MCL/sf/os/networkingsrv: comparison networksecurity/ipsec/ipsecpol/src/ipsecpolmanhandler.cpp

equal deleted inserted replaced

-:abbed5a4b42a
+:8d540f55e491
-// Copyright (c) 2005-2009 Nokia Corporation and/or its subsidiary(-ies).
+// Copyright (c) 2005-2010 Nokia Corporation and/or its subsidiary(-ies).
 // All rights reserved.
 // This component and the accompanying materials are made available
 // under the terms of "Eclipse Public License v1.0"
 // which accompanies this distribution, and is available
 // at the URL "http://www.eclipse.org/legal/epl-v10.html".
 #include "ipsecpol.h"
 #include "log_ipsecpol.H"
 #include "ipsecpolparser.h"
 #include "secpolreader.h"
+#include <comms-infras/dbaccess.h>
+#include <commdbconnpref.h>
+#include <featureuids.h>
+#include <e32debug.h>
 #define FIRST_ARGUMENT  0
 #define SECOND_ARGUMENT 1
 #define THIRD_ARGUMENT  2
 #define FOURTH_ARGUMENT 3
+const TUint KAppSidDefault = 0xFFFFFFFF;
+const TUint32 KGANAppSid = 0x2002E241;
 //
 // Create IPSecPolicyManagerHandler object
 //
 CIPSecPolicyManagerHandler*
 iIsPreloadNeeded = EFalse;
 iPreloadPolicyHandle.iHandle = 0;
+CheckFeatureSupportL(NFeature::KFeatureIdFfIpsecUmaSupportEnable);
+iAppSid = KAppSidDefault;
 #ifdef TESTFLAG
 	iStringBuf = NULL;
 #endif
 ReadAlgorithmsFileL();
 iSelectorInfoArray = new (ELeave) CArrayFixFlat<TIpsecSelectorInfo> (2);
 }
 //
 // Destructor
 //
 iFs.Close();
 iSS.Close();
 delete iSelectorInfoArray;
 iSelectorInfoArray = NULL;
+}
+/**
+* To check the feature support
+*/
+void CIPSecPolicyManagerHandler::CheckFeatureSupportL(TUid aFeature)
+{
+// Check Gan support from feature manager
+TRAPD(err,iIPSecGANSupported = CFeatureDiscovery::IsFeatureSupportedL(aFeature));
+if(KErrNone != err)
+{
+LOG(Log::Printf(_L("CIPSecPolicyManagerHandler::CheckFeatureSupport Error Checking Feature Support %d"),err));
+}
+else
+{
+LOG(Log::Printf(_L("CIPSecPolicyManagerHandler::CheckFeatureSupport %d Feature Supported %d"),aFeature,iIPSecGANSupported));
+}
 }
 //
 // Release resources allocated for a call
 //
 {
 iFunction = aMsg.Int3();
 TPckg<TZoneInfoSet>pckgZoneInfoSet(zoneInfoSet);
 aMsg.ReadL(THIRD_ARGUMENT, pckgZoneInfoSet);
 }
 iVPNNetId = 0;
 if (zoneInfoSet.iSelectorZone.iScope != KScopeNone)
 {
 iVPNNetId = zoneInfoSet.iSelectorZone.iId;
 }
 iGwNetId = 0;
 if (zoneInfoSet.iEndPointZone.iScope != KScopeNone)
 {
 iGwNetId = zoneInfoSet.iEndPointZone.iId;
 }
 LOG(Log::Printf(_L("LoadPolicy request VPN NetId: %d  GW NetId: %d\n"),
 iVPNNetId, iGwNetId));
+	if(iIPSecGANSupported)
+	    {
+	    LOG(Log::Printf(_L(" iIPSecGANSupported is true \n")));
+		TRAPD( err, CheckUMAEXception((TUint32)iVPNNetId))
+		if( err != KErrNone)
+			{
+			LOG(Log::Printf(_L("NO UMA Exception \n")));
+			}
+		else
+{
+LOG(Log::Printf(_L("UMA Exception is added \n")));
+}
+	    }
 // Parse the policy file from string format to the ipsecpolparser
 // class object format
 ParseCurrentPolicyL();
 // Calculate the Bypass/Drop mode of parsed policy
 // Check if we have a direct Bypass-everything-else Vs Drop-everything-else conflict between the active policy and
 // the one that is attempted to be loaded. If so, return with error
 TInt activepolicyBypassDropMode;
+//UMA support REQ 417-40027
+TBool flag_exception =EFalse;
+// It is ok to compare with the first active policy. Every subsequent policy would have been compared against the first one
+/*                          FORMAT OF UMA POLICY
+*   remote 0.0.0.0 0.0.0.0 = { UMA_VPN_POLICY($SGW_IP_ADDRESS) }
+*   inbound = { }
+*   outbound = { }
+*/
+//Checking for exception loading. Exceptions are policies for USE CASES having conflict for loading of bypass
+//and drop policy. UMA being an excetion should be allowed to load policy. It doesnt make sense not to start UMA.
+if(iIPSecGANSupported)
+{
+flag_exception = CheckException();
+LOG(Log::Printf(_L("Is exception policy already activated= %d\n"), flag_exception));
+}
+else
+{
+LOG(Log::Printf(_L("UMA/GAN not supported and exception policy activated status = %d\n"), flag_exception));
+}
 //coverity[var_compare_op]
 //intentional null comparision if there is no policylist do nothing.
 if (iActivePolicyList && iActivePolicyList->Count())
 {
-//coverity[var_compare_op]
+//UMA support REq417-40027
-// It is ok to compare with the first active policy. Every subsequent policy would have been compared against the first one
+if(iIPSecGANSupported)
-activepolicyBypassDropMode = iActivePolicyList->At(0)->iBypassOrDropMode;
+{
+			if(flag_exception)
+				{
+				activepolicyBypassDropMode = iBypassOrDropMode;
+			 	}
+else
+			 	{
+activepolicyBypassDropMode = iActivePolicyList->At(0)->iBypassOrDropMode;
+				}
+}
+else
+{
+// It is ok to compare with the first active policy. Every subsequent policy would have been compared against the first one
+//coverity[var_compare_op]
+// It is ok to compare with the first active policy. Every subsequent policy would have been compared against the first one
+activepolicyBypassDropMode = iActivePolicyList->At(0)->iBypassOrDropMode;
+}
 if((policyBypassDropMode == KDropMode && (( activepolicyBypassDropMode & KInboundBypass) || (activepolicyBypassDropMode & KOutboundBypass))) ||
 (((policyBypassDropMode & KInboundBypass) || (policyBypassDropMode & KOutboundBypass)) && activepolicyBypassDropMode == KDropMode ))
 {
-ErrorHandlingL (ESelectorConflict,0);
+if(iIPSecGANSupported)
-}
+{
-}
+//should not Allow loading drop mode policy all the time
+//condition for allowing drop mode policy loading are
+//1) There should not be any other bypass policy loaded before.
+//2) or loaded bypass policy is UMA bypass policy
+TBool allowDropLoad = ETrue;
+for(int count = 0; count < iActivePolicyList->Count(); count++ )
+{
+if((iActivePolicyList->At(count)->iBypassOrDropMode & KSymmetricBypass) &&(!(iActivePolicyList->At(count)->iException)))
+{
+//ipsec bypass policy is already loaded.
+LOG(Log::Printf(_L("\n should not allow loading of drop policy \n")));
+allowDropLoad = EFalse;
+break;
+}//else do nothing
+}
+if(allowDropLoad && (policyBypassDropMode == KDropMode))
+{
+LOG(Log::Printf(_L("Allowing loading drop mode policy, with activated exception bypass\n")));
+}
+else if((((policyBypassDropMode & KInboundBypass) || (policyBypassDropMode & KOutboundBypass)) && iCurrentException) && activepolicyBypassDropMode == KDropMode )
+{
+LOG(Log::Printf(_L("Allowing loading exception bypass mode policy, with activated drop mode\n")));
+}
+else
+{
+ErrorHandlingL (ESelectorConflict,0);
+}
+}
+else
+{
+ErrorHandlingL (ESelectorConflict,0);
+}
+}
+}
 // Add VPNNetId to CPolicySelector and GwNetId to CSecpolBundleItem objects
 UpdateSelectorsAndTunnels();
 // Check if the IP addresses in the selectors of current policy
 // An API call completed
 ApiCallCompleted();
 return KErrNone;
 }
 //
 //
 // ProcessLoadPoliciesL - Process a LoadPolicy request issued
 // by IPSecPolicyManApi. This method considers autoload policies as well
 if (zoneInfoSet.iEndPointZone.iScope != KScopeNone)
 {
 iGwNetId = zoneInfoSet.iEndPointZone.iId;
 }
-LOG(Log::Printf(_L("LoadPolicy request VPN NetId: %d  GW NetId: %d\n"),
+LOG(Log::Printf(_L("******LoadPolicy request VPN NetId: %d  GW NetId: %d****\n"),
 iVPNNetId, iGwNetId));
 if (scopedLoad)
 {
 // Load BeforescopedLoadPolicies before
 if (iBeforeScopedLoadPolicy->Size() != 0)
 {
 TInt ret = SearchPolicyFromListAndActivate();
 if (ret != KErrNone)
 {
 ErrorHandlingL(ret, 0 );
 }
+LOG(Log::Printf(_L("::ActivatePolicy, request  to parse all policies\n")));
 // Parse all active policy files from string format
 // to IPSecPolParser class object formats
 ParseAllPolicyFilesL();
+LOG(Log::Printf(_L("::ActivatePolicy request to calculate combined\n")));
 // Calculate the combined policy Bypass/Drop mode
 CalculateCombinedPolicyBypassDropMode();
 // Delete all pure Inbound/Ooutbound selectors
 DeleteExtraInboundOutboundSelectors();
 if (err != KErrNone)
 {
 ErrorHandlingL(ENoMemory, err);
 }
+	//UMA support REQ417-40027
+TBool flag_exception = EFalse;
+if(iIPSecGANSupported)
+{
+flag_exception = CheckException();
+if(flag_exception || iCurrentException)
+{
+if(iBypassOrDropMode != KSymmetricBypass)
+{
+err = AddExceptionSelectors();
+if (err != KErrNone)
+{
+ErrorHandlingL(ENoMemory, err);
+}
+}//if symmetry
+}//flag_exception
+}
 // Send the algorithms table and  the string format policy file to
 // IPSec protocol component using Secpol socket
 SendAlgorithmsAndPolicyToIPSecL(_L("secpol6"));
 LOG(Log::Printf(_L("ActivatePolicy request completed OK, handle: %d\n"),
 TInt err = AddInboundOutboundSelectorPair();
 if (err != KErrNone)
 {
 ErrorHandlingL(ENoMemory, err);
 }
+//UMA support
+TBool flag_exception = EFalse;
+if(iIPSecGANSupported)
+{
+flag_exception = CheckException();
+if(flag_exception)
+{
+LOG(Log::Printf(_L("::ProcessUnloadPolicy, Adding exception selectors")));
+if(iBypassOrDropMode != KSymmetricBypass)
+{
+AddExceptionSelectors();
+}
+}
+	}
 // Send the algorithms table and  the string format policy file to
 // IPSec protocol component using Secpol socket
 SendAlgorithmsAndPolicyToIPSecL(_L("secpol6"));
 ErrorHandlingL(ENoMemory, err);
 }
 // Check if given policy contains 'drop_everything_else' rule
 // and add IKE, DHCP and MIPv4 bypass selectors if necessary
-if (aBypassDropMode == KDropMode)
+//UMA support REQ417-40027
+//DHCP selectors & IKE selectors should be added even when UMA is UP
+if (aBypassDropMode == KDropMode ||(iIPSecGANSupported && iCurrentException))
 {
 // Allow plain IKE negotiation packets. Write  the bypass
 // selectors  to the end of selector list, but they will
 // later be sorted to the beginning of selectors.
 if (aFunction & KAddIkeBypassSelectors)
 if (err != KErrNone)
 {
 ErrorHandlingL(ENoMemory, err);
 }
 }
+//UMA support REQ417-40027
-// Allow plain DHCP negotiation packets. Write bypass mode
+		TBool UMAFLAG = ETrue;
+		// Allow plain DHCP negotiation packets. Write bypass mode
 // selectors for DHCP ports (67, 68) to the end of selector list.
-if (aFunction & KAddDhcpBypassSelectors)
+if (aFunction & KAddDhcpBypassSelectors || (iIPSecGANSupported && UMAFLAG))
 {
 TInt err = BuildDhcpProtocolString(iPolBfr);
 if (err != KErrNone)
 {
 ErrorHandlingL(ENoMemory, err);
 entry->iActiveState = EFalse;
 entry->iBypassOrDropMode = aBypassOrDropMode;
 entry->iPolicyHandle.iHandle = iCurrentPolicyHandle.iHandle;
 entry->iPolicyBuf = iPolBfr;
 entry->iPolicyType = aPolType;
+if(iIPSecGANSupported)
+{
+entry->iException = iCurrentException ;
+}
 iPolBfr = NULL;
 CleanupStack::PushL(entry->iPolicyBuf);
 // Store a new entry to active policy list
 iActivePolicyList->AppendL(entry);
 aParentPolicyHandle);
 if (autoloadListItem != NULL)
 {
 		CleanupStack::PushL(autoloadListItem);
-iScopedAutoloadPolicyPairs.AppendL(autoloadListItem);
+		iScopedAutoloadPolicyPairs.AppendL(autoloadListItem);
-CleanupStack::Pop(autoloadListItem);
+		CleanupStack::Pop(autoloadListItem);
 }
 }
 //
 // Delete the associated autoload policy pair for a certain policy
 LOG(Log::Printf(_L("EnumerateSelectors request completed OK\n")));
 ApiCallCompleted();
 return KErrNone;
 	}
+//Checking excetion flags
+TBool CIPSecPolicyManagerHandler::CheckException()
+{
+int count_=0;
+TBool flag_exception = EFalse;
+while(count_ < iActivePolicyList->Count())
+{
+if(iActivePolicyList->At(count_)->iException)
+{
+LOG(Log::Printf(_L("::CheckException, Exception policy Activated")));
+flag_exception = ETrue;
+break;
+}
+else
+{
+LOG(Log::Printf(_L(" Exception is not presnt iActivePolicyList->At(%d)"), count_));
+}
+count_ ++;
+}
+return flag_exception;
+}
+/**
+*This method to find out the iapid from network id
+*@param aNetId : network id
+*@param aIapId : iapid
+*@return void
+*/
+void CIPSecPolicyManagerHandler::SearchIAPIdL( const TUint32&  aNetId,
+TUint32&        aIapId )
+{
+	LOG(Log::Printf(_L("CIPSecPolicyManagerHandler::SearchIAPIdL Entry\n")));
+CCommsDatabase* commsDatabase = CCommsDatabase::NewL();
+CleanupStack::PushL(commsDatabase);
+// Make hidden records visible
+commsDatabase->ShowHiddenRecords();
+// Open IAP table view by matching IAP_NETWORK Id
+CCommsDbTableView* commsDbTableView =
+commsDatabase->OpenViewMatchingUintLC( TPtrC( IAP ),
+TPtrC( IAP_NETWORK ),
+aNetId );
+User::LeaveIfError( commsDbTableView->GotoFirstRecord() );
+commsDbTableView->ReadUintL(TPtrC( COMMDB_ID ), aIapId );
+	LOG(Log::Printf(_L("CMPMCommsDatAccess::SearchIAPIdL - Found IAP IdId: = %d\n"),aIapId));
+CleanupStack::PopAndDestroy(commsDbTableView);
+CleanupStack::PopAndDestroy(commsDatabase);
+	LOG(Log::Printf(_L("CIPSecPolicyManagerHandler::SearchIAPIdL Exit \n")));
+}
+/**
+*This API call is to pass the sid or any other relevent information
+*from other components to IPSec module.
+*
+*@param
+*@param
+*@return
+*/
+void CIPSecPolicyManagerHandler::SetOptL(const RMessage2& aMsg)
+	{
+LOG(Log::Printf(_L("CIPSecPolicyManagerHandler::SetOptL\n")));
+//Read the option name from the RMessage
+TUint optionName;
+TPckg<TUint> optionNamePkg(optionName) ;
+aMsg.ReadL(FIRST_ARGUMENT, optionNamePkg);
+//Read the option level from the RMessage
+TUint optionLevel;
+TPckg<TUint> optionLevelPkg(optionLevel) ;
+aMsg.ReadL(SECOND_ARGUMENT, optionLevelPkg);
+LOG(Log::Printf(_L("option name = %d and option level is = %d \n"), iAppSid, optionLevel));
+//Read option value
+HBufC8* optionValue;
+TInt dataLen = aMsg.GetDesLength(THIRD_ARGUMENT);
+optionValue = HBufC8::NewL(dataLen);
+CleanupStack::PushL(optionValue);
+TPtr8 optionValuePtr(optionValue->Des());
+aMsg.ReadL(THIRD_ARGUMENT, optionValuePtr);
+if(optionLevel == KOptionLevelDefault)
+{
+if(optionName == KOptionNameSid)
+{
+TLex8 lex(*optionValue);
+TUint dataValue;
+lex.Val(dataValue);
+iAppSid = dataValue;//store the appsid value.
+	    LOG(Log::Printf(_L("Application sid value is %d \n"), iAppSid));
+			}//else donothing as of now
+else
+{
+User::Leave(KErrArgument);
+	    LOG(Log::Printf(_L(" \nwrong Name\n")));
+}
+}
+else
+{
+User::Leave(KErrArgument);
+	    LOG(Log::Printf(_L(" Wrong option KOptionLevelDefault\n")));
+}
+CleanupStack::PopAndDestroy();
+LOG(Log::Printf(_L("CIPSecPolicyManagerHandler::SetOptL\n")));
+}
+/**
+*This method to check the exception.
+**/
+TBool CIPSecPolicyManagerHandler::CheckUMAL(TUint32 aIapId)
+	{
+	CMDBSession* cmdbSession;
+	CCDIAPRecord* ptrIapRecord1;
+	ptrIapRecord1 = static_cast<CCDIAPRecord*>(CCDRecordBase::RecordFactoryL(KCDTIdIAPRecord));
+	CleanupStack::PushL(ptrIapRecord1);
+	cmdbSession = CMDBSession::NewL(CMDBSession::LatestVersion());
+	CleanupStack::PushL(cmdbSession);
+	cmdbSession->SetAttributeMask( ECDHidden | ECDPrivate );
+	ptrIapRecord1->SetRecordId(aIapId);
+	ptrIapRecord1->LoadL(*cmdbSession);
+	TUint32 secureId;
+	secureId = ptrIapRecord1->iAppSid;
+LOG(Log::Printf(_L("CIPSecPolicyManagerHandler::CheckUMAL Secure id is = %d\n"), secureId));
+	CleanupStack::PopAndDestroy(cmdbSession);
+	CleanupStack::PopAndDestroy(ptrIapRecord1);
+	TBool result = EFalse;
+	if(secureId == KGANAppSid)
+		{
+LOG(Log::Printf(_L("\n  Exception added to the selector ")));
+		result = ETrue;
+		}
+	else
+	    {
+	    LOG(Log::Printf(_L(" No Exception added \n")));
+	    }
+	return result;
+	}
+/**
+*This method to check the exception.
+**/
+void CIPSecPolicyManagerHandler::CheckUMAEXception(TUint32 aVpnNetId)
+	{
+LOG(Log::Printf(_L("CIPSecPolicyManagerHandler::CheckUMAEXception Entry \n")));
+	TUint32 aIapId;
+	SearchIAPIdL(aVpnNetId, aIapId);
+	iCurrentException = CheckUMAL(aIapId);
+LOG(Log::Printf(_L("CIPSecPolicyManagerHandler::CheckUMAEXception Exit \n")));
+	}

branch	RCL_3
changeset 22	8d540f55e491
parent 21	abbed5a4b42a