--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/datacommsserver/esockserver/ssock/ss_secpol.cpp Thu Dec 17 09:22:25 2009 +0200
@@ -0,0 +1,193 @@
+// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// Security Policy definitions for Platform security.
+//
+//
+
+/**
+ @file SS_SECPOL.CPP
+ @internalComponent
+*/
+
+#include <e32base.h>
+#include <ss_std.h>
+#ifdef SYMBIAN_ENABLE_SPLIT_HEADERS
+#include <es_sock_partner.h>
+#include <es_sock_internal.h>
+#endif
+#include <comms-infras/sockmes.h>
+#include <comms-infras/es_connectionservermessages.h>
+#include "ss_secpol.h"
+
+namespace ESock
+{
+
+// NOTE: why does the following generate an error in ARMv5 indicating that esocksvr.dll
+// has initialised data ?
+// _LIT_VENDOR_ID(KSymbianVID,0x70000001);
+//
+
+/** The Symbian Vendor ID. */
+const TUint KSymbianVID = 0x70000001;
+
+/** Socket Server Security Policy Definitions */
+const TUint SocketServerRangeCount = 5;
+
+//
+
+/** Definition of IPC ranges that each cover the same policy */
+const TInt SocketServerRanges[SocketServerRangeCount] =
+ {
+ ESSInstallExtension, // policyNetworkControl
+ ECNControl, // policyCustom
+ ESoCreate, // policyDeferred
+//- To the system "deferred" and "pass" are identical, so no separate range to check
+//- ESSNumProtocols, // policyPass
+ ESSDbgMarkHeap, // policyVIDandNetworkControl
+ ESSInvalidFunction // fail (to KMaxTInt)
+ };
+
+/** Index numbers into SocketServerElements[] */
+const TInt policyNetworkControl = 0;
+const TInt policyPass = 1;
+const TInt policyDeferred = policyPass;
+const TInt policyVIDandNetworkControl = 2;
+const TInt policyCustom = CPolicyServer::ECustomCheck;
+
+/** Mapping of IPCs to policy elements */
+const TUint8 SocketServerElementsIndex[SocketServerRangeCount] =
+ {
+ policyNetworkControl, /** ESSInstallExtension */
+ policyCustom, /** ECNControl */
+ policyDeferred, /** ESoCreate */
+ policyVIDandNetworkControl, /** ESSDbgMarkHeap */
+ CPolicyServer::ENotSupported/** ESSInvalidFunction to KMaxTInt */
+ };
+
+/** Individual policy elements */
+const CPolicyServer::TPolicyElement SocketServerElements[] =
+ {
+ { _INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl), CPolicyServer::EFailClient },
+ { _INIT_SECURITY_POLICY_PASS },
+ { _INIT_SECURITY_POLICY_V1(KSymbianVID,ECapabilityNetworkControl), CPolicyServer::EFailClient }
+ };
+
+/** Main policy */
+const CPolicyServer::TPolicy SocketServerPolicy =
+ {
+ CPolicyServer::EAlwaysPass, /** Specifies all connect attempts should pass */
+ SocketServerRangeCount,
+ SocketServerRanges,
+ SocketServerElementsIndex,
+ SocketServerElements
+ };
+
+/** Connection Server Security Policy Definitions */
+const TUint ConnectionServerRangeCount = 8;
+
+/** Definition of IPC ranges that each cover the same policy */
+const TInt ConnectionServerRanges[ConnectionServerRangeCount] =
+ {
+ ECMCreate,
+ ECMAttachToTierManager + 1,
+
+ ECMAccessPointStatusQuery_DoThenGetResultOrSize,
+ ECMAccessPointStatusQuery_Cancel + 1,
+
+ ECMAccessPointNotification_SetupThenAwaitThenGetResultOrSize,
+ ECMAccessPointNotification_Cancel + 1,
+
+ ECMApiExtBindIface,
+ ECMApiExtIfaceClose + 1
+ };
+
+/** Index numbers into ConnectionServerElements[] */
+const TInt csPolicyNetworkServices = 0;
+//const TInt csPolicyVIDandNetworkServices = 1;
+
+/** Mapping of IPCs to policy elements */
+const TUint8 ConnectionServerElementsIndex[ConnectionServerRangeCount] =
+ {
+ csPolicyNetworkServices, /** ECMCreate */
+ /** ECMClose */
+ /** ECMAttachToTierManager */
+ CPolicyServer::ENotSupported, /** gap */
+ csPolicyNetworkServices, /** ECMAccessPointStatusQuery_DoThenGetResultOrSize */
+ /** ECMAccessPointStatusQuery_GetResult */
+ /** ECMAccessPointStatusQuery_Cancel */
+ CPolicyServer::ENotSupported, /** gap */
+ csPolicyNetworkServices, /** ECMAccessPointNotification_SetupThenAwaitThenGetResultOrSize */
+ /** ECMAccessPointNotification_AwaitThenGetResultOrSize */
+ /** ECMAccessPointNotification_GetResult */
+ /** ECMAccessPointNotification_Cancel */
+ CPolicyServer::ENotSupported , /** gap */
+ csPolicyNetworkServices, /** ECMApiExtBindIface */
+ /** ECMApiExtBindSendReceive */
+ CPolicyServer::ENotSupported /** _last_ + 1 to KMaxTInt */
+ };
+
+/** Individual policy elements */
+const CPolicyServer::TPolicyElement ConnectionServerElements[] =
+ {
+ { _INIT_SECURITY_POLICY_C1(ECapabilityNetworkServices), CPolicyServer::EFailClient },
+// { _INIT_SECURITY_POLICY_V1(KSymbianVID,ECapabilityNetworkServices), CPolicyServer::EFailClient }
+ };
+
+/** Main policy */
+const CPolicyServer::TPolicy ConnectionServerPolicy =
+ {
+ CPolicyServer::EAlwaysPass, /** Specifies all connect attempts should pass */
+ ConnectionServerRangeCount,
+ ConnectionServerRanges,
+ ConnectionServerElementsIndex,
+ ConnectionServerElements
+ };
+
+}
+
+CPolicyServer::TCustomResult
+CSocketServer::CustomSecurityCheckL(const RMessage2& aMsg, TInt& /*aAction*/, TSecurityInfo& /*aMissing*/)
+/**
+Implement custom security checking for IPCs marked with TSpecialCase::ECustomCheck
+
+Note that this only polices certain RConnection::Control(KCOLConnection) options that
+are implemented within ESOCK. NIFMAN will police the remainder of the options.
+
+*/
+ {
+ __ASSERT_ALWAYS(aMsg.Function() == ECNControl, Fault(ENotImplementedYet));
+
+ TInt optionLevel = aMsg.Int0();
+
+ if (optionLevel == KCOLConnection)
+ {
+ TInt optionName = aMsg.Int1();
+
+ switch(optionName)
+ {
+ case KCoEnumerateConnectionClients:
+ case KCoGetConnectionClientInfo:
+ case KCoEnumerateConnectionSockets:
+ case KCoGetConnectionSocketInfo:
+ {
+ return (ESock::SocketServerElements[ESock::policyNetworkControl].iPolicy.CheckPolicy(aMsg)) ? EPass : EFail;
+ }
+ default:
+ return EPass;
+ }
+ }
+
+ return EPass;
+ }
+