static void DefineSingletonKey(const TUid& aSingletonKey) /** * Defines a new property for a singleton key. WServ must only process * singleton keys that it created to prevent a malicious process with the * WriteDeviceData capability causing arbitrary functions to be executed. * * @param aSingeltonKey The UID of the singleton key to define. */ { RThread t; TUid category = { t.SecureId().iId }; RProperty prop; // Write access is restricted to THIS process TInt err = prop.Define( category, aSingletonKey.iUid, RProperty::EByteArray, TSecurityPolicy( t.SecureId() ), TSecurityPolicy( t.SecureId() ), sizeof( TCallBack ) ); if ( err == KErrNone ) { TCallBack cb( NULL, NULL ); TPckgC<TCallBack> cbPckg( cb ); // Any error should cause the properties to be ignored err = prop.Set( category, aSingletonKey.iUid, cbPckg ); } if ( err != KErrNone ) { // A problem occured / the property already existed so for safety // the release code should be skipped. gReleaseSingletonsOnExit = EFalse; } prop.Close(); t.Close(); }
/** Private helper function that defines the IrDA discovery responses suppression P&S key and sets the specified suppression status. @param aSuppressDiscoveryResponses A boolean indicating if responses should be suppressed or allowed. @return KErrNone, if successful. KErrPermissionDenied, if the method is called without the required capabilities. @internalComponent @released */ TInt RIrdaDiscoveryResponseSuppressor::DefineAndSetKey(TBool aSuppressDiscoveryResponses) { // Define the discovery response suppression property. TSecurityPolicy policy = TSecurityPolicy(ECapabilityWriteDeviceData); TInt rerr = RProperty::Define(KIrdaPropertyCategory, KIrdaDiscoveryResponseSuppressor, RProperty::EInt, policy, policy); if(rerr == KErrAlreadyExists || rerr == KErrNone) { TDiscoveryResponseSuppressorStatus status = aSuppressDiscoveryResponses ? ESuppressDiscoveryResponses : EAllowDiscoveryResponses; rerr = RProperty::Set(KIrdaPropertyCategory, KIrdaDiscoveryResponseSuppressor, status); } // Forward the error if it is not KErrAlreadyExists. return rerr; }
// --------------------------------------------------------------------------- // CMmCustomStubExt::GetRequiredPlatSecCaps // Return required platform security caps, EAlwaysPass // (other items were commented in a header) // --------------------------------------------------------------------------- // TSecurityPolicy CMmCustomStubExt::GetRequiredPlatSecCaps( const TInt /*aIpc*/ ) { return TSecurityPolicy( TSecurityPolicy::EAlwaysPass ); }
// --------------------------------------------------------- // CMMKeyBearer::SecurityPolicy() // // --------------------------------------------------------- // TSecurityPolicy CMMKeyBearer::SecurityPolicy() const { FUNC_LOG; return TSecurityPolicy(ECapabilityLocalServices); }
TVerdict CTestConnectStep::doTestStepL() /** * @return - TVerdict code * Override of base class pure virtual * Demonstrates reading configuration parameters fom an ini file section */ { if(TestStepResult()==EPass) { INFO_PRINTF1(_L("In Test Step ConnectWithOverrides")); // When bootstrapping C32 we have to avoid the PhBkSyncServer being started, since // it needs a different CommDB TInt ret = StartC32WithCMISuppressions(KPhbkSyncCMI); if((ret!=KErrNone) && (ret!=KErrAlreadyExists)) { INFO_PRINTF2(_L("error is : %d \n"),ret); } else { INFO_PRINTF1(_L("Started C32\n")); } RHostResolver hr; INFO_PRINTF1(_L("Connect to RSocketServ")); User::LeaveIfError(iSocketServ.Connect()); // Set up the connections, both overridden as host resolver won't work // on the default interface INFO_PRINTF1(_L("Open the RConnection interface")); User::LeaveIfError(iConnection.Open(iSocketServ)); // get the IapNumber value from the ini file if(!GetIntFromConfig(ConfigSection(), KIapNumber, iIapNumber)) { if(!GetIntFromConfig(KIap, KIapNumber, iIapNumber)) { iIapNumber=1; INFO_PRINTF1(_L("Failed to read Iap from ini file, using default")); } } INFO_PRINTF2((_L("IapNumber = %d")), iIapNumber); TRequestStatus status; #ifdef SIROCCO_CODE_MIGRATION TCommDbConnPref prefs; prefs.SetIapId(iIapNumber); prefs.SetDialogPreference(ECommDbDialogPrefDoNotPrompt); const TUid KMyPropertyCat = {0x101FD9C5}; const TUint32 KMyPropertyDestPortv4 = 67; TInt err = RProperty::Define(KMyPropertyCat, KMyPropertyDestPortv4, RProperty::EInt, TSecurityPolicy(TSecurityPolicy::EAlwaysPass), TSecurityPolicy(ECapabilityWriteDeviceData)); User::LeaveIfError(RProperty::Set(KMyPropertyCat, KMyPropertyDestPortv4, 93)); #else TInt rank = 1; // Create a multiple connection preference object TCommDbMultiConnPref prefs; for(TInt i=0;i<iapCount;i++) { TCommDbConnPref pref; // Set the direction pref.SetDirection(ECommDbConnectionDirectionOutgoing); // Set the bear ser pref.SetBearerSet(KCommDbBearerPSD | KCommDbBearerCSD); // Set the IAP pref.SetIapId(iIapNumber + i); // Set the dialog preference to Do Not Prompt pref.SetDialogPreference(ECommDbDialogPrefDoNotPrompt); // Set the rank User::LeaveIfError(prefs.SetPreference(rank, pref)); rank++; } prefs.SetConnectionAttempts(rank-1); #endif // Start the connection iConnection.Start(prefs, status); User::WaitForRequest(status); TInt result = status.Int(); if(result!=KErrNone) { ERR_PRINTF2(_L("Failed to start connection. Error %d"), result); SetTestStepResult(EFail); User::Leave(EFail); } else { INFO_PRINTF1(_L("Connection started with overrides")); } // Set up the host resolver INFO_PRINTF1(_L("Initialise a host resolver service")); User::LeaveIfError(hr.Open(iSocketServ, KAfInet, KProtocolInetTcp, iConnection)); CleanupClosePushL(hr); // Test the interfaces conn, host resolution should work ok TBuf<64> hostname; TRequestStatus status1; TNameEntry nameEntry; TPtrC temphost; if(GetStringFromConfig(KTCPConfig, KHostName, temphost)) { INFO_PRINTF2(_L("Hostname is : %S"), &temphost); } else { ERR_PRINTF1(_L("No hostname")); SetTestStepResult(EFail); User::Leave(EFail); } hostname = temphost; hr.GetByName(hostname, nameEntry, status1); User::WaitForRequest(status1); TInt result1 = status1.Int(); if(result1!=KErrNone) { ERR_PRINTF2(_L("Failed to resolve the name. Error %d"), result1); SetTestStepResult(EFail); User::Leave(EFail); } else { INFO_PRINTF1(_L("Resolved the name successfully")); } // open socket INFO_PRINTF1(_L("Open the socket")); User::LeaveIfError(iSocket.Open(iSocketServ, KAfInet, KSockStream, KProtocolInetTcp, iConnection)); CleanupClosePushL(iSocket); // print the host resolver's ip address TInetAddr inetAddr; inetAddr = TInetAddr(nameEntry().iAddr); TBuf<50> addr; inetAddr.Output(addr); INFO_PRINTF2(_L("The host resolver's ip address is: %S"), &addr); // get the port number from the ini file if(!GetIntFromConfig(KTCPConfig, KPort, iPort)) { ERR_PRINTF1(_L("Failed to read Port from ini file")); SetTestStepResult(EFail); User::Leave(EFail); } INFO_PRINTF2((_L("Port = %d")), iPort); // connect to the socket inetAddr.SetPort(iPort); //nameEntry().iAddr.SetPort(iPort); TRequestStatus status2; //iSocket.Connect(nameEntry().iAddr,status2); iSocket.Connect(inetAddr,status2); User::WaitForRequest(status2); TInt result2 = status2.Int(); if(result2!=KErrNone) { ERR_PRINTF2(_L("Failed to connect to the socket. Error %d"), result2); SetTestStepResult(EFail); User::Leave(EFail); } else { INFO_PRINTF1(_L("Connect to the socket successfully")); } TPtrC ptrDNSName; if(GetStringFromConfig(KTCPConfig, KDNSName, ptrDNSName)) { INFO_PRINTF2(_L("DNSName is : %S"), &ptrDNSName); } else { ERR_PRINTF1(_L("No DNSName")); SetTestStepResult(EFail); User::Leave(EFail); } TBuf8<256> bufDnsName; bufDnsName.Copy(ptrDNSName); // connect to the secure socket CTestSecureSocket* iTestSecureSocket = CTestSecureSocket::NewL(*this, iSocket, bufDnsName); CleanupStack::PushL(iTestSecureSocket); iTestSecureSocket->StartHandshake(); CActiveScheduler::Start(); CleanupStack::PopAndDestroy(3); //iTestSecureSocket, iSocket, hr } return TestStepResult(); }
bool qExtractSecurityPolicyFromString(const QString &string, TSecurityPolicy &policy) { int startPos = string.indexOf(QLatin1Char('=')); QStringList values; bool ret = false; if (startPos == -1) { values = string.split(QLatin1Char(','), QString::SkipEmptyParts); } else { values = string.mid(startPos + 1).split(QLatin1Char(','), QString::SkipEmptyParts); } if (values.count() > 0) { const QString findVid(QLatin1String("vid[")); const QString findSid(QLatin1String("sid[")); const int MaxCapCount = 7; const int VidMaxCount = 3; const int SidMaxCount = 3; TCapability capList[MaxCapCount] = { ECapability_None,ECapability_None,ECapability_None, ECapability_None,ECapability_None,ECapability_None,ECapability_None }; bool isVID = false; bool isSID = false; QString idString(QLatin1String("")); int maxAllowed = MaxCapCount; if (values[0].contains(findVid, Qt::CaseInsensitive)) { idString = values[0].remove(findVid, Qt::CaseInsensitive); idString = idString.remove(QLatin1Char(']')); values.removeAt(0); isVID = true; maxAllowed = VidMaxCount; } else if (values[0].contains(findSid, Qt::CaseInsensitive)) { idString = values[0].remove(findSid, Qt::CaseInsensitive); idString = idString.remove(QLatin1Char(']')); values.removeAt(0); isSID = true; maxAllowed = SidMaxCount; } if (values.count() <= maxAllowed) { bool wasSuccesful = true; for (int i = 0; i < values.count(); i++) { capList[i] = qMatchCapStr(values[i]); if (capList[i] == ECapability_HardLimit) { wasSuccesful = false; break; } } if (wasSuccesful) { if (isVID || isSID){ bool ok = true; quint32 id = idString.toUInt(&ok, 16); if (ok) { if (isVID) { TVendorId vid(id); policy = TSecurityPolicy(vid, capList[0], capList[1], capList[2]); } else { TSecureId sid(id); policy = TSecurityPolicy(sid, capList[0], capList[1], capList[2]); } ret = true; //Everything is fine } } else { policy = TSecurityPolicy(capList[0], capList[1], capList[2], capList[3], capList[4], capList[5], capList[6]); ret = true; //Everything is fine } } } } return ret; }
EXPORT_C TInt RFTokenClient::GenerateToken(const RFile& aOpenFile, const TUid& aConsumerUid,TDes8& aToken) const { TSecureId consumerUid(aConsumerUid); return GenerateToken(aOpenFile, TSecurityPolicy(consumerUid), aToken); }
EXPORT_C TInt RFTokenClient::GenerateToken(const TDesC8& aExistingToken, const TUid& aConsumerUid,TDes8& aToken) const { TSecureId consumerUid(aConsumerUid); return GenerateToken(aExistingToken, TSecurityPolicy(consumerUid), aToken); }
TSecurityPolicy CPublishAndSubscribeHandler::symbianPolicy(const XQPublishAndSubscribeSecurityPolicy& policy) { //Use constructor for EAlwaysFail or EAlwaysPass switch (policy.secPolicyType()) { case XQPublishAndSubscribeSecurityPolicy::SecPolicyAlwaysFail: { return TSecurityPolicy(TSecurityPolicy::EAlwaysFail); } case XQPublishAndSubscribeSecurityPolicy::SecPolicyAlwaysPass: { return TSecurityPolicy(TSecurityPolicy::EAlwaysPass); } default: { break; } } TCapability capability1 = ECapability_None; TCapability capability2 = ECapability_None; TCapability capability3 = ECapability_None; TCapability capability4 = ECapability_None; TCapability capability5 = ECapability_None; TCapability capability6 = ECapability_None; TCapability capability7 = ECapability_None; const QList<XQPublishAndSubscribeSecurityPolicy::Capability>& capabilities = policy.capabilities(); if (capabilities.count() > 0) capability1 = symbianCapability(capabilities[0]); if (capabilities.count() > 1) capability2 = symbianCapability(capabilities[1]); if (capabilities.count() > 2) capability3 = symbianCapability(capabilities[2]); if (capabilities.count() > 3) capability4 = symbianCapability(capabilities[3]); if (capabilities.count() > 4) capability5 = symbianCapability(capabilities[4]); if (capabilities.count() > 5) capability6 = symbianCapability(capabilities[5]); if (capabilities.count() > 6) capability7 = symbianCapability(capabilities[6]); long int secureId = policy.secureId().uid(); if (secureId != -1) { //Use constructor for TSecureId + max 3 capabilities return TSecurityPolicy(TSecureId(secureId), capability1, capability2, capability3); } long int vendorId = policy.vendorId().uid(); if (vendorId != -1) { //Use constructor for TVendorId + max 3 capabilities return TSecurityPolicy(TVendorId(vendorId), capability1, capability2, capability3); } if (capabilities.count() < 4) { //Use constructor for max 3 capabilities return TSecurityPolicy(capability1, capability2, capability3); } else { //Use constructor for max 7 capabilities return TSecurityPolicy(capability1, capability2, capability3, capability4, capability5, capability6, capability7); } }
// --------------------------------------------------------------------------- // --------------------------------------------------------------------------- // TInt CAlfTransitionServerController::StartTransitionServer(TInt32 /*aMaxBytesOngoing*/, TInt32 /*aMaxBytesBetween*/) { __ALFFXLOGSTRING("CAlfTransitionServerController::StartTransitionServer >>"); if( ServerRunning() ) { __ALFFXLOGSTRING("CAlfTransitionServerController::StartTransitionServer - return KErrAlreadyExists <<"); return KErrAlreadyExists; } TInt val = 0; TInt err = KErrNone; err = RProperty::Get(KPSUidAvkonDomain, KAknTfxServerStatus, val ); if ( err != KErrNone ) { err = RProperty::Define(KPSUidAvkonDomain, KAknTfxServerStatus, RProperty::EInt, TSecurityPolicy(TSecurityPolicy::EAlwaysPass),TSecurityPolicy(TSecurityPolicy::EAlwaysPass)); // make sure the value is cleared if this is the first time the property is defined val = 0; } if ( err == KErrAlreadyExists ) { // if our publish/subscribe variable already exists, all is well err = KErrNone; } if( err != KErrNone ) { __ALFFXLOGSTRING1("CAlfTransitionServerController::StartTransitionServer - return: %d <<", err); return err; } //Set property to "server running" iTransitionControlValue = val | ETfxSrvRunning; // if the plugin has already been loaded, don't mess up with the value RProperty::Set( KPSUidAvkonDomain, KAknTfxServerStatus, val | ETfxSrvRunning ); if ( !iPsObserver ) { iPsObserver = CAlfPsObserver::New( this, KPSUidAvkonDomain, KAknTfxServerStatus ); if( !iPsObserver ) { __ALFFXLOGSTRING("CAlfTransitionServerController::StartTransitionServer - return KErrNoMemory<<"); return KErrNoMemory; } } if ( !iIsConnected ) { err = iTfxServer.Open(); } if ( err == KErrNone ) { iIsConnected = ETrue; // We don't need the server, we only want to know if it is running. iTfxServer.Close(); } else { err = KErrNone; // start timer if ( !iTimer ) { iTimer = CPeriodic::New( CActive::EPriorityStandard ); if ( iTimer ) { iTimer->Start( 1000000, 1000000, TCallBack(CAlfTransitionServerController::ConnectionCallback, this ) ); } } } __ALFFXLOGSTRING1("CAlfTransitionServerController::StartTransitionServer - return: %d <<", err); return err; }