|
1 /* |
|
2 * Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * Resource header for User Prompt Service Policy files. |
|
16 * |
|
17 */ |
|
18 |
|
19 |
|
20 /** |
|
21 @file policies.rh |
|
22 @publishedPartner |
|
23 @released |
|
24 */ |
|
25 |
|
26 #ifndef POLICIES_RH |
|
27 #define POLICIES_RH |
|
28 |
|
29 #include <ups/ups.hrh> |
|
30 |
|
31 /** |
|
32 This resource header file defines the structures and constants required by User |
|
33 Prompt Service policy files. |
|
34 |
|
35 A policy file is specific to an single service provided by a specific system |
|
36 server and determines whether clients requesting that service from the system |
|
37 server should be silently accepted/denied or require the user to be prompted. |
|
38 |
|
39 A policy file consists of an arbitrary number of policies. The User Prompt |
|
40 Service searches through the file in order attempting to match. |
|
41 |
|
42 * The secure id of the client application. |
|
43 * The destination field (e.g. a phone number) provided by the system server. |
|
44 * If the policy only applies if the security check implemented by the system |
|
45 server passed/failed. |
|
46 |
|
47 The first matching policy is the policy that is used so policies must be |
|
48 ordered from most specific to least specific. |
|
49 |
|
50 The policies for a given service are defined by a single policy file and must |
|
51 be named as follows ups_SystemServerSid_ServiceUid.rsc |
|
52 |
|
53 Where the UID or SID is an 8 digit hexadecimal number. |
|
54 |
|
55 A policy file has the following structure |
|
56 |
|
57 UID2 KUidUpsPolicyResourceFile // Identifies this as a UPS policy file |
|
58 UID3 0xXXXXXXXX // Uniquely defines this policy file. |
|
59 // The UID should be reserved using the |
|
60 // Symbian Signed protected UID allocator. |
|
61 |
|
62 RESOURCE POLICIES mypolicies |
|
63 { |
|
64 header = POLICY_HEADER |
|
65 { |
|
66 // header definition |
|
67 }; |
|
68 policies = |
|
69 { |
|
70 POLICY |
|
71 { |
|
72 // definition of policy 1 |
|
73 }, |
|
74 POLICY |
|
75 { |
|
76 // definition of policy 2 |
|
77 } |
|
78 // etc |
|
79 }; |
|
80 } |
|
81 */ |
|
82 |
|
83 /** |
|
84 Defines whether a dialog should be displayed and if so, the |
|
85 set of options that should be presented in the dialog. |
|
86 |
|
87 If just KYes or just KNo is defined then a prompt won't be displayed |
|
88 and the request will be silently accepted/denied. |
|
89 */ |
|
90 |
|
91 #define KYes 0x0001 |
|
92 #define KNo 0x0002 |
|
93 #define KSession 0x0004 // Implicitly "yes", name kept for compatibility |
|
94 #define KSessionYes 0x0004 // New name, same value/meaning as old Session option |
|
95 #define KAlways 0x0008 |
|
96 #define KNever 0x0010 |
|
97 #define KSessionNo 0x0020 |
|
98 |
|
99 /** Secure ID (SID) classes defined by Symbian Signed. |
|
100 |
|
101 SID classes partition the UID range into 16 classes based on the most |
|
102 significant nybble of the UID number. |
|
103 E.g. V9 protected UID allocates are always allocated from Class 2 |
|
104 |
|
105 Typically, policies would be based on the protected range (classes 0 - 7) |
|
106 or the unprotected range (classes 8 - F). This is Software Install only |
|
107 allows the installation of executables with protected SIDs if the package |
|
108 is signed. Consequently, the identity of an application may only accurately |
|
109 be verified via the SIS registry if the application has a protected SID. |
|
110 |
|
111 See also - Symbian Signed UID FAQ |
|
112 */ |
|
113 #define KSidClass0 0x00000001 |
|
114 #define KSidClass1 0x00000002 |
|
115 #define KSidClass2 0x00000004 |
|
116 #define KSidClass3 0x00000008 |
|
117 #define KSidClass4 0x00000010 |
|
118 #define KSidClass5 0x00000020 |
|
119 #define KSidClass6 0x00000040 |
|
120 #define KSidClass7 0x00000080 |
|
121 #define KSidClass8 0x00000100 |
|
122 #define KSidClass9 0x00000200 |
|
123 #define KSidClassA 0x00000400 |
|
124 #define KSidClassB 0x00000800 |
|
125 #define KSidClassC 0x00001000 |
|
126 #define KSidClassD 0x00002000 |
|
127 #define KSidClassE 0x00004000 |
|
128 #define KSidClassF 0x00008000 |
|
129 |
|
130 // Commonly used SID class definitions |
|
131 #define KProtectedSids KSidClass0|KSidClass1|KSidClass2|KSidClass3|KSidClass4|KSidClass5|KSidClass6|KSidClass7 |
|
132 #define KUnprotectedSids KSidClass8|KSidClass9|KSidClassA|KSidClassB|KSidClassC|KSidClassD|KSidClassE|KSidClassF |
|
133 #define KAllSids 0x0000FFFF |
|
134 |
|
135 |
|
136 /** |
|
137 Specifies whether authorisation from the User Prompt Service is required for |
|
138 requests from clients that passed the system server's security check. |
|
139 |
|
140 Note that protected SID checks are based on the SID of the application excutable |
|
141 issuing the request, not the UID of the package owning that executable. |
|
142 |
|
143 If a policy file is not defined for a system server or service then a default |
|
144 value of ECheckNever will be used because this is compatible with the existing |
|
145 platform security behavior. |
|
146 */ |
|
147 ENUM TAuthorisationPolicy |
|
148 { |
|
149 /** |
|
150 Ignore the system server (platsec) checks, and always ask the UPS what to do. |
|
151 */ |
|
152 EAlwaysCheck = 0, |
|
153 |
|
154 /** |
|
155 For application executables with a protected SID, launched from the |
|
156 Z drive, where the system server checks have passed, allow the request. |
|
157 Otherwise call the UPS which may still choose to allow the request. |
|
158 |
|
159 For all other executables, ignore the system server (platsec) checks, and |
|
160 always ask the UPS what to do. |
|
161 */ |
|
162 ECheckPostManufacture = 1, |
|
163 |
|
164 /** |
|
165 For application executables with a protected SID (regardless of drive), where |
|
166 the system server checks have passed, allow the request. |
|
167 Otherwise call the UPS which may still choose to allow the request. |
|
168 |
|
169 For all other executables, ignore the system server (platsec) checks, and |
|
170 always ask the UPS what to do. |
|
171 */ |
|
172 ECheckUnprotectedSids = 2, |
|
173 |
|
174 /** |
|
175 If the system server checks passed, allow the request. |
|
176 If they failed, call the UPS which may still choose to allow the request. |
|
177 */ |
|
178 ECheckIfFailed = 3, |
|
179 |
|
180 /** |
|
181 If the system server checks passed, allow the request. |
|
182 If the system server checks failed, reject the request. |
|
183 |
|
184 Never query the UPS - just use existing security check result implemented |
|
185 by system server. |
|
186 */ |
|
187 ENeverCheck = 4 |
|
188 } |
|
189 |
|
190 STRUCT POLICY_HEADER |
|
191 { |
|
192 // The major version number of THIS policy file. |
|
193 // When policy files are upgraded or eclipsed the UPS deletes all decision |
|
194 // records for the system server server SID and service ID where the major |
|
195 // version in the decision record is not equal to the major version |
|
196 // number in the policy file. |
|
197 WORD majorversion = 0; |
|
198 |
|
199 // The minor version number of THIS policy file. |
|
200 WORD minorversion = 0; |
|
201 |
|
202 // Determines whether a system server must request authorisation from the |
|
203 // User Prompt Service even if the client application passed the system |
|
204 // server's security check. |
|
205 BYTE authorisationpolicy = ECheckPostManufacture; |
|
206 |
|
207 // Defines the implementation UID of the default policy evaluator. |
|
208 // This MUST be defined and non-zero. |
|
209 LONG policyevaluator = 0; |
|
210 |
|
211 // Defines the implementation UID of the default dialog creator. |
|
212 // This MUST be defined and non-zero. |
|
213 LONG dialogcreator = 0; |
|
214 } |
|
215 |
|
216 /** |
|
217 Allows policies to be matched according to whether the client process |
|
218 passed security check defined by the system server. |
|
219 Typically, this corresponds to whether the client has the correct capabilities |
|
220 for the requested service. However, system servers are free to use features |
|
221 other than capabilities in their security check. |
|
222 |
|
223 E.g. If the client has the correct capabilities for the requested service then |
|
224 the "Always" and "Never" options will be enabled in the policy; otherwise, a |
|
225 different policy will be matched where the prompt is limited to one-shot |
|
226 permissions ("Yes" and "No"). |
|
227 |
|
228 */ |
|
229 ENUM TSystemServerSecurity |
|
230 { |
|
231 /** |
|
232 The policy applies regardless of whether the client process passed the |
|
233 system server's security check. |
|
234 */ |
|
235 ESystemServerSecurityPassedOrFailed = 0, |
|
236 /** |
|
237 The policy only applies if the client process failed the system server's |
|
238 security check. |
|
239 */ |
|
240 ESystemServerSecurityFailed = 1, |
|
241 /** |
|
242 The policy only applies if the client process passed the system server's |
|
243 security check. |
|
244 */ |
|
245 ESystemServerSecurityPassed = 2 |
|
246 } |
|
247 |
|
248 // Defines a single policy |
|
249 STRUCT POLICY |
|
250 { |
|
251 // A bitmask that defines the set of SID classes that this policy applies to. |
|
252 // Typically, this field is used if a policy applies |
|
253 // All clients with a protected SID - KProtectedSids |
|
254 // All clients with an unprotected SID - KUnprotectedSids |
|
255 // All clients - KAllSids |
|
256 LONG sid_classes = KAllSids; |
|
257 |
|
258 // An array of LONGs that defines a set of specific client application SIDs |
|
259 // that this policy applies to. |
|
260 // If this field is populated then the sid_classes field will be ignored. |
|
261 LONG sid_list[]; |
|
262 |
|
263 // By default policies apply regardless of whether the client process |
|
264 // requesting the service passed or failed the system server's security |
|
265 // check. i.e. whether the client process has the correct capabilities. |
|
266 BYTE systemserversecurity = ESystemServerSecurityPassedOrFailed; |
|
267 |
|
268 // A wildcard string to match against destination supplied by system server |
|
269 // Wildcard rules are defined by TDesC::MatchF |
|
270 LTEXT destination = "*"; |
|
271 |
|
272 // A bit field that controls which buttons may be displayed. |
|
273 // KYes, KNo, KSessionYes, KSessionNo, KAlways, KNever |
|
274 LONG options = KYes|KNo; |
|
275 |
|
276 // If non-zero, this field overrides the implementation UID |
|
277 // of the default policy evaluator for this policy. |
|
278 LONG policyevaluator = 0; |
|
279 |
|
280 // If non-zero, this field overrides the implementation UID |
|
281 // of the default dialog creator. |
|
282 LONG dialogcreator = 0; |
|
283 |
|
284 // Flags specific to the policy evaluator |
|
285 WORD flags = 0; |
|
286 |
|
287 // Reserved for future use, do not use |
|
288 WORD reservedWord = 0; |
|
289 |
|
290 // Reserved for future use, do not use |
|
291 LLINK reservedLink = 0; |
|
292 } |
|
293 |
|
294 // Defines a set of policies and the implementations UIDs of the default |
|
295 // policy evaluator and dialog creator plug-ins. |
|
296 STRUCT POLICIES |
|
297 { |
|
298 // Version of the UPS policy format. |
|
299 // Policy files MUST NOT change this value. |
|
300 WORD version = 1; |
|
301 |
|
302 // reserved for future use, do not use |
|
303 LLINK reserved = 0; |
|
304 |
|
305 // A POLICY_HEADER structure |
|
306 STRUCT header; |
|
307 |
|
308 // An array of POLICY structures |
|
309 STRUCT policies[]; |
|
310 } |
|
311 |
|
312 #endif |