Пример #1
0
namespace UserPromptService
{

static const TInt upsPolicyRangeCount = 8;
static const TInt upsPolicyRanges[upsPolicyRangeCount] = 
				{
					0,
					// Range 0 - 0 to EBaseSession-1
					// Not used
					CScsServer::EBaseSession,
					// Range 1 - EBaseSession  to EBaseSession | EMngmntRead-1
					//
					// These codes used to create subsessions and to query the policy
					// authorisation settings.
					//
					// (ESessSubsessFromThreadId/EGetClientConfigLength/EGetClientConfigData)
					//
					CScsServer::EBaseSession | EMngmntRead,
					// Range 2 - EBaseSession | EMngmntRead to EBaseSession | EMngmntDelete - 1
					//
					// Management READ APIs
					//
					CScsServer::EBaseSession | EMngmntDelete,
					// Range 3 - EBaseSession | EMngmntDelete to EBaseSession | EMngmntUpdate - 1
					// Management DELETE API (ie. delete entire database or selected entries).
					//
					CScsServer::EBaseSession | EMngmntUpdate,
					// Range 4 - EBaseSession | EMngmntUpdate to EBaseSession | ESwiObserver - 1
					// Management  UPDATE API (ie. change an existing decision).
					//
					CScsServer::EBaseSession | ESwiObserver,
					// Range 5 - EBaseSession | ESwiObserver to EBaseSubSession - 1
					// SWI observer management API.
					//
					CScsServer::EBaseSubSession,
					// Range 6 - EBaseSubSession to EBaseMustAllow-1
					//
					// System Server APIs
					// Authorise - (ESubsessPreparePrompt/ESubsessExecutePrompt)
					CScsServer::EBaseMustAllow	
					// Range 7 - EBaseMustAllow to KMaxTInt inclusive
					//
					// SCS internal APIs to create subsessions, cancel requests etc.
				};

static const TUint8 upsPolicyElementsIndex[upsPolicyRangeCount] = 
				{
					CPolicyServer::ENotSupported, // Range 0 - Not used
					CPolicyServer::EAlwaysPass, // Range 1 - Subsess and auth policy
					0, // Range 2 - Management READ APIs
					1, // Range 3 - Management DELETE APIs
					2, // Range 4 - Management UPDATE APIs
					3, // Range 5 - SWI observer APIs
					4, // Range 6 - System Server APIs
					CPolicyServer::EAlwaysPass // Range 7 - SCS internal
				};

// 0x102836C3 == Swi::KUidSwiObserver.iUid from swiobserver.h BUT we can not include that because SWI is optional
// and we are not!
static const TSecureId KSwiObserverSid(0x102836C3);
static const CPolicyServer::TPolicyElement upsPolicyPolicyElements[5] = 
{
				{_INIT_SECURITY_POLICY_C1(ECapabilityReadDeviceData), CPolicyServer::EFailClient},	
				{_INIT_SECURITY_POLICY_C1(ECapabilityWriteDeviceData), CPolicyServer::EFailClient},	
				{_INIT_SECURITY_POLICY_C1(ECapabilityAllFiles), CPolicyServer::EFailClient},
				{_INIT_SECURITY_POLICY_S0(KSwiObserverSid), CPolicyServer::EFailClient},
				{_INIT_SECURITY_POLICY_C1(ECapabilityProtServ), CPolicyServer::EFailClient}
};

static const CPolicyServer::TPolicy upsPolicy =
				{
				CPolicyServer::EAlwaysPass, // Allow all connects
				upsPolicyRangeCount,
				upsPolicyRanges,
				upsPolicyElementsIndex,
				upsPolicyPolicyElements,
				};

_LIT_SECURITY_POLICY_S0(KAllowUpsServer, KUpsServerUid.iUid); //< Only the UPS server can update the P&S flag used to tell clients to re-read client authorisation policies
_LIT_SECURITY_POLICY_C1(KAllowProtServ, ECapabilityProtServ); //< All our system server clients will have ProtServ, so limit reading of the (internal) flag to them.

CUpsServer* CUpsServer::NewLC()
/**
	Factory function allocates new, initialized instance of
	CUpsServer which is left on the cleanup stack.

	@return					New, initialized instance of CUpsServer
							which is left on the cleanup stack.
 */
	{
	CUpsServer* self = new(ELeave) CUpsServer();
	CleanupStack::PushL(self);
	self->ConstructL();
	return self;
	}

CUpsServer::CUpsServer()
/**
	Initializes the superclass with this server's version.
 */
	:	CScsServer(UserPromptService::Version(), upsPolicy),
		iPolicyCache(iFs),
		iDbHandle(iFs)
	{
	// empty.
	}

void CUpsServer::ConstructL()
/**
	Second-phase construction initializes the superclass and
	starts the server.
 */
	{
	CScsServer::ConstructL(UserPromptService::KShutdownPeriodUs);
	User::LeaveIfError(iFs.Connect());

	TInt r = RProperty::Define(KUpsServiceConfigProperty, RProperty::EInt, KAllowProtServ, KAllowUpsServer);
	if(r != KErrAlreadyExists)
		{
		User::LeaveIfError(r);
		}

	iSwiWatcher = CSwiWatcher::NewL(*this);

	SetupL();

	StartL(UserPromptService::KUpsServerName);
	}

void CUpsServer::SetupL()
/**
	Setup memory variables which are not already setup.
	Used during intial construction and after a call to FreeUncompressableMemory.
 */
	{
	if(!iPolicyCache.IsOpen())
		{
		iPolicyCache.OpenL();
		}
	if(!iPluginManager)
		{
		iPluginManager = CPluginManager::NewL();
		}

	// Create/Open the database
	if(!iDbHandle.IsOpen())
		{
		iDbHandle.OpenL();
		}

	if(!iFlurryQueue)
		{
		iFlurryQueue = CAuthoriserFifo::NewL();
		}
	if(!iFlurryQueueBeingProcessed)
		{
		iFlurryQueueBeingProcessed = CAuthoriserFifo::NewL();
		}
	}

void CUpsServer::FreeUncompressableMemory()
/**
	Frees memory which can not be compressed down to a known level for OOM testing.
 */
	{
	iDbHandle.Close();
	
	if(iPluginManager)
		{
		iPluginManager->Unload();
		delete iPluginManager;
		iPluginManager = 0;
		}

	iPolicyCache.Release();
	}


CUpsServer::~CUpsServer()
/**
	Cleanup the server, in particular close the RFs session.
 */
	{
	iDisputed.Close();
	
	(void) RProperty::Delete(KUpsServiceConfigProperty);
	
	delete iFlurryQueueBeingProcessed;
	iFlurryQueueBeingProcessed = 0;

	delete iFlurryQueue;
	iFlurryQueue = 0;

	FreeUncompressableMemory();

	delete iSwiWatcher;
	iSwiWatcher = 0;
	iFs.Close();
	}

CScsSession* CUpsServer::DoNewSessionL(const RMessage2& /*aMessage*/)
/**
	Implement CScsServer by allocating a new instance of CUpsSession.

	@param	aMessage		Standard server-side handle to message.	 Not used.
	@return					New instance of CUpsSession which is owned by the
							caller.
 */
	{
	return CUpsSession::NewL(*this);
	}


void CUpsServer::DoPreHeapMarkOrCheckL()
/**
	This function is called by the framework just before settingchecking a heap mark. We need to compress/free memory
	down to a state which should be the same both before and after the test operations.
*/
	{
#ifdef _DEBUG
	if(iAsyncRequests.Count() != 0)
		{
		User::Leave(KErrServerBusy);
		}
	iDisputed.Compress();
	iFlurryQueue->Compress();
	iFlurryQueueBeingProcessed->Compress();
	FreeUncompressableMemory();
#endif
	}

void CUpsServer::DoPostHeapMarkOrCheckL()
/**
	Called immediately after setting/checking the heap mark and therefore just after DoPreHeapMarkOrCheckL.
	This function needs to re-allocate uncompressable data structures which were destroyed by DoPreHeapMarkOrCheckL.
*/
	{
#ifdef _DEBUG
	SetupL();
#endif
	}

void CUpsServer::GateKeeperL(CAuthoriser *aAuthoriser)
	/**
	   If no dialog is in progress, the server will note one is in
	   progress, and tell the aAuthoriser it can continue (by calling
	   ClearedToDisplayL).

	   Whenever a CAuthoriser finishes it MUST call our AuthoriserDone
	   function. This will allow us to cleanup our queues and clear
	   the next dialog to display.

	   If a dialog is already in progress, the the aAuthoriser will be
	   added to iFlurryQueue for later processing.

	   @param aAuthoriser to queue
	 */
	{
	if(iCurrentDialog)
		{
		// Add to queue of requests requiring re-processing later. This includes requests which want to display
		// a dialog and ones which matches a recordId which is under dispute (i.e. Where ForcePrompt has been
		// called and returned yes, but the prompt hasn't been displayed yet).
		iFlurryQueue->PushL(aAuthoriser);
		return;
		}
	iCurrentDialog = aAuthoriser;
	iCurrentDialog->ClearedToDisplayL();
	}

void CUpsServer::AuthoriserDone(CAuthoriser *aAuthoriser)
/**
	See CUpsServer::AuthoriserDoneL for documentation.
*/
	{
	TRAP_IGNORE(AuthoriserDoneL(aAuthoriser));
	}

void CUpsServer::AuthoriserDoneL(CAuthoriser *aAuthoriser)
	/**
	   The CAuthoriser has either completed the request, been
	   cancelled, or failed somehow.

	   If it is in either FIFO it needs removing.

	   If it is the current display dialog, then we need to check the
	   FIFOs, and maybe swap them, and call WakeupNextPending.
	*/
	{
	// Remove from lists.
	// Note the FIFO object does NOT leave if the object is not found.
	iFlurryQueue->RemoveL(aAuthoriser);
	iFlurryQueueBeingProcessed->RemoveL(aAuthoriser);

	if(aAuthoriser == iCurrentDialog)
		{
		iCurrentDialog = 0;

		if(iFlurryQueueBeingProcessed->IsEmpty())
			{
			// Swap queues
			CAuthoriserFifo *tmp = iFlurryQueue;
			iFlurryQueue = iFlurryQueueBeingProcessed;
			iFlurryQueueBeingProcessed = tmp;
			}
		WakeupNextPendingL();
		}
	}

void CUpsServer::WakeupNextPendingL()
	/**
	   This function does the following:-

	   1) If iFlurryQueueBeingProcessed is empty it returns.
	   
	   2) Removes the first authoriser from iFlurryQueueBeingProcessed
	   and calls SetPending to mark it as no longer pending.
	   
	   3) Increases its priority to EPriorityUserInput (this makes
	   sure it will be handled ahead of any incoming requests)

	   4) Sets it active and completes it so it runs.

	   It will run BEFORE any incoming requests.
	   
	   The first thing it must do is call this function again. This
	   ensures all pending requests are re-processed in order.

	   Normally it will then re-lookup its fingerprints in the
	   database, if found it may complete client request. If it
	   decides it still needs to display a dialog it should call
	   GateKeeper again.
	 */
	{
	if(iFlurryQueueBeingProcessed->IsEmpty())
		{
		return;
		}
	
	CAuthoriser *authoriser = iFlurryQueueBeingProcessed->PopL();
	// Set priority of authoriser to EPriorityHigh-1. This is higher
	// than any incoming work, but lower than deferred deletes.
	authoriser->SetPriority(CActive::EPriorityHigh - 1);
	authoriser->Wakeup();
	}

void CUpsServer::DisputeRecordIdL(TUint32 aRecordId)
/**
	Add the specified record to the list of disputed record IDs.
*/
	{
	DEBUG_PRINTF2(_L8("CUpsServer::DisputeRecordIdL(%d)\n"), aRecordId);
	User::LeaveIfError(iDisputed.InsertInOrder(aRecordId));
	}

void CUpsServer::UnDisputeRecordIdL(TUint32 aRecordId)
/**
	Deletes the specified record from the list of disputed record IDs.
*/
	{
	DEBUG_PRINTF2(_L8("CUpsServer::UnDisputeRecordIdL(%d)\n"), aRecordId);
	TInt i = iDisputed.FindInOrderL(aRecordId);
	User::LeaveIfError(i);
	iDisputed.Remove(i);
	}

TBool CUpsServer::IsRecordIdDisputed(TUint32 aRecordId) const
/**
	Checks if the specified record is under dispute. A record is disputed
	if the evaluator ForcePromptL call for a match on that record return ETrue to
	force a prompt to be displayed.
*/
	{
	TBool disputed = iDisputed.FindInOrder(aRecordId) >= 0;
	//RDebug::Printf("CUpsServer::IsRecordIdDisputed(%d) - returning %s\n", 
	//				aRecordId,
	//				(disputed)?("EFalse"):("EFalse"));
	return disputed;
	}

//
// Implementation of CSwiWatcher
//
CSwiWatcher *CSwiWatcher::NewL(CUpsServer &aUpsServer)
	{
	CSwiWatcher *self = new(ELeave) CSwiWatcher(aUpsServer);
	CleanupStack::PushL(self);
	self->ConstructL();
	CleanupStack::Pop(self);
	return self;
	}

CSwiWatcher::CSwiWatcher(CUpsServer &aUpsServer)
	: CActive(CActive::EPriorityHigh),
	  iUpsServer(aUpsServer)
	{
	CActiveScheduler::Add(this);
	}

void CSwiWatcher::ConstructL()
/**
	Subscribe for notification for writes to the SWI P&S property.
	We do not check the actual value because it is not guaranteed that we will run for every change.
*/
	{
	User::LeaveIfError(iSwiProperty.Attach(KUidSystemCategory, KSAUidSoftwareInstallKeyValue));
	iSwiProperty.Subscribe(iStatus);
	SetActive();
	}

void CSwiWatcher::RunL()
/**
	SWI has changed state, so unload any unused plugins.
	We do this for EVERY state change which we manage to run for, which is overkill, but the unload call
	is cheap/free if there are no plugins which require unloading.
*/
	{
	User::LeaveIfError(iStatus.Int());
	
	iSwiProperty.Subscribe(iStatus);
	SetActive();

	// Tell the plugin manager to unload plugins which are NOT in use. 
	iUpsServer.iPluginManager->Unload();
	}

void CSwiWatcher::DoCancel()
	{
	iSwiProperty.Cancel();
	}

CSwiWatcher::~CSwiWatcher()
	{
	Cancel();
	iSwiProperty.Close();
	}


} // End of namespace UserPromptService
Пример #2
0
// at the URL "http://www.eclipse.org/legal/epl-v10.html".
//
// Initial Contributors:
// Nokia Corporation - initial contribution.
//
// Contributors:
//
// Description:
//


#include "domainpolicytest.h"

const TDmDomainSpec DomainHierarchy[] = 
	{
		{ KDmIdRoot,	KDmIdNone,	_INIT_SECURITY_POLICY_C1(ECapabilityWriteDeviceData),		EStartupCriticalStatic,	KDomainTimeout	},

		// row 1		
		{ KDmIdTestA,	KDmIdRoot,	_INIT_SECURITY_POLICY_PASS,									EStartupCriticalStatic,	KDomainTimeout	},
		{ KDmIdTestB,	KDmIdRoot,	_INIT_SECURITY_POLICY_PASS,									EStartupCriticalStatic,	KDomainTimeout	},
		{ KDmIdTestC,	KDmIdRoot,	_INIT_SECURITY_POLICY_PASS,									EStartupCriticalStatic,	KDomainTimeout	},

		// row 2
		{ KDmIdTestAA,	KDmIdTestA,	_INIT_SECURITY_POLICY_PASS,									EStartupCriticalStatic,	KDomainTimeout	},
		{ KDmIdTestAB,	KDmIdTestA,	_INIT_SECURITY_POLICY_PASS,									EStartupCriticalStatic,	KDomainTimeout	},
		{ KDmIdTestBA,	KDmIdTestB,	_INIT_SECURITY_POLICY_PASS,									EStartupCriticalStatic,	KDomainTimeout	},
		{ KDmIdTestCA,	KDmIdTestC,	_INIT_SECURITY_POLICY_PASS,									EStartupCriticalStatic,	KDomainTimeout	},
		
		// row 3
		{ KDmIdTestABA,	KDmIdTestAB,_INIT_SECURITY_POLICY_PASS,									EStartupCriticalStatic,	KDomainTimeout	},
		{ KDmIdTestABB,	KDmIdTestAB,_INIT_SECURITY_POLICY_PASS,									EStartupCriticalStatic,	KDomainTimeout	},
Пример #3
0
// iElementsIndex of TPolicy
const TUint8 KServerPolicyElementIndex[KServerPolicyRangeCount] =
{
        CPolicyServer::EAlwaysPass,
        KSearchElementIndex,
        KIndexingElementIndex,
        CPolicyServer::EAlwaysPass,
        KIndexingElementIndex,
        CPolicyServer::ENotSupported
};

// iElements of TPolicy
const CPolicyServer::TPolicyElement KServerPolicyElements[] =
{
        {_INIT_SECURITY_POLICY_C1(ECapabilityReadUserData), CPolicyServer::EFailClient },
        {_INIT_SECURITY_POLICY_C1(ECapabilityWriteUserData), CPolicyServer::EFailClient }
};

// TPolicy for policy server
const CPolicyServer::TPolicy KServerPolicy =
{
        CPolicyServer::EAlwaysPass, // Connects always pass
        KServerPolicyRangeCount,
        KServerPolicyRanges,
        KServerPolicyElementIndex,
        KServerPolicyElements
};


// ========================= MEMBER FUNCTIONS ==================================
namespace QtService
{
// Server Security Policy
const TUint KServerRangeCount = 2;
const TInt KServerRanges[KServerRangeCount] = { 
                0, //range is [0-2)
                3 //range is [3-KMaxTInt] 
                };
const TUint8 KSeverElementsIndex[KServerRangeCount] = { 
                0,
                CPolicyServer::ENotSupported };

const CPolicyServer::TPolicyElement KServerPolicyElements[] = { {
                _INIT_SECURITY_POLICY_C1(ECapabilityWriteDeviceData),
                CPolicyServer::EFailClient } };

const CPolicyServer::TPolicy KServerPolicy = {
                CPolicyServer::EAlwaysPass, //specifies all connect attempts should pass
                KServerRangeCount, KServerRanges, KSeverElementsIndex,
                KServerPolicyElements };

enum
{
    EServerPriority = CActive::EPriorityStandard
};

// ======== MEMBER FUNCTIONS ========

/*!
    \class CServiceSymbianServer
    \brief Symbian client server implementation
*/

/*!
    Constructor.
*/
CServiceSymbianServer::CServiceSymbianServer() :
    CPolicyServer(EServerPriority, KServerPolicy)
{
    XQSERVICE_DEBUG_PRINT("CServiceSymbianServer::CServiceSymbianServer");
}

/*!
    2nd phased constructor.
*/
void CServiceSymbianServer::ConstructL()
{
}

/*!
    Two phased constructor.
*/
CServiceSymbianServer* CServiceSymbianServer::NewL()
{
    XQSERVICE_DEBUG_PRINT("CServiceSymbianServer::NewL");
    CServiceSymbianServer* self = new (ELeave) CServiceSymbianServer;
    CleanupStack::PushL(self);
    self->ConstructL();
    CleanupStack::Pop(self);
    return self;
}

/*!
    Destructor.
*/
CServiceSymbianServer::~CServiceSymbianServer()
{
    XQSERVICE_DEBUG_PRINT("CServiceSymbianServer::~CServiceSymbianServer");
}

/*!
    Start listening for new service requests.
    \param aServerName Name of the server.
    \return true if successful.
*/
bool CServiceSymbianServer::listen(const QString& aServerName)
{
    XQSERVICE_DEBUG_PRINT("CServiceSymbianServer::listen");
    XQSERVICE_DEBUG_PRINT("aServerName: %s", qPrintable(aServerName));
    bool listening(true);

    // Needs to be here becuase Q_Ptr isonly set after constructor of public
    iObserver = Observer();
    TPtrC serverName(reinterpret_cast<const TUint16*> (aServerName.utf16()));
    TInt err=0;
    TRAP( err, StartL(serverName) );
    XQSERVICE_DEBUG_PRINT("listen status=%d", err);
    if (err != KErrNone) {
        listening = false;
    }
    // Complete the server rendezvous that th client started
    XQSERVICE_DEBUG_PRINT("CServiceSymbianServer::Rendezvouz");
    RProcess::Rendezvous(KErrNone);
    XQSERVICE_DEBUG_PRINT("listening: %d", listening);
    return listening;
}

/*!
    Shutdown the server and stop serving clients.
*/
void CServiceSymbianServer::disconnect()
{
    XQSERVICE_DEBUG_PRINT("CServiceSymbianServer::disconnect");
    // Symbian Servers do not have disconnect, 
    // the process has to exit
}

/*!
    Create a new session, derived from CPolicyServer.
    \param aVersion Version of the server.
    \param aMessage Message object.
*/
CSession2* CServiceSymbianServer::NewSessionL(const TVersion& aVersion,
                                              const RMessage2& aMessage) const
{
    XQSERVICE_DEBUG_PRINT("CServiceSymbianServer::NewSessionL");
    TVersion v(1, 0, 0);
    if (!User::QueryVersionSupported(v, aVersion)) {
        XQSERVICE_DEBUG_PRINT("Not supported version");
        User::Leave(KErrNotSupported);
    }

    // Create a new Symbian Session for the client
    return CServiceSymbianSession::NewL(iObserver);
}
}
Пример #5
0
  
const TInt CKmdServer::iKmdServerRanges[iKmdServerRangeCount] = 
    {
    CKmdServer::KKmdStartConnection,
    CKmdServer::KKmdCancelResolveAddress+1
    };

const TUint8 CKmdServer::iKmdServerElementIndex[iKmdServerRangeCount] = 
    {
    0,
    CPolicyServer::ENotSupported
    };

const CPolicyServer::TPolicyElement CKmdServer::iKmdServerElements[] =
    {
    {_INIT_SECURITY_POLICY_C1(ECapabilityNetworkControl), 
      CPolicyServer::EFailClient},
    };

const CPolicyServer::TPolicy CKmdServer::iKmdServerPolicy =
    {
    0,                      // All connect attempts are checked
    iKmdServerRangeCount,   // Count of ranges
    iKmdServerRanges,       // 0-6, 7...
    iKmdServerElementIndex, // Only range 0-6 are checked
    iKmdServerElements      // The list of policy elements
    };

const TInt KIkeV1PluginHandlerIndex( 0 );
const TInt KIkeV2PluginHandlerIndex( 1 );
Пример #6
0
	{	
	EFirstUnrestrictedOpcodeInAppListServ,
	EFirstOpcodeNeedingWriteDeviceDataInAppListServ, 
	EAppListFirstUnusedOpcode,
	};

const TUint8 KElementsIndex[KRangeCount] =
	{
	CPolicyServer::EAlwaysPass,			//Always passing no capability required [0-99]
	KPolicyElementWriteDeviceData,		//Requires WriteDeviceData				 [100-(EAppListFirstUnusedOpcode-1)]
	CPolicyServer::ENotSupported, 		//Not Supported		[EAppListFirstUnusedOpcode-End]
	};

const CPolicyServer::TPolicyElement KPolicyElements[] = 
	{ 
	{_INIT_SECURITY_POLICY_C1(ECapabilityWriteDeviceData), CPolicyServer::EFailClient} 
	};

const CPolicyServer::TPolicy KApaServPolicy =
	{
	CPolicyServer::EAlwaysPass, 
	KRangeCount,
	KAppListServRanges,
	KElementsIndex, 	
	KPolicyElements 	
	};
 	


//////////////////////////////
// CApaAppListServer
Пример #7
0
// Total number of ranges
const TUint suplServerPolicyRangeCount =
    sizeof(suplServerPolicyRanges) / sizeof(TInt);

// Types of Policies
enum TPolicies
{
    EPolicyCommDDNeeded = 0
};

// Specific capability checks
const CPolicyServer::TPolicyElement suplServerPolicyElements[] =
{
    // policy EPolicyCommDDNeeded - fail call if Location not present
    {_INIT_SECURITY_POLICY_C1(ECapabilityCommDD), CPolicyServer::EFailClient}
};

//Policy to implement for each of the above ranges

const TUint8 suplServerPolicyElementsIndex[suplServerPolicyRangeCount] =
{
    CPolicyServer::ENotSupported,           // unsupported
    CPolicyServer::ECustomCheck,	                // subsession open
    CPolicyServer::ECustomCheck,	                // subsession close
    CPolicyServer::ECustomCheck,	                // sync runsession
    CPolicyServer::ECustomCheck,	                // async runsession
    CPolicyServer::ECustomCheck,					// GetPosition
    CPolicyServer::ECustomCheck,					// StartSuplTriggerSession
    CPolicyServer::ECustomCheck,					// StartSuplTriggerSession with server
    CPolicyServer::EAlwaysPass,				// Forward Message