// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).

// All rights reserved.

// This component and the accompanying materials are made available

// under the terms of the License "Eclipse Public License v1.0"

// which accompanies this distribution, and is available

// at the URL "http://www.eclipse.org/legal/epl-v10.html".

//

// Initial Contributors:

// Nokia Corporation - initial contribution.

//

// Contributors:

//

// Description:

// e32\common\secure.cpp

// 

//

#define __INCLUDE_ALL_SUPPORTED_CAPABILITIES__

#include "common.h"

#ifdef __KERNEL_MODE__

#include <kernel/kernel.h>

#include <kernel/kern_priv.h>

#endif

// Check that the layout of TSecurityInfo and SSecurityInfo are the same

// because we use this assumption in the TSecurityInfo::Set methods

__ASSERT_COMPILE(_FOFF(TSecurityInfo,iSecureId)==_FOFF(SSecurityInfo,iSecureId));

__ASSERT_COMPILE(_FOFF(TSecurityInfo,iVendorId)==_FOFF(SSecurityInfo,iVendorId));

__ASSERT_COMPILE(_FOFF(TSecurityInfo,iCaps)==_FOFF(SSecurityInfo,iCaps));

#ifdef __KERNEL_MODE__

/**

Construct a TSecurityInfo setting it to the security attributes of aProcess.

@param aProcess A process.

*/

EXPORT_C TSecurityInfo::TSecurityInfo(DProcess* aProcess)

	{

	memcpy(this, &aProcess->iS, sizeof(SSecurityInfo));

	}

/**

Construct a TSecurityInfo setting it to the security attributes to those of the process

owning the specified thread.

@param aThread A thread.

*/

EXPORT_C TSecurityInfo::TSecurityInfo(DThread* aThread)

	{

	memcpy(this, &aThread->iOwningProcess->iS, sizeof(SSecurityInfo));

	}

#else

/**

Construct a TSecurityInfo setting it to the security attributes of aProcess.

@param aProcess A process.

*/

EXPORT_C TSecurityInfo::TSecurityInfo(RProcess aProcess)

	{

	Exec::ProcessSecurityInfo(aProcess.Handle(),*(SSecurityInfo*)this);

	}

/**

Construct a TSecurityInfo setting it to the security attributes to those of the process

owning the specified thread.

@param aThread A thread.

*/

EXPORT_C TSecurityInfo::TSecurityInfo(RThread aThread)

	{

	Exec::ThreadSecurityInfo(aThread.Handle(),*(SSecurityInfo*)this);

	}

/**

Construct a TSecurityInfo setting it to the security attributes of the process

which sent the message aMsgPtr

@param aMsgPtr a message

*/

EXPORT_C TSecurityInfo::TSecurityInfo(RMessagePtr2 aMsgPtr)

	{

	Exec::MessageSecurityInfo(aMsgPtr.Handle(),*(SSecurityInfo*)this);

	}

TInt TSecurityInfo::Set(RSessionBase aSession)

	{

	return Exec::SessionSecurityInfo(aSession.Handle(),*(SSecurityInfo*)this);

	}

/**

Sets this TSecurityInfo to the security attributes of this process' creator.

*/

EXPORT_C void TSecurityInfo::SetToCreatorInfo()

	{

	Exec::CreatorSecurityInfo(*(SSecurityInfo*)this);

	}

#endif //__KERNEL_MODE__

/**

Construct a set consisting of two capabilities.

@param aCapability1 The first capability.

@param aCapability2 The second capability.

*/

EXPORT_C TCapabilitySet::TCapabilitySet(TCapability aCapability1, TCapability aCapability2)

	{

	SetEmpty();

	AddCapability(aCapability1);

	AddCapability(aCapability2);

	}

/**

Make this set empty. I.e. Containing no capabilities.

*/

EXPORT_C void TCapabilitySet::SetEmpty()

	{

	memset(iCaps,0,sizeof(iCaps));

	}

/**

Make this set consist of all capabilities supported by this OS version.

*/

EXPORT_C void TCapabilitySet::SetAllSupported()

	{

	*(SCapabilitySet*)&iCaps=AllSupportedCapabilities;

	}

#ifndef __KERNEL_MODE__

// Documented in header file

EXPORT_C void TCapabilitySet::SetDisabled()

	{

	Exec::DisabledCapabilities(*(SCapabilitySet*)this);

	}

#endif // __KERNEL_MODE__

/**

Add a single capability to the set.

If the capability is not supported by this OS version then it is not added and

the set is left unchanged.

@see TCapabilitySet::SetAllSupported()

@param aCapability Capability to add.

*/

EXPORT_C void TCapabilitySet::AddCapability(TCapability aCapability)

	{

	if((TUint32)aCapability<(TUint32)ECapability_Limit)

		{

		TInt index = aCapability>>3;

		TUint8 mask = (TUint8)(1<<(aCapability&7));

		mask &= ((TUint8*)&AllSupportedCapabilities)[index];

		((TUint8*)iCaps)[index] |= mask;

		}

	}

/**

Remove a single capability from the set, if it is present.

@param aCapability Capability to remove.

*/

EXPORT_C void TCapabilitySet::RemoveCapability(TCapability aCapability)

	{

	if((TUint32)aCapability<(TUint32)ECapability_Limit)

		{

		TInt index = aCapability>>3;

		TUint8 mask = (TUint8)(1<<(aCapability&7));

		((TUint8*)iCaps)[index] &= ~mask;

		}

	}

/**

Perform a union of this capability set with another.

The result replaces the content of 'this'.

@param aCapabilities A cpability set

*/

EXPORT_C void TCapabilitySet::Union(const TCapabilitySet& aCapabilities)

	{

	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)

		iCaps[n] |= aCapabilities.iCaps[n];

	}

/**

Perform an intersection of this capability set with another.

The result replaces the content of 'this'.

@param aCapabilities A capability set

*/

EXPORT_C void TCapabilitySet::Intersection(const TCapabilitySet& aCapabilities)

	{

	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)

		iCaps[n] &= aCapabilities.iCaps[n];

	}

/**

Remove a set of capabilities from this set.

@param aCapabilities The set of capabilities to remove

*/

EXPORT_C void TCapabilitySet::Remove(const TCapabilitySet& aCapabilities)

	{

	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)

		iCaps[n] &= ~aCapabilities.iCaps[n];

	}

/**

Test if a single capability is present in the set.

The capability ECapability_None is always treated as being present.

@param aCapability The capability to test

@return 1 if the capability is present, 0 if it is not.

*/

EXPORT_C TBool TCapabilitySet::HasCapability(TCapability aCapability) const

	{

	if((TUint32)aCapability<(TUint32)ECapability_Limit)

		return (((TUint8*)iCaps)[aCapability>>3]>>(aCapability&7))&1;

	// coverity[dead_error_condition]

	if(aCapability==ECapability_None)

		return ETrue;

	return EFalse;  // Handles illegal argument and ECapability_Denied

	}

/**

Test if all the capabilities in a given set are present in this set

@param aCapabilities The capability set to test

@return A non-zero value if all the capabilities are present, zero otherwise.

*/

EXPORT_C TBool TCapabilitySet::HasCapabilities(const TCapabilitySet& aCapabilities) const

	{

	TUint32 checkFail=0;

	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)

		checkFail |= aCapabilities.iCaps[n]&~iCaps[n];

	return checkFail?0:1;

	}

// Documented in header file

TBool TCapabilitySet::NotEmpty() const

	{

	TUint32 notEmpty=0;

	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)

		notEmpty |= iCaps[n];

	return notEmpty;

	}

//ECapability_None is assumed to be -1 in the internals of TSecurityPolicy

__ASSERT_COMPILE(ECapability_None == -1);

/** Constructs a TSecurityPolicy to either always pass or always fail checks made

against it, depending on the value of aType.

@param aType Must be one of EAlwaysPass or EAlwaysFail

@panic USER 191 if aType is not a valid value

*/

EXPORT_C TSecurityPolicy::TSecurityPolicy(TSecPolicyType aType)

	: iType((TUint8)aType), iSecureId(TUint32(ECapability_None))

	{

	//This constructor uses TSecPolicyType as public alias for the internal

	//TType.  Thus EAlwaysFail must have the same value as ETypeFail (same with the

	//pass case too).

	__ASSERT_COMPILE(EAlwaysFail == (TSecPolicyType)ETypeFail);

	__ASSERT_COMPILE(EAlwaysPass == (TSecPolicyType)ETypePass);

	__ASSERT_ALWAYS(aType == EAlwaysFail || aType == EAlwaysPass, Panic(ETSecPolicyTypeInvalid));

	iCaps[0] = (TUint8)ECapability_None;

	iCaps[1] = (TUint8)ECapability_None;

	iCaps[2] = (TUint8)ECapability_None;

	}

/** Construct a TSecurityPolicy object to check up to 3 capabilties.

@param aCap1 The first capability to add to this policy

@param aCap2 An optional second capability to add to this policy

@param aCap3 An optional third capability to add to this policy

@panic USER 189 If any of the supplied capabilities are not valid.

*/

EXPORT_C TSecurityPolicy::TSecurityPolicy(TCapability aCap1, TCapability aCap2, TCapability aCap3)

	//iSecureId=0xFFFFFFFF sets iExtraCaps[0-3] each to ECapability_None (==0xFF)

	: iType(ETypeC3), iSecureId(TUint32(ECapability_None))

	{

	ConstructAndCheck3(aCap1, aCap2, aCap3);

	}

/** Construct a TSecurityPolicy object to check up to 7 capabilties.

@param aCap1 The first capability to add to this policy

@param aCap2 The second capability to add to this policy

@param aCap3 The third capability to add to this policy

@param aCap4 The fourth capability to add to this policy

@param aCap5 An optional fifth capability to add to this policy

@param aCap6 An optional sixth capability to add to this policy

@param aCap7 An optional seventh capability to add to this policy

@panic USER 189 If any of the supplied capabilities are not valid.

*/

EXPORT_C TSecurityPolicy::TSecurityPolicy(TCapability aCap1, TCapability aCap2, 

	TCapability aCap3, TCapability aCap4, TCapability aCap5, TCapability aCap6, TCapability aCap7)

	: iType(ETypeC7)  

	{

	ConstructAndCheck3(aCap1, aCap2, aCap3);

	__ASSERT_COMPILE(ECapability_None==-1); // Our argument check below assumes this

	__ASSERT_ALWAYS(  (TUint)(aCap4+1)<=(TUint)ECapability_Limit

					&&(TUint)(aCap5+1)<=(TUint)ECapability_Limit

					&&(TUint)(aCap6+1)<=(TUint)ECapability_Limit

					&&(TUint)(aCap7+1)<=(TUint)ECapability_Limit

					,Panic(ECapabilityInvalid));

	iExtraCaps[0] = (TUint8)aCap4;

	iExtraCaps[1] = (TUint8)aCap5;

	iExtraCaps[2] = (TUint8)aCap6;

	iExtraCaps[3] = (TUint8)aCap7;

	}

/** Construct a TSecurityPolicy object to check a secure id and up to 3 capabilties.

@param aSecureId The secure id to add to this policy

@param aCap1 The first capability to add to this policy

@param aCap2 The second capability to add to this policy

@param aCap3 The third capability to add to this policy

@panic USER 189 If any of the supplied capabilities are not valid.

*/

EXPORT_C TSecurityPolicy::TSecurityPolicy(TSecureId aSecureId, 

	TCapability aCap1, TCapability aCap2, TCapability aCap3)

	: iType(ETypeS3), iSecureId(aSecureId)

	{

	ConstructAndCheck3(aCap1, aCap2, aCap3);

	}

/** Construct a TSecurityPolicy object to check a vendor id and up to 3 capabilties.

@param aVendorId The vendor id to add to this policy

@param aCap1 The first capability to add to this policy

@param aCap2 The second capability to add to this policy

@param aCap3 The third capability to add to this policy

@panic USER 189 If any of the supplied capabilities are not valid.

*/

EXPORT_C TSecurityPolicy::TSecurityPolicy(TVendorId aVendorId, 

	TCapability aCap1, TCapability aCap2, TCapability aCap3)

	: iType(ETypeV3), iVendorId(aVendorId)

	{

	ConstructAndCheck3(aCap1, aCap2, aCap3);

	}

/** Sets up iCaps[0-2] with supplied values and checks for their validity.

@panic USER 189 If any of the supplied capabilities are invalid.

*/

void TSecurityPolicy::ConstructAndCheck3(TCapability aCap1, TCapability aCap2, TCapability aCap3)

	{

	__ASSERT_COMPILE(ECapability_None==-1); // Our argument check below assumes this

	__ASSERT_ALWAYS(  (TUint)(aCap1+1)<=(TUint)ECapability_Limit

					&&(TUint)(aCap2+1)<=(TUint)ECapability_Limit

					&&(TUint)(aCap3+1)<=(TUint)ECapability_Limit

					,Panic(ECapabilityInvalid));

	iCaps[0] = (TUint8)aCap1;

	iCaps[1] = (TUint8)aCap2;

	iCaps[2] = (TUint8)aCap3;

	}

/**

Checks that this object is in a valid state

@return A non-zero value if this object is valid, zero otherwise.

@internalComponent

*/

TBool TSecurityPolicy::Validate() const

	{

	switch(iType)

		{

		case ETypeFail:

		case ETypePass:

			if(iSecureId!=TUint32(ECapability_None))

				return EFalse;

			__ASSERT_COMPILE(TUint8(ECapability_None)==0xffu); // Test below assumes this...

			if((iCaps[0]&iCaps[1]&iCaps[2])!=TUint8(ECapability_None)) // check caps 0 to 2 are each == ECapability_None

				return EFalse;

			return ETrue;

		case ETypeC7:

			return ETrue;

		case ETypeC3:

			if(iSecureId!=TUint32(ECapability_None))

				return EFalse;

			return ETrue;

		case ETypeS3:

		case ETypeV3:

			return ETrue;

		default:

			return EFalse;

		}

	}

/** Sets this TSecurityPolicy to a copy of the policy described by the

supplied descriptor. Such a descriptor can be obtained from

TSecurityPolicy::Package().

@see TSecurityPolicy::Package()

@param aDes A descriptor representing the state of another TSecurityPolicy.

@return KErrNone, if successful, otherwise one of the other system-wide error

codes.

*/

EXPORT_C TInt TSecurityPolicy::Set(const TDesC8& aDes)

	{

	if(aDes.Size() == sizeof(TSecurityPolicy))

		{

		*this = *(TSecurityPolicy*)aDes.Ptr();

		if(Validate())

			return KErrNone;

		}

	// Set failed so set up the policy as an EAlwaysFail case.

	iType = EAlwaysFail;

	iCaps[0] = TUint8(ECapability_None);

	iCaps[1] = TUint8(ECapability_None);

	iCaps[2] = TUint8(ECapability_None);

	iSecureId = TUint32(ECapability_None);

	return KErrArgument;

	}

/** 

Constructs a TPtrC8 wrapping the platform security attributes of this

TSecurityPolicy.  Such a descriptor is suitable for passing across the

client server boundary.

The format of the descriptor is determined by the first byte which specifies 

the type of this TSecurityPolicy.  The first byte is one of the constants

specified in the enum TSecurityPolicy::TType.

For TSecurityPolicy objects of types ETypeC3, ETypeS3, ETypePass or ETypeFail

the descriptor will contain the following data in the order listed:

@code

	TUint8 iType; 		// set to ETypeC3, ETypeS3, ETypePass or ETypeFail

	TUint8 iCaps[3];

	TUint32 iSecureId;

@endcode

ETypeC3 descriptors will contain capabilities in iCaps but have iSecureId set

to ECapability_None.  ETypeS3 are similar to ETypeC3 descriptors but will have

iSecureId set to the secure ID value of the TSecurityPolicy object.

ETypePass and ETypeFail objects will have values of all of the elements of iCaps

and iSecureId set to ECapability_None.

For TSecurityPolicy objects of type ETypeV3 the descriptor will contain the

following data in the order listed:

@code

	TUint8 iType;		// set to ETypeV3

	TUint8 iCaps[3];	// set to the values of 3 capabilities

	TUint32 iVendorId;	// set to the value of the vendor ID of the TSecurityPolicy

@endcode

For TSecurityPolicy objects of type ETypeC7 the descriptor will contain the

following data in the order listed:

@code

	TUint8 iType;			// set to ETypeC7

	TUint8 iCaps[3];		// set to the values of 3 of the objects capabilities

	TUint8 iExtraCaps[4];	// set to the values of 4 of the objects capabilities

@endcode

@see TSecurityPolicy::TType

@see TSecurityPolicy::Set()

@return A TPtrC8 wrapping the platform security attributes of this TSecurityPolicy.

*/

EXPORT_C TPtrC8 TSecurityPolicy::Package() const

	{

	return TPtrC8((TUint8*)(this), sizeof(TSecurityPolicy));

	}

/** Checks this policy against the supplied SSecurityInfo.

@param aSecInfo The SSecurityInfo object to check against this TSecurityPolicy.

@param aMissing A SSecurityInfo object which this method fills with any capabilities or IDs

				it finds to be missing. This is designed to help generating diagnostic messages.

@return ETrue if all the requirements of this TSecurityPolicy are met, EFalse

@panic USER 190 if aSecInfo is an invalid SSecurityInfo object

otherwise.

*/

TBool TSecurityPolicy::CheckPolicy(const SSecurityInfo& aSecInfo, SSecurityInfo& aMissing) const

	{

	TBool result = EFalse;

	//It is thought to be by far the most common case to have 3 or less

	//capabilities in a policy.  Hence we'll set this for all of them even

	//though ETypePass doesn't need it.

	aMissing.iSecureId = 0;

	aMissing.iVendorId = 0;

	__ASSERT_COMPILE(SCapabilitySet::ENCapW == 2);

	aMissing.iCaps[0] = 0;

	aMissing.iCaps[1] = 0;

	aMissing.iCaps.AddCapability((TCapability)(iCaps[0]));

	aMissing.iCaps.AddCapability((TCapability)(iCaps[1]));

	aMissing.iCaps.AddCapability((TCapability)(iCaps[2]));

	aMissing.iCaps.Remove(aSecInfo.iCaps);

	switch(iType)

		{

		case ETypeFail:

			//result already False;

			break;

		case ETypePass:

			result = ETrue;	

			break;

		case ETypeC7:

			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[0]));

			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[1]));

			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[2]));

			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[3]));

			aMissing.iCaps.Remove(aSecInfo.iCaps);

			//It is intentional that there is no break statement here

		case ETypeC3:

			if(!aMissing.iCaps.NotEmpty())

				{

				result = ETrue;

				}

			break;

		case ETypeS3:

			if(!aMissing.iCaps.NotEmpty() && iSecureId == aSecInfo.iSecureId)

				{

				result = ETrue;

				}

			//This else if required to set the aMissing.iCaps secure id for diagnostics.

			//Doesn't affect pass case.

			else if(iSecureId != aSecInfo.iSecureId) 

				{

				aMissing.iSecureId = iSecureId;

				}

			break;

		case ETypeV3:

			if(!aMissing.iCaps.NotEmpty() && iVendorId == aSecInfo.iVendorId)

				{

				result = ETrue;

				}

			else if(iVendorId != aSecInfo.iVendorId)

				{

				aMissing.iVendorId = iVendorId;

				}

			break;

		default:

			Panic(ESecurityPolicyCorrupt);

			break;

		}

	return result;

	}

#ifndef __KERNEL_MODE__

/** Checks this policy against the platform security attributes of aProcess.

	When a check fails the action taken is determined by the system wide Platform Security