|
1 // Copyright (c) 2006-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
2 // All rights reserved. |
|
3 // This component and the accompanying materials are made available |
|
4 // under the terms of the License "Eclipse Public License v1.0" |
|
5 // which accompanies this distribution, and is available |
|
6 // at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
7 // |
|
8 // Initial Contributors: |
|
9 // Nokia Corporation - initial contribution. |
|
10 // |
|
11 // Contributors: |
|
12 // |
|
13 // Description: |
|
14 // Definitions for the security server server side session. |
|
15 // |
|
16 // |
|
17 |
|
18 #ifndef C_SECURITY_SVR_SESSION_H |
|
19 #define C_SECURITY_SVR_SESSION_H |
|
20 |
|
21 /** |
|
22 @file |
|
23 @internalTechnology |
|
24 @released |
|
25 */ |
|
26 |
|
27 // forward declaration |
|
28 class CSecuritySvrAsync; |
|
29 |
|
30 #include "c_security_svr_async.h" |
|
31 #include <f32file.h> |
|
32 |
|
33 #include <rm_debug_api.h> |
|
34 |
|
35 #include "rm_debug_kerneldriver.h" |
|
36 |
|
37 // Server name |
|
38 _LIT(KDebugDriverName,"RunMode Debug Driver"); |
|
39 |
|
40 class CSecuritySvrServer; |
|
41 |
|
42 /** |
|
43 Debug Security Server session. Manages the session with one debug agent and |
|
44 as many target executables as it has attached to. |
|
45 */ |
|
46 class CSecuritySvrSession : public CSession2 |
|
47 { |
|
48 public: |
|
49 CSecuritySvrSession(); |
|
50 ~CSecuritySvrSession(); |
|
51 void ConstructL (); |
|
52 void CreateL(); |
|
53 |
|
54 TInt OpenHandle(const TRM_DebugDriverInfo& aDriverInfo); |
|
55 void ServiceL(const RMessage2& aMessage); |
|
56 void ServiceError(const RMessage2 &aMessage, TInt aError); |
|
57 |
|
58 void ResumeThreadL(const RMessage2& aMessage); |
|
59 void SuspendThreadL(const RMessage2& aMessage); |
|
60 //break |
|
61 void SetBreakL(const RMessage2& aMessage); |
|
62 void ClearBreakL(const RMessage2& aMessage); |
|
63 void ModifyBreakL(const RMessage2& aMessage); |
|
64 void BreakInfoL(const RMessage2& aMessage); |
|
65 |
|
66 void StepRangeL(const RMessage2& aMessage); |
|
67 |
|
68 void GetEventL(const RMessage2& aMessage); |
|
69 void CancelGetEventL(const RMessage2& aMessage); |
|
70 |
|
71 void AttachProcessL(const RMessage2& aMessage); |
|
72 void DetachProcessL(const RMessage2& aMessage); |
|
73 //debug functionality |
|
74 void GetDebugFunctionalityBufSizeL(const RMessage2& aMessage); |
|
75 void GetDebugFunctionalityL(const RMessage2& aMessage); |
|
76 //memory |
|
77 void ReadMemoryL(const RMessage2& aMessage); |
|
78 void WriteMemoryL(const RMessage2& aMessage); |
|
79 //registers |
|
80 void ReadRegistersL(const RMessage2& aMessage); |
|
81 void WriteRegistersL(const RMessage2& aMessage); |
|
82 //event |
|
83 void SetEventActionL(const RMessage2& aMessage); |
|
84 |
|
85 void GetListL(const RMessage2& aMessage); |
|
86 void StepL(const RMessage2& aMessage); |
|
87 void TraceExecutableL(const RMessage2& aMessage); |
|
88 |
|
89 //crash log |
|
90 void ReadCrashLogL(const RMessage2& aMessage); |
|
91 void WriteCrashConfigL(const RMessage2& aMessage); |
|
92 void EraseCrashLogL(const RMessage2& aMessage); |
|
93 void EraseEntireCrashLogL(const RMessage2& aMessage); |
|
94 |
|
95 void SetProcessBreakL(const RMessage2& aMessage); |
|
96 void ModifyProcessBreakL(const RMessage2& aMessage); |
|
97 void ProcessBreakInfoL(const RMessage2& aMessage); |
|
98 |
|
99 void KillProcessL(const RMessage2& aMessage); |
|
100 |
|
101 TCapabilitySet GetOEMDebugCapabilities(void) const { return iOEMDebugCapabilities; }; |
|
102 |
|
103 #ifdef _DEBUG |
|
104 void DoFailAlloc(const RMessage2& aMessage); |
|
105 #endif |
|
106 |
|
107 private: |
|
108 CSecuritySvrServer& Server() const; |
|
109 void HeapWatcher(const TUint32 aFunction, const TBool aEntry) const; |
|
110 void WriteDataL(const RMessage2& aMessage, const TInt aIndex, const TAny* aPtr, const TUint32 aPtrSize) const; |
|
111 void StoreDebugAgentId(const TProcessId aDebugAgentProcessId); |
|
112 void CheckAttachedL(const TThreadId aThreadId, const RMessage2& aMessage, const TBool aPassive) const; |
|
113 void CheckAttachedL(const TProcessId aProcessId, const RMessage2& aMessage, const TBool aPassive) const; |
|
114 TBool PermitDebugL(const TProcessId aDebugAgentProcessId, const TDesC& aTargetProcessName) const; |
|
115 TBool IsDebugged(const TDesC& aFileName, const TBool aPassive) const; |
|
116 void OpenFileHandleL(const TDesC& aFileName, RFs& aFs, RFile& aFileHandle); |
|
117 TBool IsTraceBitSet(const TDesC8& aHeaderData, const TBool aXip); |
|
118 TBool IsDebugBitSet(const TDesC8& aHeaderData, const TBool aXip); |
|
119 TBool CheckSufficientData(const TDesC8& aHeaderData, const TBool aXip) const; |
|
120 |
|
121 void ValidateMemoryInfoL(const TThreadId aThreadId, const Debug::TMemoryInfo &aMemoryInfo, const TBool aReadOperation); |
|
122 void ValidateRegisterBuffersL(const RMessage2& aMessage, TUint32& aNumberOfRegisters); |
|
123 |
|
124 TInt GetExecutablesListL(TDes8& aBuffer, TUint32& aSize) const; |
|
125 void AppendExecutableData(TDes8& aBuffer, TUint32& aSize, const TDesC& aEntryName) const; |
|
126 void GetSecureIdL(const TDesC& aFileName, TUid& aSecureId); |
|
127 TUid GetSecureIdL(const TDesC8& aHeaderData, TBool aXip); |
|
128 |
|
129 void IsDebuggableL(const TDesC& aFileName); |
|
130 TThreadId ReadTThreadIdL(const RMessagePtr2& aMessage, const TInt aIndex) const; |
|
131 TProcessId ReadTProcessIdL(const RMessagePtr2& aMessage, const TInt aIndex) const; |
|
132 TBool IsExecutableXipL(RFile& aExecutable); |
|
133 |
|
134 void ConnectCrashPartitionL(void); |
|
135 |
|
136 void GetDebugAgentOEMTokenCapsL(); |
|
137 TInt CheckFlashAccessPermissionL(const RThread aClientThread); |
|
138 |
|
139 // Declare the CSecuritySvrAsync as a friend so it can use the iKernelDriver too |
|
140 friend class CSecuritySvrAsync; |
|
141 |
|
142 private: |
|
143 /** |
|
144 Flag to indicate whether we have stored the TProcessId associated with the Debug Agent. |
|
145 */ |
|
146 TBool iDebugAgentProcessIdStored; |
|
147 |
|
148 /** |
|
149 The TProcessId of the Debug Agent associated with this session. A convenience to |
|
150 save looking it up repeatedly. |
|
151 */ |
|
152 TProcessId iDebugAgentProcessId; |
|
153 /** |
|
154 Need an array of async completion objects, one for each target executable. |
|
155 */ |
|
156 RPointerArray<CSecuritySvrAsync> iAsyncHandlers; |
|
157 |
|
158 /** |
|
159 Used to track whether the Debug Agent has been notified when closing the session. |
|
160 */ |
|
161 TBool iServerNotified; |
|
162 |
|
163 /** |
|
164 OEM Debug token support. This is only used when the Debug Agent has OEM debug |
|
165 authority provided by a specific authorisation token file. This token confers |
|
166 the ability to debug certain executables which have not been built as 'Debuggable'. |
|
167 |
|
168 The OEM Debug token executable must be marked with 'AllFiles', as this is analogous |
|
169 to looking 'inside' executables - with AllFiles, it could read all the data out of an |
|
170 executable in \sys\bin\. In addition, since debug control of an executable implies the |
|
171 ability to execute arbitrary code within the target process space, this would imply that |
|
172 a Debug Agent could use any PlatSec capability which that target process possessed. |
|
173 |
|
174 Therefore, we require that the OEM Debug Token must also be marked with a superset of |
|
175 the PlatSec capabilities of the executable which is to be debugged. This means the |
|
176 Debug Agent is not granted more access/PlatSec capabilities than its authorisation |
|
177 token allows, and cannot exploit a target executable to leverage greater access than |
|
178 should be permitted. |
|
179 |
|
180 iTargetCapabilities tracks which PlatSec capabilities the target executables may |
|
181 possess and still be debugged by this debug agent. The capabilities are NOT those |
|
182 of the debug agent process, they are the capabilites indicated in the OEM Debug Token |
|
183 which describe the capabilities the debug agent is authorised to debug. E.g. a Debug |
|
184 Agent might use CommsDD, but wish to debug a DRM capable executable. In that case, the |
|
185 Debug Agent exe must be signed with CommsDD, but the OEM Debug Token need only possess |
|
186 DRM and AllFiles (permission to look inside another executable). |
|
187 */ |
|
188 TCapabilitySet iOEMDebugCapabilities; |
|
189 |
|
190 //RLocalDrive to access the crash Flash |
|
191 RLocalDrive iLocalDrive; |
|
192 |
|
193 //For NOR flash |
|
194 TLocalDriveCapsV2 iCaps; |
|
195 |
|
196 /** |
|
197 * If true means the local drive connected to the crash partition else connect |
|
198 * when access required to crash flash partition for read operation |
|
199 */ |
|
200 TBool iCrashConnected; |
|
201 }; |
|
202 |
|
203 |
|
204 #endif // C_SECURITY_SVR_SESSION_H |
|
205 |