»
Symbian OS v9.2 »
Symbian OS reference »
C++ component reference »
Base E32 »
TSecurityPolicy
Location:
e32cmn.h
Link against: euser.lib
class TSecurityPolicy;
Description
Class representing a generic security policy
This class can specify a security policy consisting of either:
-
A check for between 0 and 7 capabilities
-
A check for a given Secure ID along with 0-3 capabilities
-
A check for a given Vendor ID along with 0-3 capabilities
If multiple capabilities are specified, all of them must be present for the security check to succeed ('AND' relation).
The envisaged use case for this class is to specify access rights to an object managed either by the kernel or by a server but in principle owned by a client and usable in a limited way by other clients. For example
In these cases the owning client would pass one (or more) of these objects to the server to specify which security checks should be done on other clients before allowing access to the object.
To pass a TSecurityPolicy object via IPC, a client should obtain a descriptor for the object using Package() and send this. When a server receives this descriptor it should read the descriptor contents into a TSecurityPolicyBuf and then Set() should be used to create a policy object from this.
Because this class has non-default constructors, compilers will not initialise this object at compile time, instead code will be generated to construct the object at run-time. This is wasteful - and Symbian OS DLLs are not permitted to have such uninitialised data. To overcome these problems a set of macros are provided to construct a const object which behaves like a TSecurityPolicy. These are:
_LIT_SECURITY_POLICY_C1 through _LIT_SECURITY_POLICY_C7, _LIT_SECURITY_POLICY_S0 through _LIT_SECURITY_POLICY_S3 and _LIT_SECURITY_POLICY_V0 through _LIT_SECURITY_POLICY_V3.
Also, the macros _LIT_SECURITY_POLICY_PASS and _LIT_SECURITY_POLICY_FAIL are provided in order to allow easy construction of a const object which can be used as a TSecuityPolicy which always passes or always fails, respectively.
If a security policy object is needed to be embedded in another class then the TStaticSecurityPolicy structure can be used. This behaves in the same way as a TSecurityPolicy object but may be initialised at compile time.
Members
Defined in TSecurityPolicy:
CheckPolicy(), CheckPolicy(), CheckPolicy(), CheckPolicy(), CheckPolicyCreator(), EAlwaysFail, EAlwaysPass, Package(), Set(), TSecPolicyType, TSecurityPolicy(), TSecurityPolicy(), TSecurityPolicy(), TSecurityPolicy(), TSecurityPolicy(), TSecurityPolicy()
See also:
TStaticSecurityPolicyTSecurityPolicyBuf_LIT_SECURITY_POLICY_PASS_LIT_SECURITY_POLICY_FAIL_LIT_SECURITY_POLICY_C1_LIT_SECURITY_POLICY_C2_LIT_SECURITY_POLICY_C3_LIT_SECURITY_POLICY_C4_LIT_SECURITY_POLICY_C5_LIT_SECURITY_POLICY_C6_LIT_SECURITY_POLICY_C7_LIT_SECURITY_POLICY_S0_LIT_SECURITY_POLICY_S1_LIT_SECURITY_POLICY_S2_LIT_SECURITY_POLICY_S3_LIT_SECURITY_POLICY_V0_LIT_SECURITY_POLICY_V1_LIT_SECURITY_POLICY_V2_LIT_SECURITY_POLICY_V3
Construction and destruction
inline TSecurityPolicy();
Description
Constructs a TSecurityPolicy that will always fail, irrespective of the checked object's attributes.
IMPORT_C TSecurityPolicy(TSecPolicyType aType);
Description
Constructs a TSecurityPolicy to either always pass or always fail checks made against it, depending on the value of aType.
Parameters
Panic codes
USER |
191 if aType is not a valid value |
|
IMPORT_C TSecurityPolicy(TCapability aCap1, TCapability aCap2=ECapability_None, TCapability aCap3=ECapability_None);
Description
Construct a TSecurityPolicy object to check up to 3 capabilties.
Parameters
TCapability aCap1 |
The first capability to add to this policy |
TCapability aCap2 |
An optional second capability to add to this policy |
TCapability aCap3 |
An optional third capability to add to this policy |
|
Panic codes
USER |
189 If any of the supplied capabilities are not valid. |
|
IMPORT_C TSecurityPolicy(TCapability aCap1, TCapability aCap2, TCapability aCap3, TCapability aCap4, TCapability aCap5=ECapability_None, TCapability aCap6=ECapability_None, TCapability aCap7=ECapability_None);
Description
Construct a TSecurityPolicy object to check up to 7 capabilties.
Parameters
TCapability aCap1 |
The first capability to add to this policy |
TCapability aCap2 |
The second capability to add to this policy |
TCapability aCap3 |
The third capability to add to this policy |
TCapability aCap4 |
The fourth capability to add to this policy |
TCapability aCap5 |
An optional fifth capability to add to this policy |
TCapability aCap6 |
An optional sixth capability to add to this policy |
TCapability aCap7 |
An optional seventh capability to add to this policy |
|
Panic codes
USER |
189 If any of the supplied capabilities are not valid. |
|
IMPORT_C TSecurityPolicy(TSecureId aSecureId, TCapability aCap1=ECapability_None, TCapability aCap2=ECapability_None, TCapability aCap3=ECapability_None);
Description
Construct a TSecurityPolicy object to check a secure id and up to 3 capabilties.
Parameters
TSecureId aSecureId |
The secure id to add to this policy |
TCapability aCap1 |
The first capability to add to this policy |
TCapability aCap2 |
The second capability to add to this policy |
TCapability aCap3 |
The third capability to add to this policy |
|
Panic codes
USER |
189 If any of the supplied capabilities are not valid. |
|
IMPORT_C TSecurityPolicy(TVendorId aVendorId, TCapability aCap1=ECapability_None, TCapability aCap2=ECapability_None, TCapability aCap3=ECapability_None);
Description
Construct a TSecurityPolicy object to check a vendor id and up to 3 capabilties.
Parameters
TVendorId aVendorId |
The vendor id to add to this policy |
TCapability aCap1 |
The first capability to add to this policy |
TCapability aCap2 |
The second capability to add to this policy |
TCapability aCap3 |
The third capability to add to this policy |
|
Panic codes
USER |
189 If any of the supplied capabilities are not valid. |
|
IMPORT_C TInt Set(const TDesC8 &aDes);
Description
Sets this TSecurityPolicy to a copy of the policy described by the supplied descriptor. Such a descriptor can be obtained from TSecurityPolicy::Package().
Parameters
const TDesC8 &aDes |
A descriptor representing the state of another TSecurityPolicy. |
|
Return value
TInt
|
KErrNone, if successful, otherwise one of the other system-wide error codes. |
|
IMPORT_C TPtrC8 Package() const;
Description
Constructs a TPtrC8 wrapping the platform security attributes of this TSecurityPolicy. Such a descriptor is suitable for passing across the client server boundary.
Return value
TPtrC8
|
A TPtrC8 wrapping the platform security attributes of this TSecurityPolicy. |
|
inline TBool CheckPolicy(RProcess aProcess, const char *aDiagnostic=0) const;
Description
Checks this policy against the platform security attributes of aProcess.
When a check fails the action taken is determined by the system wide Platform Security configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted. If PlatSecEnforcement is OFF, then this function will return ETrue even though the check failed.
Parameters
RProcess aProcess |
The RProcess object to check against this TSecurityPolicy. |
const char *aDiagnostic |
A string that will be emitted along with any diagnostic message that may be issued if the policy check fails. This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro which enables it to be easily removed from the system. |
|
Return value
TBool
|
ETrue if all the requirements of this TSecurityPolicy are met by the platform security attributes of aProcess, EFalse otherwise. |
|
Panic codes
USER |
190 if 'this' is an invalid SSecurityInfo object |
|
inline TBool CheckPolicy(RThread aThread, const char *aDiagnostic=0) const;
Description
Checks this policy against the platform security attributes of the process owning aThread.
When a check fails the action taken is determined by the system wide Platform Security configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted. If PlatSecEnforcement is OFF, then this function will return ETrue even though the check failed.
Parameters
RThread aThread |
The thread whose owning process' platform security attributes are to be checked against this TSecurityPolicy. |
const char *aDiagnostic |
A string that will be emitted along with any diagnostic message that may be issued if the policy check fails. This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro which enables it to be easily removed from the system. |
|
Return value
TBool
|
ETrue if all the requirements of this TSecurityPolicy are met by the platform security parameters of the owning process of aThread, EFalse otherwise. |
|
Panic codes
USER |
190 if 'this' is an invalid SSecurityInfo object |
|
inline TBool CheckPolicy(RMessagePtr2 aMsgPtr, const char *aDiagnostic=0) const;
Description
Checks this policy against the platform security attributes of the process which sent the given message.
When a check fails the action taken is determined by the system wide Platform Security configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted. If PlatSecEnforcement is OFF, then this function will return ETrue even though the check failed.
Parameters
RMessagePtr2 aMsgPtr |
The RMessagePtr2 object to check against this TSecurityPolicy. |
const char *aDiagnostic |
A string that will be emitted along with any diagnostic message that may be issued if the policy check fails. This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro which enables it to be easily removed from the system. |
|
Return value
TBool
|
ETrue if all the requirements of this TSecurityPolicy are met by the platform security attributes of aMsg, EFalse otherwise. |
|
Panic codes
USER |
190 if 'this' is an invalid SSecurityInfo object |
|
inline TBool CheckPolicy(RMessagePtr2 aMsgPtr, TSecurityInfo &aMissing, const char *aDiagnostic=0) const;
Description
Checks this policy against the platform security attributes of the process which sent the given message.
When a check fails the action taken is determined by the system wide Platform Security configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted. If PlatSecEnforcement is OFF, then this function will return ETrue even though the check failed.
Parameters
RMessagePtr2 aMsgPtr |
The RMessagePtr2 object to check against this TSecurityPolicy. |
TSecurityInfo &aMissing |
A TSecurityInfo object which this method fills with any capabilities or IDs it finds to be missing. |
const char *aDiagnostic |
A string that will be emitted along with any diagnostic message that may be issued if the policy check fails. This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro which enables it to be easily removed from the system. |
|
Return value
TBool
|
ETrue if all the requirements of this TSecurityPolicy are met by the platform security attributes of aMsg, EFalse otherwise. |
|
Panic codes
USER |
190 if 'this' is an invalid SSecurityInfo object |
|
inline TBool CheckPolicyCreator(const char *aDiagnostic=0) const;
Description
Checks this policy against the platform security attributes of this process' creator.
When a check fails the action taken is determined by the system wide Platform Security configuration. If PlatSecDiagnostics is ON, then a diagnostic message is emitted. If PlatSecEnforcement is OFF, then this function will return ETrue even though the check failed.
Parameters
const char *aDiagnostic |
A string that will be emitted along with any diagnostic message that may be issued if the policy check fails. This string must be enclosed in the __PLATSEC_DIAGNOSTIC_STRING macro which enables it to be easily removed from the system. |
|
Return value
TBool
|
ETrue if all the requirements of this TSecurityPolicy are met by the platform security attributes of this process' creator, EFalse otherwise. |
|
Panic codes
USER |
190 if 'this' is an invalid SSecurityInfo object |
|
TSecPolicyType
Description
![[Index]](../../../../_stock/btn_index_wt.gif){kind=small}
![[Spacer]](../../../../_stock/btn_spacer.gif){kind=small}
![[Previous]](../../../../_stock/btn_prev_wt.gif){kind=small}
![[Next]](../../../../_stock/btn_next_wt.gif){kind=small}
![[Top]](../../../../_stock/arrow_up_2.gif){kind=icon}
![[Previous]](../../../../_stock/btn_prev.gif){kind=small}
![[Top]](../../../../_stock/btn_top.gif)
![[Next]](../../../../_stock/btn_next.gif){kind=small}