|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-DB827750-6057-537E-8FE1-8F68BF2E9F99" xml:lang="en"><title>Writing |
|
13 a UPS Policy File</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
14 <p>UPS policy files are resource files that specify whether application requests |
|
15 to access services are silently accepted or denied or whether they require |
|
16 the user to be prompted. Each service has a policy file. The policy file lists |
|
17 policies for various applications. </p> |
|
18 <section id="GUID-F3D62C3E-D570-4DE2-ACED-0577D3923965"><title>Required Background</title> <p>Before you start writing a |
|
19 UPS policy file, you must configure the UPS. For more information, see <xref href="GUID-6849E256-6719-5788-BCB2-7557F09AAAD0.dita">Configuring UPS</xref>. </p> </section> |
|
20 <section id="GUID-10A7A574-4E57-45E3-8198-CD6D15EAC455"><title>Introduction</title> <p>The resource header file, <filepath>ups/policies.rh</filepath>, |
|
21 defines the structures and constants required by User Prompt Service policy |
|
22 files. </p> <p>Device creators can customise the circumstances under which |
|
23 prompts are generated by configuring policies. Policies are made up of details |
|
24 about the service being requested as well as information about whether to |
|
25 accept or deny silently or to ask the user. They are defined in policy lists. |
|
26 Each service has one policy list defining any number of policies. </p> <p>In |
|
27 cases where the policy specifies that a user prompt is required, ECOM plug-ins |
|
28 called <xref href="GUID-43080A86-72D3-5422-953E-A5EF79961D7B.dita">Policy Evaluators</xref> and <xref href="GUID-A8130D83-E684-5B6C-BDFE-EB6EE3CD49E8.dita">Dialog Creators</xref>, written |
|
29 by device creators. </p> </section> |
|
30 <section id="GUID-7DFB9572-0E28-4D7A-9EF1-8A4DADFAA0B3"><title>Writing policy files</title> <p>Writing policy files include |
|
31 the following: </p> <ul> |
|
32 <li id="GUID-9FE188FC-A512-595A-848B-DA5A82F143AF"><p>Naming and location |
|
33 of policy files </p> </li> |
|
34 <li id="GUID-81096653-08DF-53F2-8CD9-D683BD8D9F97"><p>Policy resource </p> </li> |
|
35 </ul> <p><b> Naming and location of policy files</b> </p> <p>UPS policy files |
|
36 must be named <filepath>ups_<systemserversid>_<serviceuid>.rsc</filepath>. |
|
37 They are stored in <filepath>z:\private\10283558\policies</filepath> or the |
|
38 equivalent directory on the system drive. </p> <p>The <codeph>systemserversid</codeph> and |
|
39 the <codeph>serviceuid</codeph> components of the policy file name are 8-digit, |
|
40 zero-padded hexadecimal numbers. </p> <p><b>Policy resource </b> </p> <p>The |
|
41 policy resource is made up of a header, followed by any number of policies. |
|
42 Policies need to be ordered from most specific to least specific. </p> <codeblock id="GUID-679FBF44-5880-57B2-83EA-1A89DA0BBA9D" xml:space="preserve">RESOURCE POLICIES mypolicies |
|
43 { |
|
44 header = POLICY_HEADER |
|
45 { |
|
46 // header definition |
|
47 }; |
|
48 policies = |
|
49 { |
|
50 POLICY |
|
51 { |
|
52 // definition of policy 1 |
|
53 }, |
|
54 POLICY |
|
55 { |
|
56 // definition of policy 2 |
|
57 } |
|
58 // etc |
|
59 }; |
|
60 } |
|
61 </codeblock> <p>The following shows an example header: </p> <codeblock id="GUID-52773FA8-A3E1-51E2-8F12-675BE94A21E3" xml:space="preserve">header = POLICY_HEADER |
|
62 { |
|
63 // The major version number of THIS policy file. |
|
64 // When policy files are upgraded or eclipsed the UPS deletes all decision |
|
65 // records for the system server server SID and service ID where the major |
|
66 // version in the decision record is not equal to the major version |
|
67 // number in the policy file. |
|
68 majorversion = 0; |
|
69 // The minor version number of THIS policy file. |
|
70 minorversion = 0; |
|
71 |
|
72 // Built-in (protected SID and loaded from Z drive) client applications |
|
73 // do not require authorisation from the UPS if the client has the correct |
|
74 // capabilities. |
|
75 authorisationpolicy = ECheckPostManufacture; |
|
76 //dialogcreator and policyevaluator UIDs |
|
77 dialogcreator = 0x10283694; |
|
78 policyevaluator = 0x10283698; |
|
79 }; |
|
80 </codeblock> </section> |
|
81 <section id="GUID-7A571B93-A2B9-4B97-ACE9-8C70AABBB389"><title>Example of a policy file </title> <p>The following is an example |
|
82 of a policy file: </p> <codeblock id="GUID-F5378D3D-02A5-536E-96D1-6BD240B3852E" xml:space="preserve">#include <ups/policies.rh> |
|
83 // Identifies this as a UPS policy file |
|
84 UID2 KUidUpsPolicyResourceFile |
|
85 // Uniquely defines this policy file. The UID should be reserved using the Symbian Signed protected UID allocator. |
|
86 UID3 0x01100001 |
|
87 |
|
88 RESOURCE POLICIES testpolicies |
|
89 { |
|
90 header = POLICY_HEADER |
|
91 { |
|
92 // Built-in (protected SID and loaded from Z drive) client applications |
|
93 // do not require authorisation from the UPS if the client has the correct |
|
94 // capabilities. |
|
95 authorisationpolicy = ECheckPostManufacture; |
|
96 dialogcreator = 0x10283694; |
|
97 policyevaluator = 0x10283698; |
|
98 }; |
|
99 policies = |
|
100 { |
|
101 POLICY |
|
102 { |
|
103 // Silently accept this SID (By specifying only KYes in options field) |
|
104 sid_list = {0x01000030}; |
|
105 destination = "*"; |
|
106 options = KYes; |
|
107 }, |
|
108 POLICY |
|
109 { |
|
110 // Silently accept these SIDs for a specific destination |
|
111 sid_list = {0x01000031,0x01000032}; |
|
112 destination = "*WLAN*"; |
|
113 options = KYes; |
|
114 }, |
|
115 POLICY |
|
116 { |
|
117 // For protected SIDs enable the Always and Never options |
|
118 // if the client has the correct capability. |
|
119 sid_classes = KProtectedSids; |
|
120 systemserversecurity = ESystemServerSecurityPassed; |
|
121 destination = "*"; |
|
122 options = KYes|KNo|KAlways|KNever; |
|
123 policyevaluator = 0x01000020; |
|
124 dialogcreator = 0x01000021; |
|
125 }, |
|
126 POLICY |
|
127 { |
|
128 // Unprotected SIDs may only get one-shot permissions |
|
129 sid_classes = KUnprotectedSids; |
|
130 destination = "*"; |
|
131 options = KYes|KNo; |
|
132 flags = 42; // Flags specific to policy evaluator 0x10283698 |
|
133 } |
|
134 }; |
|
135 } |
|
136 |
|
137 </codeblock> </section> |
|
138 <section id="GUID-C069700D-FABD-4C84-AD71-B292F3B26E04"><title>See also</title><p><xref href="GUID-4E838A77-C7B5-5B1F-93F5-F3577901914B.dita">Policy |
|
139 Resource</xref> </p> </section> |
|
140 </conbody></concept> |