MCL/sftools/dev/hostenv/cpptoolsplat: comparison symport/e32/common/secure.cpp

equal deleted inserted replaced

-:c55016431358
+:0a7b44b10206
+// Copyright (c) 2004-2009 Nokia Corporation and/or its subsidiary(-ies).
+// All rights reserved.
+// This component and the accompanying materials are made available
+// under the terms of the License "Symbian Foundation License v1.0"
+// which accompanies this distribution, and is available
+// at the URL "http://www.symbianfoundation.org/legal/sfl-v10.html".
+//
+// Initial Contributors:
+// Nokia Corporation - initial contribution.
+//
+// Contributors:
+//
+// Description:
+// e32\common\secure.cpp
+//
+//
+#define __INCLUDE_ALL_SUPPORTED_CAPABILITIES__
+#include "common.h"
+#ifdef __KERNEL_MODE__
+#include <kernel.h>
+#include <kern_priv.h>
+#endif
+// Check that the layout of TSecurityInfo and SSecurityInfo are the same
+// because we use this assumption in the TSecurityInfo::Set methods
+__ASSERT_COMPILE(_FOFF(TSecurityInfo,iSecureId)==_FOFF(SSecurityInfo,iSecureId));
+__ASSERT_COMPILE(_FOFF(TSecurityInfo,iVendorId)==_FOFF(SSecurityInfo,iVendorId));
+__ASSERT_COMPILE(_FOFF(TSecurityInfo,iCaps)==_FOFF(SSecurityInfo,iCaps));
+#ifndef __TOOLS2__
+#ifdef __KERNEL_MODE__
+/**
+Construct a TSecurityInfo setting it to the security attributes of aProcess.
+@param aProcess A process.
+*/
+EXPORT_C TSecurityInfo::TSecurityInfo(DProcess* aProcess)
+	{
+	memcpy(this, &aProcess->iS, sizeof(SSecurityInfo));
+	}
+/**
+Construct a TSecurityInfo setting it to the security attributes to those of the process
+owning the specified thread.
+@param aThread A thread.
+*/
+EXPORT_C TSecurityInfo::TSecurityInfo(DThread* aThread)
+	{
+	memcpy(this, &aThread->iOwningProcess->iS, sizeof(SSecurityInfo));
+	}
+#else
+/**
+Construct a TSecurityInfo setting it to the security attributes of aProcess.
+@param aProcess A process.
+*/
+EXPORT_C TSecurityInfo::TSecurityInfo(RProcess aProcess)
+	{
+	Exec::ProcessSecurityInfo(aProcess.Handle(),*(SSecurityInfo*)this);
+	}
+/**
+Construct a TSecurityInfo setting it to the security attributes to those of the process
+owning the specified thread.
+@param aThread A thread.
+*/
+EXPORT_C TSecurityInfo::TSecurityInfo(RThread aThread)
+	{
+	Exec::ThreadSecurityInfo(aThread.Handle(),*(SSecurityInfo*)this);
+	}
+/**
+Construct a TSecurityInfo setting it to the security attributes of the process
+which sent the message aMsgPtr
+@param aMsgPtr a message
+*/
+EXPORT_C TSecurityInfo::TSecurityInfo(RMessagePtr2 aMsgPtr)
+	{
+	Exec::MessageSecurityInfo(aMsgPtr.Handle(),*(SSecurityInfo*)this);
+	}
+TInt TSecurityInfo::Set(RSessionBase aSession)
+	{
+	return Exec::SessionSecurityInfo(aSession.Handle(),*(SSecurityInfo*)this);
+	}
+/**
+Sets this TSecurityInfo to the security attributes of this process' creator.
+*/
+EXPORT_C void TSecurityInfo::SetToCreatorInfo()
+	{
+	Exec::CreatorSecurityInfo(*(SSecurityInfo*)this);
+	}
+#endif //__KERNEL_MODE__
+#endif // __TOOLS2__
+/**
+Construct a set consisting of two capabilities.
+@param aCapability1 The first capability.
+@param aCapability2 The second capability.
+*/
+EXPORT_C TCapabilitySet::TCapabilitySet(TCapability aCapability1, TCapability aCapability2)
+	{
+	SetEmpty();
+	AddCapability(aCapability1);
+	AddCapability(aCapability2);
+	}
+/**
+Make this set empty. I.e. Containing no capabilities.
+*/
+EXPORT_C void TCapabilitySet::SetEmpty()
+	{
+	memset(iCaps,0,sizeof(iCaps));
+	}
+/**
+Make this set consist of all capabilities supported by this OS version.
+*/
+EXPORT_C void TCapabilitySet::SetAllSupported()
+	{
+	*(SCapabilitySet*)&iCaps=AllSupportedCapabilities;
+	}
+#ifndef __TOOLS2__
+#ifndef __KERNEL_MODE__
+// Documented in header file
+EXPORT_C void TCapabilitySet::SetDisabled()
+	{
+	Exec::DisabledCapabilities(*(SCapabilitySet*)this);
+	}
+#endif // __KERNEL_MODE__
+#endif // __TOOLS2__
+/**
+Add a single capability to the set.
+If the capability is not supported by this OS version then it is not added and
+the set is left unchanged.
+@see TCapabilitySet::SetAllSupported()
+@param aCapability Capability to add.
+*/
+EXPORT_C void TCapabilitySet::AddCapability(TCapability aCapability)
+	{
+	if((TUint32)aCapability<(TUint32)ECapability_Limit)
+		{
+		TInt index = aCapability>>3;
+		TUint8 mask = (TUint8)(1<<(aCapability&7));
+		mask &= ((TUint8*)&AllSupportedCapabilities)[index];
+		((TUint8*)iCaps)[index] |= mask;
+		}
+	}
+/**
+Remove a single capability from the set, if it is present.
+@param aCapability Capability to remove.
+*/
+EXPORT_C void TCapabilitySet::RemoveCapability(TCapability aCapability)
+	{
+	if((TUint32)aCapability<(TUint32)ECapability_Limit)
+		{
+		TInt index = aCapability>>3;
+		TUint8 mask = (TUint8)(1<<(aCapability&7));
+		((TUint8*)iCaps)[index] &= ~mask;
+		}
+	}
+/**
+Perform a union of this capability set with another.
+The result replaces the content of 'this'.
+@param aCapabilities A cpability set
+*/
+EXPORT_C void TCapabilitySet::Union(const TCapabilitySet& aCapabilities)
+	{
+	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
+		iCaps[n] |= aCapabilities.iCaps[n];
+	}
+/**
+Perform an intersection of this capability set with another.
+The result replaces the content of 'this'.
+@param aCapabilities A capability set
+*/
+EXPORT_C void TCapabilitySet::Intersection(const TCapabilitySet& aCapabilities)
+	{
+	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
+		iCaps[n] &= aCapabilities.iCaps[n];
+	}
+/**
+Remove a set of capabilities from this set.
+@param aCapabilities The set of capabilities to remove
+*/
+EXPORT_C void TCapabilitySet::Remove(const TCapabilitySet& aCapabilities)
+	{
+	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
+		iCaps[n] &= ~aCapabilities.iCaps[n];
+	}
+/**
+Test if a single capability is present in the set.
+The capability ECapability_None is always treated as being present.
+@param aCapability The capability to test
+@return 1 if the capability is present, 0 if it is not.
+*/
+EXPORT_C TBool TCapabilitySet::HasCapability(TCapability aCapability) const
+	{
+	if((TUint32)aCapability<(TUint32)ECapability_Limit)
+		return (((TUint8*)iCaps)[aCapability>>3]>>(aCapability&7))&1;
+	if(aCapability==ECapability_None)
+		return ETrue;
+	return EFalse;  // Handles illegal argument and ECapability_Denied
+	}
+/**
+Test if all the capabilities in a given set are present in this set
+@param aCapabilities The capability set to test
+@return A non-zero value if all the capabilities are present, zero otherwise.
+*/
+EXPORT_C TBool TCapabilitySet::HasCapabilities(const TCapabilitySet& aCapabilities) const
+	{
+	TUint32 checkFail=0;
+	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
+		checkFail |= aCapabilities.iCaps[n]&~iCaps[n];
+	return checkFail?0:1;
+	}
+// Documented in header file
+TBool TCapabilitySet::NotEmpty() const
+	{
+	TUint32 notEmpty=0;
+	for(TInt n = (ECapability_Limit-1)>>5; n>=0; n--)
+		notEmpty |= iCaps[n];
+	return notEmpty;
+	}
+//ECapability_None is assumed to be -1 in the internals of TSecurityPolicy
+__ASSERT_COMPILE(ECapability_None == -1);
+/** Constructs a TSecurityPolicy to either always pass or always fail checks made
+against it, depending on the value of aType.
+@param aType Must be one of EAlwaysPass or EAlwaysFail
+@panic USER 191 if aType is not a valid value
+*/
+EXPORT_C TSecurityPolicy::TSecurityPolicy(TSecPolicyType aType)
+	: iType((TUint8)aType), iSecureId(TUint32(ECapability_None))
+	{
+	//This constructor uses TSecPolicyType as public alias for the internal
+	//TType.  Thus EAlwaysFail must have the same value as ETypeFail (same with the
+	//pass case too).
+	__ASSERT_COMPILE(EAlwaysFail == (TSecPolicyType)ETypeFail);
+	__ASSERT_COMPILE(EAlwaysPass == (TSecPolicyType)ETypePass);
+	__ASSERT_ALWAYS(aType == EAlwaysFail || aType == EAlwaysPass, Panic(ETSecPolicyTypeInvalid));
+	iCaps[0] = (TUint8)ECapability_None;
+	iCaps[1] = (TUint8)ECapability_None;
+	iCaps[2] = (TUint8)ECapability_None;
+	}
+/** Construct a TSecurityPolicy object to check up to 3 capabilties.
+@param aCap1 The first capability to add to this policy
+@param aCap2 An optional second capability to add to this policy
+@param aCap3 An optional third capability to add to this policy
+@panic USER 189 If any of the supplied capabilities are not valid.
+*/
+EXPORT_C TSecurityPolicy::TSecurityPolicy(TCapability aCap1, TCapability aCap2, TCapability aCap3)
+	//iSecureId=0xFFFFFFFF sets iExtraCaps[0-3] each to ECapability_None (==0xFF)
+	: iType(ETypeC3), iSecureId(TUint32(ECapability_None))
+	{
+	ConstructAndCheck3(aCap1, aCap2, aCap3);
+	}
+/** Construct a TSecurityPolicy object to check up to 7 capabilties.
+@param aCap1 The first capability to add to this policy
+@param aCap2 The second capability to add to this policy
+@param aCap3 The third capability to add to this policy
+@param aCap4 The fourth capability to add to this policy
+@param aCap5 An optional fifth capability to add to this policy
+@param aCap6 An optional sixth capability to add to this policy
+@param aCap7 An optional seventh capability to add to this policy
+@panic USER 189 If any of the supplied capabilities are not valid.
+*/
+EXPORT_C TSecurityPolicy::TSecurityPolicy(TCapability aCap1, TCapability aCap2,
+	TCapability aCap3, TCapability aCap4, TCapability aCap5, TCapability aCap6, TCapability aCap7)
+	: iType(ETypeC7)
+	{
+	ConstructAndCheck3(aCap1, aCap2, aCap3);
+	__ASSERT_COMPILE(ECapability_None==-1); // Our argument check below assumes this
+	__ASSERT_ALWAYS(  (TUint)(aCap4+1)<=(TUint)ECapability_Limit
+					&&(TUint)(aCap5+1)<=(TUint)ECapability_Limit
+					&&(TUint)(aCap6+1)<=(TUint)ECapability_Limit
+					&&(TUint)(aCap7+1)<=(TUint)ECapability_Limit
+					,Panic(ECapabilityInvalid));
+	iExtraCaps[0] = (TUint8)aCap4;
+	iExtraCaps[1] = (TUint8)aCap5;
+	iExtraCaps[2] = (TUint8)aCap6;
+	iExtraCaps[3] = (TUint8)aCap7;
+	}
+/** Construct a TSecurityPolicy object to check a secure id and up to 3 capabilties.
+@param aSecureId The secure id to add to this policy
+@param aCap1 The first capability to add to this policy
+@param aCap2 The second capability to add to this policy
+@param aCap3 The third capability to add to this policy
+@panic USER 189 If any of the supplied capabilities are not valid.
+*/
+EXPORT_C TSecurityPolicy::TSecurityPolicy(TSecureId aSecureId,
+	TCapability aCap1, TCapability aCap2, TCapability aCap3)
+	: iType(ETypeS3), iSecureId(aSecureId)
+	{
+	ConstructAndCheck3(aCap1, aCap2, aCap3);
+	}
+/** Construct a TSecurityPolicy object to check a vendor id and up to 3 capabilties.
+@param aVendorId The vendor id to add to this policy
+@param aCap1 The first capability to add to this policy
+@param aCap2 The second capability to add to this policy
+@param aCap3 The third capability to add to this policy
+@panic USER 189 If any of the supplied capabilities are not valid.
+*/
+EXPORT_C TSecurityPolicy::TSecurityPolicy(TVendorId aVendorId,
+	TCapability aCap1, TCapability aCap2, TCapability aCap3)
+	: iType(ETypeV3), iVendorId(aVendorId)
+	{
+	ConstructAndCheck3(aCap1, aCap2, aCap3);
+	}
+/** Sets up iCaps[0-2] with supplied values and checks for their validity.
+@panic USER 189 If any of the supplied capabilities are invalid.
+*/
+void TSecurityPolicy::ConstructAndCheck3(TCapability aCap1, TCapability aCap2, TCapability aCap3)
+	{
+	__ASSERT_COMPILE(ECapability_None==-1); // Our argument check below assumes this
+	__ASSERT_ALWAYS(  (TUint)(aCap1+1)<=(TUint)ECapability_Limit
+					&&(TUint)(aCap2+1)<=(TUint)ECapability_Limit
+					&&(TUint)(aCap3+1)<=(TUint)ECapability_Limit
+					,Panic(ECapabilityInvalid));
+	iCaps[0] = (TUint8)aCap1;
+	iCaps[1] = (TUint8)aCap2;
+	iCaps[2] = (TUint8)aCap3;
+	}
+/**
+Checks that this object is in a valid state
+@return A non-zero value if this object is valid, zero otherwise.
+@internalComponent
+*/
+TBool TSecurityPolicy::Validate() const
+	{
+	switch(iType)
+		{
+		case ETypeFail:
+		case ETypePass:
+			if(iSecureId!=TUint32(ECapability_None))
+				return EFalse;
+			__ASSERT_COMPILE(TUint8(ECapability_None)==0xffu); // Test below assumes this...
+			if((iCaps[0]&iCaps[1]&iCaps[2])!=TUint8(ECapability_None)) // check caps 0 to 2 are each == ECapability_None
+				return EFalse;
+			return ETrue;
+		case ETypeC7:
+			return ETrue;
+		case ETypeC3:
+			if(iSecureId!=TUint32(ECapability_None))
+				return EFalse;
+			return ETrue;
+		case ETypeS3:
+		case ETypeV3:
+			return ETrue;
+		default:
+			return EFalse;
+		}
+	}
+/** Sets this TSecurityPolicy to a copy of the policy described by the
+supplied descriptor. Such a descriptor can be obtained from
+TSecurityPolicy::Package().
+@see TSecurityPolicy::Package()
+@param aDes A descriptor representing the state of another TSecurityPolicy.
+@return KErrNone, if successful, otherwise one of the other system-wide error
+codes.
+*/
+EXPORT_C TInt TSecurityPolicy::Set(const TDesC8& aDes)
+	{
+	if(aDes.Size() == sizeof(TSecurityPolicy))
+		{
+		*this = *(TSecurityPolicy*)aDes.Ptr();
+		if(Validate())
+			return KErrNone;
+		}
+	// Set failed so set up the policy as an EAlwaysFail case.
+	iType = EAlwaysFail;
+	iCaps[0] = TUint8(ECapability_None);
+	iCaps[1] = TUint8(ECapability_None);
+	iCaps[2] = TUint8(ECapability_None);
+	iSecureId = TUint32(ECapability_None);
+	return KErrArgument;
+	}
+/**
+Constructs a TPtrC8 wrapping the platform security attributes of this
+TSecurityPolicy.  Such a descriptor is suitable for passing across the
+client server boundary.
+The format of the descriptor is determined by the first byte which specifies
+the type of this TSecurityPolicy.  The first byte is one of the constants
+specified in the enum TSecurityPolicy::TType.
+For TSecurityPolicy objects of types ETypeC3, ETypeS3, ETypePass or ETypeFail
+the descriptor will contain the following data in the order listed:
+@code
+	TUint8 iType; 		// set to ETypeC3, ETypeS3, ETypePass or ETypeFail
+	TUint8 iCaps[3];
+	TUint32 iSecureId;
+@endcode
+ETypeC3 descriptors will contain capabilities in iCaps but have iSecureId set
+to ECapability_None.  ETypeS3 are similar to ETypeC3 descriptors but will have
+iSecureId set to the secure ID value of the TSecurityPolicy object.
+ETypePass and ETypeFail objects will have values of all of the elements of iCaps
+and iSecureId set to ECapability_None.
+For TSecurityPolicy objects of type ETypeV3 the descriptor will contain the
+following data in the order listed:
+@code
+	TUint8 iType;		// set to ETypeV3
+	TUint8 iCaps[3];	// set to the values of 3 capabilities
+	TUint32 iVendorId;	// set to the value of the vendor ID of the TSecurityPolicy
+@endcode
+For TSecurityPolicy objects of type ETypeC7 the descriptor will contain the
+following data in the order listed:
+@code
+	TUint8 iType;			// set to ETypeC7
+	TUint8 iCaps[3];		// set to the values of 3 of the objects capabilities
+	TUint8 iExtraCaps[4];	// set to the values of 4 of the objects capabilities
+@endcode
+@see TSecurityPolicy::TType
+@see TSecurityPolicy::Set()
+@return A TPtrC8 wrapping the platform security attributes of this TSecurityPolicy.
+*/
+EXPORT_C TPtrC8 TSecurityPolicy::Package() const
+	{
+	return TPtrC8((TUint8*)(this), sizeof(TSecurityPolicy));
+	}
+/** Checks this policy against the supplied SSecurityInfo.
+@param aSecInfo The SSecurityInfo object to check against this TSecurityPolicy.
+@param aMissing A SSecurityInfo object which this method fills with any capabilities or IDs
+				it finds to be missing. This is designed to help generating diagnostic messages.
+@return ETrue if all the requirements of this TSecurityPolicy are met, EFalse
+@panic USER 190 if aSecInfo is an invalid SSecurityInfo object
+otherwise.
+*/
+TBool TSecurityPolicy::CheckPolicy(const SSecurityInfo& aSecInfo, SSecurityInfo& aMissing) const
+	{
+	TBool result = EFalse;
+	//It is thought to be by far the most common case to have 3 or less
+	//capabilities in a policy.  Hence we'll set this for all of them even
+	//though ETypePass doesn't need it.
+	aMissing.iSecureId = 0;
+	aMissing.iVendorId = 0;
+	__ASSERT_COMPILE(SCapabilitySet::ENCapW == 2);
+	aMissing.iCaps[0] = 0;
+	aMissing.iCaps[1] = 0;
+	aMissing.iCaps.AddCapability((TCapability)(iCaps[0]));
+	aMissing.iCaps.AddCapability((TCapability)(iCaps[1]));
+	aMissing.iCaps.AddCapability((TCapability)(iCaps[2]));
+	aMissing.iCaps.Remove(aSecInfo.iCaps);
+	switch(iType)
+		{
+		case ETypeFail:
+			//result already False;
+			break;
+		case ETypePass:
+			result = ETrue;
+			break;
+		case ETypeC7:
+			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[0]));
+			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[1]));
+			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[2]));
+			aMissing.iCaps.AddCapability((TCapability)(iExtraCaps[3]));
+			aMissing.iCaps.Remove(aSecInfo.iCaps);
+			//It is intentional that there is no break statement here
+		case ETypeC3:
+			if(!aMissing.iCaps.NotEmpty())
+				{
+				result = ETrue;
+				}
+			break;
+		case ETypeS3:
+			if(!aMissing.iCaps.NotEmpty() && iSecureId == aSecInfo.iSecureId)
+				{
+				result = ETrue;
+				}
+			//This else if required to set the aMissing.iCaps secure id for diagnostics.
+			//Doesn't affect pass case.
+			else if(iSecureId != aSecInfo.iSecureId)
+				{
+				aMissing.iSecureId = iSecureId;
+				}
+			break;
+		case ETypeV3:
+			if(!aMissing.iCaps.NotEmpty() && iVendorId == aSecInfo.iVendorId)
+				{
+				result = ETrue;
+				}
+			else if(iVendorId != aSecInfo.iVendorId)
+				{
+				aMissing.iVendorId = iVendorId;
+				}
+			break;
+		default:
+			Panic(ESecurityPolicyCorrupt);
+			break;
+		}
+	return result;
+	}
+#ifndef __TOOLS2__
+#ifndef __KERNEL_MODE__
+/** Checks this policy against the platform security attributes of aProcess.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aProcess The RProcess object to check against this TSecurityPolicy.
+@param aDiagnostic A string that will be emitted along with any diagnostic message
+							that may be issued if the policy check fails.
+							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
+							which enables it to be easily removed from the system.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of aProcess, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RProcess aProcess, const char* aDiagnostic) const
+	{
+	SSecurityInfo missing;
+	TSecurityInfo secInfo(aProcess);
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
+	if(!pass)
+		pass = PlatSec::PolicyCheckFail(aProcess.Handle(),missing,aDiagnostic)==KErrNone;
+	return pass;
+	}
+#else // !__REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RProcess aProcess, const char* /*aDiagnostic*/) const
+	{
+	return DoCheckPolicy(aProcess);
+	}
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+/** Checks this policy against the platform security attributes of aProcess.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aProcess The RProcess object to check against this TSecurityPolicy.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of aProcess, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RProcess aProcess) const
+	{
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+	return DoCheckPolicy(aProcess, NULL);
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+	SSecurityInfo missing;
+	TSecurityInfo secInfo(aProcess);
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
+	if(!pass)
+		pass = (PlatSec::EmitDiagnostic() == KErrNone);
+	return pass;
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+	}
+/** Checks this policy against the platform security attributes of the process
+owning aThread.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aThread The thread whose owning process' platform security attributes
+are to be checked against this TSecurityPolicy.
+@param aDiagnostic A string that will be emitted along with any diagnostic message
+							that may be issued if the policy check fails.
+							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
+							which enables it to be easily removed from the system.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security parameters of the owning process of aThread, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RThread aThread, const char* aDiagnostic) const
+	{
+	SSecurityInfo missing;
+	TSecurityInfo secInfo(aThread);
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
+	if(!pass)
+		pass = PlatSec::PolicyCheckFail(aThread.Handle(),missing,aDiagnostic)==KErrNone;
+	return pass;
+	}
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RThread aThread, const char* /*aDiagnostic*/) const
+	{
+	return DoCheckPolicy(aThread);
+	}
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+/** Checks this policy against the platform security attributes of the process
+owning aThread.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aThread The thread whose owning process' platform security attributes
+are to be checked against this TSecurityPolicy.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security parameters of the owning process of aThread, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RThread aThread) const
+	{
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+	return DoCheckPolicy(aThread, NULL);
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+	SSecurityInfo missing;
+	TSecurityInfo secInfo(aThread);
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
+	if(!pass)
+		pass = (PlatSec::EmitDiagnostic() == KErrNone);
+	return pass;
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+	}
+TInt TSecurityPolicy::CheckPolicy(RSessionBase aSession) const
+	{
+	SSecurityInfo missing;
+	TSecurityInfo secInfo;
+	TInt r = secInfo.Set(aSession);
+	if (r!=KErrNone)
+		return r;
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
+	if(!pass)
+		{
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+		r = PlatSec::PolicyCheckFail(aSession.Handle(),missing,NULL);
+#else
+		r = PlatSec::EmitDiagnostic();
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+		}
+	return r;
+	}
+/** Checks this policy against the platform security attributes of the process which sent
+the given message.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
+@param aDiagnostic A string that will be emitted along with any diagnostic message
+							that may be issued if the policy check fails.
+							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
+							which enables it to be easily removed from the system.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of aMsg, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, const char* aDiagnostic) const
+	{
+	SSecurityInfo missing;
+	TSecurityInfo secInfo(aMsgPtr);
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
+	if(!pass)
+		pass = PlatSec::PolicyCheckFail(aMsgPtr,missing,aDiagnostic)==KErrNone;
+	return pass;
+	}
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, const char* /*aDiagnostic*/) const
+	{
+	return DoCheckPolicy(aMsgPtr);
+	}
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+/** Checks this policy against the platform security attributes of the process which sent
+the given message.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of aMsg, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr) const
+	{
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+	return DoCheckPolicy(aMsgPtr, NULL);
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+	SSecurityInfo missing;
+	TSecurityInfo secInfo(aMsgPtr);
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
+	if(!pass)
+		pass = (PlatSec::EmitDiagnostic() == KErrNone);
+	return pass;
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+	}
+/** Checks this policy against the platform security attributes of the process which sent
+the given message.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
+@param aMissing A TSecurityInfo object which this method fills with any capabilities or IDs
+				it finds to be missing.
+@param aDiagnostic A string that will be emitted along with any diagnostic message
+							that may be issued if the policy check fails.
+							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
+							which enables it to be easily removed from the system.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of aMsg, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, TSecurityInfo& aMissing, const char* aDiagnostic) const
+	{
+	TSecurityInfo secInfo(aMsgPtr);
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), *((SSecurityInfo*)&aMissing));
+	if(!pass)
+		pass = PlatSec::PolicyCheckFail(aMsgPtr,*((SSecurityInfo*)&aMissing),aDiagnostic)==KErrNone;
+	return pass;
+	}
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+/** Checks this policy against the platform security attributes of the process which sent
+the given message.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aMsgPtr The RMessagePtr2 object to check against this TSecurityPolicy.
+@param aMissing A TSecurityInfo object which this method fills with any capabilities or IDs
+				it finds to be missing.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of aMsg, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+TBool TSecurityPolicy::DoCheckPolicy(RMessagePtr2 aMsgPtr, TSecurityInfo& aMissing) const
+	{
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+	return DoCheckPolicy(aMsgPtr, aMissing, NULL);
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+	TSecurityInfo secInfo(aMsgPtr);
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), *((SSecurityInfo*)&aMissing));
+	if(!pass)
+		pass = (PlatSec::EmitDiagnostic() == KErrNone);
+	return pass;
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+	}
+/** Checks this policy against the platform security attributes of this process' creator.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aProcess The RProcess object to check against this TSecurityPolicy.
+@param aDiagnostic A string that will be emitted along with any diagnostic message
+							that may be issued if the policy check fails.
+							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
+							which enables it to be easily removed from the system.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of this process' creator, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicyCreator(const char* aDiagnostic) const
+	{
+	SSecurityInfo missing;
+	TSecurityInfo secInfo;
+	secInfo.SetToCreatorInfo();
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
+	if(!pass)
+		pass = PlatSec::CreatorPolicyCheckFail(missing,aDiagnostic)==KErrNone;
+	return pass;
+	}
+#else // !__REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicyCreator(const char* /*aDiagnostic*/) const
+	{
+	return DoCheckPolicyCreator();
+	}
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+/** Checks this policy against the platform security attributes of this process' creator.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aProcess The RProcess object to check against this TSecurityPolicy.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of this process' creator, EFalse otherwise.
+@panic USER 190 if 'this' is an invalid SSecurityInfo object
+*/
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicyCreator() const
+	{
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+	return DoCheckPolicyCreator(NULL);
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+	SSecurityInfo missing;
+	TSecurityInfo secInfo;
+	secInfo.SetToCreatorInfo();
+	TBool pass = CheckPolicy(*((SSecurityInfo*)&secInfo), missing);
+	if(!pass)
+		pass = (PlatSec::EmitDiagnostic() == KErrNone);
+	return pass;
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+	}
+#else //__KERNEL_MODE__
+/** Checks this policy against the platform security attributes of aProcess.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aProcess The DProcess object to check against this TSecurityPolicy.
+@param aDiagnostic A string that will be emitted along with any diagnostic message
+							that may be issued if the policy check fails.
+							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
+							which enables it to be easily removed from the system.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of aProcess, EFalse otherwise.
+@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
+*/
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DProcess* aProcess, const char* aDiagnostic) const
+	{
+	SSecurityInfo missing;
+	TBool pass = CheckPolicy(aProcess->iS, missing);
+	if(!pass)
+		pass = PlatSec::PolicyCheckFail(aProcess,missing,aDiagnostic)==KErrNone;
+	return pass;
+	}
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DProcess* aProcess, const char* /*aDiagnostic*/) const
+	{
+	return DoCheckPolicy(aProcess);
+	}
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+/** Checks this policy against the platform security attributes of aProcess.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aProcess The DProcess object to check against this TSecurityPolicy.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security attributes of aProcess, EFalse otherwise.
+@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
+*/
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DProcess* aProcess) const
+	{
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+	return DoCheckPolicy(aProcess, NULL);
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+	SSecurityInfo missing;
+	TBool pass = CheckPolicy(aProcess->iS, missing);
+	if(!pass)
+		pass = (PlatSec::EmitDiagnostic() == KErrNone);
+	return pass;
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+	}
+/** Checks this policy against the platform security attributes of the process
+owning aThread.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aThread The thread whose owning process' platform security attributes
+are to be checked against this TSecurityPolicy.
+@param aDiagnostic A string that will be emitted along with any diagnostic message
+							that may be issued if the policy check fails.
+							This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro
+							which enables it to be easily removed from the system.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security parameters of the owning process of aThread, EFalse otherwise.
+@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
+*/
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DThread* aThread, const char* aDiagnostic) const
+	{
+	SSecurityInfo missing;
+	TBool pass = CheckPolicy(aThread->iOwningProcess->iS, missing);
+	if(!pass)
+		pass = PlatSec::PolicyCheckFail(aThread,missing,aDiagnostic)==KErrNone;
+	return pass;
+	}
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DThread* aThread, const char* /*aDiagnostic*/) const
+	{
+	return DoCheckPolicy(aThread);
+	}
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+/** Checks this policy against the platform security attributes of the process
+owning aThread.
+	When a check fails the action taken is determined by the system wide Platform Security
+	configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted.
+	If PlatSecEnforcement is OFF, then this function will return ETrue even though the
+	check failed.
+@param aThread The thread whose owning process' platform security attributes
+are to be checked against this TSecurityPolicy.
+@return ETrue if all the requirements of this TSecurityPolicy are met by the
+platform security parameters of the owning process of aThread, EFalse otherwise.
+@panic KERN-COMMON 190 if 'this' is an invalid SSecurityInfo object
+*/
+EXPORT_C TBool TSecurityPolicy::DoCheckPolicy(DThread* aThread) const
+	{
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+	return DoCheckPolicy(aThread, NULL);
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+	SSecurityInfo missing;
+	TBool pass = CheckPolicy(aThread->iOwningProcess->iS, missing);
+	if(!pass)
+		pass = (PlatSec::EmitDiagnostic() == KErrNone);
+	return pass;
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+	}
+#endif // !__KERNEL_MODE__
+#ifndef __KERNEL_MODE__
+EXPORT_C TInt PlatSec::ConfigSetting(TConfigSetting aSetting)
+	{
+	TUint32 flags = Exec::KernelConfigFlags();
+	switch(aSetting)
+		{
+		case EPlatSecEnforcement:
+			flags &= EKernelConfigPlatSecEnforcement;
+			break;
+		case EPlatSecDiagnotics:
+#ifndef __REMOVE_PLATSEC_DIAGNOSTICS__
+			flags &= EKernelConfigPlatSecDiagnostics;
+#else //__REMOVE_PLATSEC_DIAGNOSTICS__
+			flags=0;
+#endif // !__REMOVE_PLATSEC_DIAGNOSTICS__
+			break;
+		case EPlatSecProcessIsolation:
+			flags &= EKernelConfigPlatSecProcessIsolation;
+			break;
+		case EPlatSecEnforceSysBin:
+			flags &= EKernelConfigPlatSecEnforceSysBin;
+			break;
+		case EPlatSecLocked:
+			flags &= EKernelConfigPlatSecLocked;
+			break;
+		default:
+			flags = 0;
+			break;
+		}
+	if(flags)
+		flags = 1;
+	return flags;
+	}
+EXPORT_C TBool PlatSec::IsCapabilityEnforced(TCapability aCapability)
+	{
+	if(!((TCapabilitySet&)AllSupportedCapabilities).HasCapability(aCapability))
+		return EFalse;
+	SCapabilitySet disabled;
+	Exec::DisabledCapabilities(disabled);
+	if(((TCapabilitySet&)disabled).HasCapability(aCapability))
+		return EFalse;
+	return PlatSec::ConfigSetting(EPlatSecEnforcement);
+	}
+#endif // Not __KERNEL_MODE__
+#endif // __TOOLS2__

changeset 1	0a7b44b10206
child 2	806186ab5e14