diff -r 19bba8228ff0 -r 5cc2995847ea terminalsecurity/SCP/SCPServer/src/SCPSession.cpp
--- a/terminalsecurity/SCP/SCPServer/src/SCPSession.cpp	Wed Sep 01 12:27:42 2010 +0100
+++ b/terminalsecurity/SCP/SCPServer/src/SCPSession.cpp	Tue Sep 14 22:54:36 2010 +0300
@@ -50,6 +50,8 @@
 #include <TerminalControl3rdPartyAPI.h>
 #include <TerminalControl3rdPartyParamsPlugin.h>
 #include <utf.h>
+
+#include <PolicyEngineXACML.h>
 // ================= MEMBER FUNCTIONS =======================
 
 // C++ default constructor can NOT contain any code, that
@@ -69,6 +71,8 @@
 // Symbian 2nd phase constructor can leave.
 void CSCPSession::ConstructL()
     {
+    User::LeaveIfError( iPE.Connect() );
+    User::LeaveIfError( iPR.Open( iPE ) );
     iServer.SessionOpened();
     }
 
@@ -113,7 +117,8 @@
     if(iALParamValue) {
 		delete iALParamValue;		
     }
-        
+    iPR.Close();
+	iPE.Close();    
     Dprint( (_L("<-- CSCPSession::~CSCPSession()")) );   
     }
 
@@ -851,7 +856,9 @@
 	}
     
     TSecureId id = aMessage.SecureId();
-	
+    TBool hasAllFilesCap = aMessage.HasCapability(ECapabilityAllFiles);
+    TBool hasDiskAdminCap = aMessage.HasCapability(ECapabilityDiskAdmin);
+    
     switch(id.iId) {
         case KSCPServerSIDAutolock:
         case KAknNfySrvUid:
@@ -860,10 +867,23 @@
         case KSCPServerSIDTerminalControl:
         case KSCPServerSIDTelephone:
         case KSCPServerSIDLog:
+            {
+            Dprint( (_L("[CSCPSession]-> fixed sid's") ));
             break;
+            }
         default: {
+        TInt retVal = CheckTerminalControl3rdPartySecureIDL(id);
+        Dprint(_L("[CSCPSession]->CheckTerminalControl3rdPartySecureIDL retval %d"), retVal);
+        if(((retVal==KErrNone)&&(hasDiskAdminCap))||(hasAllFilesCap))
+            {
+            Dprint( (_L("[CSCPSession]-> sid is 3rd party or has AllFiles") ));
+            break;
+            }
+        else
+            {
             Dprint( (_L("[CSCPSession]-> ERROR: Permission denied") ));
-        User::Leave( KErrPermissionDenied );
+            User::Leave( KErrPermissionDenied );
+            }
         }
     };
 	
@@ -1680,3 +1700,36 @@
 	Dprint(_L("[CSCPSession]->INFO: Notification to all the StakeHolders complete..."));
 	CleanupStack :: PopAndDestroy(); //lChangeArray
 }
+// -------------------------------------------------------------------------------------
+// CTcTrustedSession::CheckTerminalControl3rdPartySecureIDL
+// -------------------------------------------------------------------------------------   
+TInt CSCPSession::CheckTerminalControl3rdPartySecureIDL(TSecureId aId)
+    {
+    Dprint(_L("TerminalControl: [CSCPSession]CheckTerminalControl3rdPartySecureIDL"));    
+    TRequestContext context;
+    TResponse response;
+    TUid secureId = TUid::Uid(aId.iId);
+    context.AddSubjectAttributeL(
+        PolicyEngineXACML::KSubjectId, secureId
+        );
+    context.AddResourceAttributeL(
+        PolicyEngineXACML::KResourceId,
+        PolicyEngineXACML::KThirdPartySecureIds,
+        PolicyEngineXACML::KStringDataType
+        );
+    User::LeaveIfError( iPR.MakeRequest( context, response ) );
+    TResponseValue resp = response.GetResponseValue();
+    Dprint(_L("[CSCPSession]->CheckTerminalControl3rdPartySecureIDL Policy check returned %d"), (TInt)resp);
+    switch( resp )
+        {
+        case EResponsePermit:
+            return KErrNone;
+        case EResponseDeny:
+            case EResponseIndeterminate:
+            case EResponseNotApplicable:
+            default:
+                User::Leave( KErrAccessDenied );
+        }
+        
+      return KErrAccessDenied;
+    }