Mercurial Mercurial > oss > MCL > sf > os > security / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
authorisation/userpromptservice/policies/source/policy.cpp
changeset 8 35751d3474b7 
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/authorisation/userpromptservice/policies/source/policy.cpp	Thu Sep 10 14:01:51 2009 +0300
@@ -0,0 +1,341 @@
+/*
+* Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies).
+* All rights reserved.
+* This component and the accompanying materials are made available
+* under the terms of the License "Eclipse Public License v1.0"
+* which accompanies this distribution, and is available
+* at the URL "http://www.eclipse.org/legal/epl-v10.html".
+*
+* Initial Contributors:
+* Nokia Corporation - initial contribution.
+*
+* Contributors:
+*
+* Description: 
+*
+*/
+
+
+#include <ups/policy.h>
+
+using namespace UserPromptService;
+
+EXPORT_C TSidClasses::TSidClasses(TUint16 aSidClasses)
+	: iSidClasses(aSidClasses)
+/**
+Constructor
+@param aSidClasses A 32 bit integers that represents the set of SID classes.
+*/
+	{
+	}
+
+EXPORT_C TBool TSidClasses::Contains(const TSecureId& aSid) const
+/**
+Determines the set of SID classes contains a given SID.
+@param aSid The SID to test.
+@return ETrue if aSID lies within one of the SID classes.
+*/
+	{
+	TInt sidClass = (aSid.iId & 0xf0000000) >> 28;	
+	return (1 << sidClass) & iSidClasses;
+	}
+
+EXPORT_C CPolicy* CPolicy::NewL(const TSidClasses& aSidClasses, const RArray<TSecureId>& aSidList, 
+		const TDesC& aDestination, TUint aOptions, const TUid& aPolicyEvaluator, 
+		const TUid& aDialogCreator, TUint16 aFlags, TSystemServerSecurity aSystemServerSecurity, 
+		TUint16 aMajorVersion, TUint16 aMinorVersion, TBool aDefault)
+/**
+Creates a new policy object.
+			   
+@param aSidClasses				The classes of SIDs that this policy applies to.
+@param aSidList					A list of individual SIDs that this policy applies to. This overrides aSidClasses.
+@param aDestination				The wildcard string to match against destination supplied by the system server.						   
+@param aOptions					A bit field that defines whether the prompt should be displayed and if so,
+								what buttons should be available.
+@param aPolicyEvaluator 		The implementation UID of the policy evaluator ECOM plug-in to use with this policy.
+@param aDialogCreator			The implementation UID of the dialog creator ECOM plug-in to use with this policy.
+@param aFlags					Flags specific to an individual policy evaluator.
+@param aSystemServerSecurity	Whether this policy is specific to clients that pass/fail 
+								the system server's security check.
+@param aMajorVersion			The major version of the UPS policy file.
+@param aMinorVersion			The minor version of the UPS policy file.
+@param aDefault					Set to ETrue if this is an automatically generated policy
+								because no match was found in the policy file.
+
+@return A pointer to the new policy object.
+ */
+	{
+	CPolicy* self = CPolicy::NewLC(aSidClasses, aSidList, aDestination, aOptions, 
+		aPolicyEvaluator, aDialogCreator, aFlags, aSystemServerSecurity, 
+		aMajorVersion, aMinorVersion, aDefault);
+	CleanupStack::Pop(self);
+	return self;
+	}		
+	
+EXPORT_C CPolicy* CPolicy::NewLC(const TSidClasses& aSidClasses, const RArray<TSecureId>& aSidList, 
+	const TDesC& aDestination, TUint aOptions, const TUid& aPolicyEvaluator, 
+	const TUid& aDialogCreator, TUint16 aFlags, TSystemServerSecurity aSystemServerSecurity, 
+	TUint16 aMajorVersion, TUint16 aMinorVersion, TBool aDefault)
+/**
+Creates a new policy object and puts the pointer on the cleanup stack.
+
+@param aSidClasses				The classes of SIDs that this policy applies to.
+@param aSidList					A list of individual SIDs that this policy applies to. This overrides aSidClasses.
+@param aDestination				The wildcard string to match against destination supplied by the system server.						   
+@param aOptions					A bit field that defines whether the prompt should be displayed and if so,
+								what buttons should be available.
+@param aPolicyEvaluator 		The implementation UID of the policy evaluator ECOM plug-in to use with this policy.
+@param aDialogCreator			The implementation UID of the dialog creator ECOM plug-in to use with this policy.
+@param aFlags					Flags specific to an individual policy evaluator.
+@param aSystemServerSecurity	Whether this policy is specific to clients that pass/fail 
+								the system server's security check.
+@param aMajorVersion			The major version of the UPS policy file.
+@param aMinorVersion			The minor version of the UPS policy file.
+@param aDefault					Set to ETrue if this is an automatically generated policy
+								because no match was found in the policy file.
+
+@return A pointer to the new policy object.
+ */
+	{
+	CPolicy* self = new(ELeave) CPolicy(
+		aSidClasses, aOptions, aPolicyEvaluator, 
+		aDialogCreator, aFlags, aSystemServerSecurity, 
+		aMajorVersion, aMinorVersion, aDefault);
+	CleanupStack::PushL(self);
+	self->ConstructL(aSidList, aDestination);
+	return self;
+	}
+
+EXPORT_C TBool CPolicy::Matches(const TSecureId& aClientSid, const TDesC& aDestination, TBool aSecurityResult) const
+/**
+Determines whether a request matches this policy.
+The request matches if and only if the following conditions are true.
+
+- aClientSid matches an entry in the SID list or lies within one of the classes of SIDs
+- aDestination matches the destination wildcard string in the policy.
+- The result of the system server's securitiy check for this client matches the rule defined
+  for this policy.
+  - iSystemServerSecurity  == ESystemServerSecurityPassedOrFailed OR
+  - aSecurityResult == ETrue and iSystemServerSecurity == ESystemServerSecurityPassed OR
+  - aSecurityResult == EFalse and iSystemServerSecurity == ESystemServerSecurityFailed 
+
+@param aClientSid		The SID of the client application
+@param aDestination		A descriptor containing the destination supplied by the system server.
+@param aSecurityResult	ETrue, if the client passed the system server's security check, otherwise, EFalse.
+@return 				ETrue If the policy matches the request; otherwise EFalse is returned.
+*/
+	{	
+	if (iSystemServerSecurity == CPolicy::ESystemServerSecurityPassed &&
+		! aSecurityResult)
+		{
+		return EFalse;
+		}
+	else if (iSystemServerSecurity == CPolicy::ESystemServerSecurityFailed &&
+		aSecurityResult)
+		{
+		return EFalse;
+		}
+	
+	TBool sidMatch(EFalse);
+	TInt sidListCount = iSidList.Count();
+	if (sidListCount > 0)
+		{
+		for (TInt i = 0; i < sidListCount; ++i)
+			{
+			if (iSidList[i] == aClientSid.iId)
+				{				
+				sidMatch = ETrue;
+				break;
+				}
+			}
+		}
+	else 
+		{
+		sidMatch = iSidClasses.Contains(aClientSid);
+		}	
+	
+	return sidMatch && (aDestination.MatchF(*iDestination) != KErrNotFound);
+	}
+
+EXPORT_C const TDesC& CPolicy::Destination() const
+/**
+Gets the destination wildcard string.
+@return A reference to a descriptor containing the wildcard string to
+		match against the destination supplied by the system server.
+ */
+	{
+	return *iDestination;
+	}
+
+EXPORT_C const TSidClasses& CPolicy::SidClasses() const 
+/**
+Gets the classes of SIDs that are applicable to this policy.
+@return The set of SID classes that this policy applies to.
+ */
+	{
+	return iSidClasses;
+	}
+
+EXPORT_C const RArray<TSecureId>& CPolicy::SidList() const 
+/**
+Gets the list of individual SIDs that are applicable to this policy.
+The SID list takes precedent over the SID classes when matching policies.
+ 
+@return The list of SIDs that this policy applies to as an array of 
+		unsigned integers.
+*/
+	{
+	return iSidList;
+	}	
+
+EXPORT_C CPolicy::TOptions CPolicy::Options() const 
+/**
+Gets the options field for this policy. 
+@see CPolicy::TOptions
+@return A 32bit integer containing the options.
+*/
+	{		
+	return TOptions(iOptions);
+	}
+
+EXPORT_C const TUid& CPolicy::PolicyEvaluator() const
+/**
+Gets the implementation UID of the policy evaluator to use with this policy.
+@return The implementation UID of the Policy Evaluator 
+*/
+	{
+	return iPolicyEvaluator;
+	}
+
+EXPORT_C const TUid& CPolicy::DialogCreator() const
+/**
+Identifies the Dialog Creator to use with this policy.
+@return The implementation UID of the Dialog Creator. 
+*/
+	{
+	return iDialogCreator;
+	}
+
+EXPORT_C TUint16 CPolicy::Flags() const
+/**
+Gets the flags field. The contents of this field is specific to individual 
+policy evaluator plug-ins.
+
+@return The 16-bit flags field
+*/
+	{
+	return iFlags;
+	}
+
+EXPORT_C TBool CPolicy::Default() const
+/**
+If a policy file is defined for a request but no policy matches the request
+then a default policy object is created to allow the user to authorise a one-shot 
+request.\n
+This function allows the Policy Evaluator to check whether this policy 
+is the default policy.
+N.B. This can be overriden by simply defining a policy at the end of the file
+that matches all SIDs and has '*' as the destination wildcard.
+
+@return ETrue if this policy is the default (automatically generated) policy.
+*/
+	{
+	return iDefault;
+	}
+
+EXPORT_C TBool CPolicy::PromptRequired() const
+/**
+Examines the set of options to determine whether the policy requires a prompt to be
+displayed.
+
+If the options fields only contains authorizations (EYes, ESessionYes or EAlways) or conversely 
+the options field only contains rejections (ENo,ESessionNo or ENever) then this function will 
+return EFalse.\n
+
+@return ETrue if a prompt is required or EFalse if a prompt is not required
+		(in which case the request will probably be silently accepted / rejected).
+*/
+	{
+	// (a yes option) && (a no option)
+	return ((iOptions & (EYes|ESessionYes|EAlways)) && (iOptions & (ENo|ESessionNo|ENever)));
+	}	
+	
+EXPORT_C CPolicy::TSystemServerSecurity CPolicy::SystemServerSecurity() const
+/**
+Whether this policy is specific to clients's that pass or fail the system
+server's securitiy check.
+@return An enum that dictates whether this policy only applies if the client 
+ 		process passed/failed the system server's security check.
+*/
+	{
+	return iSystemServerSecurity;
+	}
+	
+EXPORT_C TUint16 CPolicy::MajorVersion() const 
+/**
+Gets the major version of the UPS policy file containing this policy.
+@return A 16-bit unsigned number containing the major version number.
+*/
+	{
+	return iMajorVersion;
+	}
+
+EXPORT_C TUint16 CPolicy::MinorVersion() const 
+/**
+Gets the minor version of the UPS policy file containing this policy.
+@return A 16-bit unsigned number containing the minor version number.
+*/
+	{
+	return iMinorVersion;
+	}
+
+CPolicy::CPolicy(const TSidClasses& aSidClasses, TUint aOptions,
+		const TUid& aPolicyEvaluator, const TUid& aDialogCreator, 
+		TUint16 aFlags, TSystemServerSecurity aSystemServerSecurity, 
+		TUint16 aMajorVersion, TUint16 aMinorVersion, TBool aDefault) 
+	  
+/**
+Constructor
+@param aSidClasses				The classes of SIDs that this policy applies to.
+@param aOptions					A bit field that defines whether the prompt should be displayed and if so,
+								what buttons should be available.
+@param aPolicyEvaluator 		The implementation UID of the policy evaluator ECOM plug-in to use with this policy.
+@param aDialogCreator			The implementation UID of the dialog creator ECOM plug-in to use with this policy.
+@param aFlags					Flags specific to an individual policy evaluator.
+@param aSystemServerSecurity	Whether this policy is specific to clients that pass/fail 
+								the system server's security check.
+@param aMajorVersion			The major version of the UPS policy file.
+@param aMinorVersion			The minor version of the UPS policy file.								
+@param aDefault					Set to ETrue if this is an automatically generated policy
+								because no match was found in the policy file.							 
+*/
+	: 	iSidClasses(aSidClasses), iOptions(aOptions),
+		iPolicyEvaluator(aPolicyEvaluator), iDialogCreator(aDialogCreator),
+		iFlags(aFlags), iSystemServerSecurity(aSystemServerSecurity), 
+		iMajorVersion(aMajorVersion), iMinorVersion(aMinorVersion), iDefault(aDefault)
+	{		
+	}
+
+void CPolicy::ConstructL(const RArray<TSecureId>& aSidList, const TDesC& aDestination)
+/**
+Second phase constructor
+@param aSidList		A list (possibly empty) of SIDs that this policy applies to.
+@param aDestination The destination wildcard string.
+*/
+	{
+	TInt numSids = aSidList.Count();		
+	for (TInt i = 0; i < numSids; ++i)
+		{
+		iSidList.AppendL(aSidList[i]);
+		}
+	iDestination = aDestination.AllocL();	
+	}
+
+CPolicy::~CPolicy()
+/**
+Destructor
+*/
+	{
+	delete iDestination;
+	iSidList.Close();
+	}
MCL/sf/os/security