diff -r 000000000000 -r dfb7c4ff071f datacommsserver/esockserver/ssock/ss_secpol.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/datacommsserver/esockserver/ssock/ss_secpol.cpp Thu Dec 17 09:22:25 2009 +0200 @@ -0,0 +1,193 @@ +// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies). +// All rights reserved. +// This component and the accompanying materials are made available +// under the terms of "Eclipse Public License v1.0" +// which accompanies this distribution, and is available +// at the URL "http://www.eclipse.org/legal/epl-v10.html". +// +// Initial Contributors: +// Nokia Corporation - initial contribution. +// +// Contributors: +// +// Description: +// Security Policy definitions for Platform security. +// +// + +/** + @file SS_SECPOL.CPP + @internalComponent +*/ + +#include +#include +#ifdef SYMBIAN_ENABLE_SPLIT_HEADERS +#include +#include +#endif +#include +#include +#include "ss_secpol.h" + +namespace ESock +{ + +// NOTE: why does the following generate an error in ARMv5 indicating that esocksvr.dll +// has initialised data ? +// _LIT_VENDOR_ID(KSymbianVID,0x70000001); +// + +/** The Symbian Vendor ID. */ +const TUint KSymbianVID = 0x70000001; + +/** Socket Server Security Policy Definitions */ +const TUint SocketServerRangeCount = 5; + +// + +/** Definition of IPC ranges that each cover the same policy */ +const TInt SocketServerRanges[SocketServerRangeCount] = + { + ESSInstallExtension, // policyNetworkControl + ECNControl, // policyCustom + ESoCreate, // policyDeferred +//- To the system "deferred" and "pass" are identical, so no separate range to check +//- ESSNumProtocols, // policyPass + ESSDbgMarkHeap, // policyVIDandNetworkControl + ESSInvalidFunction // fail (to KMaxTInt) + }; + +/** Index numbers into SocketServerElements[] */ +const TInt policyNetworkControl = 0; +const TInt policyPass = 1; +const TInt policyDeferred = policyPass; +const TInt policyVIDandNetworkControl = 2; +const TInt policyCustom = CPolicyServer::ECustomCheck; + +/** Mapping of IPCs to policy elements */ +const TUint8 SocketServerElementsIndex[SocketServerRangeCount] = + { + policyNetworkControl, /** ESSInstallExtension */ + policyCustom, /** ECNControl */ + policyDeferred, /** ESoCreate */ + policyVIDandNetworkControl, /** ESSDbgMarkHeap */ + CPolicyServer::ENotSupported/** ESSInvalidFunction to KMaxTInt */ + }; + +/** Individual policy elements */ +const CPolicyServer::TPolicyElement SocketServerElements[] = + { + { _INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl), CPolicyServer::EFailClient }, + { _INIT_SECURITY_POLICY_PASS }, + { _INIT_SECURITY_POLICY_V1(KSymbianVID,ECapabilityNetworkControl), CPolicyServer::EFailClient } + }; + +/** Main policy */ +const CPolicyServer::TPolicy SocketServerPolicy = + { + CPolicyServer::EAlwaysPass, /** Specifies all connect attempts should pass */ + SocketServerRangeCount, + SocketServerRanges, + SocketServerElementsIndex, + SocketServerElements + }; + +/** Connection Server Security Policy Definitions */ +const TUint ConnectionServerRangeCount = 8; + +/** Definition of IPC ranges that each cover the same policy */ +const TInt ConnectionServerRanges[ConnectionServerRangeCount] = + { + ECMCreate, + ECMAttachToTierManager + 1, + + ECMAccessPointStatusQuery_DoThenGetResultOrSize, + ECMAccessPointStatusQuery_Cancel + 1, + + ECMAccessPointNotification_SetupThenAwaitThenGetResultOrSize, + ECMAccessPointNotification_Cancel + 1, + + ECMApiExtBindIface, + ECMApiExtIfaceClose + 1 + }; + +/** Index numbers into ConnectionServerElements[] */ +const TInt csPolicyNetworkServices = 0; +//const TInt csPolicyVIDandNetworkServices = 1; + +/** Mapping of IPCs to policy elements */ +const TUint8 ConnectionServerElementsIndex[ConnectionServerRangeCount] = + { + csPolicyNetworkServices, /** ECMCreate */ + /** ECMClose */ + /** ECMAttachToTierManager */ + CPolicyServer::ENotSupported, /** gap */ + csPolicyNetworkServices, /** ECMAccessPointStatusQuery_DoThenGetResultOrSize */ + /** ECMAccessPointStatusQuery_GetResult */ + /** ECMAccessPointStatusQuery_Cancel */ + CPolicyServer::ENotSupported, /** gap */ + csPolicyNetworkServices, /** ECMAccessPointNotification_SetupThenAwaitThenGetResultOrSize */ + /** ECMAccessPointNotification_AwaitThenGetResultOrSize */ + /** ECMAccessPointNotification_GetResult */ + /** ECMAccessPointNotification_Cancel */ + CPolicyServer::ENotSupported , /** gap */ + csPolicyNetworkServices, /** ECMApiExtBindIface */ + /** ECMApiExtBindSendReceive */ + CPolicyServer::ENotSupported /** _last_ + 1 to KMaxTInt */ + }; + +/** Individual policy elements */ +const CPolicyServer::TPolicyElement ConnectionServerElements[] = + { + { _INIT_SECURITY_POLICY_C1(ECapabilityNetworkServices), CPolicyServer::EFailClient }, +// { _INIT_SECURITY_POLICY_V1(KSymbianVID,ECapabilityNetworkServices), CPolicyServer::EFailClient } + }; + +/** Main policy */ +const CPolicyServer::TPolicy ConnectionServerPolicy = + { + CPolicyServer::EAlwaysPass, /** Specifies all connect attempts should pass */ + ConnectionServerRangeCount, + ConnectionServerRanges, + ConnectionServerElementsIndex, + ConnectionServerElements + }; + +} + +CPolicyServer::TCustomResult +CSocketServer::CustomSecurityCheckL(const RMessage2& aMsg, TInt& /*aAction*/, TSecurityInfo& /*aMissing*/) +/** +Implement custom security checking for IPCs marked with TSpecialCase::ECustomCheck + +Note that this only polices certain RConnection::Control(KCOLConnection) options that +are implemented within ESOCK. NIFMAN will police the remainder of the options. + +*/ + { + __ASSERT_ALWAYS(aMsg.Function() == ECNControl, Fault(ENotImplementedYet)); + + TInt optionLevel = aMsg.Int0(); + + if (optionLevel == KCOLConnection) + { + TInt optionName = aMsg.Int1(); + + switch(optionName) + { + case KCoEnumerateConnectionClients: + case KCoGetConnectionClientInfo: + case KCoEnumerateConnectionSockets: + case KCoGetConnectionSocketInfo: + { + return (ESock::SocketServerElements[ESock::policyNetworkControl].iPolicy.CheckPolicy(aMsg)) ? EPass : EFail; + } + default: + return EPass; + } + } + + return EPass; + } +