9 --> |
9 --> |
10 <!DOCTYPE concept |
10 <!DOCTYPE concept |
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
12 <concept id="GUID-85D9878E-4FEF-5E45-9F87-53634CD171E0" xml:lang="en"><title>Integrating |
12 <concept id="GUID-85D9878E-4FEF-5E45-9F87-53634CD171E0" xml:lang="en"><title>Integrating |
13 a System Server with UPS</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
13 a System Server with UPS</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
14 <section><title>Introduction</title> <p>User Prompt Service (UPS) functionality |
14 <section id="GUID-78B46051-E035-4798-9A4D-B274D4783164"><title>Introduction</title> <p>User Prompt Service (UPS) functionality |
15 is provided by the server process <filepath>upsserver.exe</filepath>. The |
15 is provided by the server process <filepath>upsserver.exe</filepath>. The |
16 process starts on demand when system servers make calls to the UPS client |
16 process starts on demand when system servers make calls to the UPS client |
17 library. Only applications with a capability of <codeph>ProtServ</codeph> or |
17 library. Only applications with a capability of <codeph>ProtServ</codeph> or |
18 higher can access <filepath>upsserver.exe</filepath>. </p> <p>A system server |
18 higher can access <filepath>upsserver.exe</filepath>. </p> <p>A system server |
19 should only invoke the UPS for security decisions that a typical phone user |
19 should only invoke the UPS for security decisions that a typical phone user |
20 will understand (For example, it is inappropriate to ask the user for permission |
20 will understand (For example, it is inappropriate to ask the user for permission |
21 to change a low level network setting.) . </p> <p>Device creators can write |
21 to change a low level network setting.) . </p> <p>Device creators can write |
22 a system server that invokes the UPS, if a compatible dialog creator is available |
22 a system server that invokes the UPS, if a compatible dialog creator is available |
23 and the policies are delivered in an appropriately signed SIS file. They can |
23 and the policies are delivered in an appropriately signed SIS file. They can |
24 also write a policy evaluator, but a default policy evaluator is provided |
24 also write a policy evaluator, but a default policy evaluator is provided |
25 by Symbian platform. </p> <p>If the device creators do not specify any policy |
25 by the Symbian platform. </p> <p>If the device creators do not |
26 file, the UPS uses the platform security check results to decide whether to |
26 specify any policy file, the UPS uses the platform security check results |
27 access requested services. Thus not supplying policy files effectively turns |
27 to decide whether to access requested services. Thus not supplying policy |
28 UPS off. </p> </section> |
28 files effectively turns UPS off. </p> </section> |
29 <section><title>Required background</title><p id="GUID-9C6EBADD-175A-5122-90C4-CED8A9855BAB"><b>Configuring |
29 <section id="GUID-718CF580-05FE-4F75-A7D8-4487C35675B6"><title>Required background</title><p id="GUID-9C6EBADD-175A-5122-90C4-CED8A9855BAB"><b>Configuring |
30 the system server</b> </p> <p>For each system server that accesses the UPS, |
30 the system server</b> </p> <p>For each system server that accesses the UPS, |
31 you need to do the following: </p> <ol id="GUID-D14BDAE1-BD62-530E-B3C4-2FA380BDBDC5"> |
31 you need to do the following: </p> <ol id="GUID-D14BDAE1-BD62-530E-B3C4-2FA380BDBDC5"> |
32 <li id="GUID-090CE65B-44BF-54CF-8961-69059655C5F5"><p>Create one <codeph>RUpsSession</codeph> per |
32 <li id="GUID-090CE65B-44BF-54CF-8961-69059655C5F5"><p>Create one <codeph>RUpsSession</codeph> per |
33 server. </p> <p>Typically, an <codeph>RUpsSubession</codeph> object is created |
33 server. </p> <p>Typically, an <codeph>RUpsSubession</codeph> object is created |
34 for each connection by a client to the system server and can only have one |
34 for each connection by a client to the system server and can only have one |
58 capabilities limited access to a protected service. Because most implementations |
58 capabilities limited access to a protected service. Because most implementations |
59 of the <codeph>CPolicyServer</codeph> fail the client immediately if the platsec |
59 of the <codeph>CPolicyServer</codeph> fail the client immediately if the platsec |
60 check fails these checks may have to be modified. </p> </li> |
60 check fails these checks may have to be modified. </p> </li> |
61 </ul><p> <b>Note</b>: For an example of how to include the above, see the |
61 </ul><p> <b>Note</b>: For an example of how to include the above, see the |
62 example code later in this document. </p></section> |
62 example code later in this document. </p></section> |
63 <section><title>Integration of UPS</title> <p>If the system server uses the <codeph>CPolicyServer</codeph> framework, |
63 <section id="GUID-3C0A43C1-1CEF-4C0F-83A6-64B3EF73E955"><title>Integration of UPS</title> <p>If the system server uses the <codeph>CPolicyServer</codeph> framework, |
64 there are three candidates for the main integration point. </p> <table id="GUID-BBE389D8-77A0-52BA-910D-368BAC25DCC3"> |
64 there are three candidates for the main integration point. </p> <table id="GUID-BBE389D8-77A0-52BA-910D-368BAC25DCC3"> |
65 <tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/> |
65 <tgroup cols="2"><colspec colname="col0"/><colspec colname="col1"/> |
66 <tbody> |
66 <tbody> |
67 <row> |
67 <row> |
68 <entry><p>Function </p> </entry> |
68 <entry><p>Function </p> </entry> |