/*
* Copyright (c) 2007-2009 Nokia Corporation and/or its subsidiary(-ies).
* All rights reserved.
* This component and the accompanying materials are made available
* under the terms of the License "Eclipse Public License v1.0"
* which accompanies this distribution, and is available
* at the URL "http://www.eclipse.org/legal/epl-v10.html".
*
* Initial Contributors:
* Nokia Corporation - initial contribution.
*
* Contributors:
*
* Description:
* Resource header for User Prompt Service Policy files.
*
*/
/**
@file policies.rh
@publishedPartner
@released
*/
#ifndef POLICIES_RH
#define POLICIES_RH
#include <ups/ups.hrh>
/**
This resource header file defines the structures and constants required by User
Prompt Service policy files.
A policy file is specific to an single service provided by a specific system
server and determines whether clients requesting that service from the system
server should be silently accepted/denied or require the user to be prompted.
A policy file consists of an arbitrary number of policies. The User Prompt
Service searches through the file in order attempting to match.
* The secure id of the client application.
* The destination field (e.g. a phone number) provided by the system server.
* If the policy only applies if the security check implemented by the system
server passed/failed.
The first matching policy is the policy that is used so policies must be
ordered from most specific to least specific.
The policies for a given service are defined by a single policy file and must
be named as follows ups_SystemServerSid_ServiceUid.rsc
Where the UID or SID is an 8 digit hexadecimal number.
A policy file has the following structure
UID2 KUidUpsPolicyResourceFile // Identifies this as a UPS policy file
UID3 0xXXXXXXXX // Uniquely defines this policy file.
// The UID should be reserved using the
// Symbian Signed protected UID allocator.
RESOURCE POLICIES mypolicies
{
header = POLICY_HEADER
{
// header definition
};
policies =
{
POLICY
{
// definition of policy 1
},
POLICY
{
// definition of policy 2
}
// etc
};
}
*/
/**
Defines whether a dialog should be displayed and if so, the
set of options that should be presented in the dialog.
If just KYes or just KNo is defined then a prompt won't be displayed
and the request will be silently accepted/denied.
*/
#define KYes 0x0001
#define KNo 0x0002
#define KSession 0x0004 // Implicitly "yes", name kept for compatibility
#define KSessionYes 0x0004 // New name, same value/meaning as old Session option
#define KAlways 0x0008
#define KNever 0x0010
#define KSessionNo 0x0020
/** Secure ID (SID) classes defined by Symbian Signed.
SID classes partition the UID range into 16 classes based on the most
significant nybble of the UID number.
E.g. V9 protected UID allocates are always allocated from Class 2
Typically, policies would be based on the protected range (classes 0 - 7)
or the unprotected range (classes 8 - F). This is Software Install only
allows the installation of executables with protected SIDs if the package
is signed. Consequently, the identity of an application may only accurately
be verified via the SIS registry if the application has a protected SID.
See also - Symbian Signed UID FAQ
*/
#define KSidClass0 0x00000001
#define KSidClass1 0x00000002
#define KSidClass2 0x00000004
#define KSidClass3 0x00000008
#define KSidClass4 0x00000010
#define KSidClass5 0x00000020
#define KSidClass6 0x00000040
#define KSidClass7 0x00000080
#define KSidClass8 0x00000100
#define KSidClass9 0x00000200
#define KSidClassA 0x00000400
#define KSidClassB 0x00000800
#define KSidClassC 0x00001000
#define KSidClassD 0x00002000
#define KSidClassE 0x00004000
#define KSidClassF 0x00008000
// Commonly used SID class definitions
#define KProtectedSids KSidClass0|KSidClass1|KSidClass2|KSidClass3|KSidClass4|KSidClass5|KSidClass6|KSidClass7
#define KUnprotectedSids KSidClass8|KSidClass9|KSidClassA|KSidClassB|KSidClassC|KSidClassD|KSidClassE|KSidClassF
#define KAllSids 0x0000FFFF
/**
Specifies whether authorisation from the User Prompt Service is required for
requests from clients that passed the system server's security check.
Note that protected SID checks are based on the SID of the application excutable
issuing the request, not the UID of the package owning that executable.
If a policy file is not defined for a system server or service then a default
value of ECheckNever will be used because this is compatible with the existing
platform security behavior.
*/
ENUM TAuthorisationPolicy
{
/**
Ignore the system server (platsec) checks, and always ask the UPS what to do.
*/
EAlwaysCheck = 0,
/**
For application executables with a protected SID, launched from the
Z drive, where the system server checks have passed, allow the request.
Otherwise call the UPS which may still choose to allow the request.
For all other executables, ignore the system server (platsec) checks, and
always ask the UPS what to do.
*/
ECheckPostManufacture = 1,
/**
For application executables with a protected SID (regardless of drive), where
the system server checks have passed, allow the request.
Otherwise call the UPS which may still choose to allow the request.
For all other executables, ignore the system server (platsec) checks, and
always ask the UPS what to do.
*/
ECheckUnprotectedSids = 2,
/**
If the system server checks passed, allow the request.
If they failed, call the UPS which may still choose to allow the request.
*/
ECheckIfFailed = 3,
/**
If the system server checks passed, allow the request.
If the system server checks failed, reject the request.
Never query the UPS - just use existing security check result implemented
by system server.
*/
ENeverCheck = 4
}
STRUCT POLICY_HEADER
{
// The major version number of THIS policy file.
// When policy files are upgraded or eclipsed the UPS deletes all decision
// records for the system server server SID and service ID where the major
// version in the decision record is not equal to the major version
// number in the policy file.
WORD majorversion = 0;
// The minor version number of THIS policy file.
WORD minorversion = 0;
// Determines whether a system server must request authorisation from the
// User Prompt Service even if the client application passed the system
// server's security check.
BYTE authorisationpolicy = ECheckPostManufacture;
// Defines the implementation UID of the default policy evaluator.
// This MUST be defined and non-zero.
LONG policyevaluator = 0;
// Defines the implementation UID of the default dialog creator.
// This MUST be defined and non-zero.
LONG dialogcreator = 0;
}
/**
Allows policies to be matched according to whether the client process
passed security check defined by the system server.
Typically, this corresponds to whether the client has the correct capabilities
for the requested service. However, system servers are free to use features
other than capabilities in their security check.
E.g. If the client has the correct capabilities for the requested service then
the "Always" and "Never" options will be enabled in the policy; otherwise, a
different policy will be matched where the prompt is limited to one-shot
permissions ("Yes" and "No").
*/
ENUM TSystemServerSecurity
{
/**
The policy applies regardless of whether the client process passed the
system server's security check.
*/
ESystemServerSecurityPassedOrFailed = 0,
/**
The policy only applies if the client process failed the system server's
security check.
*/
ESystemServerSecurityFailed = 1,
/**
The policy only applies if the client process passed the system server's
security check.
*/
ESystemServerSecurityPassed = 2
}
// Defines a single policy
STRUCT POLICY
{
// A bitmask that defines the set of SID classes that this policy applies to.
// Typically, this field is used if a policy applies
// All clients with a protected SID - KProtectedSids
// All clients with an unprotected SID - KUnprotectedSids
// All clients - KAllSids
LONG sid_classes = KAllSids;
// An array of LONGs that defines a set of specific client application SIDs
// that this policy applies to.
// If this field is populated then the sid_classes field will be ignored.
LONG sid_list[];
// By default policies apply regardless of whether the client process
// requesting the service passed or failed the system server's security
// check. i.e. whether the client process has the correct capabilities.
BYTE systemserversecurity = ESystemServerSecurityPassedOrFailed;
// A wildcard string to match against destination supplied by system server
// Wildcard rules are defined by TDesC::MatchF
LTEXT destination = "*";
// A bit field that controls which buttons may be displayed.
// KYes, KNo, KSessionYes, KSessionNo, KAlways, KNever
LONG options = KYes|KNo;
// If non-zero, this field overrides the implementation UID
// of the default policy evaluator for this policy.
LONG policyevaluator = 0;
// If non-zero, this field overrides the implementation UID
// of the default dialog creator.
LONG dialogcreator = 0;
// Flags specific to the policy evaluator
WORD flags = 0;
// Reserved for future use, do not use
WORD reservedWord = 0;
// Reserved for future use, do not use
LLINK reservedLink = 0;
}
// Defines a set of policies and the implementations UIDs of the default
// policy evaluator and dialog creator plug-ins.
STRUCT POLICIES
{
// Version of the UPS policy format.
// Policy files MUST NOT change this value.
WORD version = 1;
// reserved for future use, do not use
LLINK reserved = 0;
// A POLICY_HEADER structure
STRUCT header;
// An array of POLICY structures
STRUCT policies[];
}
#endif