152 friend class CRTSecMgrScriptSession; |
152 friend class CRTSecMgrScriptSession; |
153 }; |
153 }; |
154 |
154 |
155 //typdef to model list of prompt data structure |
155 //typdef to model list of prompt data structure |
156 typedef RPointerArray<CPromptData> RPromptDataList; |
156 typedef RPointerArray<CPromptData> RPromptDataList; |
|
157 typedef RArray<TInt> RResourceArray; |
157 |
158 |
158 /* |
159 /* |
159 * Prompt callback handler class. |
160 * Prompt callback handler class. |
160 * |
161 * |
161 * Runtimes should implement the prompt handler function to prompt the user |
162 * Runtimes should implement the prompt handler function to prompt the user |
193 * @return TSecMgrPromptUIOption the prompt selection |
194 * @return TSecMgrPromptUIOption the prompt selection |
194 */ |
195 */ |
195 virtual TSecMgrPromptUIOption PromptOption() const =0; |
196 virtual TSecMgrPromptUIOption PromptOption() const =0; |
196 }; |
197 }; |
197 |
198 |
|
199 struct TPermanentInfo |
|
200 { |
|
201 TPermGrant iAllowedBits; //permanent allowed caps |
|
202 TPermGrant iDeniedBits; //permanent denied caps |
|
203 RProviderArray iAllowedProviders; //permanent allowed providers |
|
204 RProviderArray iDeniedProviders; //permanent denied providers |
|
205 }; |
|
206 |
|
207 struct TSessionInfo |
|
208 { |
|
209 TCapabilityBitSet AllowedCaps; //caps allowed for this session (caps allowed for this session & perm allowed) |
|
210 TCapabilityBitSet DeniedCaps; //caps denied for this sesion (caps denied for this session & perm denied) |
|
211 RProviderArray AllowedProviders;//providers allowed for this session |
|
212 RProviderArray DeniedProviders;//providers denied for this session |
|
213 }; |
|
214 |
198 /** |
215 /** |
199 * |
216 * |
200 * Thin proxy to the client side sub-session handle. |
217 * Thin proxy to the client side sub-session handle. |
201 * |
218 * |
202 * This class implements the default prompt handling functionality. In addition, the main |
219 * This class implements the default prompt handling functionality. In addition, the main |
339 * @return EAccessOk if the access permission check is successful; Else, EAccessNOk |
356 * @return EAccessOk if the access permission check is successful; Else, EAccessNOk |
340 */ |
357 */ |
341 IMPORT_C TInt IsAllowed(const RCapabilityArray& aCapabilitiesToCheck,RCapabilityArray& aUnMatchedCapabilities); |
358 IMPORT_C TInt IsAllowed(const RCapabilityArray& aCapabilitiesToCheck,RCapabilityArray& aUnMatchedCapabilities); |
342 |
359 |
343 /** |
360 /** |
344 * Definition of default prompt handler. |
361 * Performs access permission check |
345 * |
362 * |
346 * @param aPromptDataList RPromptDataList list of prompt data used by |
363 * This overloaded method evaluates access permission by comparing the expected capabilities |
347 * prompt callback handler to show to the user |
364 * to perform service invocation with the capabilities of the script. The |
348 * |
365 * capabilities of the script is computed as sum of : |
349 * @return KErrNone if prompting successful; In case of failure, one of |
366 * |
350 * system wide error codes |
367 * - default allowed capabilities as specified in security access policy |
351 * |
368 * - user-granted capabilities, allowed by user while prompting |
352 */ |
369 * |
|
370 * The capabilities allowed by the user could be of various durations, like |
|
371 * session-based, blanket/permanent and the one valid for the current invocation only |
|
372 * (one-shot) |
|
373 * |
|
374 * This overloaded version returns the list of capabilities that do not match after |
|
375 * access permission check. This can be used by the client to display to the user the |
|
376 * list of unmatched capabilities |
|
377 * |
|
378 * @param aCapabilitiesToCheck RCapabilityArray list of capabilities to be checked against |
|
379 * script's capbilities |
|
380 * @param aProviderUid TProviderUid The provider that is being loaded |
|
381 * @param aResourceFilePath TFileName resource file containing the string to prompt. |
|
382 * |
|
383 * @return EAccessOk if the access permission check is successful; Else, EAccessNOk |
|
384 */ |
|
385 IMPORT_C TInt IsAllowed(const RCapabilityArray& aCapabilitiesToCheck, TProviderUid aProviderUid, TFileName aResourceFileName); |
|
386 |
|
387 /** |
|
388 * Definition of default prompt handler. |
|
389 * |
|
390 * @param aPromptDataList RPromptDataList list of prompt data used by |
|
391 * prompt callback handler to show to the user |
|
392 * |
|
393 * @return KErrNone if prompting successful; In case of failure, one of |
|
394 * system wide error codes |
|
395 * |
|
396 */ |
353 TInt Prompt(RPromptDataList& aPromptDataList , TExecutableID aExecID = KAnonymousScript); |
397 TInt Prompt(RPromptDataList& aPromptDataList , TExecutableID aExecID = KAnonymousScript); |
354 |
398 |
355 /** |
399 /** |
356 * Definition of cost notification. |
400 * Definition of cost notification. |
357 * |
401 * |
423 */ |
467 */ |
424 inline TSecMgrPromptUIOption PromptOption() const |
468 inline TSecMgrPromptUIOption PromptOption() const |
425 { |
469 { |
426 return iUIPromptOption; |
470 return iUIPromptOption; |
427 } |
471 } |
|
472 |
|
473 /** |
|
474 * Sets the application name to the value passed by the runtime. |
|
475 * The name is displayed as part of the prompt for provider based prompting. |
|
476 * If name is not set then the default name is used. |
|
477 * |
|
478 * @param aName TDesC& name of the application. |
|
479 */ |
|
480 IMPORT_C void SetApplicationNameL(const TDesC& aName); |
|
481 |
428 |
482 |
429 private: |
483 private: |
430 /* |
484 /* |
431 * Default private constructor |
485 * Default private constructor |
432 * |
486 * |
502 /* |
556 /* |
503 * Attempts to close the script sub-session |
557 * Attempts to close the script sub-session |
504 * |
558 * |
505 */ |
559 */ |
506 void Close(); |
560 void Close(); |
507 |
561 |
|
562 /* |
|
563 * Function to add the security manager resource file to the CONE environment |
|
564 */ |
508 void AddResourceFiles(); |
565 void AddResourceFiles(); |
|
566 |
|
567 /* |
|
568 * Function to add the provider's resource file from which the body of the prompt is populated. |
|
569 * |
|
570 * @param aResourceFileName TFileName The resource file to be added to the CONE environment |
|
571 */ |
|
572 TInt AddProviderResourceFile(TFileName aResourceFileName); |
|
573 |
|
574 /* |
|
575 * Close all the resource files added to the CONE environment |
|
576 */ |
509 void CloseResourceFiles(); |
577 void CloseResourceFiles(); |
510 |
578 |
511 private: |
579 private: |
512 /* |
580 /* |
513 * permissions allowed or denied for the current session |
581 * permissions allowed or denied for the current session |
515 * with this script session |
583 * with this script session |
516 * |
584 * |
517 */ |
585 */ |
518 struct |
586 struct |
519 { |
587 { |
520 TCapabilityBitSet AllowedCaps; //caps allowed for this session (caps allowed for this session & perm allowed) |
588 TSessionInfo* sessionInfo; //Information about what is allowed for this session (caps/providers allowed for this session & perm allowed) |
521 TCapabilityBitSet DeniedCaps; //caps denied for this sesion (caps denied for this session & perm denied) |
589 TCapabilityBitSet DeniedCaps; //Information about what is denied for this session (caps/providers denied for this session & perm denied) |
522 }_sessionInfo; |
590 }_sessionData; |
523 |
591 |
524 /* |
592 /* |
525 * anonymous enumerations for selection index |
593 * anonymous enumerations for selection index |
526 * |
594 * |
527 */ |
595 */ |
543 |
611 |
544 /* |
612 /* |
545 * permanently allowed capability bits |
613 * permanently allowed capability bits |
546 * |
614 * |
547 */ |
615 */ |
548 TPermGrant iPermBits; //perm allowed caps, persistently stored for this script |
616 TPermanentInfo* _permanentInfo; //perm allowed information, persistently stored for this script |
549 |
617 |
550 /* |
618 /* |
551 * permanently denied capability bits |
619 * Generic data about the script session |
552 * |
620 * |
553 */ |
621 */ |
554 TPermGrant iDeniedBits; //perm denied caps, persistently stored for this script |
622 HBufC* iSessionData; |
555 |
623 |
556 /* |
624 /* |
557 * reference to prompt handler instance |
625 * reference to prompt handler instance |
558 * |
626 * |
559 */ |
627 */ |
560 MSecMgrPromptHandler* iPromptHdlr; |
628 MSecMgrPromptHandler* iPromptHdlr; |