diff -r 947415ec7603 -r a7062f7f0b79 rtsecuritymanager/rtsecuritymanagerclient/src/rtsecmgrscriptsession.cpp --- a/rtsecuritymanager/rtsecuritymanagerclient/src/rtsecmgrscriptsession.cpp Fri Jul 03 15:51:30 2009 +0100 +++ b/rtsecuritymanager/rtsecuritymanagerclient/src/rtsecmgrscriptsession.cpp Thu Sep 10 12:58:32 2009 +0300 @@ -40,12 +40,15 @@ #include "rtsecmgrclient.h" #include "rtsecmgrdef.h" +#define FIRST_RESOURCE_ID(x) ((x)+2); + //security manager resource file literal _LIT(KSecMgrResourceFile, "RTSecManager.RSC"); //constant for descriptor array granularity const TInt KDescArrayInit = 6; -const TInt KMaxBuf=256; +const TInt KMaxBuf=255; + //typedef of selection index array typedef RArray RSelIdxArray; @@ -159,12 +162,10 @@ // --------------------------------------------------------------------------- // CRTSecMgrScriptSession::CRTSecMgrScriptSession(MSecMgrPromptHandler* aPromptHdlr) : - iPermBits(KDefaultNullBit), iDeniedBits(KDefaultNullBit), - iPromptHdlr(aPromptHdlr), iUIPromptOption(RTPROMPTUI_DEFAULT), isCustomPrompt(EFalse) + iPromptHdlr(aPromptHdlr), iUIPromptOption(RTPROMPTUI_DEFAULT), isCustomPrompt(EFalse) { - _sessionInfo.AllowedCaps = KDefaultNullBit; - _sessionInfo.DeniedCaps = KDefaultNullBit; -} + iSessionData = NULL; + } // --------------------------------------------------------------------------- // Defintiion of second-phase constructor @@ -210,15 +211,26 @@ iPromptHdlr = this; //default prompt handler isCustomPrompt = ETrue ; } - - + _permanentInfo = new(ELeave) TPermanentInfo; + _sessionData.sessionInfo = new(ELeave) TSessionInfo; + _sessionData.sessionInfo->AllowedCaps = KDefaultNullBit; + _sessionData.sessionInfo->DeniedCaps = KDefaultNullBit; + _sessionData.sessionInfo->AllowedProviders.Reset(); + _sessionData.sessionInfo->DeniedProviders.Reset(); + _permanentInfo->iAllowedBits = KDefaultNullBit; + _permanentInfo->iDeniedBits = KDefaultNullBit; + _permanentInfo->iAllowedProviders.Reset(); + _permanentInfo->iDeniedProviders.Reset(); + iResourceOffsetArray.Reset(); } +//--------------------------------------------------------------------------------- +//Method to add the resource files to CONE environment. +//--------------------------------------------------------------------------------- void CRTSecMgrScriptSession::AddResourceFiles() { if(iCoeEnv) - { - + { CDesCArray* diskList = new (ELeave) CDesCArrayFlat(KDescArrayInit); CleanupStack::PushL (diskList); @@ -236,21 +248,69 @@ BaflUtils::NearestLanguageFile (iCoeEnv->FsSession (), resFile); if ( BaflUtils::FileExists (iCoeEnv->FsSession (), resFile)) { - TRAPD (err, iResourceOffset = iCoeEnv->AddResourceFileL (resFile)); + TRAPD (err, iResourceOffsetArray.Append(iCoeEnv->AddResourceFileL (resFile))); User::LeaveIfError (err); break; } } - CleanupStack::PopAndDestroy (diskList); } } +//--------------------------------------------------------------------------------------- +//Method to add provider resource files into the CONE environment +//Returns the first resource identifier which has the prompt string +//--------------------------------------------------------------------------------------- +TInt CRTSecMgrScriptSession::AddProviderResourceFile(TFileName aResourceFileName) + { + RResourceFile resFile; + TInt resID(KErrNone); + if(iCoeEnv) + { + CDesCArray* diskList = new (ELeave) CDesCArrayFlat(KDescArrayInit); + CleanupStack::PushL (diskList); + + BaflUtils::GetDiskListL (iCoeEnv->FsSession (), *diskList); + for (TInt idx(0); idxCount ();++idx) + { + TInt intDrive; + TChar ch = ((*diskList)[idx])[0]; + RFs::CharToDrive (ch, intDrive); + TDriveUnit curDrive(intDrive); + + TFileName resFileName(curDrive.Name ()); + resFileName.Append (KDC_APP_RESOURCE_DIR); + resFileName.Append (aResourceFileName); + BaflUtils::NearestLanguageFile (iCoeEnv->FsSession (), resFileName); + if ( BaflUtils::FileExists (iCoeEnv->FsSession (), resFileName)) + { + TRAPD(err,resFile.OpenL(iCoeEnv->FsSession(),resFileName)); + if(err == KErrNone) + { + resFile.ConfirmSignatureL(0); + resID = FIRST_RESOURCE_ID(resFile.Offset()); + resFile.Close(); + iResourceOffsetArray.Append(iCoeEnv->AddResourceFileL (resFileName)); + break; + } + } + } + CleanupStack::PopAndDestroy(diskList); + } + return resID; + } + +//-------------------------------------------------------------------------------------------- +//Close the resource files previously added +//-------------------------------------------------------------------------------------------- void CRTSecMgrScriptSession::CloseResourceFiles() { - if ( iResourceOffset && iCoeEnv) - iCoeEnv->DeleteResourceFile (iResourceOffset); - iResourceOffset = 0; + if (iCoeEnv) + { + for(TInt i(0); i < iResourceOffsetArray.Count(); i++) + iCoeEnv->DeleteResourceFile (iResourceOffsetArray[i]); + iResourceOffsetArray.Reset(); + } } // --------------------------------------------------------------------------- // Destructor @@ -259,6 +319,17 @@ // EXPORT_C CRTSecMgrScriptSession::~CRTSecMgrScriptSession() { + _permanentInfo->iAllowedProviders.Close(); + _permanentInfo->iDeniedProviders.Close(); + _sessionData.sessionInfo->AllowedProviders.Close(); + _sessionData.sessionInfo->DeniedProviders.Close(); + delete _permanentInfo; + delete _sessionData.sessionInfo; + if(iSessionData) + { + delete iSessionData; + iSessionData = NULL; + } Close (); } @@ -279,10 +350,12 @@ TInt ret((*iSubSessionProxy)->Open (aParentSession, *iScript, aPolicyID)); if ( KErrNone==ret) - { - iPermBits = iScript->PermGranted (); - iDeniedBits = iScript->PermDenied (); - } + { + _permanentInfo->iAllowedBits = iScript->PermGranted (); + _permanentInfo->iDeniedBits = iScript->PermDenied (); + iScript->PermGranted(_permanentInfo->iAllowedProviders); + iScript->PermDenied(_permanentInfo->iDeniedProviders); + } return ret; } @@ -304,8 +377,10 @@ TInt ret((*iSubSessionProxy)->Open (aParentSession, *iScript, aPolicyID, aHashValue)); if ( KErrNone==ret) { - iPermBits = iScript->PermGranted (); - iDeniedBits = iScript->PermDenied (); + _permanentInfo->iAllowedBits = iScript->PermGranted (); + _permanentInfo->iDeniedBits = iScript->PermDenied (); + iScript->PermGranted(_permanentInfo->iAllowedProviders); + iScript->PermDenied(_permanentInfo->iDeniedProviders); } return ret; @@ -328,9 +403,11 @@ TInt ret((*iSubSessionProxy)->Open (aParentSession, *iScript, aPolicyID, aTrustInfo)); if ( KErrNone==ret) - { - iPermBits = iScript->PermGranted (); - iDeniedBits = iScript->PermDenied (); + { + _permanentInfo->iAllowedBits = iScript->PermGranted (); + _permanentInfo->iDeniedBits = iScript->PermDenied (); + iScript->PermGranted(_permanentInfo->iAllowedProviders); + iScript->PermDenied(_permanentInfo->iDeniedProviders); } return ret; @@ -391,13 +468,13 @@ capToCheck &= ~(iScript->PermissionSet().UnconditionalCaps()); /* Check if a;ready denied. No point in going forward */ - if(capToCheck & _sessionInfo.DeniedCaps || capToCheck & iDeniedBits) + if(capToCheck & _sessionData.sessionInfo->DeniedCaps || capToCheck & _permanentInfo->iDeniedBits) return EAccessNok; TCapabilityBitSet allowedCaps(KDefaultNullBit); - allowedCaps |= _sessionInfo.AllowedCaps; //for session allowed - allowedCaps &= ~iDeniedBits; - allowedCaps |= iPermBits; //for permanently allowed + allowedCaps |= _sessionData.sessionInfo->AllowedCaps; //for session allowed + allowedCaps &= ~_permanentInfo->iDeniedBits; + allowedCaps |= _permanentInfo->iAllowedBits; //for permanently allowed //In case if all the capabilities required by the service provider //are allowed without prompting @@ -428,13 +505,13 @@ capToCheck &= tempCapToCheck; if ( capToCheck ) { - if ( capToCheck & iDeniedBits) //check if permanently disabled + if ( capToCheck & _permanentInfo->iDeniedBits) //check if permanently disabled { allowedCaps &= ~tempCapToCheck; //just in case... - _sessionInfo.DeniedCaps &= ~tempCapToCheck; //just in case... + _sessionData.sessionInfo->DeniedCaps &= ~tempCapToCheck; //just in case... } else - if ( capToCheck & _sessionInfo.DeniedCaps) //not necessary to do this check... + if ( capToCheck & _sessionData.sessionInfo->DeniedCaps) //not necessary to do this check... { allowedCaps &= ~tempCapToCheck; //just in case... } @@ -449,10 +526,10 @@ if ( (perm->Condition() & RTUserPrompt_OneShot) ||(perm->Condition() & RTUserPrompt_Session) ||((perm->Condition() & RTUserPrompt_Permanent) && (iScript->ScriptID()!=KAnonymousScript))) { - if ( !(_sessionInfo.AllowedCaps & capToCheck)) + if ( !(_sessionData.sessionInfo->AllowedCaps & capToCheck)) { //check if it's denied for this session - if ( !(_sessionInfo.DeniedCaps & capToCheck)) + if ( !(_sessionData.sessionInfo->DeniedCaps & capToCheck)) { CPromptData* promptData = CPromptData::NewL();//should write NewL Function promptData->SetPermissions(*perm); @@ -502,12 +579,12 @@ if ( (iScript->ScriptID()!=KAnonymousScript)&&(isPermGrantModified)) UpdatePermGrant ();//commit perm grant change - finalCaps |= iPermBits ; + finalCaps |= _permanentInfo->iAllowedBits ; if((finalCaps & NetworkServices_CAP) && isCustomPrompt) PromptCostL() ; - finalCaps |= _sessionInfo.AllowedCaps ; + finalCaps |= _sessionData.sessionInfo->AllowedCaps ; if ( KErrNone == ((finalCaps & original_capToCheck) ^ original_capToCheck)) @@ -1099,46 +1176,46 @@ if ( RTUserPrompt_OneShot==optionChosen) { - _sessionInfo.AllowedCaps &= ~aCapBitSet; + _sessionData.sessionInfo->AllowedCaps &= ~aCapBitSet; aAllowedCaps = aCapBitSet; } else if ( RTUserPrompt_Denied==optionChosen) //one-shot denied { aAllowedCaps &= ~aCapBitSet; - _sessionInfo.AllowedCaps &= ~aCapBitSet; //disable in session pattern too... + _sessionData.sessionInfo->AllowedCaps &= ~aCapBitSet; //disable in session pattern too... } else if ( RTUserPrompt_Session==optionChosen) { - _sessionInfo.AllowedCaps |= aCapBitSet;//Enable in _sessionInfo.Allowed & allowed + _sessionData.sessionInfo->AllowedCaps |= aCapBitSet;//Enable in _sessionData.Allowed & allowed aAllowedCaps = aCapBitSet; } else if ( RTUserPrompt_SessionDenied==optionChosen) //session denied { aAllowedCaps &= ~aCapBitSet; - _sessionInfo.AllowedCaps &= ~aCapBitSet; //disable in session pattern too... - _sessionInfo.DeniedCaps |= aCapBitSet; //enable denied in session bit + _sessionData.sessionInfo->AllowedCaps &= ~aCapBitSet; //disable in session pattern too... + _sessionData.sessionInfo->DeniedCaps |= aCapBitSet; //enable denied in session bit } else if ( RTUserPrompt_Permanent==optionChosen) { aIsPermGrantModified = ETrue; //to commit the change to persistent store - _sessionInfo.AllowedCaps |= aCapBitSet; + _sessionData.sessionInfo->AllowedCaps |= aCapBitSet; aAllowedCaps = aCapBitSet; - iPermBits |= aCapBitSet; - iDeniedBits &= ~aCapBitSet; //just in case.... + _permanentInfo->iAllowedBits |= aCapBitSet; + _permanentInfo->iDeniedBits &= ~aCapBitSet; //just in case.... } else if ( RTUserPrompt_PermDenied==optionChosen) //permanent denied { aIsPermGrantModified = ETrue; aAllowedCaps &= ~aCapBitSet; - _sessionInfo.AllowedCaps &= ~aCapBitSet; //disable in session pattern too... - _sessionInfo.DeniedCaps |= aCapBitSet; //enable denied in session bit - iPermBits &= ~aCapBitSet; //disable in perm bits - iDeniedBits |= aCapBitSet; //enable in perm denied bit pattern + _sessionData.sessionInfo->AllowedCaps &= ~aCapBitSet; //disable in session pattern too... + _sessionData.sessionInfo->DeniedCaps |= aCapBitSet; //enable denied in session bit + _permanentInfo->iAllowedBits &= ~aCapBitSet; //disable in perm bits + _permanentInfo->iDeniedBits |= aCapBitSet; //enable in perm denied bit pattern //Commit the change to persistent store... } } @@ -1149,8 +1226,10 @@ // void CRTSecMgrScriptSession::UpdatePermGrant() { - (*iSubSessionProxy)->UpdatePermGrant (iScript->ScriptID (), iPermBits, - iDeniedBits); + if(iUIPromptOption == RTPROMPTUI_PROVIDER) + (*iSubSessionProxy)->UpdatePermGrant (iScript->ScriptID (),_permanentInfo->iAllowedProviders, _permanentInfo->iDeniedProviders); + else + (*iSubSessionProxy)->UpdatePermGrant (iScript->ScriptID (), _permanentInfo->iAllowedBits,_permanentInfo->iDeniedBits); } // @@ -1188,8 +1267,9 @@ */ void CRTSecMgrScriptSession::Close() { - if ( iResourceOffset && iCoeEnv) - iCoeEnv->DeleteResourceFile (iResourceOffset); + if (iCoeEnv) + for(TInt i(0); i < iResourceOffsetArray.Count(); i++) + iCoeEnv->DeleteResourceFile (iResourceOffsetArray[i]); if ( iScript) { @@ -1213,3 +1293,195 @@ (cb->iRTSecMgrScriptSession)->MoreInfoL(*(cb->iPromptData)); return KErrNone; } + +//--------------------------------------------------------------------------------------------------- +//Overloaded IsAllowed method for provider based prompting +//--------------------------------------------------------------------------------------------------- +EXPORT_C TInt CRTSecMgrScriptSession::IsAllowed(const RCapabilityArray& aCapabilitiesToCheck, + TProviderUid aProviderUid, + TFileName aResourceFileName) +{ + if ( aCapabilitiesToCheck.Count () <= 0) + { + return EAccessOk; //if no capabilities are required, safely return + } + if ( aCapabilitiesToCheck.Find(ECapabilityTCB) != KErrNotFound) + return EAccessNok; + + if((aProviderUid.iUid <= KErrNone) || ((aResourceFileName.Compare(KNullDesC))==KErrNone)) + return ErrInvalidParameters; + + TInt stackResCnt(0); + TCapabilityBitSet capToCheck(KDefaultNullBit); + for (TInt i(0); i!=aCapabilitiesToCheck.Count (); ++i) + AddCapability (capToCheck, aCapabilitiesToCheck[i]); + + capToCheck &= ~(iScript->PermissionSet().UnconditionalCaps()); + if (!capToCheck) + return EAccessOk; + if((_sessionData.sessionInfo->DeniedProviders.Find(aProviderUid) != KErrNotFound) || (_permanentInfo->iDeniedProviders.Find(aProviderUid) != KErrNotFound)) + return EAccessNok; + + if((_sessionData.sessionInfo->AllowedProviders.Find(aProviderUid) != KErrNotFound)|| (_permanentInfo->iAllowedProviders.Find(aProviderUid) != KErrNotFound)) + return EAccessOk; + + TBool isPermGrantModified(EFalse); + RPermissions perms = iScript->PermissionSet().Permissions(); + TCapabilityBitSet tempCapToCheck(KDefaultNullBit); + + //All the capabilities allowed for the domain + for (TInt permIdx(0); permIdx!=perms.Count();++permIdx) + { + tempCapToCheck |= perms[permIdx]->PermissionData(); + } + + //If the capabilities is allowed with prompting + if((tempCapToCheck & capToCheck) == capToCheck) + { + /*TODO: Changes based on the decision on what needs + to be done of the default capability is different + for capabilities required by the provider. Presently taking least duration*/ + TUserPromptOption defaultOption(RTUserPrompt_OneShot); + for(TInt i=0; i < perms.Count(); i++) + { + if((perms[i]->Default() == RTUserPrompt_OneShot) && (perms[i]->PermissionData() & capToCheck)) + { + defaultOption = RTUserPrompt_OneShot; + break; + } + else if((perms[i]->Default() == RTUserPrompt_Session) && (perms[i]->PermissionData() & capToCheck)) + { + defaultOption = RTUserPrompt_Session; + } + else if((perms[i]->Default() == RTUserPrompt_Permanent) && (perms[i]->PermissionData() & capToCheck) && (defaultOption != RTUserPrompt_Session)) + { + defaultOption = RTUserPrompt_Permanent; + } + } + //= perms[0]->Default(); + //TUserPromptOption defaultOption(RTUserPrompt_Session); + AddResourceFiles(); + TInt resID(KErrNone); + resID = AddProviderResourceFile(aResourceFileName); + + if(resID <= KErrNone) + return KErrNotFound; + + HBufC* messageBody = NULL; + + //Get the application name. If not set use the default name + if(iSessionData != NULL ) + { + TPtr appNamePtr = iSessionData->Des(); + messageBody = StringLoader::LoadL( resID, appNamePtr, iCoeEnv ); + CleanupStack::PushL(messageBody); + ++stackResCnt; + } + else + { + HBufC* defaultName = iCoeEnv->AllocReadResourceLC(R_DEFAULT_APPLICATION_NAME); + TPtr defaultNamePtr = defaultName->Des(); + messageBody = StringLoader::LoadL( resID, defaultNamePtr, iCoeEnv ); + CleanupStack::PopAndDestroy(defaultName); + CleanupStack::PushL(messageBody); + ++stackResCnt; + } + + CAknMessageQueryDialog* queryDialog = new(ELeave) CAknMessageQueryDialog(); + CleanupStack::PushL (queryDialog); + ++stackResCnt; + + queryDialog->PrepareLC (R_ADVPROMPT_MESSAGE_QUERY); + + queryDialog->SetMessageTextL(messageBody->Des()); + + HBufC* headerText(NULL); + CAknPopupHeadingPane* heading = queryDialog->QueryHeading (); + if ( heading) + { + heading->SetLayout (CAknPopupHeadingPane::EMessageQueryHeadingPane); + headerText = iCoeEnv->AllocReadResourceLC (R_RTSECMGR_PROMPT_QUERY_HEADER); + heading->SetTextL (headerText->Des ()); + ++stackResCnt; + } + + TInt ret(EAccessNok); + TBool costPromptRequired(EFalse); + CleanupStack::Pop (stackResCnt); + TInt queryOk = queryDialog->RunLD (); + if ( queryOk == EAknSoftkeyYes) + { + + if ( defaultOption & RTUserPrompt_OneShot) + { + ret = EAccessOk; + } + else if ( defaultOption& RTUserPrompt_Session) + { + _sessionData.sessionInfo->AllowedProviders.Append(aProviderUid); //session allow + ret = EAccessOk; + } + else if ( defaultOption& RTUserPrompt_Permanent) + { + _sessionData.sessionInfo->AllowedProviders.Append(aProviderUid); //session allow + _permanentInfo->iAllowedProviders.Append(aProviderUid); //permanent allow + isPermGrantModified = ETrue; //Flag for server update + ret = EAccessOk; + } + else + { + ret = EAccessNok; + } + } + else + { + if ( defaultOption & RTUserPrompt_OneShot) + { + ret = EAccessNok; + } + else if ( defaultOption& RTUserPrompt_Session) + { + _sessionData.sessionInfo->DeniedProviders.Append(aProviderUid); //session deny + ret = EAccessNok; + } + else if ( defaultOption& RTUserPrompt_Permanent) + { + _sessionData.sessionInfo->DeniedProviders.Append(aProviderUid); //session deny + _permanentInfo->iDeniedProviders.Append(aProviderUid); //permanent deny + isPermGrantModified = ETrue; //Flag for server update + ret = EAccessNok; + } + } + CloseResourceFiles(); + + /* If its a pre-registered script and perm grant is modified update server */ + if(isPermGrantModified && (iScript->ScriptID() != KAnonymousScript)) + UpdatePermGrant(); + + if(messageBody) + delete messageBody; + + if(headerText) + delete headerText; + + return ret; + } + return EAccessNok; + } + +//--------------------------------------------------------------------------------------------- +//Method to set the application name. +//Called by the runtimes to set the name of the widget/flash content +//--------------------------------------------------------------------------------------------- +EXPORT_C void CRTSecMgrScriptSession::SetApplicationNameL(const TDesC& aName) + { + if(iSessionData) + { + delete iSessionData; + iSessionData = NULL; + } + /* Limit on the length of the application name */ + /*if(aName.Length() > KMaxAppName) + User::Leave(KErrOverflow);*/ + iSessionData = aName.AllocL(); + }