kerneltest/e32test/secure/t_capsup.cpp
changeset 0 a41df078684a
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/kerneltest/e32test/secure/t_capsup.cpp	Mon Oct 19 15:55:17 2009 +0100
@@ -0,0 +1,1735 @@
+// Copyright (c) 2001-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of the License "Eclipse Public License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.eclipse.org/legal/epl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// e32test\secure\t_capsup.cpp
+// Overview:
+// Test support of platform security capabilities.
+// API Information:
+// TCapabilitySet, TSecurityInfo, TSecurityPolicy and various other methods.
+// Details:
+// - Verify the enumeration of each of the capability names.
+// - Test the TCapabilitySet class methods by setting and checking various
+// capabilities. Verify results are as expected.
+// - Test the TSecurityInfo class methods and verify results.
+// - Test the RProcess, RThread and RMessage2 SecureId() methods along with
+// User::CreatorSecureId(). Verify results are as expected.
+// - Test the RProcess, RThread and RMessage2 VendorId() methods along with
+// User::CreatorVendorId(). Verify results are as expected.
+// - Test the RProcess, RThread and RMessage2 HasCapability() methods along
+// with User::CreatorHasCapability(). Verify results are as expected.
+// - Test TSecurityPolicy constructors including macros for compile-time
+// construction. Verify results are as expected.
+// - Test kernel APIs.  Verify results are as expected.
+// - Test setting KernelConfigFlags.  Ensure that, if __PLATSEC_UNLOCKED__
+// is not set, the PlatSec flags cannot be unset.
+// - Test the use of platform security diagnostic strings.
+// Platforms/Drives/Compatibility:
+// All.
+// Assumptions/Requirement/Pre-requisites:
+// Failures and causes:
+// Base Port information:
+// 
+//
+
+#define __INCLUDE_CAPABILITY_NAMES__
+#define __E32TEST_EXTENSION__
+
+#include <e32cmn.h>
+#include <e32cmn_private.h>
+#include <u32exec.h>
+#include <e32test.h>
+#include <e32def.h>
+#include <e32def_private.h>
+#include "d_sldd.h"
+
+TBool PlatSecEnforcement;
+
+_LIT_SECURE_ID(KTestSecureId,0x101f534d);
+_LIT_SECURE_ID(KTestSecureId2,0x101f534e);
+_LIT_VENDOR_ID(KTestVendorId,0x01234567);
+_LIT_VENDOR_ID(KTestVendorId2,0x01234568);
+
+const TUint32 KTestCapabilities =(1<<ECapabilityTCB)
+								|(1<<ECapabilityPowerMgmt)
+								|(1<<ECapabilityReadDeviceData)
+								|(1<<ECapabilityDRM)
+								|(1<<ECapabilityProtServ)
+								|(1<<ECapabilityNetworkControl)
+								|(1<<ECapabilitySwEvent)
+								|(1<<ECapabilityLocalServices)
+								|(1<<ECapabilityWriteUserData)
+								|(1<<ECapabilitySurroundingsDD);
+
+LOCAL_D RTest test(_L("T_CAPSUP"));
+
+enum TTestProcessFunctions
+	{
+	ETestProcessServer,
+	};
+
+#include "testprocess.h"
+
+TInt StartServer();
+
+TInt DoTestProcess(TInt aTestNum,TInt aArg1,TInt aArg2)
+	{
+	(void)aArg1;
+	(void)aArg2;
+
+	switch(aTestNum)
+		{
+
+	case ETestProcessServer:
+		return StartServer();
+
+	default:
+		User::Panic(_L("T_CAPSUP"),1);
+		}
+
+	return KErrNone;
+	}
+
+
+
+//
+// RTestThread
+//
+
+class RTestThread : public RThread
+	{
+public:
+	void Create(TThreadFunction aFunction,TAny* aArg=0);
+	};
+
+void RTestThread::Create(TThreadFunction aFunction,TAny* aArg)
+	{
+	TInt r=RThread::Create(_L(""),aFunction,KDefaultStackSize,KDefaultStackSize,KDefaultStackSize,aArg);
+	test(r==KErrNone);
+	}
+
+
+//
+// CTestSession
+//
+
+class CTestSession : public CSession2
+	{
+public:
+	enum {EShutdown,
+		ETestProcessSecurityInfo,ETestThreadSecurityInfo,ETestMessageSecurityInfo,ETestCreatorSecurityInfo,
+		ETestProcessSecureId,ETestThreadSecureId,ETestMessageSecureId,ETestCreatorSecureId,
+		ETestProcessVendorId,ETestThreadVendorId,ETestMessageVendorId,ETestCreatorVendorId,
+		ETestProcessHasCapability1,ETestProcessHasCapability2,
+		ETestThreadHasCapability1,ETestThreadHasCapability2,
+		ETestMessageHasCapability1,ETestMessageHasCapability2,
+		ETestMessageHasCapabilityL1,ETestMessageHasCapabilityL2,
+		ETestCreatorHasCapability1,ETestCreatorHasCapability2,
+		ETestSecurityPolicyAgainstMessage,
+		ETestSecurityPolicyAgainstCreator
+		};
+	enum {EPolicyCheckPassed = 15, EPolicyCheckFailed = 16};
+public:
+	CTestSession();
+	virtual void ServiceL(const RMessage2& aMessage);
+public:
+	};
+
+CTestSession::CTestSession()
+	: CSession2()
+	{}
+
+void CTestSession::ServiceL(const RMessage2& aMessage)
+	{
+	const RMessagePtr2 m(aMessage);
+	switch (aMessage.Function())
+		{
+		case CTestSession::ETestProcessSecureId:
+			{
+			RProcess process;
+			TInt r=process.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				r = process.SecureId();
+				process.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestThreadSecureId:
+			{
+			RThread thread;
+			TInt r=thread.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				r = thread.SecureId();
+				thread.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestMessageSecureId:
+			{
+			TInt32 id = m.SecureId();
+			m.Complete(id);
+			}
+			break;
+
+		case CTestSession::ETestCreatorSecureId:
+			{
+			m.Complete(User::CreatorSecureId());
+			}
+			break;
+
+		case CTestSession::ETestProcessVendorId:
+			{
+			RProcess process;
+			TInt r=process.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				r = process.VendorId();
+				process.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestThreadVendorId:
+			{
+			RThread thread;
+			TInt r=thread.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				r = thread.VendorId();
+				thread.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestMessageVendorId:
+			{
+			TInt32 id = m.VendorId();
+			m.Complete(id);
+			}
+			break;
+
+		case CTestSession::ETestCreatorVendorId:
+			{
+			m.Complete(User::CreatorVendorId());
+			}
+			break;
+
+		case CTestSession::ETestProcessSecurityInfo:
+			{
+			RProcess process;
+			TInt r=process.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				TSecurityInfo info;
+				info.Set(process);
+				r = m.Write(1,TPtrC8((TUint8*)&info,sizeof(info)));
+				process.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestThreadSecurityInfo:
+			{
+			RThread thread;
+			TInt r=thread.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				TSecurityInfo info;
+				info.Set(thread);
+				r = m.Write(1,TPtrC8((TUint8*)&info,sizeof(info)));
+				thread.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestMessageSecurityInfo:
+			{
+			TSecurityInfo info;
+			info.Set(m);
+			TInt r = m.Write(0,TPtrC8((TUint8*)&info,sizeof(info)));
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestCreatorSecurityInfo:
+			{
+			TSecurityInfo info;
+			info.SetToCreatorInfo();
+			TInt r = m.Write(0,TPtrC8((TUint8*)&info,sizeof(info)));
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestProcessHasCapability1:
+			{
+			RProcess process;
+			TInt r=process.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				r = process.HasCapability((TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestProcessHasCapability1"));
+				process.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestProcessHasCapability2:
+			{
+			RProcess process;
+			TInt r=process.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				r = process.HasCapability((TCapability)aMessage.Int1(),(TCapability)aMessage.Int2(),__PLATSEC_DIAGNOSTIC_STRING("ETestProcessHasCapability2"));
+				process.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestThreadHasCapability1:
+			{
+			RThread thread;
+			TInt r=thread.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				r = thread.HasCapability((TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestThreadHasCapability1"));
+				thread.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestThreadHasCapability2:
+			{
+			RThread thread;
+			TInt r=thread.Open(aMessage.Int0());
+			if(r==KErrNone)
+				{
+				r = thread.HasCapability((TCapability)aMessage.Int1(),(TCapability)aMessage.Int2(),__PLATSEC_DIAGNOSTIC_STRING("ETestThreadHasCapability2"));
+				thread.Close();
+				}
+			else
+				r = KErrGeneral;
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestMessageHasCapability1:
+			{
+			TInt r = m.HasCapability((TCapability)aMessage.Int0(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapability1"));
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestMessageHasCapabilityL1:
+			{
+			TRAPD(r,m.HasCapabilityL((TCapability)aMessage.Int0(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapabilityL1")))
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestMessageHasCapability2:
+			{
+			TInt r = m.HasCapability((TCapability)aMessage.Int0(),(TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapability2"));
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestMessageHasCapabilityL2:
+			{
+			TRAPD(r,m.HasCapabilityL((TCapability)aMessage.Int0(),(TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestMessageHasCapabilityL2")))
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestCreatorHasCapability1:
+			{
+			TInt r = User::CreatorHasCapability((TCapability)aMessage.Int0(),__PLATSEC_DIAGNOSTIC_STRING("ETestCreatorHasCapability1"));
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestCreatorHasCapability2:
+			{
+			TInt r = User::CreatorHasCapability((TCapability)aMessage.Int0(),(TCapability)aMessage.Int1(),__PLATSEC_DIAGNOSTIC_STRING("ETestCreatorHasCapability2"));
+			m.Complete(r);
+			}
+			break;
+
+		case CTestSession::ETestSecurityPolicyAgainstMessage:
+			{
+			TBuf8<sizeof(TSecurityPolicy)> buf(0);
+			TInt len = m.GetDesLength(0);
+			TInt r = KErrArgument;
+			if(len>0 && len <=buf.MaxSize())
+				{
+				r = m.Read(0, buf, 0);
+				if(r==KErrNone)
+					{
+					TSecurityPolicy policy;
+					r = policy.Set(buf);
+					if(r == KErrNone)
+						{
+						r = policy.CheckPolicy(m, __PLATSEC_DIAGNOSTIC_STRING("Testing message against policy -- sample additional diagnostic."));
+						if(r)
+							r = EPolicyCheckPassed;
+						else
+							r = EPolicyCheckFailed;
+						}
+					}
+				}
+			m.Complete(r);
+			break;
+			}
+
+		case CTestSession::ETestSecurityPolicyAgainstCreator:
+			{
+			TBuf8<sizeof(TSecurityPolicy)> buf(0);
+			TInt len = m.GetDesLength(0);
+			TInt r = KErrArgument;
+			if(len>0 && len <=buf.MaxSize())
+				{
+				r = m.Read(0, buf, 0);
+				if(r==KErrNone)
+					{
+					TSecurityPolicy policy;
+					r = policy.Set(buf);
+					if(r == KErrNone)
+						{
+						r = policy.CheckPolicyCreator(__PLATSEC_DIAGNOSTIC_STRING("Testing creator against policy -- sample additional diagnostic."));
+						if(r)
+							r = EPolicyCheckPassed;
+						else
+							r = EPolicyCheckFailed;
+						}
+					}
+				}
+			m.Complete(r);
+			break;
+			}
+
+		case CTestSession::EShutdown:
+			CActiveScheduler::Stop();
+			break;
+
+		default:
+			m.Complete(KErrNotSupported);
+			break;
+		}
+	}
+
+
+
+//
+// CTestServer
+//
+
+class CTestServer : public CServer2
+	{
+public:
+	CTestServer(TInt aPriority);
+	virtual CSession2* NewSessionL(const TVersion& aVersion,const RMessage2& aMessage) const;
+	};
+
+CTestServer::CTestServer(TInt aPriority)
+	: CServer2(aPriority)
+	{
+	}
+
+CSession2* CTestServer::NewSessionL(const TVersion& /*aVersion*/,const RMessage2& /*aMessage*/) const
+	{
+	return new (ELeave) CTestSession();
+	}
+
+
+
+//
+// CTestActiveScheduler
+//
+
+class CTestActiveScheduler : public CActiveScheduler
+	{
+public:
+	virtual void Error(TInt anError) const;
+	};
+
+void CTestActiveScheduler::Error(TInt anError) const
+	{
+	User::Panic(_L("TestServer Error"),anError);
+	}
+
+
+
+//
+// Server thread
+//
+
+_LIT(KServerName,"T_CAPSUP-server");
+const TInt KServerRendezvous = KRequestPending+1;
+
+void DoStartServer()
+	{
+	CTestActiveScheduler* activeScheduler = new (ELeave) CTestActiveScheduler;
+	CActiveScheduler::Install(activeScheduler);
+	CleanupStack::PushL(activeScheduler);
+
+	CTestServer* server = new (ELeave) CTestServer(0);
+	CleanupStack::PushL(server);
+
+	User::LeaveIfError(server->Start(KServerName));
+
+	RProcess::Rendezvous(KServerRendezvous);
+
+	CActiveScheduler::Start();
+
+	CleanupStack::PopAndDestroy(2);
+	}
+
+TInt StartServer()
+	{
+	CTrapCleanup* cleanupStack = CTrapCleanup::New();
+	if(!cleanupStack)
+		return KErrNoMemory;
+	TRAPD(leaveError,DoStartServer())
+	delete cleanupStack;
+	return leaveError;
+	}
+
+
+
+//
+// RTestSession
+//
+
+class RTestSession : public RSessionBase
+	{
+public:
+	inline TInt Connect()
+		{ return CreateSession(KServerName,TVersion());}
+	inline TInt Send(TInt aFunction)
+		{ return RSessionBase::SendReceive(aFunction); }
+	inline TInt Send(TInt aFunction,const TIpcArgs& aArgs)
+		{ return RSessionBase::SendReceive(aFunction,aArgs); }
+	inline void Send(TInt aFunction,TRequestStatus& aStatus)
+		{ RSessionBase::SendReceive(aFunction,aStatus); }
+	inline void Send(TInt aFunction,const TIpcArgs& aArgs,TRequestStatus& aStatus)
+		{ RSessionBase::SendReceive(aFunction,aArgs,aStatus); }
+	};
+
+
+
+RTestSession Session;
+
+void CheckCapabilitySetEqual(const TCapabilitySet& a1,const TCapabilitySet& a2)
+	{
+	TInt i;
+	for(i=0; i<ECapability_Limit; i++)
+		test((!a1.HasCapability((TCapability)i))==(!a2.HasCapability((TCapability)i)));
+	}
+
+void TestCapabilitySet()
+	{
+	TCapabilitySet s;
+	TCapabilitySet all;
+	TCapabilitySet empty;
+	TInt i,j,k;
+
+	test.Start(_L("Each test stage also implicity tests HasCapability()"));
+
+	test.Next(_L("Test SetEmpty()"));
+	memset(&empty,-1,sizeof(empty));
+	empty.SetEmpty();
+	for(i=0; i<ECapability_HardLimit; i++)
+		test(!empty.HasCapability((TCapability)i));
+	// test memory cleared - assumes knowledge of internal representation
+	for(i=0; i<(TInt)sizeof(empty); ++i)
+		test(((TUint8*)&empty)[i] == 0);
+
+	test.Next(_L("Test SetAllSupported()"));
+	all.SetAllSupported();
+	// This code makes the assumption that there are no gaps in the TCapability enumeration
+	for(i=0; i<ECapability_Limit; i++)
+		test(all.HasCapability((TCapability)i));
+	for(; i<ECapability_HardLimit; i++)
+		test(!all.HasCapability((TCapability)i));
+
+	test.Next(_L("Test Set(TCapability)"));
+	for(j=-2; j<ECapability_HardLimit; j++)
+		{
+		if(j&1)
+			s.SetAllSupported();
+		else
+			s.SetEmpty();
+		s.Set((TCapability)j);
+		for(i=0; i<=ECapability_HardLimit; i++)
+			{
+			if(i==j)
+				test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
+			else
+				test(!s.HasCapability((TCapability)i));
+			
+			}
+		test(!s.HasCapability(ECapability_Denied));
+		test(s.HasCapability(ECapability_None));
+		}
+
+	test.Next(_L("Test Set(TCapability,TCapability)"));
+	for(k=-2; k<ECapability_HardLimit; k++)
+		{
+		for(j=-2; j<ECapability_HardLimit; j++)
+			{
+			if((j^k)&1)
+				s.SetAllSupported();
+			else
+				s.SetEmpty();
+			s.Set((TCapability)j,(TCapability)k);
+			for(i=0; i<=ECapability_HardLimit; i++)
+				{
+				if(i==j || i==k)
+					test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
+				else
+					test(!s.HasCapability((TCapability)i));
+
+				}
+			test(!s.HasCapability(ECapability_Denied));
+			test(s.HasCapability(ECapability_None));
+			}
+		}
+
+	test.Next(_L("Test TCapability(TCapability)"));
+	for(j=-2; j<ECapability_HardLimit; j++)
+		{
+		TCapabilitySet t((TCapability)j);
+		for(i=0; i<=ECapability_HardLimit; i++)
+			{
+			if(i==j)
+				test(!t.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
+			else
+				test(!t.HasCapability((TCapability)i));
+
+			}
+		test(!s.HasCapability(ECapability_Denied));
+		test(s.HasCapability(ECapability_None));
+		}
+
+	test.Next(_L("Test TCapability(TCapability,TCapability)"));
+	for(k=-2; k<ECapability_HardLimit; k++)
+		{
+		for(j=-2; j<ECapability_HardLimit; j++)
+			{
+			TCapabilitySet t((TCapability)j,(TCapability)k);
+			for(i=0; i<=ECapability_HardLimit; i++)
+				{
+				if(i==j || i==k)
+					test(!t.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
+				else
+					test(!t.HasCapability((TCapability)i));
+
+				}
+			test(!s.HasCapability(ECapability_Denied));
+			test(s.HasCapability(ECapability_None));
+			}
+		}
+
+	test.Next(_L("Test AddCapability(TCapability)"));
+	s.SetEmpty();
+	for(j=-2; j<ECapability_HardLimit; j++) // Add each capability in sequence
+		{
+		s.AddCapability((TCapability)j);
+		for(i=0; i<=j; i++)
+			test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
+		for(; i<ECapability_HardLimit; i++)
+			test(!s.HasCapability((TCapability)i));
+		test(!s.HasCapability(ECapability_Denied));
+		test(s.HasCapability(ECapability_None));
+		}
+	s.SetEmpty();
+	for(j=ECapability_HardLimit-1; j>=-2; j--) // Add each capability in reverse sequence
+		{
+		s.AddCapability((TCapability)j);
+		for(i=ECapability_HardLimit-1; i>=j && i>=0; i--)
+			test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
+		for(; i>=0; i--)
+			test(!s.HasCapability((TCapability)i));
+		test(!s.HasCapability(ECapability_Denied));
+		test(s.HasCapability(ECapability_None));
+		}
+
+	test.Next(_L("Test RemoveCapability(TCapability)"));
+	s.SetAllSupported();
+	for(j=-2; j<ECapability_HardLimit; j++) // Remove each capability in sequence
+		{
+		s.RemoveCapability((TCapability)j);
+		for(i=0; i<=j; i++)
+			test(!s.HasCapability((TCapability)i));
+		for(; i<ECapability_HardLimit; i++)
+			test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
+		test(!s.HasCapability(ECapability_Denied));
+		test(s.HasCapability(ECapability_None));
+		}
+	s.SetAllSupported();
+	for(j=ECapability_HardLimit-1; j>=-2; j--) // Remove each capability reverse sequence
+		{
+		s.RemoveCapability((TCapability)j);
+		for(i=ECapability_HardLimit-1; i>=j && i >=0; i--)
+			test(!s.HasCapability((TCapability)i));
+		for(; i>=0; i--)
+			test(!s.HasCapability((TCapability)i) == !all.HasCapability((TCapability)i)); // Should have capability (if in set of All capabilities)
+		test(!s.HasCapability(ECapability_Denied));
+		test(s.HasCapability(ECapability_None));
+		}
+
+	test.Next(_L("Building test sets"));
+	TCapabilitySet even;
+	even.SetEmpty();
+	for(i=0; i<ECapability_Limit; i+=2) even.AddCapability((TCapability)i);
+	TCapabilitySet odd;
+	odd.SetEmpty();
+	for(i=1; i<ECapability_Limit; i+=2) odd.AddCapability((TCapability)i);
+
+	test.Next(_L("Test Union(TCapabilitySet)"));
+	s.SetEmpty();
+	CheckCapabilitySetEqual(s,empty);
+	s.Union(odd);
+	CheckCapabilitySetEqual(s,odd);
+	s.Union(odd);
+	CheckCapabilitySetEqual(s,odd);
+	s.Union(empty);
+	CheckCapabilitySetEqual(s,odd);
+	s.Union(even);
+	CheckCapabilitySetEqual(s,all);
+	s.Union(even);
+	CheckCapabilitySetEqual(s,all);
+	s.SetEmpty();
+	CheckCapabilitySetEqual(s,empty);
+	s.Union(even);
+	CheckCapabilitySetEqual(s,even);
+	s.Union(even);
+	CheckCapabilitySetEqual(s,even);
+	s.Union(empty);
+	CheckCapabilitySetEqual(s,even);
+	s.Union(odd);
+	CheckCapabilitySetEqual(s,all);
+	s.Union(odd);
+	CheckCapabilitySetEqual(s,all);
+
+	test.Next(_L("Test Intersection(TCapabilitySet)"));
+	s.SetAllSupported();
+	CheckCapabilitySetEqual(s,all);
+	s.Intersection(odd);
+	CheckCapabilitySetEqual(s,odd);
+	s.Intersection(odd);
+	CheckCapabilitySetEqual(s,odd);
+	s.Intersection(even);
+	CheckCapabilitySetEqual(s,empty);
+	s.Intersection(even);
+	CheckCapabilitySetEqual(s,empty);
+	s.SetAllSupported();
+	CheckCapabilitySetEqual(s,all);
+	s.Intersection(even);
+	CheckCapabilitySetEqual(s,even);
+	s.Intersection(even);
+	CheckCapabilitySetEqual(s,even);
+	s.Intersection(odd);
+	CheckCapabilitySetEqual(s,empty);
+	s.Intersection(odd);
+	CheckCapabilitySetEqual(s,empty);
+
+	test.Next(_L("Test Remove(TCapabilitySet)"));
+	s.SetAllSupported();
+	CheckCapabilitySetEqual(s,all);
+	s.Remove(odd);
+	CheckCapabilitySetEqual(s,even);
+	s.Remove(odd);
+	CheckCapabilitySetEqual(s,even);
+	s.Remove(empty);
+	CheckCapabilitySetEqual(s,even);
+	s.Remove(even);
+	CheckCapabilitySetEqual(s,empty);
+	s.Remove(even);
+	CheckCapabilitySetEqual(s,empty);
+	s.SetAllSupported();
+	CheckCapabilitySetEqual(s,all);
+	s.Remove(even);
+	CheckCapabilitySetEqual(s,odd);
+	s.Remove(even);
+	CheckCapabilitySetEqual(s,odd);
+	s.Remove(empty);
+	CheckCapabilitySetEqual(s,odd);
+	s.Remove(odd);
+	CheckCapabilitySetEqual(s,empty);
+	s.Remove(odd);
+	CheckCapabilitySetEqual(s,empty);
+
+	test.Next(_L("Test HasCapabilities(TCapabilitySet)"));
+	for(i=0; i<ECapability_Limit; i++)
+		{
+		if(!all.HasCapability((TCapability)i))
+			continue;
+		TCapabilitySet t((TCapability)i);
+		test(t.HasCapabilities(t));
+		test(all.HasCapabilities(t));
+		test(!empty.HasCapabilities(t));
+		if(i&1)
+			{
+			test(odd.HasCapabilities(t));
+			test(!even.HasCapabilities(t));
+			}
+		else
+			{
+			test(!odd.HasCapabilities(t));
+			test(even.HasCapabilities(t));
+			}
+		test(!t.HasCapabilities(all));
+		test(!t.HasCapabilities(even));
+		test(!t.HasCapabilities(odd));
+		test(t.HasCapabilities(empty));
+		}
+
+	test(all.HasCapabilities(all));
+	test(all.HasCapabilities(even));
+	test(all.HasCapabilities(odd));
+	test(all.HasCapabilities(empty));
+
+	test(!even.HasCapabilities(all));
+	test(even.HasCapabilities(even));
+	test(!even.HasCapabilities(odd));
+	test(even.HasCapabilities(empty));
+
+	test(!odd.HasCapabilities(all));
+	test(!odd.HasCapabilities(even));
+	test(odd.HasCapabilities(odd));
+	test(odd.HasCapabilities(empty));
+
+	test(!empty.HasCapabilities(all));
+	test(!empty.HasCapabilities(even));
+	test(!empty.HasCapabilities(odd));
+	test(empty.HasCapabilities(empty));
+
+	test.End();
+	}
+
+void CheckSecurityInfo(const TSecurityInfo& a1,const TSecurityInfo& a2)
+	{
+	test(a1.iSecureId==a2.iSecureId);
+	test(a1.iVendorId==a2.iVendorId);
+	TInt i;
+	for(i=0; i<ECapability_Limit; i++)
+		test((!a1.iCaps.HasCapability((TCapability)i))==(!a2.iCaps.HasCapability((TCapability)i)));
+	}
+
+void TestSecurityInfo()
+	{
+	TSecurityInfo self;
+	TSecurityInfo info;
+	TPckg<TSecurityInfo> infoPtr(info);
+	TInt i;
+
+	test.Start(_L("Test TSecurityInfo::SetToCurrentInfo"));
+	self.SetToCurrentInfo();
+	test(self.iSecureId==KTestSecureId);
+	test(self.iVendorId==KTestVendorId);
+	for(i=0; i<ECapability_Limit; i++)
+		test((TUint32)(self.iCaps.HasCapability((TCapability)i)!=0)==((KTestCapabilities>>i)&1));
+
+	test.Next(_L("Test TSecurityInfo::Set(RProcess)"));
+	Mem::FillZ(&info,sizeof(info));
+	TInt32 r = Session.Send(CTestSession::ETestProcessSecurityInfo,TIpcArgs(TUint(RProcess().Id()),&infoPtr));
+	test(r==KErrNone);
+	CheckSecurityInfo(self,info);
+
+	test.Next(_L("Test TSecurityInfo::Set(RThread)"));
+	Mem::FillZ(&info,sizeof(info));
+	r = Session.Send(CTestSession::ETestThreadSecurityInfo,TIpcArgs(TUint(RThread().Id()),&infoPtr));
+	test(r==KErrNone);
+	CheckSecurityInfo(self,info);
+
+	test.Next(_L("Test TSecurityInfo::Set(RMessagePtr2)"));
+	Mem::FillZ(&info,sizeof(info));
+	r = Session.Send(CTestSession::ETestMessageSecurityInfo,TIpcArgs(&infoPtr));
+	test(r==KErrNone);
+	CheckSecurityInfo(self,info);
+
+	test.Next(_L("Test TSecurityInfo::SetToCreatorInfo"));
+	Mem::FillZ(&info,sizeof(info));
+	r = Session.Send(CTestSession::ETestCreatorSecurityInfo,TIpcArgs(&infoPtr));
+	test(r==KErrNone);
+	CheckSecurityInfo(self,info);
+
+	test.End();
+	}
+
+void TestSecureId()
+	{
+	test.Start(_L("Test RProcess::SecureId()"));
+	TInt r = Session.Send(CTestSession::ETestProcessSecureId,TIpcArgs(TUint(RProcess().Id())));
+	test((TUint32)r==KTestSecureId);
+
+	test.Next(_L("Test RThread::SecureId()"));
+	r = Session.Send(CTestSession::ETestThreadSecureId,TIpcArgs(TUint(RThread().Id())));
+	test((TUint32)r==KTestSecureId);
+
+	test.Next(_L("Test RMessage2::SecureId()"));
+	r = Session.Send(CTestSession::ETestMessageSecureId);
+	test((TUint32)r==KTestSecureId);
+
+	test.Next(_L("Test User::CreatorSecureId()"));
+	r = Session.Send(CTestSession::ETestCreatorSecureId);
+	test((TUint32)r==KTestSecureId);
+
+	test.End();
+	}
+
+void TestVendorId()
+	{
+	test.Start(_L("Test RProcess::VendorId()"));
+	TInt r = Session.Send(CTestSession::ETestProcessVendorId,TIpcArgs(TUint(RProcess().Id())));
+	test((TUint32)r==KTestVendorId);
+
+	test.Next(_L("Test RThread::VendorId()"));
+	r = Session.Send(CTestSession::ETestThreadVendorId,TIpcArgs(TUint(RThread().Id())));
+	test((TUint32)r==KTestVendorId);
+
+	test.Next(_L("Test RMessage2::VendorId()"));
+	r = Session.Send(CTestSession::ETestMessageVendorId);
+	test((TUint32)r==KTestVendorId);
+
+	test.Next(_L("Test User::CreatorVendorId()"));
+	r = Session.Send(CTestSession::ETestCreatorVendorId);
+	test((TUint32)r==KTestVendorId);
+
+	test.End();
+	}
+
+void TestHasCapability()
+	{
+	TInt failResult=PlatSecEnforcement ? 0 : 1;
+	TInt failResultL=PlatSecEnforcement ? KErrPermissionDenied : KErrNone;
+
+	test.Start(_L("Test RProcess::HasCapability(TCapability)"));
+	TInt r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapabilityLocalServices));
+	test(r);
+	r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapabilityNetworkServices));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapability_None));
+	test(r);
+	r = Session.Send(CTestSession::ETestProcessHasCapability1,TIpcArgs(TUint(RProcess().Id()),ECapability_Denied));
+	test(r==failResult);
+
+	test.Next(_L("Test RProcess::HasCapability(TCapability,TCapability)"));
+	r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityLocalServices,ECapabilityWriteUserData));
+	test(r);
+	r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityNetworkServices,ECapabilityWriteUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityLocalServices,ECapabilityReadUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapabilityNetworkServices,ECapabilityReadUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapability_None,ECapabilityWriteUserData));
+	test(r);
+	r = Session.Send(CTestSession::ETestProcessHasCapability2,TIpcArgs(TUint(RProcess().Id()),ECapability_Denied,ECapabilityWriteUserData));
+	test(r==failResult);
+
+	test.Next(_L("Test RThread::HasCapability(TCapability)"));
+	r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapabilityLocalServices));
+	test(r);
+	r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapabilityNetworkServices));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapability_None));
+	test(r);
+	r = Session.Send(CTestSession::ETestThreadHasCapability1,TIpcArgs(TUint(RThread().Id()),ECapability_Denied));
+	test(r==failResult);
+
+	test.Next(_L("Test RThread::HasCapability(TCapability,TCapability)"));
+	r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityLocalServices,ECapabilityWriteUserData));
+	test(r);
+	r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityNetworkServices,ECapabilityWriteUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityLocalServices,ECapabilityReadUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapabilityNetworkServices,ECapabilityReadUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapability_None,ECapabilityWriteUserData));
+	test(r);
+	r = Session.Send(CTestSession::ETestThreadHasCapability2,TIpcArgs(TUint(RThread().Id()),ECapability_Denied,ECapabilityWriteUserData));
+	test(r==failResult);
+
+	test.Next(_L("Test RMessagePtr2::HasCapability(TCapability)"));
+	r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapabilityLocalServices));
+	test(r);
+	r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapabilityNetworkServices));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapability_None));
+	test(r);
+	r = Session.Send(CTestSession::ETestMessageHasCapability1,TIpcArgs(ECapability_Denied));
+	test(r==failResult);
+
+	test.Next(_L("Test RMessagePtr2::HasCapabilityL(TCapability)"));
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapabilityLocalServices));
+	test(r==KErrNone);
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapabilityNetworkServices));
+	test(r==failResultL);
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapability_None));
+	test(r==KErrNone);
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL1,TIpcArgs(ECapability_Denied));
+	test(r==failResultL);
+
+	test.Next(_L("Test RMessagePtr2::HasCapability(TCapability,TCapability)"));
+	r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityWriteUserData));
+	test(r);
+	r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityWriteUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityReadUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityReadUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapability_None,ECapabilityWriteUserData));
+	test(r);
+	r = Session.Send(CTestSession::ETestMessageHasCapability2,TIpcArgs(ECapability_Denied,ECapabilityWriteUserData));
+	test(r==failResult);
+
+	test.Next(_L("Test RMessagePtr2::HasCapabilityL(TCapability,TCapability)"));
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityLocalServices,ECapabilityWriteUserData));
+	test(r==KErrNone);
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityNetworkServices,ECapabilityWriteUserData));
+	test(r==failResultL);
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityLocalServices,ECapabilityReadUserData));
+	test(r==failResultL);
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapabilityNetworkServices,ECapabilityReadUserData));
+	test(r==failResultL);
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapability_None,ECapabilityWriteUserData));
+	test(r==KErrNone);
+	r = Session.Send(CTestSession::ETestMessageHasCapabilityL2,TIpcArgs(ECapability_Denied,ECapabilityWriteUserData));
+	test(r==failResultL);
+
+	test.Next(_L("Test User::CreatorHasCapability(TCapability)"));
+	r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapabilityLocalServices));
+	test(r);
+	r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapabilityNetworkServices));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapability_None));
+	test(r);
+	r = Session.Send(CTestSession::ETestCreatorHasCapability1,TIpcArgs(ECapability_Denied));
+	test(r==failResult);
+
+	test.Next(_L("Test User::CreatorHasCapability(TCapability,TCapability)"));
+	r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityWriteUserData));
+	test(r);
+	r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityWriteUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityLocalServices,ECapabilityReadUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapabilityNetworkServices,ECapabilityReadUserData));
+	test(r==failResult);
+	r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapability_None,ECapabilityWriteUserData));
+	test(r);
+	r = Session.Send(CTestSession::ETestCreatorHasCapability2,TIpcArgs(ECapability_Denied,ECapabilityWriteUserData));
+	test(r==failResult);
+
+	test.End();
+	}
+
+TBool SecurityPoliciesEqual(const TSecurityPolicy& a,const TSecurityPolicy& b)
+	{
+	return Mem::Compare((TUint8*)&a, sizeof(TSecurityPolicy), (TUint8*)&b, sizeof(TSecurityPolicy))==0;
+	}
+
+void TestSecurityPolicy()
+	{
+	test.Start(_L("Test TSecurityPolicy Constructors"));
+
+	TBool failResult=!PlatSecEnforcement;
+
+	test.Next(_L("Empty Constructor"));
+		{
+		TSecurityPolicy empty;
+		TPtrC8 ptr = empty.Package();
+		TSecurityPolicy empty2;
+		test(empty2.Set(ptr) == KErrNone);
+		test(SecurityPoliciesEqual(empty, empty2));
+
+		test(failResult!=!empty.CheckPolicy(RProcess()));
+		test(failResult!=!empty.CheckPolicy(RThread()));
+		test(failResult!=!empty2.CheckPolicy(RProcess()));
+		test(failResult!=!empty2.CheckPolicy(RThread()));
+
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+	test.Next(_L("Always Fail Constructor"));
+		{
+		TSecurityPolicy fail(TSecurityPolicy::EAlwaysFail);
+		TPtrC8 ptr = fail.Package();
+		TSecurityPolicy fail2;
+		test(fail2.Set(ptr) == KErrNone);
+		test(SecurityPoliciesEqual(fail, fail2));
+
+		test(failResult!=!fail.CheckPolicy(RProcess()));
+		test(failResult!=!fail.CheckPolicy(RThread()));
+		test(failResult!=!fail2.CheckPolicy(RProcess()));
+		test(failResult!=!fail2.CheckPolicy(RThread()));
+
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+	test.Next(_L("Always Pass Constructor"));
+		{
+		TSecurityPolicy pass(TSecurityPolicy::EAlwaysPass);
+		TPtrC8 ptr = pass.Package();
+		TSecurityPolicy pass2;
+		test(pass2.Set(ptr) == KErrNone);
+		test(SecurityPoliciesEqual(pass, pass2));
+
+		test(pass.CheckPolicy(RProcess()));
+		test(pass.CheckPolicy(RThread()));
+		test(pass2.CheckPolicy(RProcess()));
+		test(pass2.CheckPolicy(RThread()));
+
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+		}
+
+	test.Next(_L("3 Capability Constructor"));
+		{
+		TSecurityPolicy threeCaps(ECapabilityTCB,ECapabilityDRM,ECapabilityProtServ);
+		//Current process has these three
+		test(threeCaps.CheckPolicy(RProcess()));
+		test(threeCaps.CheckPolicy(RThread()));
+		TPtrC8 ptr = threeCaps.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy threeCaps(ECapabilityTCB,ECapabilityProtServ,ECapabilityCommDD);
+		//Current process doesn't have ECapabilityCommDD
+		test(failResult!=!(threeCaps.CheckPolicy(RProcess())));
+		test(failResult!=!(threeCaps.CheckPolicy(RThread())));
+		TPtrC8 ptr = threeCaps.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy threeCaps(ECapabilityCommDD);
+		//Current process doesn't have ECapabilityCommDD
+		test(failResult!=!(threeCaps.CheckPolicy(RProcess())));
+		test(failResult!=!(threeCaps.CheckPolicy(RThread())));
+		TPtrC8 ptr = threeCaps.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy threeCaps(ECapabilityTCB);
+		//Current process has TCB + 2 * ECapability_None
+		test(threeCaps.CheckPolicy(RProcess()));
+		test(threeCaps.CheckPolicy(RThread()));
+
+		TPtrC8 ptr = threeCaps.Package();
+		TSecurityPolicy threeCaps2;
+		TBuf8<sizeof(TSecurityPolicy)> invalid;
+		for(TInt i=4; i<=7; i++)
+			{
+			invalid=ptr;
+			invalid[i] = 0; // Set unused capability to be invalid
+			test(threeCaps2.Set(invalid)==KErrArgument);
+			}
+		test(threeCaps2.Set(ptr)==KErrNone);
+		test(SecurityPoliciesEqual(threeCaps, threeCaps2));
+
+		test(threeCaps2.CheckPolicy(RProcess()));
+		test(threeCaps2.CheckPolicy(RThread()));
+
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+		}
+
+	test.Next(_L("7 Capability Constructor"));
+		{
+		TSecurityPolicy sevenCaps(ECapabilityTCB,ECapabilityWriteUserData,ECapabilitySwEvent,ECapabilityProtServ,ECapabilityNetworkControl,ECapabilityDRM,ECapabilityReadDeviceData);
+		//Current process has all 7 of these.
+		test(sevenCaps.CheckPolicy(RProcess()));
+		test(sevenCaps.CheckPolicy(RThread()));
+		TPtrC8 ptr = sevenCaps.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+		}
+		
+		{
+		TSecurityPolicy sevenCaps(ECapabilityTCB,ECapabilityWriteUserData,ECapabilityMultimediaDD,ECapabilityProtServ,ECapabilityNetworkControl,ECapabilityDRM,ECapabilityReadDeviceData);
+		//Current process doesn't have MultimediaDD
+		test(failResult!=!(sevenCaps.CheckPolicy(RProcess())));
+		test(failResult!=!(sevenCaps.CheckPolicy(RThread())));
+		TPtrC8 ptr = sevenCaps.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy sevenCaps(ECapabilityTCB,ECapabilityWriteUserData,ECapabilityMultimediaDD,ECapabilityProtServ,ECapabilityTrustedUI,ECapabilityDRM,ECapabilityReadDeviceData);
+		//Current process doesn't have MultiMediaDD or TrustedUI
+		test(failResult!=!(sevenCaps.CheckPolicy(RProcess())));
+		test(failResult!=!(sevenCaps.CheckPolicy(RThread())));
+
+		TPtrC8 ptr = sevenCaps.Package();
+		TSecurityPolicy sevenCaps2;
+		test(sevenCaps2.Set(ptr)==KErrNone);
+		test(SecurityPoliciesEqual(sevenCaps,sevenCaps2));
+		test(failResult!=!(sevenCaps2.CheckPolicy(RProcess())));
+		test(failResult!=!(sevenCaps2.CheckPolicy(RThread())));
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);;
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);;
+		}
+
+	test.Next(_L("SID + 3 constructor"));
+		{
+		TSecurityPolicy sid(KTestSecureId, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
+		//Current process has all three + sid
+		test(sid.CheckPolicy(RProcess()));
+		test(sid.CheckPolicy(RThread()));
+
+		TPtrC8 ptr = sid.Package();
+		TSecurityPolicy sid2;
+		test(sid2.Set(ptr)==KErrNone);
+		test(SecurityPoliciesEqual(sid,sid2));
+		test(sid2.CheckPolicy(RProcess()));
+		test(sid2.CheckPolicy(RThread()));
+
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy sid(KTestSecureId2, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
+		//Current process has all three caps but not sid
+		test(failResult!=!(sid.CheckPolicy(RProcess())));
+		test(failResult!=!(sid.CheckPolicy(RThread())));
+		TPtrC8 ptr = sid.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy sid(KTestSecureId, ECapabilityProtServ, ECapabilityWriteDeviceData);
+		//Current process has sid but missing ECapabilityWriteDeviceData
+		test(failResult!=!(sid.CheckPolicy(RProcess())));
+		test(failResult!=!(sid.CheckPolicy(RThread())));
+		TPtrC8 ptr = sid.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy sid(KTestSecureId2, ECapabilityProtServ, ECapabilityWriteDeviceData);
+		//Current process is missing sid and ECapabilityWriteDeviceData
+		test(failResult!=!(sid.CheckPolicy(RProcess())));
+		test(failResult!=!(sid.CheckPolicy(RThread())));
+		TPtrC8 ptr = sid.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+	test.Next(_L("VID + 3 constructor"));
+		{
+		TSecurityPolicy vid(KTestVendorId, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
+		//Current process has all three + vid
+		test(vid.CheckPolicy(RProcess()));
+		test(vid.CheckPolicy(RThread()));
+
+		TPtrC8 ptr = vid.Package();
+		TSecurityPolicy vid2;
+		test(vid2.Set(ptr)==KErrNone);
+		test(SecurityPoliciesEqual(vid,vid2));
+		test(vid2.CheckPolicy(RProcess()));
+		test(vid2.CheckPolicy(RThread()));
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy vid(KTestVendorId2, ECapabilityProtServ, ECapabilityDRM, ECapabilityReadDeviceData);
+		//Current process has all three caps but not vid
+		test(failResult!=!(vid.CheckPolicy(RProcess())));
+		test(failResult!=!(vid.CheckPolicy(RThread())));
+		TPtrC8 ptr = vid.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy vid(KTestVendorId, ECapabilityProtServ, ECapabilityWriteDeviceData);
+		//Current process has vid but missing ECapabilityWriteDeviceData
+		test(failResult!=!(vid.CheckPolicy(RProcess())));
+		test(failResult!=!(vid.CheckPolicy(RThread())));
+		TPtrC8 ptr = vid.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+		{
+		TSecurityPolicy vid(KTestVendorId2, ECapabilityProtServ, ECapabilityWriteDeviceData);
+		//Current process is missing vid and ECapabilityWriteDeviceData
+		test(failResult!=!(vid.CheckPolicy(RProcess())));
+		test(failResult!=!(vid.CheckPolicy(RThread())));
+		TPtrC8 ptr = vid.Package();
+		TInt r = Session.Send(CTestSession::ETestSecurityPolicyAgainstMessage,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		r = Session.Send(CTestSession::ETestSecurityPolicyAgainstCreator,TIpcArgs(&ptr));
+		test(r==failResult?CTestSession::EPolicyCheckFailed:CTestSession::EPolicyCheckPassed);
+		}
+
+	test.Next(_L("Macros for compile-time construction"));
+		{
+		static _LIT_SECURITY_POLICY_C7(pc7,1,2,3,4,5,6,7);
+		static _LIT_SECURITY_POLICY_C6(pc6,1,2,3,4,5,6);
+		static _LIT_SECURITY_POLICY_C5(pc5,1,2,3,4,5);
+		static _LIT_SECURITY_POLICY_C4(pc4,1,2,3,4);
+		static _LIT_SECURITY_POLICY_C3(pc3,1,2,3);
+		static _LIT_SECURITY_POLICY_C2(pc2,1,2);
+		static _LIT_SECURITY_POLICY_C1(pc1,1);
+		test(SecurityPoliciesEqual(pc7,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6,(TCapability)7)));
+		test(SecurityPoliciesEqual(pc6,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6)));
+		test(SecurityPoliciesEqual(pc5,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5)));
+		test(SecurityPoliciesEqual(pc4,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4)));
+		test(SecurityPoliciesEqual(pc3,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3)));
+		test(SecurityPoliciesEqual(pc2,TSecurityPolicy((TCapability)1,(TCapability)2)));
+		test(SecurityPoliciesEqual(pc1,TSecurityPolicy((TCapability)1)));
+		
+		static _LIT_SECURITY_POLICY_S3(ps3,0x12345678,1,2,3);
+		static _LIT_SECURITY_POLICY_S2(ps2,0x12345678,1,2);
+		static _LIT_SECURITY_POLICY_S1(ps1,0x12345678,1);
+		static _LIT_SECURITY_POLICY_S0(ps0,0x12345678);
+		test(SecurityPoliciesEqual(ps3,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
+		test(SecurityPoliciesEqual(ps2,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2)));
+		test(SecurityPoliciesEqual(ps1,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1)));
+		test(SecurityPoliciesEqual(ps0,TSecurityPolicy(TSecureId(0x12345678))));
+
+		static _LIT_SECURITY_POLICY_V3(pv3,0x12345678,1,2,3);
+		static _LIT_SECURITY_POLICY_V2(pv2,0x12345678,1,2);
+		static _LIT_SECURITY_POLICY_V1(pv1,0x12345678,1);
+		static _LIT_SECURITY_POLICY_V0(pv0,0x12345678);
+		test(SecurityPoliciesEqual(pv3,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
+		test(SecurityPoliciesEqual(pv2,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2)));
+		test(SecurityPoliciesEqual(pv1,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1)));
+		test(SecurityPoliciesEqual(pv0,TSecurityPolicy(TVendorId(0x12345678))));
+
+		static _LIT_SECURITY_POLICY_FAIL(fail);
+		static _LIT_SECURITY_POLICY_PASS(pass);
+		test(SecurityPoliciesEqual(fail,TSecurityPolicy(TSecurityPolicy::EAlwaysFail)));
+		test(SecurityPoliciesEqual(pass,TSecurityPolicy(TSecurityPolicy::EAlwaysPass)));
+		}
+
+	test.Next(_L("Macros for compile-time initialisation"));
+		{
+		const TStaticSecurityPolicy pc7 = _INIT_SECURITY_POLICY_C7(1,2,3,4,5,6,7);
+		const TStaticSecurityPolicy pc6 = _INIT_SECURITY_POLICY_C6(1,2,3,4,5,6);
+		const TStaticSecurityPolicy pc5 = _INIT_SECURITY_POLICY_C5(1,2,3,4,5);
+		const TStaticSecurityPolicy pc4 = _INIT_SECURITY_POLICY_C4(1,2,3,4);
+		const TStaticSecurityPolicy pc3 = _INIT_SECURITY_POLICY_C3(1,2,3);
+		const TStaticSecurityPolicy pc2 = _INIT_SECURITY_POLICY_C2(1,2);
+		const TStaticSecurityPolicy pc1 = _INIT_SECURITY_POLICY_C1(1);
+		test(SecurityPoliciesEqual(pc7,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6,(TCapability)7)));
+		test(SecurityPoliciesEqual(pc6,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5,(TCapability)6)));
+		test(SecurityPoliciesEqual(pc5,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4,(TCapability)5)));
+		test(SecurityPoliciesEqual(pc4,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3,(TCapability)4)));
+		test(SecurityPoliciesEqual(pc3,TSecurityPolicy((TCapability)1,(TCapability)2,(TCapability)3)));
+		test(SecurityPoliciesEqual(pc2,TSecurityPolicy((TCapability)1,(TCapability)2)));
+		test(SecurityPoliciesEqual(pc1,TSecurityPolicy((TCapability)1)));
+		
+		const TStaticSecurityPolicy ps3 = _INIT_SECURITY_POLICY_S3(0x12345678,1,2,3);
+		const TStaticSecurityPolicy ps2 = _INIT_SECURITY_POLICY_S2(0x12345678,1,2);
+		const TStaticSecurityPolicy ps1 = _INIT_SECURITY_POLICY_S1(0x12345678,1);
+		const TStaticSecurityPolicy ps0 = _INIT_SECURITY_POLICY_S0(0x12345678);
+		test(SecurityPoliciesEqual(ps3,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
+		test(SecurityPoliciesEqual(ps2,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1,(TCapability)2)));
+		test(SecurityPoliciesEqual(ps1,TSecurityPolicy(TSecureId(0x12345678),(TCapability)1)));
+		test(SecurityPoliciesEqual(ps0,TSecurityPolicy(TSecureId(0x12345678))));
+
+		const TStaticSecurityPolicy pv3 = _INIT_SECURITY_POLICY_V3(0x12345678,1,2,3);
+		const TStaticSecurityPolicy pv2 = _INIT_SECURITY_POLICY_V2(0x12345678,1,2);
+		const TStaticSecurityPolicy pv1 = _INIT_SECURITY_POLICY_V1(0x12345678,1);
+		const TStaticSecurityPolicy pv0 = _INIT_SECURITY_POLICY_V0(0x12345678);
+		test(SecurityPoliciesEqual(pv3,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2,(TCapability)3)));
+		test(SecurityPoliciesEqual(pv2,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1,(TCapability)2)));
+		test(SecurityPoliciesEqual(pv1,TSecurityPolicy(TVendorId(0x12345678),(TCapability)1)));
+		test(SecurityPoliciesEqual(pv0,TSecurityPolicy(TVendorId(0x12345678))));
+
+		const TStaticSecurityPolicy fail = _INIT_SECURITY_POLICY_FAIL;
+		const TStaticSecurityPolicy pass = _INIT_SECURITY_POLICY_PASS;
+		test(SecurityPoliciesEqual(fail,TSecurityPolicy(TSecurityPolicy::EAlwaysFail)));
+		test(SecurityPoliciesEqual(pass,TSecurityPolicy(TSecurityPolicy::EAlwaysPass)));
+
+		}
+
+	test.End();
+	}
+
+#define CHECK_NAME(name)	\
+	test(0==TPtrC8((TUint8*)#name).Compare(TPtrC8((TUint8*)CapabilityNames[ECapability##name])));
+
+void TestCapabilityNames()
+	{
+	CHECK_NAME(TCB);
+	CHECK_NAME(CommDD);
+	CHECK_NAME(PowerMgmt);
+	CHECK_NAME(MultimediaDD);
+	CHECK_NAME(ReadDeviceData);
+	CHECK_NAME(WriteDeviceData);
+	CHECK_NAME(DRM);
+	CHECK_NAME(TrustedUI);
+	CHECK_NAME(ProtServ);
+	CHECK_NAME(DiskAdmin);
+	CHECK_NAME(NetworkControl);
+	CHECK_NAME(AllFiles);
+	CHECK_NAME(SwEvent);
+	CHECK_NAME(NetworkServices);
+	CHECK_NAME(LocalServices);
+	CHECK_NAME(ReadUserData);
+	CHECK_NAME(WriteUserData);
+	CHECK_NAME(Location);
+	CHECK_NAME(SurroundingsDD);
+	CHECK_NAME(UserEnvironment);
+	}
+
+
+void TestKernelAPIs()
+	{
+	RLddTest ldd;
+	TInt r=User::LoadLogicalDevice(_L("D_SLDD.LDD"));
+	test(r==KErrNone || r==KErrAlreadyExists);
+	r=ldd.OpenLocal();
+	test(r==KErrNone);
+
+	RLddTest::TIds ids;
+	memclr(&ids,sizeof(ids));
+	ldd.GetIds(ids);
+	test.Printf(_L("Thread VID,SID = %08x,%08x\n\r"),ids.iThreadVID.iId,ids.iThreadSID.iId);
+	test.Printf(_L("Process VID,SID = %08x,%08x\n\r"),ids.iProcessVID.iId,ids.iProcessSID.iId);
+	test(ids.iThreadVID==KTestVendorId);
+	test(ids.iThreadSID==KTestSecureId);
+	test(ids.iProcessVID==KTestVendorId);
+	test(ids.iProcessSID==KTestSecureId);
+
+	// Test kernel-mode TSecurityInfo-getting APIs
+	TSecurityInfo infoProcess, infoThread;
+	ldd.GetSecureInfos(&infoThread, &infoProcess);
+	// Check the vendor & secure IDs are what's expected
+	test(infoThread.iVendorId==KTestVendorId);
+	test(infoThread.iSecureId==KTestSecureId);
+	test(infoProcess.iVendorId==KTestVendorId);
+	test(infoProcess.iSecureId==KTestSecureId);
+	// Check process caps == thread caps
+	TUint32* capsT = (TUint32*)&infoThread.iCaps;
+	TUint32* capsP = (TUint32*)&infoProcess.iCaps;
+	test(capsT[0]==capsP[0]);
+	test(capsT[1]==capsP[1]);
+	// Check the caps match what the user API gives
+	RProcess this_process;
+	for (TInt i=0 ; i<64 ; i++) {
+		TCapability cap = (TCapability)i;
+		test(infoProcess.iCaps.HasCapability(cap) == this_process.HasCapability(cap));
+	}
+
+
+	ldd.Close();
+	}
+
+
+void TestPlatSecUnlocked()
+	{
+	RLddTest ldd;
+	TInt r = User::LoadLogicalDevice(_L("D_SLDD.LDD"));
+	test(r == KErrNone || r == KErrAlreadyExists);
+	r = ldd.OpenLocal();
+	test_KErrNone(r);
+
+	TUint32 flags0, flags;
+	TInt enforced;
+
+	flags0 = ldd.GetKernelConfigFlags();
+
+	const TUint32 bits = (TUint32)(EKernelConfigTest | EKernelConfigPlatSecEnforcement);
+
+	// Different test cases depending on whether __PLATSEC_UNLOCKED__ defined.
+	// Ask the kernel whether EKernelConfigPlatSecLocked is set, and hope that
+	// it's not lying to us!
+	//
+	// Best thing to do is to check the log and verify the printf() output.
+	//
+
+	if (PlatSec::ConfigSetting(PlatSec::EPlatSecLocked))
+		{
+		/*
+		 * Tests for __PLATSEC_UNLOCKED__ not defined
+		 *
+		 * The device driver is built with __PLATSEC_FORCED_FLAGS__ set to 0, so we can't use
+		 * its GetKernelConfigFlags() interface (the accessor functions are inlines) when we're
+		 * testing for PlatSec locked.  Instead, use PlatSec::ConfigSetting(), which makes an
+		 * exec call to get iKernelConfigFlags.
+		 */
+		test.Printf(_L("__PLATSEC_UNLOCKED_ does NOT appear to have been used\n"));
+
+		/* Check that PlatSecEnforcement is set */
+		enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
+		test(enforced != 0);
+
+		/* Check that the device driver is able to set our test bit */
+		ldd.SetKernelConfigFlags(flags0 | EKernelConfigTest);
+
+		flags = ldd.GetKernelConfigFlags();
+		test((flags & EKernelConfigTest) == EKernelConfigTest);
+
+		/* Check that the device driver is able to clear our test bit, but not able to clear enforcement bit */
+		ldd.SetKernelConfigFlags(flags0 & ~bits);
+
+		enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
+		test(enforced != 0);
+		}
+	else
+		{
+		/*
+		 * Tests for __PLATSEC_UNLOCKED__ defined
+		 */
+		test.Printf(_L("__PLATSEC_UNLOCKED_ DOES appear to have been used\n"));
+
+		/* Check that the device driver is able to set our test bit and PlatSecEnforcement */
+		ldd.SetKernelConfigFlags(flags0 | bits);
+
+		flags = ldd.GetKernelConfigFlags();
+		test((flags & bits) == bits);
+
+		/* And verify that the kernel sees the same result */
+		enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
+		test(enforced != 0);			// (yes, "!= 0" is redundant)
+
+		/* Check that the device driver is able to clear our test bit and PlatSecEnforcement */
+		ldd.SetKernelConfigFlags(flags0 & ~bits);
+
+		flags = ldd.GetKernelConfigFlags();
+		test((flags & bits) == 0);
+
+		/* Verify that the kernel sees the same result */
+		enforced = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
+		test(enforced == 0);
+		}
+
+	/* Restore original flags value */
+	ldd.SetKernelConfigFlags(flags0);
+
+	// Now test handling of iDisabledCapabilities
+
+	const TUint32 test_value = 0x31415926;						// Just some random number
+
+	TCapabilitySet disabled0, disabled;
+	disabled0.SetDisabled();
+
+	SCapabilitySet *caps0 = (SCapabilitySet *)&disabled0;
+	SCapabilitySet *caps = (SCapabilitySet *)&disabled;
+
+	if (PlatSec::ConfigSetting(PlatSec::EPlatSecLocked))
+		{
+		/*
+		 * Tests for __PLATSEC_UNLOCKED__ not defined
+		 */
+
+		/* Check that the capability set is 0 */
+		int i;
+
+		for (i = 0; i < SCapabilitySet::ENCapW; i++)
+			{
+			test_Equal(0, caps0->iCaps[i]);
+			}
+
+		/* Check that the device driver is not able to set word 0 of disabled capabilities */
+		ldd.SetDisabledCapabilities0(test_value);
+
+		/*
+		 * It's okay to use SetDisabled() here, since this makes an exec call to get the
+		 * set of disabled capabilities.
+		 */
+		disabled.SetDisabled();
+		test_Equal(0, caps->iCaps[0]);
+		}
+	else
+		{
+		/*
+		 * Tests for __PLATSEC_UNLOCKED__ defined
+		 */
+
+		/* Check that the device driver is able to set word 0 of disabled capabilities */
+		ldd.SetDisabledCapabilities0(test_value);
+
+		disabled.SetDisabled();
+		test_Equal(test_value, caps->iCaps[0]);
+		}
+
+	/* Restore original value */
+	ldd.SetDisabledCapabilities0(caps0->iCaps[0]);
+
+	ldd.Close();
+	}
+
+#include <e32svr.h>
+
+GLDEF_C TInt E32Main()
+    {
+	PlatSecEnforcement = PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement);
+
+	TBuf16<512> cmd;
+	User::CommandLine(cmd);
+	if(cmd.Length() && TChar(cmd[0]).IsDigit())
+		{
+		TInt function = -1;
+		TInt arg1 = -1;
+		TInt arg2 = -1;
+		TLex lex(cmd);
+
+		lex.Val(function);
+		lex.SkipSpace();
+		lex.Val(arg1);
+		lex.SkipSpace();
+		lex.Val(arg2);
+		return DoTestProcess(function,arg1,arg2);
+		}
+
+	test.Title();
+
+	if(PlatSecEnforcement)
+		test.Printf(_L("PlatSecConfig appears to be ON\n"));
+	else
+		test.Printf(_L("PlatSecConfig appears to be OFF\n"));
+
+	test.Start(_L("Starting test server"));
+	RTestProcess server;
+	TRequestStatus rendezvous;
+	server.Create(~KTestCapabilities,ETestProcessServer,0,0);
+	server.Rendezvous(rendezvous);
+	server.Resume();
+	User::WaitForRequest(rendezvous);
+	test(rendezvous==KServerRendezvous);
+
+	test.Next(_L("Openning server session"));
+	TInt r = Session.Connect();
+	RDebug::Print(_L("%d"),r);
+	test(r==KErrNone);
+
+	test.Next(_L("Test Capability Names"));
+	TestCapabilityNames();
+
+	test.Next(_L("Test TCapabilitySet"));
+	TestCapabilitySet();
+
+	test.Next(_L("Test TSecurityInfo"));
+	TestSecurityInfo();
+
+	test.Next(_L("Test SecureId functions"));
+	TestSecureId();
+
+	test.Next(_L("Test VendorId functions"));
+	TestVendorId();
+
+	test.Next(_L("Test HasCapability functions"));
+	TestHasCapability();
+
+	test.Next(_L("Test TSecurityPolicy"));
+	TestSecurityPolicy();
+
+	test.Next(_L("Test Kernel APIs"));
+	TestKernelAPIs();
+
+	test.Next(_L("Test __PLATSEC_UNLOCKED__"));
+	TestPlatSecUnlocked();
+
+	test.Next(_L("Test diagnostic message suppression"));
+	RThread().HasCapability(ECapabilityReadUserData,0);
+	test.Printf(_L("There should be a diagnostic message just before this\n"));
+	RThread().HasCapability(ECapabilityReadUserData,__PLATSEC_DIAGNOSTIC_STRING("You should see this"));
+	test.Printf(_L("There should be a diagnostic message just before this\n"));
+	RThread().HasCapability(ECapabilityReadUserData,KSuppressPlatSecDiagnostic);
+	test.Printf(_L("There should NOT be a diagnostic message just before this\n"));
+
+	test.Next(_L("Closing server session"));
+	Session.Send(CTestSession::EShutdown);
+	Session.Close();
+	server.Close();
+
+	test.End();
+	return(0);
+    }
+