|
1 /* |
|
2 * Copyright (c) 2002-2004 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: Implementation of terminalsecurity components |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 // INCLUDE FILES |
|
20 |
|
21 #include "TcTrustedSession.h" |
|
22 #include "TcFileScan.h" |
|
23 #include "TerminalControlClientServer.h" |
|
24 #include <DMCert.h> |
|
25 #include <SettingEnforcementInfo.h> |
|
26 #include <PolicyEngineXACML.h> |
|
27 #include "debug.h" |
|
28 #include <featmgr.h> |
|
29 // EXTERNAL DATA STRUCTURES |
|
30 // EXTERNAL FUNCTION PROTOTYPES |
|
31 // CONSTANTS |
|
32 // MACROS |
|
33 |
|
34 |
|
35 // LOCAL CONSTANTS AND MACROS |
|
36 // MODULE DATA STRUCTURES |
|
37 // LOCAL FUNCTION PROTOTYPES |
|
38 |
|
39 // ==================== LOCAL FUNCTIONS ==================== |
|
40 |
|
41 // ================= MEMBER FUNCTIONS ======================= |
|
42 |
|
43 // ----------------------------------------------------------------------------- |
|
44 // CTcTrustedSession::~CTcTrustedSession |
|
45 // ----------------------------------------------------------------------------- |
|
46 CTcTrustedSession::~CTcTrustedSession() |
|
47 { |
|
48 RDEBUG("TerminalControl: CTcTrustedSession::~CTcTrustedSession"); |
|
49 |
|
50 if( iFileScan != 0 ) |
|
51 { |
|
52 delete iFileScan; |
|
53 } |
|
54 |
|
55 delete iProcessList; |
|
56 delete iProcessData; |
|
57 |
|
58 iPR.Close(); |
|
59 iPE.Close(); |
|
60 } |
|
61 |
|
62 // ----------------------------------------------------------------------------- |
|
63 // CTcTrustedSession::ConstructL() |
|
64 // ----------------------------------------------------------------------------- |
|
65 void CTcTrustedSession::ConstructL(TSecureId &aSID, TCertInfo &aCert) |
|
66 { |
|
67 RDEBUG("TerminalControl: CTcTrustedSession::ConstructL 1"); |
|
68 |
|
69 DoConstructL(); |
|
70 |
|
71 SetCertificate( aCert ); |
|
72 |
|
73 iSecureId = aSID; |
|
74 UpdateAccessLevelL(); |
|
75 } |
|
76 |
|
77 // ----------------------------------------------------------------------------- |
|
78 // CTcTrustedSession::ConstructL() |
|
79 // ----------------------------------------------------------------------------- |
|
80 void CTcTrustedSession::ConstructL(TSecureId &aSID) |
|
81 { |
|
82 RDEBUG("TerminalControl: CTcTrustedSession::ConstructL 2"); |
|
83 |
|
84 DoConstructL(); |
|
85 |
|
86 iHasCertificate = EFalse; |
|
87 iSecureId = aSID; |
|
88 UpdateAccessLevelL(); |
|
89 } |
|
90 |
|
91 // ----------------------------------------------------------------------------- |
|
92 // CTcTrustedSession::DoConstructL() |
|
93 // ----------------------------------------------------------------------------- |
|
94 void CTcTrustedSession::DoConstructL() |
|
95 { |
|
96 RDEBUG("TerminalControl: CTcTrustedSession::DoConstructL"); |
|
97 |
|
98 User::LeaveIfError( iPE.Connect() ); |
|
99 User::LeaveIfError( iPR.Open( iPE ) ); |
|
100 |
|
101 iAccessLevel = CTcTrustedSession::EAccessLevelNone; |
|
102 iProcessList = 0; |
|
103 iProcessData = 0; |
|
104 iFileScan = 0; |
|
105 iRebootRequested = EFalse; |
|
106 iWipeRequested = EFalse; |
|
107 } |
|
108 |
|
109 // ----------------------------------------------------------------------------- |
|
110 // CTcTrustedSession::NewL() |
|
111 // ----------------------------------------------------------------------------- |
|
112 CTcTrustedSession * CTcTrustedSession::NewL(TSecureId &aSID, TCertInfo &aCert) |
|
113 { |
|
114 RDEBUG("TerminalControl: CTcTrustedSession::NewL"); |
|
115 |
|
116 CTcTrustedSession * self = new(ELeave) CTcTrustedSession(); |
|
117 CleanupStack::PushL( self ); |
|
118 |
|
119 self->ConstructL( aSID, aCert ); |
|
120 |
|
121 CleanupStack::Pop( self ); |
|
122 return self; |
|
123 } |
|
124 |
|
125 // ----------------------------------------------------------------------------- |
|
126 // CTcTrustedSession::NewL() |
|
127 // ----------------------------------------------------------------------------- |
|
128 CTcTrustedSession * CTcTrustedSession::NewL(TSecureId &aSID) |
|
129 { |
|
130 RDEBUG("TerminalControl: CTcTrustedSession::NewL"); |
|
131 |
|
132 CTcTrustedSession * self = new(ELeave) CTcTrustedSession(); |
|
133 CleanupStack::PushL( self ); |
|
134 |
|
135 self->ConstructL( aSID ); |
|
136 |
|
137 CleanupStack::Pop( self ); |
|
138 return self; |
|
139 } |
|
140 |
|
141 // ----------------------------------------------------------------------------- |
|
142 // CTcTrustedSession::SetAccessLevel() |
|
143 // ----------------------------------------------------------------------------- |
|
144 void CTcTrustedSession::SetAccessLevel( TInt aAccessLevel ) |
|
145 { |
|
146 RDEBUG_2("TerminalControl: CTcTrustedSession::SetAccessLevel: %d", (TInt)aAccessLevel); |
|
147 |
|
148 iAccessLevel = aAccessLevel; |
|
149 } |
|
150 |
|
151 // ----------------------------------------------------------------------------- |
|
152 // CTcTrustedSession::Certificate() |
|
153 // ----------------------------------------------------------------------------- |
|
154 TInt CTcTrustedSession::Certificate( TCertInfo& aCertInfo ) |
|
155 { |
|
156 RDEBUG("TerminalControl: CTcTrustedSession::Certificate"); |
|
157 |
|
158 if( iHasCertificate ) |
|
159 { |
|
160 TPckg<TCertInfo> certp1( aCertInfo ); |
|
161 TPckg<TCertInfo> certp2( iCertificate ); |
|
162 certp1.Copy( certp2 ); |
|
163 return KErrNone; |
|
164 } |
|
165 else |
|
166 { |
|
167 return KErrNotFound; |
|
168 } |
|
169 } |
|
170 |
|
171 // ----------------------------------------------------------------------------- |
|
172 // CTcTrustedSession::SetCertificate() |
|
173 // ----------------------------------------------------------------------------- |
|
174 void CTcTrustedSession::SetCertificate( TCertInfo& aCertInfo ) |
|
175 { |
|
176 RDEBUG("TerminalControl: CTcTrustedSession::SetCertificate"); |
|
177 |
|
178 TPckg<TCertInfo> certp1( aCertInfo ); |
|
179 TPckg<TCertInfo> certp2( iCertificate ); |
|
180 certp2.Copy( certp1 ); |
|
181 |
|
182 iHasCertificate = ETrue; |
|
183 } |
|
184 |
|
185 // ----------------------------------------------------------------------------- |
|
186 // CTcTrustedSession::SecureId() |
|
187 // ----------------------------------------------------------------------------- |
|
188 TSecureId CTcTrustedSession::SecureId( ) |
|
189 { |
|
190 RDEBUG("TerminalControl: CTcTrustedSession::SecureId"); |
|
191 |
|
192 return iSecureId; |
|
193 } |
|
194 |
|
195 // ----------------------------------------------------------------------------- |
|
196 // CTcTrustedSession::AccessLevel() |
|
197 // ----------------------------------------------------------------------------- |
|
198 TInt CTcTrustedSession::AccessLevel() |
|
199 { |
|
200 RDEBUG("TerminalControl: CTcTrustedSession::AccessLevel"); |
|
201 |
|
202 return iAccessLevel; |
|
203 } |
|
204 |
|
205 // ----------------------------------------------------------------------------- |
|
206 // CTcTrustedSession::FileScanL() |
|
207 // ----------------------------------------------------------------------------- |
|
208 TInt CTcTrustedSession::FileScanL(const TDesC8 &aFileName, TBool aRecursive) |
|
209 { |
|
210 RDEBUG("TerminalControl: CTcTrustedSession::FileScanL"); |
|
211 |
|
212 if( iFileScan == 0 ) |
|
213 { |
|
214 iFileScan = CTcFileScan::NewL(); //new (ELeave) CTcFileScan(); |
|
215 } |
|
216 |
|
217 iFileScan->FileScanL( aFileName, aRecursive ); |
|
218 |
|
219 return KErrNone; |
|
220 } |
|
221 |
|
222 // ----------------------------------------------------------------------------- |
|
223 // CTcTrustedSession::FileScanResultsL() |
|
224 // ----------------------------------------------------------------------------- |
|
225 HBufC8* CTcTrustedSession::FileScanResultsL() |
|
226 { |
|
227 RDEBUG("TerminalControl: CTcTrustedSession::FileScanResultsL"); |
|
228 |
|
229 if( iFileScan == 0 ) |
|
230 { |
|
231 return 0; |
|
232 } |
|
233 |
|
234 return iFileScan->GetCopyOfResultsL(); |
|
235 } |
|
236 |
|
237 // ----------------------------------------------------------------------------- |
|
238 // CTcTrustedSession::UpdateAccessLevelL() |
|
239 // ----------------------------------------------------------------------------- |
|
240 void CTcTrustedSession::UpdateAccessLevelL() |
|
241 { |
|
242 RDEBUG("TerminalControl: CTcTrustedSession::UpdateAccessLevelL"); |
|
243 |
|
244 TInt aleave = KErrNone; |
|
245 TInt aerr = KErrNone; |
|
246 |
|
247 TInt accessLevel = CTcTrustedSession::EAccessLevelNone; |
|
248 SetAccessLevel( accessLevel ); |
|
249 // |
|
250 // Check third party application SID |
|
251 // |
|
252 TRAP( aleave, CheckTerminalControl3rdPartySecureIDL() ); |
|
253 if( KErrNone == aleave ) |
|
254 { |
|
255 RDEBUG("TerminalControl: CTcTrustedSession::UpdateAccessLevelL granting application access rights."); |
|
256 accessLevel |= CTcTrustedSession::EAccessLevelApplication; |
|
257 } |
|
258 |
|
259 if( iHasCertificate ) |
|
260 { |
|
261 aleave = KErrNone; |
|
262 aerr = KErrNone; |
|
263 |
|
264 // |
|
265 // Check third party application SID |
|
266 // |
|
267 TRAP( aleave, aerr = CheckTerminalControlPolicyL() ); |
|
268 |
|
269 if( (KErrNone == aleave) && (KErrNone == aerr )) |
|
270 { |
|
271 RDEBUG("TerminalControl: CTcTrustedSession::UpdateAccessLevelL granting adapter access rights."); |
|
272 accessLevel |= CTcTrustedSession::EAccessLevelDMAdapter; |
|
273 } |
|
274 } |
|
275 |
|
276 SetAccessLevel( accessLevel ); |
|
277 } |
|
278 |
|
279 // ------------------------------------------------------------------------------------- |
|
280 // CTcTrustedSession::CheckTerminalControlPolicyL |
|
281 // ------------------------------------------------------------------------------------- |
|
282 TInt CTcTrustedSession::CheckTerminalControlPolicyL() |
|
283 { |
|
284 RDEBUG("TerminalControl: CTcTrustedSession::CheckTerminalControlPolicyL"); |
|
285 |
|
286 if( ! iHasCertificate ) |
|
287 { |
|
288 RDEBUG("TerminalControl: CTcTrustedSession::CheckTerminalControlPolicyL failed. There is no certificate."); |
|
289 return KErrAccessDenied; |
|
290 } |
|
291 |
|
292 /* |
|
293 If terminal control is not enforced (non-exclusive access), should we allow all connections? |
|
294 CSettingEnforcementInfo* enf = new (ELeave) CSettingEnforcementInfo(); |
|
295 TBool enfed; |
|
296 enf->EnforcementActive( ETerminalSecurity, enfed ); // change enf type when avail. |
|
297 delete enf; |
|
298 |
|
299 if( !enfed ) |
|
300 { |
|
301 return KErrNone; |
|
302 } |
|
303 else |
|
304 */ |
|
305 { |
|
306 // |
|
307 // Note: If certificate is not found, we return failure |
|
308 // Currently, main terminal control features are available through secure connection |
|
309 // |
|
310 TCertInfo ci; |
|
311 |
|
312 RDMCert dmcert; |
|
313 TInt ret = dmcert.Get( ci ); |
|
314 |
|
315 if( KErrNone != ret ) |
|
316 { |
|
317 RDEBUG_2("**** TerminalControl: CTcTrustedSession::CheckTerminalControlPolicyL DMCert.Get failed with %d.", ret); |
|
318 return ret; |
|
319 } |
|
320 |
|
321 if( ! CertificatesAreEqual( iCertificate, ci ) ) |
|
322 { |
|
323 RDEBUG("**** TerminalControl: CTcTrustedSession::CheckTerminalControlPolicyL ERROR Certificate mismatch!" ); |
|
324 User::Leave( KErrArgument ); |
|
325 } |
|
326 |
|
327 // Policy Engine Request |
|
328 TRequestContext context; |
|
329 TResponse response; |
|
330 context.AddSubjectAttributeL( |
|
331 PolicyEngineXACML::KTrustedSubject, ci |
|
332 ); |
|
333 context.AddResourceAttributeL( |
|
334 PolicyEngineXACML::KResourceId, |
|
335 PolicyEngineXACML::KTerminalSecurityManagement, |
|
336 PolicyEngineXACML::KStringDataType |
|
337 ); |
|
338 User::LeaveIfError( iPR.MakeRequest( context, response ) ); |
|
339 TResponseValue resp = response.GetResponseValue(); |
|
340 RDEBUG_2("TerminalControl: CTcTrustedSession::CheckTerminalControlPolicyL Policy check returned %d", (TInt)resp); |
|
341 switch( resp ) |
|
342 { |
|
343 case EResponseDeny: |
|
344 case EResponseIndeterminate: |
|
345 case EResponseNotApplicable: |
|
346 default: |
|
347 return KErrAccessDenied; |
|
348 case EResponsePermit: |
|
349 return KErrNone; |
|
350 |
|
351 } |
|
352 } |
|
353 } |
|
354 |
|
355 // ------------------------------------------------------------------------------------- |
|
356 // CTcTrustedSession::CheckTerminalControl3rdPartySecureIDL |
|
357 // ------------------------------------------------------------------------------------- |
|
358 TInt CTcTrustedSession::CheckTerminalControl3rdPartySecureIDL() |
|
359 { |
|
360 RDEBUG("TerminalControl: CTcTrustedSession::CheckTerminalControl3rdPartySecureIDL"); |
|
361 |
|
362 TRequestContext context; |
|
363 TResponse response; |
|
364 context.AddSubjectAttributeL( |
|
365 PolicyEngineXACML::KSubjectId, iSecureId |
|
366 ); |
|
367 context.AddResourceAttributeL( |
|
368 PolicyEngineXACML::KResourceId, |
|
369 PolicyEngineXACML::KThirdPartySecureIds, |
|
370 PolicyEngineXACML::KStringDataType |
|
371 ); |
|
372 User::LeaveIfError( iPR.MakeRequest( context, response ) ); |
|
373 TResponseValue resp = response.GetResponseValue(); |
|
374 RDEBUG_2("TerminalControl: CTcTrustedSession::CheckTerminalControl3rdPartySecureIDL Policy check returned %d", (TInt)resp); |
|
375 switch( resp ) |
|
376 { |
|
377 case EResponsePermit: |
|
378 return KErrNone; |
|
379 case EResponseDeny: |
|
380 case EResponseIndeterminate: |
|
381 case EResponseNotApplicable: |
|
382 default: |
|
383 User::Leave( KErrAccessDenied ); |
|
384 } |
|
385 |
|
386 return KErrAccessDenied; |
|
387 } |
|
388 |
|
389 // ------------------------------------------------------------------------------------- |
|
390 // CTcTrustedSession::CertificatesAreEqual |
|
391 // ------------------------------------------------------------------------------------- |
|
392 TBool CTcTrustedSession::CertificatesAreEqual( const TCertInfo &aCert1, const TCertInfo &aCert2 ) |
|
393 { |
|
394 RDEBUG("TerminalControl: CTcTrustedSession::CertificatesAreEqual"); |
|
395 |
|
396 if( (aCert1.iFingerprint.Compare( aCert2.iFingerprint ) != 0) || |
|
397 (aCert1.iSerialNo.Compare( aCert2.iSerialNo ) != 0) || |
|
398 (aCert1.iPublicKey.Compare( aCert2.iPublicKey ) != 0) || |
|
399 (aCert1.iVersionNo != aCert2.iVersionNo ) || |
|
400 (aCert1.iPkAlg != aCert2.iPkAlg ) || |
|
401 (aCert1.iStartValDate != aCert2.iStartValDate ) || |
|
402 (aCert1.iEndValDate != aCert2.iEndValDate ) || |
|
403 (aCert1.iDigAlg != aCert2.iDigAlg ) || |
|
404 (aCert1.iDNSName.Compare( aCert2.iDNSName ) != 0) || |
|
405 |
|
406 (aCert1.iSubjectDNInfo.iCountry.Compare( aCert2.iSubjectDNInfo.iCountry ) != 0 ) || |
|
407 (aCert1.iSubjectDNInfo.iOrganizationUnit.Compare( aCert2.iSubjectDNInfo.iOrganizationUnit ) != 0 ) || |
|
408 (aCert1.iSubjectDNInfo.iOrganization.Compare( aCert2.iSubjectDNInfo.iOrganization ) != 0 ) || |
|
409 (aCert1.iSubjectDNInfo.iCommonName.Compare( aCert2.iSubjectDNInfo.iCommonName ) != 0 ) || |
|
410 (aCert1.iSubjectDNInfo.iLocality.Compare( aCert2.iSubjectDNInfo.iLocality ) != 0 ) || |
|
411 |
|
412 (aCert1.iIssuerDNInfo.iCountry.Compare( aCert2.iIssuerDNInfo.iCountry ) != 0 ) || |
|
413 (aCert1.iIssuerDNInfo.iOrganizationUnit.Compare( aCert2.iIssuerDNInfo.iOrganizationUnit ) != 0 ) || |
|
414 (aCert1.iIssuerDNInfo.iOrganization.Compare( aCert2.iIssuerDNInfo.iOrganization ) != 0 ) || |
|
415 (aCert1.iIssuerDNInfo.iCommonName.Compare( aCert2.iIssuerDNInfo.iCommonName ) != 0 ) || |
|
416 (aCert1.iIssuerDNInfo.iLocality.Compare( aCert2.iIssuerDNInfo.iLocality ) != 0 ) |
|
417 ) |
|
418 { |
|
419 RDEBUG("**** TerminalControl: CTcTrustedSession::CertificatesAreEqual Certificates do NOT match"); |
|
420 return EFalse; |
|
421 } |
|
422 |
|
423 RDEBUG("TerminalControl: CTcTrustedSession::CertificatesAreEqual Certificates do match"); |
|
424 return ETrue; |
|
425 } |
|
426 |
|
427 // ---------------------------------------------------------------------------------------- |
|
428 // End of file |