kerneltest/e32test/secure/t_polsvr.cpp
author Dremov Kirill (Nokia-D-MSW/Tampere) <kirill.dremov@nokia.com>
Tue, 26 Jan 2010 13:13:38 +0200
changeset 13 46fffbe7b5a7
parent 9 96e5fb8b040d
permissions -rw-r--r--
Revision: 201004 Kit: 201004

// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
// All rights reserved.
// This component and the accompanying materials are made available
// under the terms of the License "Eclipse Public License v1.0"
// which accompanies this distribution, and is available
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
//
// Initial Contributors:
// Nokia Corporation - initial contribution.
//
// Contributors:
//
// Description:
// e32test\secure\t_polsvr.cpp
// Overview:
// Policy Server Tests
// API Information:
// CPolicyServer
// Details:
// - Perform various policy server tests:
// Server1 has implementations of CustomSecurityCheckL and
// CustomFailureActionL This is the test for all the paths in a policy servers
// implementations -- not all connect paths though
// This test also ensures that every path through the binary search is
// covered.
// Policy2,3,4,5,6, are bad policies that should cause the server to panic
// in debug mode.  In release, they'll just pass, however, if you later tried
// to use them, something would go horribly wrong
// Policies 7,8,9 check various types of connect policies.
// Server 1,2,3 are used here all with policy 8 because you can only test 1
// type of connect policy per server.
// Sever2 does not have implementations of CustomSecurityCheckL and
// CustomFailureActionL. When these functions are called it should crash
// Server4 is used for checking what happens when the custom functions use
// another active object.  This test encompasses leaving due to OOM, and
// cancellation.
// Platforms/Drives/Compatibility:
// All.
// Assumptions/Requirement/Pre-requisites:
// Failures and causes:
// Base Port information:
// 
//

#include <e32test.h>
#include <e32debug.h>

LOCAL_D RTest test(_L("T_POLSVR"));

_LIT(KPolSvr, "T_POLSVR");

#define Debug(x) RDebug::Print(_L(x))

const TUint32 KTestCapabilities =(1<<ECapabilityTCB)
								|(1<<ECapabilityPowerMgmt)
								|(1<<ECapabilityReadDeviceData)
								|(1<<ECapabilityDRM)
								|(1<<ECapabilityProtServ)
								|(1<<ECapabilityNetworkControl)
								|(1<<ECapabilitySwEvent)
								|(1<<ECapabilityLocalServices)
								|(1<<ECapabilityWriteUserData);

const TInt KCustomCheckMask		= 0x01000000;
const TInt KCustomActionMask	= 0x02000000;
const TInt KServiceLMask		= 0x04000000;
const TInt KActiveCheckMask 	= 0x08000000;
const TInt KActiveActionMask	= 0x00100000;
const TInt KActiveRunLMask  	= 0x00200000;
const TInt KActiveRunErrorMask	= 0x00400000;
const TInt KActiveDoCancelMask	= 0x00800000;
const TInt KServiceErrorMask	= 0x00010000;

//Ideally this constant should go in your derived server.  However, I couldn't
//be bothered to put the same constant in every one of the derived servers in
//this test code
const TInt KQueryUser = -1;

void OrInFlags(const RMessage2& aMsg, TUint aMask)
	{
	TBuf8<4> flags(0);
	TInt r = aMsg.Read(0, flags);
	test(r == KErrNone);
	(*(TUint32*)(flags.Ptr())) |= aMask;
	flags.SetLength(4);
	r = aMsg.Write(0, flags);
	test(r == KErrNone);
	}

void SetFlags(TDes8& aDes, TUint aValue)
	{
	(*(TUint32*)(aDes.Ptr())) = aValue;
	}

TUint FlagsValue(const TDes8& aDes)
	{
	return (*(TUint32*)(aDes.Ptr()));
	}

enum TTestProcessFunctions
	{
	ETestProcessPolicyServer,
	};

enum TTestServerIndex
	{
	ETestServer1=0,
	ETestServer2,
	ETestServer3,
	ETestServer4,
	};

enum TServerPolicyIndex
	{
	EPolicy1=0,
	EPolicy2,
	EPolicy3,
	EPolicy4,
	EPolicy5,
	EPolicy6,
	EPolicy7,
	EPolicy8,
	EPolicy9,
	EPolicy10,
	EPolicy11,
	EPolicy12,
	};

//
// EPolicy1
//

const TUint gServerPolicy1RangeCount = 12;
const TInt gServerPolicy1Ranges[gServerPolicy1RangeCount] = { 
	0, //ENotSupported
	1, //ECustomCheck
	6, //EAlwaysPass
	7, //ENotSupported
	8, //->0
	9, //->1
	10, //->2
	11, //->3
	12, //->3
	13, //ENotSupported
	100, //EAlwaysPass -> Shutdown
	101, //ENotSupported
	};

const TUint8 gServerPolicy1ElementsIndex[] = { 
	CPolicyServer::ENotSupported,
	CPolicyServer::ECustomCheck, 
	CPolicyServer::EAlwaysPass, 
	CPolicyServer::ENotSupported,
	0, //RequireNetworkControl or EFail
	1, //RequireNetworkControl or EQueryUser
	2, //RequireDiskAdmin or EFail
	3, //RequireDiskAdmin or EQueryUser
	3, //RequireDiskAdmin or EQueryUser
	CPolicyServer::ENotSupported,
	CPolicyServer::EAlwaysPass, 
	CPolicyServer::ENotSupported,
	};

const CPolicyServer::TPolicyElement gServerPolicy1Elements[] =
	{
	{_INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl),CPolicyServer::EFailClient},
	{_INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl),KQueryUser},
	{_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin),CPolicyServer::EFailClient},
	{_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin),KQueryUser},
	};

const CPolicyServer::TPolicy gServerPolicy1 = 
	{
	CPolicyServer::EAlwaysPass,gServerPolicy1RangeCount,
	gServerPolicy1Ranges,
	gServerPolicy1ElementsIndex,
	gServerPolicy1Elements,
	};

//
//EPolicy2
//

const TUint gServerPolicy2RangeCount = 1;
//Invalid Policy -- doesn't start with 0
const TInt gServerPolicy2Ranges[gServerPolicy2RangeCount] = { 
	1, //KErrNotSupported
	};

const TUint8 gServerPolicy2ElementsIndex[] = { 
	CPolicyServer::ENotSupported,
	};

const CPolicyServer::TPolicyElement gServerPolicy2Elements[] =
	{
	{_INIT_SECURITY_POLICY_FAIL,CPolicyServer::EFailClient},
	};

const CPolicyServer::TPolicy gServerPolicy2 = 
	{
	0,gServerPolicy2RangeCount,
	gServerPolicy2Ranges,
	gServerPolicy2ElementsIndex,
	gServerPolicy2Elements
	};

//
//EPolicy3
//

const TUint gServerPolicy3RangeCount = 12;
//Invalid Policy -- range values not increasing
const TInt gServerPolicy3Ranges[gServerPolicy3RangeCount] = { 
	0, //ECustomCheck
	6, //EAlwaysPass
	7, //ENotSupported
	8, //->0
	9, //->1
	10, //->2
	11, //->3
	12, //->3
	13, //ENotSupported
	100, //EAlwaysPass -> Shutdown
	101, //ENotSupported
	99, //EAlwaysPass
	};

const TUint8 gServerPolicy3ElementsIndex[] = { 
	CPolicyServer::ECustomCheck, 
	CPolicyServer::EAlwaysPass, 
	CPolicyServer::ENotSupported,
	0, //RequireNetworkControl or EFail
	1, //RequireNetworkControl or EQueryUser
	2, //RequireDiskAdmin or EFail
	3, //RequireDiskAdmin or EQueryUser
	3, //RequireDiskAdmin or EQueryUser
	CPolicyServer::ENotSupported,
	CPolicyServer::EAlwaysPass, 
	CPolicyServer::ENotSupported,
	CPolicyServer::EAlwaysPass, 
	};

const CPolicyServer::TPolicyElement gServerPolicy3Elements[] =
	{
	{_INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl),CPolicyServer::EFailClient},
	{_INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl),KQueryUser},
	{_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin),CPolicyServer::EFailClient},
	{_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin),KQueryUser},
	};

const CPolicyServer::TPolicy gServerPolicy3 = 
	{
	0,gServerPolicy3RangeCount,
	gServerPolicy3Ranges,
	gServerPolicy3ElementsIndex,
	gServerPolicy3Elements
	};

//
//EPolicy4
//

const TUint gServerPolicy4RangeCount = 1;
//Invalid Policy -- Elements Index has invalid values
const TInt gServerPolicy4Ranges[gServerPolicy4RangeCount] = { 
	0, //Invalid value
	};

const TUint8 gServerPolicy4ElementsIndex[] = { 
	CPolicyServer::ESpecialCaseHardLimit,
	};

const CPolicyServer::TPolicyElement gServerPolicy4Elements[] =
	{
	{_INIT_SECURITY_POLICY_FAIL,CPolicyServer::EFailClient},
	};

const CPolicyServer::TPolicy gServerPolicy4 = 
	{
	0,gServerPolicy4RangeCount,
	gServerPolicy4Ranges,
	gServerPolicy4ElementsIndex,
	gServerPolicy4Elements
	};

//
//EPolicy5
//

const TUint gServerPolicy5RangeCount = 1;
//Invalid Policy -- Elements Index has invalid values
const TInt gServerPolicy5Ranges[gServerPolicy5RangeCount] = { 
	0, //uses Invalid value
	};

const TUint8 gServerPolicy5ElementsIndex[] = { 
	//Uses invalid value 
	CPolicyServer::ESpecialCaseLimit,
	};

const CPolicyServer::TPolicyElement gServerPolicy5Elements[] =
	{
	{_INIT_SECURITY_POLICY_FAIL,CPolicyServer::EFailClient},
	};

const CPolicyServer::TPolicy gServerPolicy5 = 
	{
	0,gServerPolicy5RangeCount,
	gServerPolicy5Ranges,
	gServerPolicy5ElementsIndex,
	gServerPolicy5Elements
	};

//
//EPolicy6
//

const TUint gServerPolicy6RangeCount = 1;
//Invalid Policy -- Elements Index has invalid values
const TInt gServerPolicy6Ranges[gServerPolicy6RangeCount] = { 
	0,
	};

const TUint8 gServerPolicy6ElementsIndex[] = { 
	CPolicyServer::ENotSupported,
	};

const CPolicyServer::TPolicyElement gServerPolicy6Elements[] =
	{
	{_INIT_SECURITY_POLICY_FAIL,CPolicyServer::EFailClient},
	};

const CPolicyServer::TPolicy gServerPolicy6 = 
	{
	//Uses invalid value for iOnConnect
	CPolicyServer::ESpecialCaseHardLimit,gServerPolicy6RangeCount,
	gServerPolicy6Ranges,
	gServerPolicy6ElementsIndex,
	gServerPolicy6Elements
	};

//
//EPolicy7
//
// Connect not supported
const TUint gServerPolicy7RangeCount = 1;
const TInt gServerPolicy7Ranges[gServerPolicy7RangeCount] = { 
	0,
	};

const TUint8 gServerPolicy7ElementsIndex[] = { 
	0
	};

const CPolicyServer::TPolicyElement gServerPolicy7Elements[] =
	{
	{_INIT_SECURITY_POLICY_FAIL,CPolicyServer::EFailClient},
	};

const CPolicyServer::TPolicy gServerPolicy7 = 
	{
	CPolicyServer::ENotSupported,gServerPolicy7RangeCount,
	gServerPolicy7Ranges,
	gServerPolicy7ElementsIndex,
	gServerPolicy7Elements
	};

//
//EPolicy8
//
// Connect Custom Check
const TUint gServerPolicy8RangeCount = 1;
const TInt gServerPolicy8Ranges[gServerPolicy8RangeCount] = { 
	0,
	};

const TUint8 gServerPolicy8ElementsIndex[] = { 
	0
	};

const CPolicyServer::TPolicyElement gServerPolicy8Elements[] =
	{
	{_INIT_SECURITY_POLICY_FAIL,CPolicyServer::EPanicClient},
	};

const CPolicyServer::TPolicy gServerPolicy8 = 
	{
	CPolicyServer::ECustomCheck,gServerPolicy8RangeCount,
	gServerPolicy8Ranges,
	gServerPolicy8ElementsIndex,
	gServerPolicy8Elements
	};

//
//EPolicy9
//
// Connect has a static policy but it fails.
const TUint gServerPolicy9RangeCount = 1;
const TInt gServerPolicy9Ranges[gServerPolicy9RangeCount] = { 
	0,
	};

const TUint8 gServerPolicy9ElementsIndex[] = { 
	0
	};

const CPolicyServer::TPolicyElement gServerPolicy9Elements[] =
	{
	{_INIT_SECURITY_POLICY_FAIL,CPolicyServer::EFailClient},
	};

const CPolicyServer::TPolicy gServerPolicy9 = 
	{
	0,gServerPolicy9RangeCount,
	gServerPolicy9Ranges,
	gServerPolicy9ElementsIndex,
	gServerPolicy9Elements
	};

//
// EPolicy10
//

const TUint gServerPolicy10RangeCount = 13;
const TInt gServerPolicy10Ranges[gServerPolicy10RangeCount] = { 
	0, //ECustomCheck
	5, //EAlwaysPass
	6, //ENotSupported
	8, //->0
	9, //->3
	10, //->2
	11, //->1
	12, //ENotSupported
	55, //->3
	58, //ENotSupported
	100, //EAlwaysPass -> Shutdown
	101, //ENotSupported
	KMaxTInt, //EAlways Pass
	};

const TUint8 gServerPolicy10ElementsIndex[] = { 
	CPolicyServer::ECustomCheck, 
	CPolicyServer::EAlwaysPass, 
	CPolicyServer::ENotSupported,
	0, //RequireNetworkControl or EFail
	3, //RequireDiskAdmin or EQueryUser
	2, //RequireDiskAdmin or EFail
	1, //RequireNetworkControl or EQueryUser
	CPolicyServer::ENotSupported,
	3,
	CPolicyServer::ENotSupported,
	CPolicyServer::EAlwaysPass, 
	CPolicyServer::ENotSupported,
	CPolicyServer::EAlwaysPass, 
	};

const CPolicyServer::TPolicyElement gServerPolicy10Elements[] =
	{
	{_INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl),CPolicyServer::EFailClient},
	{_INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl),KQueryUser},
	{_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin),CPolicyServer::EFailClient},
	{_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin),KQueryUser},
	};

const CPolicyServer::TPolicy gServerPolicy10 = 
	{
	CPolicyServer::EAlwaysPass,gServerPolicy10RangeCount,
	gServerPolicy10Ranges,
	gServerPolicy10ElementsIndex,
	gServerPolicy10Elements,
	};


//A list of all the global policies
const CPolicyServer::TPolicy* gPolicyIndex[] = {
	&gServerPolicy1,
	&gServerPolicy2,
	&gServerPolicy3,
	&gServerPolicy4,
	&gServerPolicy5,
	&gServerPolicy6,
	&gServerPolicy7,
	&gServerPolicy8,
	&gServerPolicy9,
	&gServerPolicy10,
	};


#include "testprocess.h"

TInt StartServer(const CPolicyServer::TPolicy& aPolicy, TUint aServerIndex);

TInt DoTestProcess(TInt aTestNum,TInt aArg1,TInt aArg2)
	{
	switch(aTestNum)
		{

	case ETestProcessPolicyServer:
		{
		__ASSERT_ALWAYS(aArg1 >= 0 && aArg1 < (TInt)sizeof(gPolicyIndex)>>2, User::Panic(KPolSvr, KErrArgument));
		const CPolicyServer::TPolicy& policy = *(gPolicyIndex[aArg1]);
		__ASSERT_ALWAYS(aArg2 >= 0, User::Panic(KPolSvr, KErrArgument));
		TInt r;
		r=StartServer(policy, TUint(aArg2));
		if(r==KErrAlreadyExists)
			{
			User::After(2*1000*1000);
			r=StartServer(policy, TUint(aArg2));
			}
		return r;
		}

	default:
		User::Panic(_L("T_POLSVR"),1);
		}

	return KErrNone;
	}


//
// RTestThread
//

class RTestThread : public RThread
	{
public:
	void Create(TThreadFunction aFunction,TAny* aArg=0);
	};

void RTestThread::Create(TThreadFunction aFunction,TAny* aArg)
	{
	TInt r=RThread::Create(_L(""),aFunction,KDefaultStackSize,KDefaultStackSize,KDefaultStackSize,aArg);
	test(r==KErrNone);
	}

//
// CTestSession1
//

class CTestSession1 : public CSession2
	{
public:
	enum {EShutdown=100};
public:
	CTestSession1();
	virtual void ServiceL(const RMessage2& aMsg);
public:
	};

CTestSession1::CTestSession1()
	: CSession2()
	{}


void CTestSession1::ServiceL(const RMessage2& aMsg)
	{
	OrInFlags(aMsg, KServiceLMask);
	TInt fn = aMsg.Function();
	switch(fn)
		{
		case 2:
		case 4:
		case 5:
		case 6:
		case 8:
		case 9:
		case 12:
		case KMaxTInt:
			aMsg.Complete(KErrNone);
			break;

		case CTestSession1::EShutdown:
			CActiveScheduler::Stop();
			aMsg.Complete(KErrNone);
			break;
		default:
			//If we get here we have an unhandled condition in the test code.
			//The test code is specifically setup to try and catch all branches
			//through the policy server.  If you get, there is some problem in
			//the setup.
			test(0);
			break;
		}
	}

//
// CTestPolicyServer1
//

class CTestPolicyServer1 : public CPolicyServer
	{
public:
	CTestPolicyServer1(TInt aPriority, const TPolicy& aPolicy);
	virtual CSession2* NewSessionL(const TVersion& aVersion,const RMessage2& aMsg) const;
	virtual TCustomResult CustomSecurityCheckL(const RMessage2& aMsg, TInt& aAction, TSecurityInfo& aMissing);
	virtual TCustomResult CustomFailureActionL(const RMessage2& aMsg, TInt aAction, const TSecurityInfo& aMissing);
	};

CTestPolicyServer1::CTestPolicyServer1(TInt aPriority, const TPolicy& aPolicy)
	: CPolicyServer(aPriority, aPolicy)
	{
	}

CSession2* CTestPolicyServer1::NewSessionL(const TVersion& /*aVersion*/,const RMessage2& /*aMsg*/) const
	{
	return new (ELeave) CTestSession1();
	}

CPolicyServer::TCustomResult CTestPolicyServer1::CustomSecurityCheckL(const RMessage2& aMsg, TInt& aAction, TSecurityInfo& aMissing)
	{
	TInt fn = aMsg.Function();
	if(fn >= 0)
		{
		//Connect messages don't use this debugging system
		OrInFlags(aMsg, KCustomCheckMask);
		}
	if(fn == -1) //Connect
		{
		return EPass;
		}
	else if(fn == 1)
		{
		aMissing.iCaps.AddCapability(ECapabilityCommDD);
		return EFail;
		}
	else if(fn == 2)
		{
		return EPass;
		}
	else if(fn == 3)
		{
		aMissing.iCaps.AddCapability(ECapabilityCommDD);
		aAction = KQueryUser;
		return EFail;
		}
	else if(fn == 4)
		{
		aMissing.iCaps.AddCapability(ECapabilityCommDD);
		aAction = KQueryUser;
		return EFail;
		}
	else if(fn == 5)
		{
		//Since we are returning ETrue here, setting the action shouldn't affect
		//anything.  This should result in the same as 2.
		aAction = KQueryUser;
		return EPass;
		}
	//If we get here we have an unhandled condition in the test code.  The test
	//code is specifically setup to try and catch all branches through the
	//policy server.  If you get, there is some problem in the setup.
	test(0);
	return EFail;
	}

CPolicyServer::TCustomResult CTestPolicyServer1::CustomFailureActionL(const RMessage2& aMsg, TInt aAction, const TSecurityInfo& aMissing)
	{
	(void)aMissing;
	(void)aMsg;
	(void)aAction;
	TInt fn = aMsg.Function();
	if(fn >= 0)
		{
		//Connect messages don't use this debugging system
		OrInFlags(aMsg, KCustomActionMask);
		}
	switch(fn)
		{
		case 3:
			return EFail;
		case 4:
			return EPass;
		case 11:
			return EFail;
		case 12:
			return EPass;
		default:
			break;
		}

	//If we get here we have an unhandled condition in the test code.  The test
	//code is specifically setup to try and catch all branches through the
	//policy server.  If you get, there is some problem in the setup.
	test(0);
	return EFail;
	}

//
// CTestPolicyServer2
//

class CTestPolicyServer2 : public CPolicyServer
	{
public:
	CTestPolicyServer2(TInt aPriority, const TPolicy& aPolicy);
	virtual CSession2* NewSessionL(const TVersion& aVersion,const RMessage2& aMsg) const;
	//virtual TBool CustomSecurityCheckL(const RMessage2& aMsg, TInt& aAction);
	//virtual TBool CustomFailureActionL(const TSecurityPolicy* aPolicy, const RMessage2& aMsg, TInt aAction);
	};

//
// CTestSession2
//

class CTestSession2 : public CSession2
	{
public:
	enum {EShutdown=100};
public:
	CTestSession2();
	virtual void ServiceL(const RMessage2& aMsg);
public:
	};

CTestSession2::CTestSession2()
	: CSession2()
	{
	}

void CTestSession2::ServiceL(const RMessage2& aMsg)
	{
	TInt fn = aMsg.Function();
	switch(fn)
		{
		case CTestSession2::EShutdown:
			CActiveScheduler::Stop();
			aMsg.Complete(KErrNone);
			break;
		default:
			//If we get here we have an unhandled condition in the test code.
			//The test code is specifically setup to try and catch all branches
			//through the policy server.  If you get, there is some problem in
			//the setup.
			test(0);
			break;
		}
	}

CTestPolicyServer2::CTestPolicyServer2(TInt aPriority, const TPolicy& aPolicy)
	: CPolicyServer(aPriority, aPolicy)
	{
	}

CSession2* CTestPolicyServer2::NewSessionL(const TVersion& /*aVersion*/,const RMessage2& /*aMsg*/) const
	{
	return new (ELeave) CTestSession2();
	}

//
// CTestPolicyServer3
//

class CTestPolicyServer3 : public CPolicyServer
	{
public:
	CTestPolicyServer3(TInt aPriority, const TPolicy& aPolicy);
	virtual CSession2* NewSessionL(const TVersion& aVersion,const RMessage2& aMsg) const;
	virtual TCustomResult CustomSecurityCheckL(const RMessage2& aMsg, TInt& aAction, TSecurityInfo&);
	virtual TCustomResult CustomFailureActionL(const RMessage2& aMsg, TInt aAction, const TSecurityInfo& aMissing);
	};

CPolicyServer::TCustomResult CTestPolicyServer3::CustomSecurityCheckL(const RMessage2& aMsg, TInt& aAction, TSecurityInfo& aMissing)
	{
	(void)aAction;
	(void)aMsg;
	(void)aMissing;
	//If we get here we have an unhandled condition in the test code.  The test
	//code is specifically setup to try and catch all branches through the
	//policy server.  If you get, there is some problem in the setup.
	test(0);
	return EFail;
	}

CPolicyServer::TCustomResult CTestPolicyServer3::CustomFailureActionL(const RMessage2& aMsg, TInt aAction, const TSecurityInfo& aMissing)
	{
	(void)aMissing;
	(void)aMsg;
	(void)aAction;
	TInt fn = aMsg.Function();
	switch(fn)
		{
		case -1:
			return EPass;
		default:
			break;
		}

	//If we get here we have an unhandled condition in the test code.  The test
	//code is specifically setup to try and catch all branches through the
	//policy server.  If you get, there is some problem in the setup.
	test(0);
	return EFail;
	}

//
// CTestSession3
//

class CTestSession3 : public CSession2
	{
public:
	enum {EShutdown=100};
public:
	CTestSession3();
	virtual void ServiceL(const RMessage2& aMsg);
public:
	};

CTestSession3::CTestSession3()
	: CSession2()
	{
	}

void CTestSession3::ServiceL(const RMessage2& aMsg)
	{
	TInt fn = aMsg.Function();
	switch(fn)
		{
		case CTestSession3::EShutdown:
			CActiveScheduler::Stop();
			aMsg.Complete(KErrNone);
			break;
		default:
			//If we get here we have an unhandled condition in the test code.
			//The test code is specifically setup to try and catch all branches
			//through the policy server.  If you get, there is some problem in
			//the setup.
			test(0);
			break;
		}
	}

CTestPolicyServer3::CTestPolicyServer3(TInt aPriority, const TPolicy& aPolicy)
	: CPolicyServer(aPriority, aPolicy)
	{
	}

CSession2* CTestPolicyServer3::NewSessionL(const TVersion& /*aVersion*/,const RMessage2& /*aMsg*/) const
	{
	return new (ELeave) CTestSession3();
	}

_LIT(KCustomActive, "CCustomActive");
//
// CCustomActive
//

class CCustomActive : public CActive
	{
public:
	static CCustomActive* NewL(CPolicyServer& aServer);
	void RunL();
	TInt RunError(TInt aError);
	void DoCancel();
	void CustomSecurityCheckL(const RMessage2& aMsg, TInt aAction);
	void CustomFailureActionL(const RMessage2& aMsg, TInt aAction);
protected:
	void HandleSecurityCheckResultL();
	void HandleFailureActionResultL();
	void ConstructL();	
private:
	CCustomActive(CPolicyServer& aServer);
	RTimer iTimer;
	CPolicyServer& iServer;
	const RMessage2* iMsg;
	enum TState {
		ECustomSecurityCheck,
		EFailureAction,
		};
	TState iState;
	TInt iAction;
	TSecurityInfo iMissing;
	};

CCustomActive::CCustomActive(CPolicyServer& aServer)
	: CActive(0), iServer(aServer), iMsg(0), iState(ECustomSecurityCheck)
	{
	CActiveScheduler::Add(this);
	}

CCustomActive* CCustomActive::NewL(CPolicyServer& aServer)
	{
	CCustomActive* self = new(ELeave)CCustomActive(aServer);
	CleanupStack::PushL(self);
	self->ConstructL();
	CleanupStack::Pop(self);
	return self;
	}

void CCustomActive::ConstructL()
	{
	User::LeaveIfError(iTimer.CreateLocal());
	memset(&iMissing, 0, sizeof(TSecurityInfo));
	}

void CCustomActive::HandleSecurityCheckResultL()
	{
	TInt fn = iMsg->Function();
	switch(fn)
		{
		case 0:
			iStatus = KErrGeneral;
			break;
		case 1: //pass
		case 4:
			break;
		case 2:
		case 3:
			iStatus = KErrGeneral;
			iAction = KQueryUser;
			break;
		default:
			test(0);
		}
	if(iStatus == KErrNone)
		{
		iServer.ProcessL(*iMsg);
		iMsg=0;
		}
	else
		{
		const RMessage2* ptr = iMsg;
		iMsg=0;
		iServer.CheckFailedL(*ptr, iAction, iMissing);
		}
	}

void CCustomActive::HandleFailureActionResultL()
	{
	TInt fn = iMsg->Function();
	switch(fn)
		{
		case 2:
			iStatus = KErrGeneral;
			break;
		case 3: //pass
		case 9:
		case 57: //passes through so ServiceL can leave with NoMem
			break;
		case 56:
			User::Leave(KErrNoMemory);
			break;
			
		default:
			test(0);
		}
	if(iStatus == KErrNone)
		iServer.ProcessL(*iMsg);
	else
		iMsg->Complete(KErrPermissionDenied);
	iMsg=0;
	}

void CCustomActive::RunL()
	{
	OrInFlags(*iMsg, KActiveRunLMask);

	switch(iState)
		{
		case ECustomSecurityCheck:
			HandleSecurityCheckResultL();
			break;
		case EFailureAction:
			HandleFailureActionResultL();
			break;
		default:
			//Invalid state
			User::Panic(KCustomActive, 11);
			break;
		}
	}

TInt CCustomActive::RunError(TInt aError)
	{
	OrInFlags(*iMsg, KActiveRunErrorMask);
	if(iMsg)
		{
		iServer.ProcessError(*iMsg, aError);
		iMsg = 0;
		iAction = CPolicyServer::EFailClient;
		return KErrNone;
		}
	else
		return aError;
	}

void CCustomActive::DoCancel()
	{
	OrInFlags(*iMsg, KActiveDoCancelMask);
	iTimer.Cancel();
	if(iMsg)
		{
		iMsg->Complete(KErrCancel);
		}
	iMsg = 0;
	iAction = CPolicyServer::EFailClient;
	}

void CCustomActive::CustomSecurityCheckL(const RMessage2& aMsg, TInt aAction)
	{
	__ASSERT_ALWAYS(!IsActive(), User::Panic(KCustomActive, 1));
	__ASSERT_ALWAYS(iMsg == 0, User::Panic(KCustomActive, 2));

	OrInFlags(aMsg, KActiveCheckMask);

	iTimer.After(iStatus, 100000);
	SetActive();
	iMsg = &aMsg;
	iState = ECustomSecurityCheck;
	iAction = aAction;
	}

void CCustomActive::CustomFailureActionL(const RMessage2& aMsg, TInt aAction)
	{
	__ASSERT_ALWAYS(!IsActive(), User::Panic(KCustomActive, 3));
	__ASSERT_ALWAYS(iMsg == 0, User::Panic(KCustomActive, 4));

	OrInFlags(aMsg, KActiveActionMask);

	iTimer.After(iStatus, 50000);
	SetActive();
	iMsg = &aMsg;
	iState = EFailureAction;
	iAction = aAction;

	if(aMsg.Function() == 55)
		{
		Cancel();
		}
	}

//
// CTestPolicyServer4
//

class CTestPolicyServer4 : public CPolicyServer
	{
public:
	static CTestPolicyServer4* NewL(TInt aPriority, const TPolicy& aPolicy);
	CTestPolicyServer4(TInt aPriority, const TPolicy& aPolicy);
	virtual CSession2* NewSessionL(const TVersion& aVersion,const RMessage2& aMsg) const;
	virtual TCustomResult CustomSecurityCheckL(const RMessage2& aMsg, TInt& aAction, TSecurityInfo& aMissing);
	virtual TCustomResult CustomFailureActionL(const RMessage2& aMsg, TInt aAction, const TSecurityInfo& aMissing);
	CCustomActive* iActiveCheck;
protected:
	void ConstructL();
	};

CTestPolicyServer4* CTestPolicyServer4::NewL(TInt aPriority, const TPolicy& aPolicy)
	{
	CTestPolicyServer4* self = new(ELeave)CTestPolicyServer4(aPriority, aPolicy);
	CleanupStack::PushL(self);
	self->ConstructL();
	CleanupStack::Pop(self);
	return self;
	}

void CTestPolicyServer4::ConstructL()
	{
	iActiveCheck = CCustomActive::NewL(*this);
	}

CPolicyServer::TCustomResult CTestPolicyServer4::CustomSecurityCheckL(const RMessage2& aMsg, TInt& aAction, TSecurityInfo& aMissing)
	{
	(void)aMissing;
	OrInFlags(aMsg, KCustomCheckMask);
	iActiveCheck->CustomSecurityCheckL(aMsg, aAction);
	return EAsync;
	}

CPolicyServer::TCustomResult CTestPolicyServer4::CustomFailureActionL(const RMessage2& aMsg, TInt aAction, const TSecurityInfo& aMissing)
	{
	(void)aMissing;
	OrInFlags(aMsg, KCustomActionMask);
	iActiveCheck->CustomFailureActionL(aMsg, aAction);
	return EAsync;
	}

//
// CTestSession4
//

class CTestSession4 : public CSession2
	{
public:
	enum {EShutdown=100};
public:
	CTestSession4();
	virtual void ServiceL(const RMessage2& aMsg);
	virtual void ServiceError(const RMessage2& aMsg, TInt aError);
public:
	};

CTestSession4::CTestSession4()
	: CSession2()
	{
	}

void CTestSession4::ServiceL(const RMessage2& aMsg)
	{
	TInt fn = aMsg.Function();
	OrInFlags(aMsg, KServiceLMask);
	switch(fn)
		{
		case 1:
		case 3:
		case 4:
		case 5:
		case 8:
		case 9:
		case 11:
			aMsg.Complete(KErrNone);
			break;
		case 57:
			User::Leave(KErrNoMemory);
			break;
		case CTestSession4::EShutdown:
			CActiveScheduler::Stop();
			aMsg.Complete(KErrNone);
			break;
		case KMaxTInt:
			//KMaxTInt would otherwise interfere with the OrInFlags value, so
			//we return our location this way instead.
			aMsg.Complete(KMaxTInt);
			break;
		default:
			//If we get here we have an unhandled condition in the test code.
			//The test code is specifically setup to try and catch all branches
			//through the policy server.  If you get, there is some problem in
			//the setup.
			test(0);
			break;
		}
	}

void CTestSession4::ServiceError(const RMessage2& aMsg, TInt aError)
	{
	OrInFlags(aMsg, KServiceErrorMask);
	if(!aMsg.IsNull())
		aMsg.Complete(aError);
	}

CTestPolicyServer4::CTestPolicyServer4(TInt aPriority, const TPolicy& aPolicy)
	: CPolicyServer(aPriority, aPolicy)
	{
	}

CSession2* CTestPolicyServer4::NewSessionL(const TVersion& /*aVersion*/,const RMessage2& /*aMsg*/) const
	{
	return new (ELeave) CTestSession4();
	}


//
// CTestActiveScheduler
//

class CTestActiveScheduler : public CActiveScheduler
	{
public:
	virtual void Error(TInt anError) const;
	};

void CTestActiveScheduler::Error(TInt anError) const
	{
	User::Panic(_L("TestServer Error"),anError);
	}



//
// Server thread
//

_LIT(KServerName,"T_POLSVR-server");
const TInt KServerRendezvous = KRequestPending+1;

void DoStartServer(const CPolicyServer::TPolicy& aPolicy, TUint aServerIndex)
	{
	CTestActiveScheduler* activeScheduler = new (ELeave) CTestActiveScheduler;
	CActiveScheduler::Install(activeScheduler);
	CleanupStack::PushL(activeScheduler);

	CPolicyServer* server = 0;
	switch(aServerIndex)
		{
		case 0:
			server = new (ELeave) CTestPolicyServer1(0,aPolicy);
			break;
		case 1:
			server = new (ELeave) CTestPolicyServer2(0,aPolicy);
			break;
		case 2:
			server = new (ELeave) CTestPolicyServer3(0,aPolicy);
			break;
		case 3:
			server = CTestPolicyServer4::NewL(0,aPolicy);
			break;
		default:
			User::Panic(KPolSvr, KErrArgument);
		}
	CleanupStack::PushL(server);

	User::LeaveIfError(server->Start(KServerName));

	RProcess::Rendezvous(KServerRendezvous);

	CActiveScheduler::Start();

	CleanupStack::PopAndDestroy(2);
	}

TInt StartServer(const CPolicyServer::TPolicy& aPolicy, TUint aServerIndex)
	{
	CTrapCleanup* cleanupStack = CTrapCleanup::New();
	if(!cleanupStack)
		return KErrNoMemory;
	TRAPD(leaveError,DoStartServer(aPolicy,aServerIndex))
	delete cleanupStack;
	return leaveError;
	}



//
// RTestSession
//

class RTestSession : public RSessionBase
	{
public:
	inline TInt Connect()
		{ return CreateSession(KServerName,TVersion());}
//	inline TInt Send(TInt aFunction)
//		{ return RSessionBase::SendReceive(aFunction); }
	inline TInt Send(TInt aFunction,const TIpcArgs& aArgs)
		{ return RSessionBase::SendReceive(aFunction,aArgs); }
	inline void Send(TInt aFunction,TRequestStatus& aStatus)
		{ RSessionBase::SendReceive(aFunction,aStatus); }
	inline void Send(TInt aFunction,const TIpcArgs& aArgs,TRequestStatus& aStatus)
		{ RSessionBase::SendReceive(aFunction,aArgs,aStatus); }
	};



RTestSession Session;

#include <e32svr.h>

void TestServer1WithPolicy1()
	{
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy1,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
	test(rendezvous==KServerRendezvous);

	test.Next(_L("Server 1, Policy 1"));
	TInt r = Session.Connect();
	test(r==KErrNone);

	TBuf8<4> flags(4);

	//case 0: Not Supported, returned from policy server level.
	SetFlags(flags, 0);
	r = Session.Send(0, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (0));

	//case 1: Custom Check, fails with KErrPermissionDenied
	SetFlags(flags, 1);
	r = Session.Send(1, TIpcArgs(&flags));
	test(r==KErrPermissionDenied);
	test(FlagsValue(flags) == (1 | KCustomCheckMask) ); 

	//case 2: Custom Check passes.
	SetFlags(flags, 2);
	r = Session.Send(2, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (2 | KCustomCheckMask | KServiceLMask) ); 

	//case 3: Custom Check fails but action set to EQueryUser, query
	//subsequently fails
	SetFlags(flags, 3);
	r = Session.Send(3, TIpcArgs(&flags));
	test(r==KErrPermissionDenied);
	test(FlagsValue(flags) == (3 | KCustomCheckMask | KCustomActionMask ));

	//case 4: Custom Check fails but action set to EQueryUser, query
	//subsequently passes
	SetFlags(flags, 4);
	r = Session.Send(4, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (4 | KCustomCheckMask | KCustomActionMask | KServiceLMask ));
	
	//case 5: Custom Check passes and action is set.  Action set shouldn't make
	//a difference.  Should be same result as case 2.
	SetFlags(flags, 5);
	r = Session.Send(5, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (5 | KCustomCheckMask | KServiceLMask ));

	//case 6: Always passes at the policy server level.
	SetFlags(flags, 6);
	r = Session.Send(6, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (6 | KServiceLMask) );

	//case 7: Not Supported, returned from policy server level.
	SetFlags(flags, 7);
	r = Session.Send(7, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (7));

	//case 8: Requires NetworkControl, which we have, so it passes.
	SetFlags(flags, 8);
	r = Session.Send(8, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (8 | KServiceLMask));

	//case 9: Requires NetworkControl -> pass.  Thrown in a EQueryUser to see
	//if it causes any problems -> it shouldn't.  Should be same as case 8.
	SetFlags(flags, 9);
	r = Session.Send(9, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (9 | KServiceLMask));

	//case 10: Requires DiskAdmin which we don't have.  
	SetFlags(flags, 10);
	r = Session.Send(10, TIpcArgs(&flags));
	test(r==KErrPermissionDenied);
	test(FlagsValue(flags) == (10));

	//case 11: Requires DiskAdmin, which we don't have. EQueryUser is set, and
	//it fails.
	SetFlags(flags, 11);
	r = Session.Send(11, TIpcArgs(&flags));
	test(r==KErrPermissionDenied);
	test(FlagsValue(flags) == (11 | KCustomActionMask));

	//case 12: Requires DiskAdmin, which we don't have. EQueryUser is set, and
	//it passes.
	SetFlags(flags, 12);
	r = Session.Send(12, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (12 | KCustomActionMask | KServiceLMask));

	//case 13: Not Supported, returned from policy server level.
	SetFlags(flags, 13);
	r = Session.Send(13, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (13));

	//case 14: Not Supported, returned from policy server level.
	SetFlags(flags, 14);
	r = Session.Send(14, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (14));

	//case 55: Not Supported, returned from policy server level.
	SetFlags(flags, 55);
	r = Session.Send(55, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (55));

	//case 86: Not Supported, returned from policy server level.
	SetFlags(flags, 86);
	r = Session.Send(86, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (86));

	//case 99: Not Supported, returned from policy server level.
	SetFlags(flags, 99);
	r = Session.Send(99, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (99));

	//case 101: Not Supported, returned from policy server level.
	SetFlags(flags, 101);
	r = Session.Send(101, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (101));

	//case 1000191: Not Supported, returned from policy server level.
	SetFlags(flags, 1000191);
	r = Session.Send(1000191, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (1000191));

	//case 1000848: Not Supported, returned from policy server level.
	SetFlags(flags, 1000848);
	r = Session.Send(1000848, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (1000848));

	//case KMaxTInt-1: Not Supported, returned from policy server level.
	SetFlags(flags, KMaxTInt-1);
	r = Session.Send(KMaxTInt-1, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (KMaxTInt-1));

	//case KMaxTInt: Not Supported, returned from policy server level.
	SetFlags(flags, KMaxTInt);
	r = Session.Send(KMaxTInt, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (TUint)(KMaxTInt));

	r = Session.Send(CTestSession1::EShutdown, TIpcArgs(&flags));
	test.Printf(_L("r = %d\n"),r);
	test(r==KErrNone);

	Session.Close();
	CLOSE_AND_WAIT(server);
	}

#include <e32panic.h>

void TestServer1WithPolicy2()
	{
	test.Next(_L("Server 1, Policy 2"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy2,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
#ifdef _DEBUG
	//Debug mode does a policy integrity check
	test(rendezvous==EPolSvr1stRangeNotZero);
#else
	test(rendezvous==KServerRendezvous);
	server.Terminate(0);
#endif
	CLOSE_AND_WAIT(server);
	}

void TestServer1WithPolicy3()
	{
	test.Next(_L("Server 1, Policy 3"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy3,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
#ifdef _DEBUG
	//Debug mode does a policy integrity check
	test(rendezvous==EPolSvrRangesNotIncreasing);
#else
	test(rendezvous==KServerRendezvous);
	server.Terminate(0);
#endif
	CLOSE_AND_WAIT(server);
	}

void TestServer1WithPolicy4()
	{
	test.Next(_L("Server 1, Policy 4"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy4,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
#ifdef _DEBUG
	//Debug mode does a policy integrity check
	test(rendezvous==EPolSvrElementsIndexValueInvalid);
#else
	test(rendezvous==KServerRendezvous);
	server.Terminate(0);
#endif
	CLOSE_AND_WAIT(server);
	}

void TestServer1WithPolicy5()
	{
	test.Next(_L("Server 1, Policy 5"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy5,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
#ifdef _DEBUG
	//Debug mode does a policy integrity check
	test(rendezvous==EPolSvrElementsIndexValueInvalid);
#else
	test(rendezvous==KServerRendezvous);
	server.Terminate(0);
#endif
	CLOSE_AND_WAIT(server);
	}

void TestServer1WithPolicy6()
	{
	test.Next(_L("Server 1, Policy 6"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy6,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
#ifdef _DEBUG
	//Debug mode does a policy integrity check
	test(rendezvous==EPolSvrIOnConnectValueInvalid);
#else
	test(rendezvous==KServerRendezvous);
	server.Terminate(0);
#endif
	CLOSE_AND_WAIT(server);
	}

void TestServer1WithPolicy7()
	{
	test.Next(_L("Server 1, Policy 7"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy7,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
	test(rendezvous==KServerRendezvous);

	TInt r = Session.Connect();
	test(r==KErrNotSupported);

	//We can do this because we have power management
	server.Terminate(KErrGeneral);
	CLOSE_AND_WAIT(server);
	}

void TestServer1WithPolicy8()
	{
	test.Next(_L("Server 1, Policy 8"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy8,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
	test(rendezvous==KServerRendezvous);

	//This will be calling through CustomSecurityCheckL (server1 will return
	//pass), but there is no easy way to determine that it has followed the
	//correct path.
	TInt r = Session.Connect();
	test(r==KErrNone);

	server.Terminate(KErrGeneral);
	Session.Close();
	CLOSE_AND_WAIT(server);
	}

void TestServer2WithPolicy8()
	{
	test.Next(_L("Server 2, Policy 8"));
	RTestProcess server;
	TRequestStatus rendezvous;
	TRequestStatus logon;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy8,ETestServer2);
	server.Rendezvous(rendezvous);
	server.Logon(logon);
	server.Resume();
	User::WaitForRequest(rendezvous);
	test(rendezvous==KServerRendezvous);

	TInt r = Session.Connect();
	test(r==KErrServerTerminated);

	//This is a simple way of testing that CustomSecurityCheckL is called for a
	//connect custom check.  Server2 doesn't have an implementation of CustomSecurityCheckL
	User::WaitForRequest(logon);
	test(logon == EPolSvrCallingBaseImplementation);

	Session.Close();
	CLOSE_AND_WAIT(server);
	}

void TestServer3WithPolicy8()
	{
	test.Next(_L("Server 3, Policy 8"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy8,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
	test(rendezvous==KServerRendezvous);

	//This will be calling through CustomSecurityCheckL
	//(server3::CustomSecurityCheckL will fail this, but set the action to
	//EQueryUser, which will call CustomFailureActionL which should will in
	//this case pass) but there is no easy way to determine that it has
	//followed the correct path.
	TInt r = Session.Connect();
	test(r==KErrNone);

	//This policy doesn't have any IPC's that work.  Only way to shutdown
	//server is to kill it.
	server.Terminate(KErrGeneral);
	Session.Close();
	CLOSE_AND_WAIT(server);
	}


void TestServer1WithPolicy9()
	{
	test.Next(_L("Server 1, Policy 9"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy9,ETestServer1);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
	test(rendezvous==KServerRendezvous);

	TInt r = Session.Connect();
	test(r==KErrPermissionDenied);

	//We can do this because we have power management
	server.Terminate(KErrGeneral);
	CLOSE_AND_WAIT(server);
	}

void TestServer2WithPolicy1()
	{	
	test.Next(_L("Server 2, Policy 1"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy1,ETestServer2);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
	test(rendezvous==KServerRendezvous);

	TInt r = Session.Connect();
	test(r==KErrNone);

	TBuf8<4> flags(4);
	r = Session.Send(CTestSession2::EShutdown, TIpcArgs(&flags));
	test(r == KErrNone);
	Session.Close();
	CLOSE_AND_WAIT(server);
	}

void TestServer4WithPolicy10()
	{	
	test.Next(_L("Server 4, Policy 10"));
	RTestProcess server;
	TRequestStatus rendezvous;
	server.Create(~KTestCapabilities,ETestProcessPolicyServer,EPolicy10,ETestServer4);
	server.Rendezvous(rendezvous);
	server.Resume();
	User::WaitForRequest(rendezvous);
	test(rendezvous==KServerRendezvous);

	TInt r = Session.Connect();
	test(r==KErrNone);

	TBuf8<4> flags(4);

	//case 0: Custom Check, fails with KErrPermissionDenied
	SetFlags(flags, 0);
	r = Session.Send(0, TIpcArgs(&flags));
	test(r==KErrPermissionDenied);
	test(FlagsValue(flags) == (0 | KCustomCheckMask | KActiveCheckMask | KActiveRunLMask) ); 

	//case 1: Custom Check passes.
	SetFlags(flags, 1);
	r = Session.Send(1, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (1 | KCustomCheckMask | KActiveCheckMask | KActiveRunLMask | KServiceLMask) ); 

	//case 2: Custom Check fails but action set to EQueryUser, query
	//subsequently fails
	SetFlags(flags, 2);
	r = Session.Send(2, TIpcArgs(&flags));
	test(r==KErrPermissionDenied);
	test(FlagsValue(flags) == (2 | KCustomCheckMask | KActiveCheckMask | KActiveRunLMask | KCustomActionMask | KActiveActionMask ));

	//case 3: Custom Check fails but action set to EQueryUser, query
	//subsequently passes
	SetFlags(flags, 3);
	r = Session.Send(3, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (3 | KCustomCheckMask | KActiveCheckMask | KActiveRunLMask | KCustomActionMask | KActiveActionMask | KServiceLMask ));
	
	//case 4: Custom Check passes and action is set.  Action set shouldn't make
	//a difference.  Should be same result as case 1.
	SetFlags(flags, 4);
	r = Session.Send(4, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (4 | KCustomCheckMask | KActiveCheckMask | KActiveRunLMask | KServiceLMask) );

	//case 5: Always passes at the policy server level.
	SetFlags(flags, 5);
	r = Session.Send(5, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (5 | KServiceLMask) );

	//case 6: Not Supported, returned from policy server level.
	SetFlags(flags, 6);
	r = Session.Send(6, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (6));

	//case 7: Not Supported, returned from policy server level.
	SetFlags(flags, 7);
	r = Session.Send(7, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (7));

	//case 8: Requires NetworkControl, which we have, so it passes.
	SetFlags(flags, 8);
	r = Session.Send(8, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (8 | KServiceLMask));

	//case 9: Requires DiskAdmin, which we don't have. EQueryUser is set, and
	//it passes.
	SetFlags(flags, 9);
	r = Session.Send(9, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (9 | KCustomActionMask | KActiveActionMask | KActiveRunLMask | KServiceLMask));

	//case 10: Requires DiskAdmin which we don't have.  
	SetFlags(flags, 10);
	r = Session.Send(10, TIpcArgs(&flags));
	test(r==KErrPermissionDenied);
	test(FlagsValue(flags) == (10));

	//case 11: Requires NetworkControl -> pass.  Thrown in a EQueryUser to see
	//if it causes any problems -> it shouldn't.  Should be same as case 8.
	SetFlags(flags, 11);
	r = Session.Send(11, TIpcArgs(&flags));
	test(r==KErrNone);
	test(FlagsValue(flags) == (11 | KServiceLMask));

	//case 12: Not Supported, returned from policy server level.
	SetFlags(flags, 12);
	r = Session.Send(12, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (12));

	//case 13: Not Supported, returned from policy server level.
	SetFlags(flags, 13);
	r = Session.Send(13, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (13));

	//case 54: Not Supported, returned from policy server level.
	SetFlags(flags, 54);
	r = Session.Send(54, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (54));

	//case 55: Requires DiskAdmin -> Fail.  But then we query user, and then we
	//cancel that.
	SetFlags(flags, 55);
	r = Session.Send(55, TIpcArgs(&flags));
	test(r==KErrCancel);
	test(FlagsValue(flags) == (55 | KCustomActionMask | KActiveActionMask | KActiveDoCancelMask));

	//case 56: Requires DiskAdmin -> Fail.  But then we query user which leaves.
	SetFlags(flags, 56);
	r = Session.Send(56, TIpcArgs(&flags));
	test(r==KErrNoMemory);
	test(FlagsValue(flags) == (56 | KCustomActionMask | KActiveActionMask | KActiveRunLMask | KActiveRunErrorMask));

	//case 57: Requires DiskAdmin -> Fail.  But then we query user which passes
	//and then we leave in the ServiceL
	SetFlags(flags, 57);
	r = Session.Send(57, TIpcArgs(&flags));
	test(r==KErrNoMemory);
	test(FlagsValue(flags) == (57 | KCustomActionMask | KActiveActionMask | KActiveRunLMask | KServiceLMask | KActiveRunErrorMask | KServiceErrorMask ));

	//case 58: Not Supported, returned from policy server level.
	SetFlags(flags, 58);
	r = Session.Send(58, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (58));

	//case 86: Not Supported, returned from policy server level.
	SetFlags(flags, 86);
	r = Session.Send(86, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (86));

	//case 99: Not Supported, returned from policy server level.
	SetFlags(flags, 99);
	r = Session.Send(99, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (99));

	//case 101: Not Supported, returned from policy server level.
	SetFlags(flags, 101);
	r = Session.Send(101, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (101));

	//case 5000: Not Supported, returned from policy server level.
	SetFlags(flags, 5000);
	r = Session.Send(5000, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (5000));

	//case KMaxTInt-1: Not Supported, returned from policy server level.
	SetFlags(flags, KMaxTInt-1);
	r = Session.Send(KMaxTInt-1, TIpcArgs(&flags));
	test(r==KErrNotSupported);
	test(FlagsValue(flags) == (KMaxTInt-1));

	//case KMaxTInt: Always pass from policy framework
	//This also tests another exit condition from the binary search
	SetFlags(flags, 0);
	r = Session.Send(KMaxTInt, TIpcArgs(&flags));
	//Instead of KErrNone we return KMaxTInt as we can't fit the KMaxTInt in
	//the flags without overwriting stuff
	test(r==KMaxTInt);
	test(FlagsValue(flags) == (0 | KServiceLMask ));

	r = Session.Send(CTestSession2::EShutdown, TIpcArgs(&flags));
	test(r == KErrNone);
	Session.Close();
	CLOSE_AND_WAIT(server);
	}

GLDEF_C TInt E32Main()
    {
	TBuf16<512> cmd;
	User::CommandLine(cmd);
	if(cmd.Length() && TChar(cmd[0]).IsDigit())
		{
		TInt function = -1;
		TInt arg1 = -1;
		TInt arg2 = -1;
		TLex lex(cmd);

		lex.Val(function);
		lex.SkipSpace();
		lex.Val(arg1);
		lex.SkipSpace();
		lex.Val(arg2);
		return DoTestProcess(function,arg1,arg2);
		}

	test.Title();

	if(!PlatSec::ConfigSetting(PlatSec::EPlatSecEnforcement))
		{
		test.Start(_L("TESTS NOT RUN - EPlatSecEnforcement is OFF"));
		test.End();
		return 0;
		}

	test.Start(_L("Policy Server Tests"));

	/* Server1 has implementations of CustomSecurityCheckL and
	CustomFailureActionL This is the test for all the paths in a policy servers
	implementations -- not all connect paths though
	This test also ensures that every path through the binary search is
	covered. */
	TestServer1WithPolicy1();

	/* Policy2,3,4,5,6, are bad policies that should cause the server to panic
	in debug mode.  In release, they'll just pass, however, if you later tried
	to use them, something would go horribly wrong */
	TestServer1WithPolicy2();
	TestServer1WithPolicy3();
	TestServer1WithPolicy4();
	TestServer1WithPolicy5();
	TestServer1WithPolicy6();

	/* Policies 7,8,9 check various types of connect policies. */
	TestServer1WithPolicy7();
	// Server 1,2,3 are used here all with policy 8 because you can only test 1
	// type of connect policy per server.
	TestServer1WithPolicy8();
	TestServer2WithPolicy8();
	TestServer3WithPolicy8();
	TestServer1WithPolicy9();

	/* Sever2 does not have implementations of CustomSecurityCheckL and
	CustomFailureActionL. When these functions are called it should crash */
	TestServer2WithPolicy1();

	/* Server4 is used for checking what happens when the custom functions use
	another active object.  This test encompasses leaving due to OOM, and
	cancellation. */
	TestServer4WithPolicy10();

	test.End();
	return(0);
    }