![[Index]](../../../../a_stock/images/btn_index.gif)
![[Previous]](../../../../a_stock/images/btn_prev_top.gif)
![[Next]](../../../../a_stock/images/btn_next_top.gif)
|
|
|
|
|
|
||
class TSecurityPolicy;
Class representing a generic security policy
This class can specify a security policy consisting of either:
A check for between 0 and 7 capabilities
A check for a given Secure ID along with 0-3 capabilities
A check for a given Vendor ID along with 0-3 capabilities
If multiple capabilities are specified, all of them must be present for the security check to succeed ('AND' relation).
The envisaged use case for this class is to specify access rights to an object managed either by the kernel or by a server but in principle owned by a client and usable in a limited way by other clients. For example
Publish and Subscribe properties
DBMS databases
In these cases the owning client would pass one (or more) of these objects to the server to specify which security checks should be done on other clients before allowing access to the object.
To pass a TSecurityPolicy object via IPC, a client should obtain a descriptor for the object using TSecurityPolicy::Package()const and send this. When a server receives this descriptor it should read the descriptor contents into a TSecurityPolicyBuf and
then TSecurityPolicy::Set(const TDesC8 &) should be used to create a policy object from this.
Because this class has non-default constructors, compilers will not initialise this object at compile time, instead code will be generated to construct the object at run-time. This is wasteful - and Symbian OS DLLs are not permitted to have such uninitialised data. To overcome these problems a set of macros are provided to construct a const object which behaves like a TSecurityPolicy. These are:
_LIT_SECURITY_POLICY_C1 through _LIT_SECURITY_POLICY_C7, _LIT_SECURITY_POLICY_S0 through _LIT_SECURITY_POLICY_S3 and _LIT_SECURITY_POLICY_V0 through _LIT_SECURITY_POLICY_V3.
Also, the macros _LIT_SECURITY_POLICY_PASS and _LIT_SECURITY_POLICY_FAIL are provided in order to allow easy construction of a const object which can be used as a TSecuityPolicy which always passes or always fails, respectively.
If a security policy object is needed to be embedded in another class then the TStaticSecurityPolicy structure can be used. This behaves in the same way as a TSecurityPolicy object but may be initialised at compile time.
Defined in TSecurityPolicy:
CheckPolicy(RMessagePtr2,const char *)constChecks this policy against the platform security attributes of the process which...CheckPolicy(RProcess,const char *)constChecks this policy against the platform security attributes of aProcess.CheckPolicy(RThread,const char *)constChecks this policy against the platform security attributes of the process ownin...CheckPolicyCreator(const char *)constChecks this policy against the platform security attributes of this process' cre...EAlwaysFailEAlwaysPassETypeC3Up to 3 capabilities ETypeC7Up to 7 capabilities ETypeFailAlways fail ETypePassAlways pass ETypeS3Secure ID and up to 3 capabilities ETypeV3Vendor ID and up to 3 capabilities Package()constConstructs a TPtrC8 wrapping the platform security attributes of this TSecurityP...Set(const TDesC8 &)Sets this TSecurityPolicy to a copy of the policy described by the supplied desc...TSecPolicyTypeTSecurityPolicy()Constructs a TSecurityPolicy that will always fail, irrespective of the checked ...TSecurityPolicy(TCapability,TCapability,TCapability)Construct a TSecurityPolicy object to check up to 3 capabilties. TSecurityPolicy(TCapability,TCapability,TCapability,TCapability,TCapability,TCapability,TCapability)Construct a TSecurityPolicy object to check up to 7 capabilties. TSecurityPolicy(TSecPolicyType)Constructs a TSecurityPolicy to either always pass or always fail checks made ag...TSecurityPolicy(TSecureId,TCapability,TCapability,TCapability)Construct a TSecurityPolicy object to check a secure id and up to 3 capabilties....TSecurityPolicy(TVendorId,TCapability,TCapability,TCapability)Construct a TSecurityPolicy object to check a vendor id and up to 3 capabilties....TTypeConstants to specify the type of TSecurityPolicy objects.TStaticSecurityPolicyStructure for compile-time initialisation of a security policy.TSecurityPolicyBufProvides a TPkcgBuf wrapper for a descriptorised TSecurityPolicy. This a suitabl...inline TSecurityPolicy();
Constructs a TSecurityPolicy that will always fail, irrespective of the checked object's attributes.
IMPORT_C TSecurityPolicy(TSecPolicyType aType);
Constructs a TSecurityPolicy to either always pass or always fail checks made against it, depending on the value of aType.
|
|
IMPORT_C TSecurityPolicy(TCapability aCap1, TCapability aCap2=ECapability_None, TCapability aCap3=ECapability_None);
Construct a TSecurityPolicy object to check up to 3 capabilties.
|
|
TSecurityPolicy(TCapability,TCapability,TCapability,TCapability,TCapability,TCapability,TCapability)IMPORT_C TSecurityPolicy(TCapability aCap1, TCapability aCap2, TCapability aCap3, TCapability aCap4, TCapability aCap5=ECapability_None,
TCapability aCap6=ECapability_None, TCapability aCap7=ECapability_None);
Construct a TSecurityPolicy object to check up to 7 capabilties.
|
|
IMPORT_C TSecurityPolicy(TSecureId aSecureId, TCapability aCap1=ECapability_None, TCapability aCap2=ECapability_None, TCapability
aCap3=ECapability_None);
Construct a TSecurityPolicy object to check a secure id and up to 3 capabilties.
|
|
IMPORT_C TSecurityPolicy(TVendorId aVendorId, TCapability aCap1=ECapability_None, TCapability aCap2=ECapability_None, TCapability
aCap3=ECapability_None);
Construct a TSecurityPolicy object to check a vendor id and up to 3 capabilties.
|
|
|
|
IMPORT_C TInt Set(const TDesC8 &aDes);
Sets this TSecurityPolicy to a copy of the policy described by the supplied descriptor. Such a descriptor can be obtained
from TSecurityPolicy::Package()const.
|
|
![[Top]](../../../../a_stock/images/arrow_up_2.gif){kind=icon}
TSecurityPolicy::Package()constConstructs a TPtrC8 wrapping the platform security attributes of this TSecurityP...IMPORT_C TPtrC8 Package() const;
Constructs a TPtrC8 wrapping the platform security attributes of this TSecurityPolicy. Such a descriptor is suitable for passing across the client
server boundary.
The format of the descriptor is determined by the first byte which specifies the type of this TSecurityPolicy. The first byte
is one of the constants specified in the enum TSecurityPolicy::TType.
For TSecurityPolicy objects of types ETypeC3, ETypeS3, ETypePass or ETypeFail the descriptor will contain the following data in the order listed:
TUint8 iType; // set to ETypeC3, ETypeS3, ETypePass or ETypeFail
TUint8 iCaps[3];
TUint32 iSecureId;ETypeC3 descriptors will contain capabilities in iCaps but have iSecureId set to ECapability_None. ETypeS3 are similar to ETypeC3 descriptors but will have iSecureId set to the secure ID value of the TSecurityPolicy object. ETypePass and ETypeFail objects will have values of all of the elements of iCaps and iSecureId set to ECapability_None.
For TSecurityPolicy objects of type ETypeV3 the descriptor will contain the following data in the order listed:
TUint8 iType; // set to ETypeV3
TUint8 iCaps[3]; // set to the values of 3 capabilities
TUint32 iVendorId; // set to the value of the vendor ID of the TSecurityPolicyFor TSecurityPolicy objects of type ETypeC7 the descriptor will contain the following data in the order listed:
TUint8 iType; // set to ETypeC7
TUint8 iCaps[3]; // set to the values of 3 of the objects capabilities
TUint8 iExtraCaps[4]; // set to the values of 4 of the objects capabilities
|
TSecurityPolicy::TTypeConstants to specify the type of TSecurityPolicy objects.TSecurityPolicy::Set(const TDesC8 &)Sets this TSecurityPolicy to a copy of the policy described by the supplied desc...inline TBool CheckPolicy(RProcess aProcess, const char *aDiagnostic=0) const;
Checks this policy against the platform security attributes of aProcess.
When a check fails the action taken is determined by the system wide Platform Security configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted. If PlatSecEnforcement is OFF, then this function will return ETrue even though the check failed.
|
|
|
inline TBool CheckPolicy(RThread aThread, const char *aDiagnostic=0) const;
Checks this policy against the platform security attributes of the process owning aThread.
When a check fails the action taken is determined by the system wide Platform Security configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted. If PlatSecEnforcement is OFF, then this function will return ETrue even though the check failed.
|
|
|
inline TBool CheckPolicy(RMessagePtr2 aMsgPtr, const char *aDiagnostic=0) const;
Checks this policy against the platform security attributes of the process which sent the given message.
When a check fails the action taken is determined by the system wide Platform Security configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted. If PlatSecEnforcement is OFF, then this function will return ETrue even though the check failed.
|
|
|
inline TBool CheckPolicyCreator(const char *aDiagnostic=0) const;
Checks this policy against the platform security attributes of this process' creator.
When a check fails the action taken is determined by the system wide Platform Security configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted. If PlatSecEnforcement is OFF, then this function will return ETrue even though the check failed.
|
|
|
|
|
|
Copyright © 2005-2008 Symbian Software Ltd. |
|
![[Previous]](../../../../a_stock/images/btn_prev.gif)
![[Top]](../../../../a_stock/images/btn_top.gif)
![[Next]](../../../../a_stock/images/btn_next.gif)