David Caabeiro's Forum Nokia Blog
Writing secure servers with CPolicyServer
PushL | 05 February, 2007 02:59
Symbian v9 introduces new features, one of the most notable being PlatSec. Even though the SDK docs provide good information about related APIs, I haven't seen any sample code illustrating its use.
The main purpose of a server is providing ordered access to a shared resource. In pre-9 releases, this was achieved by means of CServer/CSession ("Symbian OS Explained" provides an excellent overview about this topic). For controlling access to your server, V9 provides a policy framework which is built on top of the newer CServer2 class (for a thorough discussion about this topic, I recommend getting a copy of "Symbian OS Platform Security")
The following snippet shows the necessary changes to add to a sample server (A full working example is provided)
// Security policy
const TUint KServerPolicyRangeCount = 2;
const TInt KServerPolicyRanges[KServerPolicyRangeCount] =
{
0, // range is 0 inclusive
EMaxService // range is 1-KMaxTInt inclusive
};
const TUint8 KServerPolicyElementsIndex[KServerPolicyRangeCount] =
{
0, // applies to 0th range
CPolicyServer::ENotSupported // applies to 1st range
};
const CPolicyServer::TPolicyElement KServerPolicyElements[] =
{
{ _INIT_SECURITY_POLICY_V0(0x7FFFFFFF), CPolicyServer::EFailClient }
};
const CPolicyServer::TPolicy KServerPolicy =
{
CPolicyServer::EAlwaysPass, // specifies all connect attempts should pass
KServerPolicyRangeCount,
KServerPolicyRanges,
KServerPolicyElementsIndex,
KServerPolicyElements
};
The CPolicyServer constructor gets a policy table among its arguments, which represents the server policies:
CSimpleServer::CSimpleServer() :
CPolicyServer(EPriorityStandard, KServerPolicy, ESharableSessions)
{}
In this example case, we're dealing with just one function. The KServerPolicyRanges elements represent the ranges of function numbers (obtained by RMessage2::Function() ) to be searched for. The index obtained is used in KServerPolicyElementsIndex to determine the policy to be applied (which is specified in the KServerPolicyElements array)
So when a message is received with function number 0, the framework determines that it corresponds to the first entry of the ranges array, which determines the policy to use (in this case the check of a specific vendor id). In case of failure, the message is completed with KErrPermissionDenied. Other requests containing a different function number will return KErrNotSupported (as specified by the ENotSupported item in the policy array)
Other recommended reading: Transient Server Template
The main purpose of a server is providing ordered access to a shared resource. In pre-9 releases, this was achieved by means of CServer/CSession ("Symbian OS Explained" provides an excellent overview about this topic). For controlling access to your server, V9 provides a policy framework which is built on top of the newer CServer2 class (for a thorough discussion about this topic, I recommend getting a copy of "Symbian OS Platform Security")
The following snippet shows the necessary changes to add to a sample server (A full working example is provided)
// Security policy
const TUint KServerPolicyRangeCount = 2;
const TInt KServerPolicyRanges[KServerPolicyRangeCount] =
{
0, // range is 0 inclusive
EMaxService // range is 1-KMaxTInt inclusive
};
const TUint8 KServerPolicyElementsIndex[KServerPolicyRangeCount] =
{
0, // applies to 0th range
CPolicyServer::ENotSupported // applies to 1st range
};
const CPolicyServer::TPolicyElement KServerPolicyElements[] =
{
{ _INIT_SECURITY_POLICY_V0(0x7FFFFFFF), CPolicyServer::EFailClient }
};
const CPolicyServer::TPolicy KServerPolicy =
{
CPolicyServer::EAlwaysPass, // specifies all connect attempts should pass
KServerPolicyRangeCount,
KServerPolicyRanges,
KServerPolicyElementsIndex,
KServerPolicyElements
};
The CPolicyServer constructor gets a policy table among its arguments, which represents the server policies:
CSimpleServer::CSimpleServer() :
CPolicyServer(EPriorityStandard, KServerPolicy, ESharableSessions)
{}
In this example case, we're dealing with just one function. The KServerPolicyRanges elements represent the ranges of function numbers (obtained by RMessage2::Function() ) to be searched for. The index obtained is used in KServerPolicyElementsIndex to determine the policy to be applied (which is specified in the KServerPolicyElements array)
So when a message is received with function number 0, the framework determines that it corresponds to the first entry of the ranges array, which determines the policy to use (in this case the check of a specific vendor id). In case of failure, the message is completed with KErrPermissionDenied. Other requests containing a different function number will return KErrNotSupported (as specified by the ENotSupported item in the policy array)
Other recommended reading: Transient Server Template
Symbian C++ |
Permalink |
Comments (1) |
Trackbacks (0)
