#include <e32base.h>
class CPolicyServer::TPolicy |
Public Attributes | |
---|---|
const TPolicyElement * | iElements |
const TUint8 * | iElementsIndex |
TUint8 | iOnConnect |
TUint16 | iRangeCount |
const TInt * | iRanges |
Object specifying which security checks to perform on each request number and what action to take if the check fails.
Explanations of each of the members of this class are detailed below.
As explained in CPolicyServer::CPolicyServer, it is important that the instance of this class (CPolicyServer::TPolicy) given to the policy server constructor, exists for the lifetime of the server. For this reason, as well as code size considerations, it is recommended that the TPolicy instance is const static data. The following code segment shows the recommended way of doing this. Further detail on what each of these statements means is given below.
const TUint myRangeCount = 4; const TInt myRanges[myRangeCount] = { 0, //range is 0-2 inclusive 3, //range is 3-6 inclusive 7, //range is 7 8, //range is 8-KMaxTInt inclusive }; const TUint8 myElementsIndex[myRangeCount] = { 1, //applies to 0th range (req num: 0-2) CPolicyServer::ECustomCheck, //applies to 1st range (req num: 3-6) 0, //applies to 2nd range (req num: 7) CPolicyServer::ENotSupported, //applies to 3rd range (req num: 8-KMaxTInt) }; const CPolicyServer::TPolicyElement myElements[] = { {_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin), CPolicyServer::EFailClient}, {_INIT_SECURITY_POLICY_C1(ECapabilityLocation), CMyPolicyServer::EQueryUser}, } const CPolicySErver::TPolicy myPolicy = { CPolicyServer::EAlwaysPass, //specifies all connect attempts should pass myRangeCount, myRanges, myElementsIndex, myElements, }
const TPolicyElement * | iElements |
A pointer to an array of distinct policy elements.
const TInt myRanges[4] = {0, 3, 7, 8}; const TUInt8 myElementsIndex[4] = { 1, CPolicyServer::ECustomCheck, 0, CPolicyServer::ENotSupported }; const TPolicyElement iElements[] = { {_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin), CPolicyServer::EFailClient}, {_INIT_SECURITY_POLICY_C1(ECapabilityLocation), CMyPolicyServer::EQueryUser} }
Request numbers 0-2 require the Location capability. As the iAction member of the 1st element specifies a custom action (represented by the negative number, CMyPolicyServer::EQueryUser), requests without Location will passed to the reimplementation of CustomFailureActionL.
Request number 7 requires the DiskAdmin capability. Requestors without DiskAdmin will have their request completed with KErrPermissionDenied.
const TUint8 * | iElementsIndex |
A pointer to an array of TUint8 values specifying the appropriate action to take for each range in iRanges. For example, the 0th element of iElementsIndex specifies the appropriate action to take for the 0th range in iRanges. As such, iElementsIndex must have precisely the same number of elements as iRanges.
Each value must be a valid index into iElements (that is, less than the number of elements in iElements) OR a valid value from TSpecialCase.
Elements' values need not follow any special ordering.
Elements may repeat values.
const TInt myRanges[4] = {0, 3, 7, 8}; const TUInt8 myElementsIndex[4] = { 1, CPolicyServer::ECustomCheck, 0, CPolicyServer::ENotSupported };This means that:
Requests within the first range of myRanges (request numbers 0-2) will be checked against the policy specified by the 1st element of iElements.
Requests with the the second range of myRanges (request numbers 3-6) require a custom check to determine if they are allowed. This requires derived server implementations to implement CustomSecurityCheckL()
Requests within the third range of myRanges (request number 7) will be checked against the policy specified by the 0th element of iElements.
Requests within the fourth range of myRanges (request numbers 8-KMaxTInt) will automatically be completed with KErrNotSupported by the policy server framework.
TUint8 | iOnConnect |
The index into iElements, or an allowed value of TSpecialCase, that is used to check a connection attempt .
const TInt * | iRanges |
const TInt myRanges[4] = {0, 3, 7, 8};means that:
the 0th range is 0-2 (inclusive).
the 1st range is 3-6 (inclusive).
the 2nd range is solely request number 7.
the 3rd range is 8-KMaxTInt (inclusive).
Note that the all possible request numbers must be accounted for. This implies that the first element must be 0. It also implies that the last range goes from the that element to KMaxTint. Finally, each element must be strictly greater than the previous element. As the first element is 0, this clearly implies that iRanges must not contain negative elements.