|
1 /* |
|
2 * Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies). |
|
3 * All rights reserved. |
|
4 * This component and the accompanying materials are made available |
|
5 * under the terms of the License "Eclipse Public License v1.0" |
|
6 * which accompanies this distribution, and is available |
|
7 * at the URL "http://www.eclipse.org/legal/epl-v10.html". |
|
8 * |
|
9 * Initial Contributors: |
|
10 * Nokia Corporation - initial contribution. |
|
11 * |
|
12 * Contributors: |
|
13 * |
|
14 * Description: |
|
15 * |
|
16 */ |
|
17 |
|
18 |
|
19 #include <ups/policy.h> |
|
20 |
|
21 using namespace UserPromptService; |
|
22 |
|
23 EXPORT_C TSidClasses::TSidClasses(TUint16 aSidClasses) |
|
24 : iSidClasses(aSidClasses) |
|
25 /** |
|
26 Constructor |
|
27 @param aSidClasses A 32 bit integers that represents the set of SID classes. |
|
28 */ |
|
29 { |
|
30 } |
|
31 |
|
32 EXPORT_C TBool TSidClasses::Contains(const TSecureId& aSid) const |
|
33 /** |
|
34 Determines the set of SID classes contains a given SID. |
|
35 @param aSid The SID to test. |
|
36 @return ETrue if aSID lies within one of the SID classes. |
|
37 */ |
|
38 { |
|
39 TInt sidClass = (aSid.iId & 0xf0000000) >> 28; |
|
40 return (1 << sidClass) & iSidClasses; |
|
41 } |
|
42 |
|
43 EXPORT_C CPolicy* CPolicy::NewL(const TSidClasses& aSidClasses, const RArray<TSecureId>& aSidList, |
|
44 const TDesC& aDestination, TUint aOptions, const TUid& aPolicyEvaluator, |
|
45 const TUid& aDialogCreator, TUint16 aFlags, TSystemServerSecurity aSystemServerSecurity, |
|
46 TUint16 aMajorVersion, TUint16 aMinorVersion, TBool aDefault) |
|
47 /** |
|
48 Creates a new policy object. |
|
49 |
|
50 @param aSidClasses The classes of SIDs that this policy applies to. |
|
51 @param aSidList A list of individual SIDs that this policy applies to. This overrides aSidClasses. |
|
52 @param aDestination The wildcard string to match against destination supplied by the system server. |
|
53 @param aOptions A bit field that defines whether the prompt should be displayed and if so, |
|
54 what buttons should be available. |
|
55 @param aPolicyEvaluator The implementation UID of the policy evaluator ECOM plug-in to use with this policy. |
|
56 @param aDialogCreator The implementation UID of the dialog creator ECOM plug-in to use with this policy. |
|
57 @param aFlags Flags specific to an individual policy evaluator. |
|
58 @param aSystemServerSecurity Whether this policy is specific to clients that pass/fail |
|
59 the system server's security check. |
|
60 @param aMajorVersion The major version of the UPS policy file. |
|
61 @param aMinorVersion The minor version of the UPS policy file. |
|
62 @param aDefault Set to ETrue if this is an automatically generated policy |
|
63 because no match was found in the policy file. |
|
64 |
|
65 @return A pointer to the new policy object. |
|
66 */ |
|
67 { |
|
68 CPolicy* self = CPolicy::NewLC(aSidClasses, aSidList, aDestination, aOptions, |
|
69 aPolicyEvaluator, aDialogCreator, aFlags, aSystemServerSecurity, |
|
70 aMajorVersion, aMinorVersion, aDefault); |
|
71 CleanupStack::Pop(self); |
|
72 return self; |
|
73 } |
|
74 |
|
75 EXPORT_C CPolicy* CPolicy::NewLC(const TSidClasses& aSidClasses, const RArray<TSecureId>& aSidList, |
|
76 const TDesC& aDestination, TUint aOptions, const TUid& aPolicyEvaluator, |
|
77 const TUid& aDialogCreator, TUint16 aFlags, TSystemServerSecurity aSystemServerSecurity, |
|
78 TUint16 aMajorVersion, TUint16 aMinorVersion, TBool aDefault) |
|
79 /** |
|
80 Creates a new policy object and puts the pointer on the cleanup stack. |
|
81 |
|
82 @param aSidClasses The classes of SIDs that this policy applies to. |
|
83 @param aSidList A list of individual SIDs that this policy applies to. This overrides aSidClasses. |
|
84 @param aDestination The wildcard string to match against destination supplied by the system server. |
|
85 @param aOptions A bit field that defines whether the prompt should be displayed and if so, |
|
86 what buttons should be available. |
|
87 @param aPolicyEvaluator The implementation UID of the policy evaluator ECOM plug-in to use with this policy. |
|
88 @param aDialogCreator The implementation UID of the dialog creator ECOM plug-in to use with this policy. |
|
89 @param aFlags Flags specific to an individual policy evaluator. |
|
90 @param aSystemServerSecurity Whether this policy is specific to clients that pass/fail |
|
91 the system server's security check. |
|
92 @param aMajorVersion The major version of the UPS policy file. |
|
93 @param aMinorVersion The minor version of the UPS policy file. |
|
94 @param aDefault Set to ETrue if this is an automatically generated policy |
|
95 because no match was found in the policy file. |
|
96 |
|
97 @return A pointer to the new policy object. |
|
98 */ |
|
99 { |
|
100 CPolicy* self = new(ELeave) CPolicy( |
|
101 aSidClasses, aOptions, aPolicyEvaluator, |
|
102 aDialogCreator, aFlags, aSystemServerSecurity, |
|
103 aMajorVersion, aMinorVersion, aDefault); |
|
104 CleanupStack::PushL(self); |
|
105 self->ConstructL(aSidList, aDestination); |
|
106 return self; |
|
107 } |
|
108 |
|
109 EXPORT_C TBool CPolicy::Matches(const TSecureId& aClientSid, const TDesC& aDestination, TBool aSecurityResult) const |
|
110 /** |
|
111 Determines whether a request matches this policy. |
|
112 The request matches if and only if the following conditions are true. |
|
113 |
|
114 - aClientSid matches an entry in the SID list or lies within one of the classes of SIDs |
|
115 - aDestination matches the destination wildcard string in the policy. |
|
116 - The result of the system server's securitiy check for this client matches the rule defined |
|
117 for this policy. |
|
118 - iSystemServerSecurity == ESystemServerSecurityPassedOrFailed OR |
|
119 - aSecurityResult == ETrue and iSystemServerSecurity == ESystemServerSecurityPassed OR |
|
120 - aSecurityResult == EFalse and iSystemServerSecurity == ESystemServerSecurityFailed |
|
121 |
|
122 @param aClientSid The SID of the client application |
|
123 @param aDestination A descriptor containing the destination supplied by the system server. |
|
124 @param aSecurityResult ETrue, if the client passed the system server's security check, otherwise, EFalse. |
|
125 @return ETrue If the policy matches the request; otherwise EFalse is returned. |
|
126 */ |
|
127 { |
|
128 if (iSystemServerSecurity == CPolicy::ESystemServerSecurityPassed && |
|
129 ! aSecurityResult) |
|
130 { |
|
131 return EFalse; |
|
132 } |
|
133 else if (iSystemServerSecurity == CPolicy::ESystemServerSecurityFailed && |
|
134 aSecurityResult) |
|
135 { |
|
136 return EFalse; |
|
137 } |
|
138 |
|
139 TBool sidMatch(EFalse); |
|
140 TInt sidListCount = iSidList.Count(); |
|
141 if (sidListCount > 0) |
|
142 { |
|
143 for (TInt i = 0; i < sidListCount; ++i) |
|
144 { |
|
145 if (iSidList[i] == aClientSid.iId) |
|
146 { |
|
147 sidMatch = ETrue; |
|
148 break; |
|
149 } |
|
150 } |
|
151 } |
|
152 else |
|
153 { |
|
154 sidMatch = iSidClasses.Contains(aClientSid); |
|
155 } |
|
156 |
|
157 return sidMatch && (aDestination.MatchF(*iDestination) != KErrNotFound); |
|
158 } |
|
159 |
|
160 EXPORT_C const TDesC& CPolicy::Destination() const |
|
161 /** |
|
162 Gets the destination wildcard string. |
|
163 @return A reference to a descriptor containing the wildcard string to |
|
164 match against the destination supplied by the system server. |
|
165 */ |
|
166 { |
|
167 return *iDestination; |
|
168 } |
|
169 |
|
170 EXPORT_C const TSidClasses& CPolicy::SidClasses() const |
|
171 /** |
|
172 Gets the classes of SIDs that are applicable to this policy. |
|
173 @return The set of SID classes that this policy applies to. |
|
174 */ |
|
175 { |
|
176 return iSidClasses; |
|
177 } |
|
178 |
|
179 EXPORT_C const RArray<TSecureId>& CPolicy::SidList() const |
|
180 /** |
|
181 Gets the list of individual SIDs that are applicable to this policy. |
|
182 The SID list takes precedent over the SID classes when matching policies. |
|
183 |
|
184 @return The list of SIDs that this policy applies to as an array of |
|
185 unsigned integers. |
|
186 */ |
|
187 { |
|
188 return iSidList; |
|
189 } |
|
190 |
|
191 EXPORT_C CPolicy::TOptions CPolicy::Options() const |
|
192 /** |
|
193 Gets the options field for this policy. |
|
194 @see CPolicy::TOptions |
|
195 @return A 32bit integer containing the options. |
|
196 */ |
|
197 { |
|
198 return TOptions(iOptions); |
|
199 } |
|
200 |
|
201 EXPORT_C const TUid& CPolicy::PolicyEvaluator() const |
|
202 /** |
|
203 Gets the implementation UID of the policy evaluator to use with this policy. |
|
204 @return The implementation UID of the Policy Evaluator |
|
205 */ |
|
206 { |
|
207 return iPolicyEvaluator; |
|
208 } |
|
209 |
|
210 EXPORT_C const TUid& CPolicy::DialogCreator() const |
|
211 /** |
|
212 Identifies the Dialog Creator to use with this policy. |
|
213 @return The implementation UID of the Dialog Creator. |
|
214 */ |
|
215 { |
|
216 return iDialogCreator; |
|
217 } |
|
218 |
|
219 EXPORT_C TUint16 CPolicy::Flags() const |
|
220 /** |
|
221 Gets the flags field. The contents of this field is specific to individual |
|
222 policy evaluator plug-ins. |
|
223 |
|
224 @return The 16-bit flags field |
|
225 */ |
|
226 { |
|
227 return iFlags; |
|
228 } |
|
229 |
|
230 EXPORT_C TBool CPolicy::Default() const |
|
231 /** |
|
232 If a policy file is defined for a request but no policy matches the request |
|
233 then a default policy object is created to allow the user to authorise a one-shot |
|
234 request.\n |
|
235 This function allows the Policy Evaluator to check whether this policy |
|
236 is the default policy. |
|
237 N.B. This can be overriden by simply defining a policy at the end of the file |
|
238 that matches all SIDs and has '*' as the destination wildcard. |
|
239 |
|
240 @return ETrue if this policy is the default (automatically generated) policy. |
|
241 */ |
|
242 { |
|
243 return iDefault; |
|
244 } |
|
245 |
|
246 EXPORT_C TBool CPolicy::PromptRequired() const |
|
247 /** |
|
248 Examines the set of options to determine whether the policy requires a prompt to be |
|
249 displayed. |
|
250 |
|
251 If the options fields only contains authorizations (EYes, ESessionYes or EAlways) or conversely |
|
252 the options field only contains rejections (ENo,ESessionNo or ENever) then this function will |
|
253 return EFalse.\n |
|
254 |
|
255 @return ETrue if a prompt is required or EFalse if a prompt is not required |
|
256 (in which case the request will probably be silently accepted / rejected). |
|
257 */ |
|
258 { |
|
259 // (a yes option) && (a no option) |
|
260 return ((iOptions & (EYes|ESessionYes|EAlways)) && (iOptions & (ENo|ESessionNo|ENever))); |
|
261 } |
|
262 |
|
263 EXPORT_C CPolicy::TSystemServerSecurity CPolicy::SystemServerSecurity() const |
|
264 /** |
|
265 Whether this policy is specific to clients's that pass or fail the system |
|
266 server's securitiy check. |
|
267 @return An enum that dictates whether this policy only applies if the client |
|
268 process passed/failed the system server's security check. |
|
269 */ |
|
270 { |
|
271 return iSystemServerSecurity; |
|
272 } |
|
273 |
|
274 EXPORT_C TUint16 CPolicy::MajorVersion() const |
|
275 /** |
|
276 Gets the major version of the UPS policy file containing this policy. |
|
277 @return A 16-bit unsigned number containing the major version number. |
|
278 */ |
|
279 { |
|
280 return iMajorVersion; |
|
281 } |
|
282 |
|
283 EXPORT_C TUint16 CPolicy::MinorVersion() const |
|
284 /** |
|
285 Gets the minor version of the UPS policy file containing this policy. |
|
286 @return A 16-bit unsigned number containing the minor version number. |
|
287 */ |
|
288 { |
|
289 return iMinorVersion; |
|
290 } |
|
291 |
|
292 CPolicy::CPolicy(const TSidClasses& aSidClasses, TUint aOptions, |
|
293 const TUid& aPolicyEvaluator, const TUid& aDialogCreator, |
|
294 TUint16 aFlags, TSystemServerSecurity aSystemServerSecurity, |
|
295 TUint16 aMajorVersion, TUint16 aMinorVersion, TBool aDefault) |
|
296 |
|
297 /** |
|
298 Constructor |
|
299 @param aSidClasses The classes of SIDs that this policy applies to. |
|
300 @param aOptions A bit field that defines whether the prompt should be displayed and if so, |
|
301 what buttons should be available. |
|
302 @param aPolicyEvaluator The implementation UID of the policy evaluator ECOM plug-in to use with this policy. |
|
303 @param aDialogCreator The implementation UID of the dialog creator ECOM plug-in to use with this policy. |
|
304 @param aFlags Flags specific to an individual policy evaluator. |
|
305 @param aSystemServerSecurity Whether this policy is specific to clients that pass/fail |
|
306 the system server's security check. |
|
307 @param aMajorVersion The major version of the UPS policy file. |
|
308 @param aMinorVersion The minor version of the UPS policy file. |
|
309 @param aDefault Set to ETrue if this is an automatically generated policy |
|
310 because no match was found in the policy file. |
|
311 */ |
|
312 : iSidClasses(aSidClasses), iOptions(aOptions), |
|
313 iPolicyEvaluator(aPolicyEvaluator), iDialogCreator(aDialogCreator), |
|
314 iFlags(aFlags), iSystemServerSecurity(aSystemServerSecurity), |
|
315 iMajorVersion(aMajorVersion), iMinorVersion(aMinorVersion), iDefault(aDefault) |
|
316 { |
|
317 } |
|
318 |
|
319 void CPolicy::ConstructL(const RArray<TSecureId>& aSidList, const TDesC& aDestination) |
|
320 /** |
|
321 Second phase constructor |
|
322 @param aSidList A list (possibly empty) of SIDs that this policy applies to. |
|
323 @param aDestination The destination wildcard string. |
|
324 */ |
|
325 { |
|
326 TInt numSids = aSidList.Count(); |
|
327 for (TInt i = 0; i < numSids; ++i) |
|
328 { |
|
329 iSidList.AppendL(aSidList[i]); |
|
330 } |
|
331 iDestination = aDestination.AllocL(); |
|
332 } |
|
333 |
|
334 CPolicy::~CPolicy() |
|
335 /** |
|
336 Destructor |
|
337 */ |
|
338 { |
|
339 delete iDestination; |
|
340 iSidList.Close(); |
|
341 } |