UPS -Configuration

User Prompt Service (UPS) configuration component (\securityconfig\ups\) -includes a backup.xml file and a ROM stub SIS file for -configuring a UPS policy file. Device creators must modify the configuration -files of UPS and rebuild the securityconfig component, -to customise the behavior of the UPS component.

Introduction

UPS policy files are resource files -that specify whether application requests to access services are silently -accepted or denied or whether they require the user to be prompted. Each service -has a policy file. The policy file lists policies for various applications. -The configuration of policy file involves configuring ROM stub package file -and backup XML file.

Installing and Configuring UPS Policy file

Installing -policy files

A policy file on the system drive eclipses a policy -file on the Z drive if it has the same filename. If the policy file on the -system drive is corrupt, the policy file on the Z drive (if it exists) is -used instead. The policy files should be installed (and upgraded) through -Software Install to the private directory of the UPS on the system drive. -The private directory is \private\10283558\policies.

Upgrading -package file

The SIS file must either contain the executable or -be an upgrade to the base package which supplied the executable, for delivering -files into the private directory of an executable.

The following is -a default implementation of a package file for UPS server ROM stub SIS file:

; Package file for User Prompt Service server ROM stub SIS file -; -; A ROM stub SIS file is required to allow UPS policy files to be -; provisioned post-manufacture because policy files are loaded from -; the policies subdirectory of the UPS server's private directory. - -&EN - -#{"User Prompt Service"}, (0x10285777), 1, 0 , 0, TYPE=SA - -%{"Nokia Corporation and/or its subsidiary(-ies)"} -:"Nokia Corporation and/or and/or its subsidiary(-ies)" - -; UPS policy files on the Z drive must also be included here if -; upgrades (eclipsing) is required post-manufacture. - -""-"z:\sys\bin\upsserver.exe" -

Device creators must create a ROM stub SIS file if they want -to allow policy files to be delivered after-market (since the UPS server is -delivered in the ROM).

To ensure that policy file upgrades are -approved by manufacturers or Symbian Signed, SIS files that modify the private -directory of the UPS must be signed by a certificate where CA has the AllFiles capability.

Verifying -hash of the policy

The VERIFY option must be -added to the line in the package file that installs the UPS policy file to -ensure that the Software Install checks the hash of the policy at restore -time. The following sample package file uses the VERIFY flag.

; tupspolicies1.pkg -; -; - -; Checks the installation of UPS policies files - -&EN -#{"UPS Policy Files"}, (0x10285777), 1, 0, 0, TYPE=SP -%{"Symbian Foundation"} -:"Symbian Foundation" - -; The VERIFY option is used to flag the files as non-modifiable so that SWI -; checks the hashes during restore - -"data\ups_01041000_01041001.rsc"-"$:\private\10283558\policies\ups_01041000_01041001.rsc", VERIFY -"data\ups_01041000_01041002.rsc"-"$:\private\10283558\policies\ups_01041000_01041002.rsc", VERIFY -"data\ups_01042000_01042001.rsc"-"$:\private\10283558\policies\ups_01042000_01042001.rsc", VERIFY -"data\ups_01043000_01043001.rsc"-"$:\private\10283558\policies\ups_01043000_01043001.rsc", VERIFY -

Version 5.1.0.1 or higher of makesis should be used because the VERIFY -flag is not supported in older versions.
The major and minor versions field in the policy header of the policy -file can be used to provide information that is used in upgrades. If the major -version number is changed when a policy file is upgraded, all decision records -for that policy file are deleted (because the major version number is stored -in the decision record).
Upgrading the plug-ins does not delete the decision records. If device -creators want to delete decision records with a plug-in upgrade they must -either update associated policy files or provide a run-on-install executable -that calls the management API to delete decision records.

Back up and restoring

UPS policy files may -be backed up and restored providing that a valid backup.xml file -is provided. The following is a sample backup file provided by Symbian.

<?xml version="1.0" standalone="yes" ?> -- <backup_registration> -- <passive_backup> - <include_directory name="policies" /> - </passive_backup> - <restore requires_reboot="no" /> - </backup_registration> -

+ + + + + +UPS +Configuration +

User Prompt Service (UPS) configuration component (\securityconfig\ups\) +includes a backup.xml file and a ROM stub SIS file for +configuring a UPS policy file. Device creators must modify the configuration +files of UPS and rebuild the securityconfig component, +to customise the behavior of the UPS component.

Introduction

UPS policy files are resource files +that specify whether application requests to access services are silently +accepted or denied or whether they require the user to be prompted. Each service +has a policy file. The policy file lists policies for various applications. +The configuration of policy file involves configuring ROM stub package file +and backup XML file.

Installing and Configuring UPS Policy file

Installing +policy files

A policy file on the system drive eclipses a policy +file on the Z drive if it has the same filename. If the policy file on the +system drive is corrupt, the policy file on the Z drive (if it exists) is +used instead. The policy files should be installed (and upgraded) through +Software Install to the private directory of the UPS on the system drive. +The private directory is \private\10283558\policies.

Upgrading +package file

The SIS file must either contain the executable or +be an upgrade to the base package which supplied the executable, for delivering +files into the private directory of an executable.

The following is +a default implementation of a package file for UPS server ROM stub SIS file:

; Package file for User Prompt Service server ROM stub SIS file +; +; A ROM stub SIS file is required to allow UPS policy files to be +; provisioned post-manufacture because policy files are loaded from +; the policies subdirectory of the UPS server's private directory. + +&EN + +#{"User Prompt Service"}, (0x10285777), 1, 0 , 0, TYPE=SA + +%{"Nokia Corporation and/or its subsidiary(-ies)"} +:"Nokia Corporation and/or and/or its subsidiary(-ies)" + +; UPS policy files on the Z drive must also be included here if +; upgrades (eclipsing) is required post-manufacture. + +""-"z:\sys\bin\upsserver.exe" +

Device creators must create a ROM stub SIS file if they want +to allow policy files to be delivered after-market (since the UPS server is +delivered in the ROM).

To ensure that policy file upgrades are +approved by manufacturers or Symbian Signed, SIS files that modify the private +directory of the UPS must be signed by a certificate where CA has the AllFiles capability.

Verifying +hash of the policy

The VERIFY option must be +added to the line in the package file that installs the UPS policy file to +ensure that the Software Install checks the hash of the policy at restore +time. The following sample package file uses the VERIFY flag.

; tupspolicies1.pkg +; +; + +; Checks the installation of UPS policies files + +&EN +#{"UPS Policy Files"}, (0x10285777), 1, 0, 0, TYPE=SP +%{"Symbian Foundation"} +:"Symbian Foundation" + +; The VERIFY option is used to flag the files as non-modifiable so that SWI +; checks the hashes during restore + +"data\ups_01041000_01041001.rsc"-"$:\private\10283558\policies\ups_01041000_01041001.rsc", VERIFY +"data\ups_01041000_01041002.rsc"-"$:\private\10283558\policies\ups_01041000_01041002.rsc", VERIFY +"data\ups_01042000_01042001.rsc"-"$:\private\10283558\policies\ups_01042000_01042001.rsc", VERIFY +"data\ups_01043000_01043001.rsc"-"$:\private\10283558\policies\ups_01043000_01043001.rsc", VERIFY +

Version 5.1.0.1 or higher of makesis should be used because the VERIFY +flag is not supported in older versions.
The major and minor versions field in the policy header of the policy +file can be used to provide information that is used in upgrades. If the major +version number is changed when a policy file is upgraded, all decision records +for that policy file are deleted (because the major version number is stored +in the decision record).
Upgrading the plug-ins does not delete the decision records. If device +creators want to delete decision records with a plug-in upgrade they must +either update associated policy files or provide a run-on-install executable +that calls the management API to delete decision records.

Back up and restoring

UPS policy files may +be backed up and restored providing that a valid backup.xml file +is provided. The following is a sample backup file provided by Symbian.

<?xml version="1.0" standalone="yes" ?> +- <backup_registration> +- <passive_backup> + <include_directory name="policies" /> + </passive_backup> + <restore requires_reboot="no" /> + </backup_registration> +

\ No newline at end of file