- |
|
512 // |
|
513 void CPolicyProcessor::DoRequestExecutionL( TMatchResponse &aResponse, TBool iUseEditableElements) |
|
514 { |
|
515 RDEBUG("PolicyEngineServer: CPolicyProcessor::DoRequestExecutionL"); |
|
516 |
|
517 |
|
518 |
|
519 //get root element, execution starts from root |
|
520 CElementBase * rootElement = 0; |
|
521 |
|
522 if ( iUseEditableElements ) |
|
523 { |
|
524 rootElement = CPolicyStorage::PolicyStorage()->GetEditableElementL( PolicyLanguage::Constants::RootElement); |
|
525 } |
|
526 else |
|
527 { |
|
528 rootElement = CPolicyStorage::PolicyStorage()->GetElementL( PolicyLanguage::Constants::RootElement); |
|
529 } |
|
530 |
|
531 aResponse = EIndeterminate; |
|
532 |
|
533 //if root found |
|
534 if ( rootElement ) |
|
535 { |
|
536 //reserve element from storage and check match to root policy |
|
537 TElementReserver rootReserver( rootElement); |
|
538 aResponse = rootElement->MatchL( this); |
|
539 rootReserver.Release(); |
|
540 //execution runs recursive inside MatchL-function to correct branches and elements in policy system |
|
541 //response is result of many element combination |
|
542 RDEBUG("PolicyEngineServer: DoRequestExecutionL - Match evaluated"); |
|
543 } |
|
544 |
|
545 RDEBUG("PolicyEngineServer: CPolicyProcessor::DoRequestExecutionL - end"); |
|
546 } |
|
547 |
|
548 // ----------------------------------------------------------------------------- |
|
549 // CPolicyProcessor::FunctionL() |
|
550 // ----------------------------------------------------------------------------- |
|
551 // |
|
552 void CPolicyProcessor::FunctionL( const TDesC8 &aFunctionId, RParameterList& aParams, CAttributeValue* aResponseElement) |
|
553 { |
|
554 RDEBUG("PolicyEngineServer: CPolicyProcessor::FunctionL"); |
|
555 |
|
556 //executes correct function call |
|
557 if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionAnd) |
|
558 { |
|
559 RDEBUG("PolicyEngineServer: AND-function start"); |
|
560 AndFunctionL( aParams, aResponseElement); |
|
561 RDEBUG("PolicyEngineServer: AND-function end"); |
|
562 } |
|
563 else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionOr) |
|
564 { |
|
565 RDEBUG("PolicyEngineServer: OR-function start"); |
|
566 OrFunctionL( aParams, aResponseElement); |
|
567 RDEBUG("PolicyEngineServer: OR-function end"); |
|
568 } |
|
569 else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionNot) |
|
570 { |
|
571 RDEBUG("PolicyEngineServer: NOT-function start"); |
|
572 NotFunctionL( aParams, aResponseElement); |
|
573 RDEBUG("PolicyEngineServer: NOT-function end"); |
|
574 } |
|
575 else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionRuleTargetStructure) |
|
576 { |
|
577 RDEBUG("PolicyEngineServer: Rule target structure-function start"); |
|
578 RuleTargetStructureFunctionL( aParams, aResponseElement); |
|
579 RDEBUG("PolicyEngineServer: Rule target structure-function end"); |
|
580 } |
|
581 else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionUserAcceptCorpPolicy) |
|
582 { |
|
583 RDEBUG("PolicyEngineServer: User accept corporate-function start"); |
|
584 CorporateUserAcceptFunctionL( aParams, aResponseElement); |
|
585 RDEBUG("PolicyEngineServer: User accept corporate-function end"); |
|
586 } |
|
587 else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionCertificatedSession) |
|
588 { |
|
589 RDEBUG("PolicyEngineServer: Certificate for session-function start"); |
|
590 CertificateForSessionL( aResponseElement); |
|
591 RDEBUG("PolicyEngineServer: Certificate for session-function end"); |
|
592 } |
|
593 else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionStringEqualId || |
|
594 aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionBooleanEqualId) |
|
595 { |
|
596 RDEBUG("PolicyEngineServer: Equal-function start"); |
|
597 EqualFunctionsL( aParams, aResponseElement); |
|
598 RDEBUG("PolicyEngineServer: Equal-function end"); |
|
599 } |
|
600 else |
|
601 { |
|
602 RDEBUG("PolicyEngineServer: Function is not allowed!"); |
|
603 HandleErrorL( RequestErrors::FunctionIsNotAllowed); |
|
604 } |
|
605 } |
|
606 |
|
607 // ----------------------------------------------------------------------------- |
|
608 // CPolicyProcessor::BooleanFunction() |
|
609 // ----------------------------------------------------------------------------- |
|
610 // |
|
611 |
|
612 TBool CPolicyProcessor::MatchFunctionL( const TDesC8 &aFunctionId, CDataType * data1, CDataType * data2) |
|
613 { |
|
614 RDEBUG("PolicyEngineServer: CPolicyProcessor::MatchFunctionL"); |
|
615 |
|
616 //data1 is policy context value |
|
617 //data2 is request context value |
|
618 |
|
619 TBool retVal(EFalse); |
|
620 |
|
621 //execute function |
|
622 if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionStringEqualId || |
|
623 aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionBooleanEqualId ) |
|
624 { |
|
625 TInt value = data1->Compare( data2); |
|
626 retVal = ( 0 == value); |
|
627 } |
|
628 else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::TrustedSubjectMatch) |
|
629 { |
|
630 //compare trusted subjects... |
|
631 retVal = iTrustedSession->CertMatchL( data1->Value(), data2->Value(), iUseEditedElements); |
|
632 } |
|
633 else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::TrustedRoleMatch) |
|
634 { |
|
635 //compare roles and subjects... |
|
636 retVal = iTrustedSession->RoleMatchL( data2->Value(), data1->Value(), iUseEditedElements); |
|
637 } |
|
638 else |
|
639 { |
|
640 User::Panic(PolicyParserPanic, KErrCorrupt); |
|
641 } |
|
642 |
|
643 |
|
644 |
|
645 return retVal; |
|
646 } |
|
647 |
|
648 // ----------------------------------------------------------------------------- |
|
649 // CPolicyProcessor::Subjects() |
|
650 // ----------------------------------------------------------------------------- |
|
651 // |
|
652 CPolicyProcessor::RAttributeList * CPolicyProcessor::Subjects() |
|
653 { |
|
654 return &iSubjects; |
|
655 } |
|
656 |
|
657 // ----------------------------------------------------------------------------- |
|
658 // CPolicyProcessor::Actions() |
|
659 // ----------------------------------------------------------------------------- |
|
660 // |
|
661 CPolicyProcessor::RAttributeList * CPolicyProcessor::Actions() |
|
662 { |
|
663 return &iActions; |
|
664 } |
|
665 |
|
666 // ----------------------------------------------------------------------------- |
|
667 // CPolicyProcessor::Resources() |
|
668 // ----------------------------------------------------------------------------- |
|
669 // |
|
670 CPolicyProcessor::RAttributeList * CPolicyProcessor::Resources() |
|
671 { |
|
672 return &iResources; |
|
673 } |
|
674 |
|
675 // ----------------------------------------------------------------------------- |
|
676 // CPolicyProcessor::Environments() |
|
677 // ----------------------------------------------------------------------------- |
|
678 // |
|
679 CPolicyProcessor::RAttributeList * CPolicyProcessor::Environments() |
|
680 { |
|
681 return &iEnvironments; |
|
682 } |
|
683 |
|
684 // ----------------------------------------------------------------------------- |
|
685 // CPolicyProcessor::SetTargetElement() |
|
686 // ----------------------------------------------------------------------------- |
|
687 // |
|
688 |
|
689 void CPolicyProcessor::SetTargetElement( CElementBase * aElement) |
|
690 { |
|
691 iManagementTargetPolicy = aElement; |
|
692 } |
|
693 |
|
694 // ----------------------------------------------------------------------------- |
|
695 // CPolicyProcessor::SetSessionTrust() |
|
696 // ----------------------------------------------------------------------------- |
|
697 // |
|
698 |
|
699 void CPolicyProcessor::SetSessionTrust( CTrustedSession * aTrustedSession) |
|
700 { |
|
701 iTrustedSession = aTrustedSession; |
|
702 } |
|
703 |
|
704 |
|
705 // ----------------------------------------------------------------------------- |
|
706 // CPolicyProcessor::MakeBooleanResponseL() |
|
707 // ----------------------------------------------------------------------------- |
|
708 // |
|
709 |
|
710 |
|
711 void CPolicyProcessor::MakeBooleanResponseL( const TBool aValue, CAttributeValue* aResponseElement ) |
|
712 { |
|
713 if ( aValue ) |
|
714 { |
|
715 RDEBUG("PolicyEngineServer: Boolean response TRUE"); |
|
716 aResponseElement->SetDataL( PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue, |
|
717 PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType); |
|
718 } |
|
719 else |
|
720 { |
|
721 RDEBUG("PolicyEngineServer: Boolean response FALSE"); |
|
722 aResponseElement->SetDataL( PolicyLanguage::NativeLanguage::AttributeValues::BooleanFalse, |
|
723 PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType); |
|
724 } |
|
725 } |
|
726 |
|
727 |
|
728 // ----------------------------------------------------------------------------- |
|
729 // CPolicyProcessor::CorporateUserAcceptFunctionL() |
|
730 // ----------------------------------------------------------------------------- |
|
731 // |
|
732 |
|
733 void CPolicyProcessor::CorporateUserAcceptFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) |
|
734 { |
|
735 RDEBUG("PolicyEngineServer: CPolicyProcessor::CorporateUserAcceptFunctionL"); |
|
736 |
|
737 if ( !aParams.Count()) |
|
738 { |
|
739 HandleErrorL( RequestErrors::FunctionIsNotAllowed); |
|
740 } |
|
741 |
|
742 //Get trusted subject |
|
743 CAttributeValue * attributeValue = aParams[0]; |
|
744 TDesC8& trustedSubject = attributeValue->Data()->Value(); |
|
745 |
|
746 //resolve name and fingerprint |
|
747 const TDesC8& name = iTrustedSession->CommonNameForSubjectL( trustedSubject, iUseEditedElements); |
|
748 const TDesC8& fingerPrint = iTrustedSession->FingerPrintForSubjectL( trustedSubject, iUseEditedElements); |
|
749 |
|
750 TUserResponse response = EUserDeny; |
|
751 |
|
752 if ( name.Length() && fingerPrint.Length()) |
|
753 { |
|
754 //create notifier |
|
755 RNotifier notifier; |
|
756 CleanupClosePushL( notifier); |
|
757 User::LeaveIfError( notifier.Connect() ); |
|
758 |
|
759 //create parameter descriptor |
|
760 TBuf8<100> responseBuf; |
|
761 HBufC8 * data = HBufC8::NewLC( name.Length() + fingerPrint.Length() + 1); |
|
762 TPtr8 ptr = data->Des(); |
|
763 ptr.Append(name); |
|
764 ptr.Append(KDelimeterChar); |
|
765 ptr.Append(fingerPrint.Left(4)); |
|
766 |
|
767 //create CAsyncHandler to Auto start/stop CActiveScheduler |
|
768 CASyncHandler * async = CASyncHandler::NewLC(); |
|
769 notifier.StartNotifierAndGetResponse( async->GetRequestStatus(), KUidPolicyEngineUi, ptr, responseBuf); |
|
770 |
|
771 //Start CActiveScheduler and execute stop when request is completed |
|
772 async->WaitForRequest(); |
|
773 CPolicyEngineServer::SetActiveSubSession( this); |
|
774 |
|
775 |
|
776 if ( async->GetRequestStatus() > 0) //request pending... |
|
777 { |
|
778 notifier.CancelNotifier( KUidPolicyEngineUi); |
|
779 } |
|
780 else |
|
781 { |
|
782 //Check response |
|
783 if ( responseBuf == KUserAcceptMark) |
|
784 { |
|
785 RDEBUG("PolicyEngineServer: CPolicyProcessor user accept corporate policy!"); |
|
786 response = EUserAccept; |
|
787 } |
|
788 } |
|
789 |
|
790 CleanupStack::PopAndDestroy( 3, ¬ifier); //notifier, data, CASyncHandler |
|
791 |
|
792 |
|
793 } |
|
794 |
|
795 MakeBooleanResponseL( response == EUserAccept, aResponseElement); |
|
796 } |
|
797 |
|
798 // ----------------------------------------------------------------------------- |
|
799 // CPolicyProcessor::OrFunctionL() |
|
800 // ----------------------------------------------------------------------------- |
|
801 // |
|
802 void CPolicyProcessor::OrFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) |
|
803 { |
|
804 TBool valueTrue = EFalse; |
|
805 for ( TInt i(0); i < aParams.Count(); i++) |
|
806 { |
|
807 CAttributeValue * attribute = aParams[i]; |
|
808 __ASSERT_ALWAYS ( attribute, User::Panic(PolicyParserPanic, KErrCorrupt)); |
|
809 |
|
810 |
|
811 if ( attribute->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType) |
|
812 { |
|
813 HandleErrorL( ParserErrors::IncombatibleDataType); |
|
814 } |
|
815 |
|
816 if ( attribute->Data()->Value() == PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue ) |
|
817 { |
|
818 valueTrue = ETrue; |
|
819 break; |
|
820 } |
|
821 } |
|
822 |
|
823 MakeBooleanResponseL( valueTrue, aResponseElement); |
|
824 } |
|
825 |
|
826 // ----------------------------------------------------------------------------- |
|
827 // CPolicyProcessor::EqualFunctionsL() |
|
828 // ----------------------------------------------------------------------------- |
|
829 // |
|
830 void CPolicyProcessor::EqualFunctionsL( const RParameterList& aParams, CAttributeValue* aResponseElement ) |
|
831 { |
|
832 TInt count = aParams.Count(); |
|
833 if( count <= 1 ) |
|
834 { |
|
835 MakeBooleanResponseL( EFalse, aResponseElement ); |
|
836 } |
|
837 else |
|
838 { |
|
839 __ASSERT_ALWAYS ( aParams.Count() == 2, User::Panic(PolicyParserPanic, KErrCorrupt)); |
|
840 |
|
841 CAttributeValue * value1 = aParams[0]; |
|
842 CAttributeValue * value2 = aParams[1]; |
|
843 __ASSERT_ALWAYS ( value1, User::Panic(PolicyParserPanic, KErrCorrupt)); |
|
844 __ASSERT_ALWAYS ( value2, User::Panic(PolicyParserPanic, KErrCorrupt)); |
|
845 |
|
846 TInt value = value1->Data()->Compare( value2->Data()); |
|
847 |
|
848 MakeBooleanResponseL( 0 == value, aResponseElement ); |
|
849 } |
|
850 } |
|
851 |
|
852 |
|
853 |
|
854 // ----------------------------------------------------------------------------- |
|
855 // CPolicyProcessor::AndFunctionL() |
|
856 // ----------------------------------------------------------------------------- |
|
857 // |
|
858 void CPolicyProcessor::AndFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) |
|
859 { |
|
860 TBool valueTrue = ETrue; |
|
861 for ( TInt i(0); i < aParams.Count(); i++) |
|
862 { |
|
863 CAttributeValue * attribute = aParams[i]; |
|
864 __ASSERT_ALWAYS ( attribute, User::Panic(PolicyParserPanic, KErrCorrupt)); |
|
865 |
|
866 if ( attribute->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType) |
|
867 { |
|
868 HandleErrorL( ParserErrors::IncombatibleDataType); |
|
869 } |
|
870 |
|
871 if ( attribute->Data()->Value() != PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue ) |
|
872 { |
|
873 valueTrue = EFalse; |
|
874 break; |
|
875 } |
|
876 } |
|
877 |
|
878 MakeBooleanResponseL( valueTrue, aResponseElement); |
|
879 |
|
880 } |
|
881 |
|
882 // ----------------------------------------------------------------------------- |
|
883 // CPolicyProcessor::NotFunctionL() |
|
884 // ----------------------------------------------------------------------------- |
|
885 // |
|
886 void CPolicyProcessor::NotFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) |
|
887 { |
|
888 if ( aParams.Count() != 1) |
|
889 { |
|
890 HandleErrorL( ParserErrors::IncombatibleParameters); |
|
891 } |
|
892 |
|
893 CAttributeValue * attribute = aParams[0]; |
|
894 __ASSERT_ALWAYS ( attribute, User::Panic(PolicyParserPanic, KErrCorrupt)); |
|
895 |
|
896 |
|
897 if ( attribute->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType) |
|
898 { |
|
899 HandleErrorL( ParserErrors::IncombatibleDataType); |
|
900 } |
|
901 |
|
902 MakeBooleanResponseL( aParams[0]->Data()->Value() != PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue, aResponseElement); |
|
903 |
|
904 } |
|
905 |
|
906 // ----------------------------------------------------------------------------- |
|
907 // CPolicyProcessor::RuleTargetStructureFunctionL() |
|
908 // ----------------------------------------------------------------------------- |
|
909 // |
|
910 void CPolicyProcessor::RuleTargetStructureFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) |
|
911 { |
|
912 //We expect that param count is 3n... |
|
913 if ( (aParams.Count() % 3) != 0) |
|
914 { |
|
915 HandleErrorL( ParserErrors::IncombatibleParameters); |
|
916 } |
|
917 |
|
918 if ( !iManagementTargetPolicy ) |
|
919 { |
|
920 HandleErrorL( RequestErrors::FunctionIsNotAllowed); |
|
921 } |
|
922 |
|
923 TBool validRule = EFalse; |
|
924 |
|
925 //this operation is only valid for rules |
|
926 if ( iManagementTargetPolicy->ElementType() == ERule ) |
|
927 { |
|
928 CRule * rule = (CRule*)iManagementTargetPolicy; |
|
929 CTarget * target = rule->GetTarget(); |
|
930 __ASSERT_ALWAYS ( target, User::Panic(PolicyParserPanic, KErrCorrupt)); |
|
931 |
|
932 for ( TInt i = 0; i < aParams.Count(); i++) |
|
933 { |
|
934 if ( aParams[i]->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::StringDataType) |
|
935 { |
|
936 HandleErrorL( ParserErrors::IncombatibleDataType); |
|
937 } |
|
938 } |
|
939 |
|
940 //get subject/actions/resource/environment and compare their match content to parameters |
|
941 RMatchObjectArray container; |
|
942 CleanupClosePushL( container); |
|
943 target->GetMatchContainersL( container); |
|
944 |
|
945 validRule = ETrue; |
|
946 |
|
947 //read one subject/action/resource/environment group at time |
|
948 for ( TInt i = 0; i < aParams.Count() / 3 && validRule; i++) |
|
949 { |
|
950 validRule = EFalse; |
|
951 for ( TInt j = 0; j < container.Count() && !validRule; j++) |
|
952 { |
|
953 validRule = container[j]->CheckMatchObject( aParams[ i*3]->Data()->Value(), |
|
954 aParams[ (i*3)+1]->Data()->Value(), |
|
955 aParams[ (i*3)+2]->Data()->Value()); |
|
956 } |
|
957 } |
|
958 |
|
959 CleanupStack::PopAndDestroy( &container); |
|
960 } |
|
961 |
|
962 MakeBooleanResponseL( validRule, aResponseElement); |
|
963 } |
|
964 |
|
965 // ----------------------------------------------------------------------------- |
|
966 // CPolicyProcessor::CertificateForSessionL() |
|
967 // ----------------------------------------------------------------------------- |
|
968 // |
|
969 |
|
970 void CPolicyProcessor::CertificateForSessionL( CAttributeValue* aResponseElement ) |
|
971 { |
|
972 |
|
973 if ( !iTrustedSession) |
|
974 { |
|
975 HandleErrorL( RequestErrors::FunctionIsNotAllowed); |
|
976 } |
|
977 |
|
978 MakeBooleanResponseL( iTrustedSession->CertificatedSession(), aResponseElement); |
|
979 } |
|
980 |
|
981 |
|
982 |
|
983 // ----------------------------------------------------------------------------- |
|
984 // TCombiningAlgorith::TCombiningAlgorith() |
|
985 // ----------------------------------------------------------------------------- |
|
986 // |
|
987 TCombiningAlgorith::TCombiningAlgorith( const TDesC8 &aAlgorithId) |
|
988 { |
|
989 //set properties |
|
990 iResultReady = iAtLeastOneError = iPotentialDeny = EFalse; |
|
991 iPotentialPermit = iAtLeastOneDeny = iAtLeastOnePermit = EFalse; |
|
992 |
|
993 //set algorithm specific properties.... |
|
994 if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::RuleDenyOverrides) |
|
995 { |
|
996 iAlgorithm = ERuleDenyOverrides; |
|
997 iCurrentResponse = ENotApplicable; |
|
998 } |
|
999 else |
|
1000 if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::PolicyDenyOverrides) |
|
1001 { |
|
1002 iAlgorithm = EPolicyDenyOverrides; |
|
1003 iCurrentResponse = ENotApplicable; |
|
1004 } |
|
1005 else |
|
1006 if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::RulePermitOverrides) |
|
1007 { |
|
1008 iAlgorithm = ERulePermitOverrides; |
|
1009 iCurrentResponse = ENotApplicable; |
|
1010 } |
|
1011 else |
|
1012 if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::PolicyPermitOverrides) |
|
1013 { |
|
1014 iAlgorithm = EPolicyPermitOverrides; |
|
1015 iCurrentResponse = ENotApplicable; |
|
1016 } |
|
1017 |
|
1018 |
|
1019 iResultReady = EFalse; |
|
1020 } |
|
1021 |
|
1022 // ----------------------------------------------------------------------------- |
|
1023 // TCombiningAlgorith::AddInput() |
|
1024 // ----------------------------------------------------------------------------- |
|
1025 // |
|
1026 |
|
1027 TBool TCombiningAlgorith::AddInput( const TMatchResponse& aInput, const TMatchResponse& aEffect) |
|
1028 { |
|
1029 //for rule algorithms, also "aEffect" has effect to result |
|
1030 |
|
1031 //if result is ready return it... |
|
1032 if ( iResultReady ) |
|
1033 { |
|
1034 return iResultReady; |
|
1035 } |
|
1036 |
|
1037 //select algorithm... |
|
1038 switch ( iAlgorithm) |
|
1039 { |
|
1040 case ERuleDenyOverrides: |
|
1041 { |
|
1042 //algorithm specific handling.... |
|
1043 if ( aInput == EDeny ) |
|
1044 { |
|
1045 iCurrentResponse = EDeny; |
|
1046 iResultReady = ETrue; |
|
1047 } |
|
1048 else if ( aInput == EIndeterminate) |
|
1049 { |
|
1050 iAtLeastOneError = ETrue; |
|
1051 if ( aEffect == EDeny ) |
|
1052 { |
|
1053 iPotentialDeny = ETrue; |
|
1054 } |
|
1055 } |
|
1056 else if ( aInput == EPermit) |
|
1057 { |
|
1058 iAtLeastOnePermit = ETrue; |
|
1059 } |
|
1060 } |
|
1061 break; |
|
1062 case ERulePermitOverrides: |
|
1063 { |
|
1064 //algorithm specific handling.... |
|
1065 if ( aInput == EPermit ) |
|
1066 { |
|
1067 iCurrentResponse = EPermit; |
|
1068 iResultReady = ETrue; |
|
1069 } |
|
1070 else if ( aInput == EIndeterminate) |
|
1071 { |
|
1072 iAtLeastOneError = ETrue; |
|
1073 if ( aEffect == EPermit ) |
|
1074 { |
|
1075 iPotentialPermit = ETrue; |
|
1076 } |
|
1077 } |
|
1078 else if ( aInput == EDeny) |
|
1079 { |
|
1080 iAtLeastOneDeny = ETrue; |
|
1081 } |
|
1082 } |
|
1083 } |
|
1084 |
|
1085 return iResultReady; |
|
1086 } |
|
1087 |
|
1088 // ----------------------------------------------------------------------------- |
|
1089 // TCombiningAlgorith::AddInput() |
|
1090 // ----------------------------------------------------------------------------- |
|
1091 // |
|
1092 |
|
1093 TBool TCombiningAlgorith::AddInput( const TMatchResponse& aInput) |
|
1094 { |
|
1095 //for policy algorithms |
|
1096 |
|
1097 //if result is ready return it... |
|
1098 if ( iResultReady ) |
|
1099 { |
|
1100 return iResultReady; |
|
1101 } |
|
1102 |
|
1103 switch ( iAlgorithm) |
|
1104 { |
|
1105 case EPolicyDenyOverrides: |
|
1106 { |
|
1107 //algorithm specific handling.... |
|
1108 if ( aInput == EDeny || aInput == EIndeterminate) |
|
1109 { |
|
1110 iCurrentResponse = EDeny; |
|
1111 iResultReady = ETrue; |
|
1112 } |
|
1113 else if ( aInput == EPermit) |
|
1114 { |
|
1115 iAtLeastOnePermit = ETrue; |
|
1116 } |
|
1117 } |
|
1118 break; |
|
1119 case EPolicyPermitOverrides: |
|
1120 { |
|
1121 //algorithm specific handling.... |
|
1122 if ( aInput == EPermit ) |
|
1123 { |
|
1124 iCurrentResponse = EPermit; |
|
1125 iResultReady = ETrue; |
|
1126 } |
|
1127 else if ( aInput == EDeny) |
|
1128 { |
|
1129 iAtLeastOneDeny = ETrue; |
|
1130 } |
|
1131 else if ( aInput == EIndeterminate) |
|
1132 { |
|
1133 iAtLeastOneError = ETrue; |
|
1134 } |
|
1135 } |
|
1136 break; |
|
1137 } |
|
1138 |
|
1139 return iResultReady; |
|
1140 } |
|
1141 |
|
1142 // ----------------------------------------------------------------------------- |
|
1143 // TCombiningAlgorith::ResultReady() |
|
1144 // ----------------------------------------------------------------------------- |
|
1145 // |
|
1146 |
|
1147 TBool TCombiningAlgorith::ResultReady() |
|
1148 { |
|
1149 return iResultReady; |
|
1150 } |
|
1151 |
|
1152 // ----------------------------------------------------------------------------- |
|
1153 // TCombiningAlgorith::Result() |
|
1154 // ----------------------------------------------------------------------------- |
|
1155 // |
|
1156 |
|
1157 TMatchResponse TCombiningAlgorith::Result() |
|
1158 { |
|
1159 //default... |
|
1160 TMatchResponse response( ENotApplicable); |
|
1161 |
|
1162 if ( !iResultReady) |
|
1163 { |
|
1164 //if result is not ready |
|
1165 switch ( iAlgorithm) |
|
1166 { |
|
1167 case ERuleDenyOverrides: |
|
1168 { |
|
1169 //algorithm specific handling.... |
|
1170 if ( iPotentialDeny ) response = EIndeterminate; else |
|
1171 if ( iAtLeastOnePermit ) response = EPermit; else |
|
1172 if ( iAtLeastOneError ) response = EIndeterminate; |
|
1173 } |
|
1174 break; |
|
1175 case ERulePermitOverrides: |
|
1176 { |
|
1177 //algorithm specific handling.... |
|
1178 if ( iPotentialPermit ) response = EIndeterminate; else |
|
1179 if ( iAtLeastOneDeny ) response = EDeny; else |
|
1180 if ( iAtLeastOneError ) response = EIndeterminate; |
|
1181 } |
|
1182 break; |
|
1183 case EPolicyDenyOverrides: |
|
1184 { |
|
1185 //algorithm specific handling.... |
|
1186 if ( iAtLeastOnePermit ) response = EPermit; |
|
1187 } |
|
1188 break; |
|
1189 case EPolicyPermitOverrides: |
|
1190 { |
|
1191 //algorithm specific handling.... |
|
1192 if ( iAtLeastOneDeny ) response = EDeny; else |
|
1193 if ( iAtLeastOneError ) response = EIndeterminate; |
|
1194 } |
|
1195 break; |
|
1196 } |
|
1197 |
|
1198 iCurrentResponse = response; |
|
1199 iResultReady = ETrue; |
|
1200 |
|
1201 } |
|
1202 else |
|
1203 { |
|
1204 //and if result is ready return it |
|
1205 response = iCurrentResponse; |
|
1206 } |
|
1207 |
|
1208 #ifdef _DEBUG |
|
1209 switch ( response) |
|
1210 { |
|
1211 case EDeny: |
|
1212 RDEBUG("PolicyEngineServer: DENY"); |
|
1213 break; |
|
1214 case EPermit: |
|
1215 RDEBUG("PolicyEngineServer: PERMIT"); |
|
1216 break; |
|
1217 case EIndeterminate: |
|
1218 RDEBUG("PolicyEngineServer: INDETERMINATE"); |
|
1219 break; |
|
1220 default: |
|
1221 RDEBUG("PolicyEngineServer: NOT APPLICABLE"); |
|
1222 break; |
|
1223 }; |
|
1224 #endif |
|
1225 |
|
1226 return response; |
|
1227 } |
|
1228 |