diff -r 000000000000 -r b497e44ab2fc policymanagement/policyengine/policyengineserver/src/CommsDatEnforcement.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/policymanagement/policyengine/policyengineserver/src/CommsDatEnforcement.cpp Thu Dec 17 09:07:52 2009 +0200 @@ -0,0 +1,505 @@ +/* +* Copyright (c) 2002-2004 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: Implementation of policymanagement components +* +*/ + + +// INCLUDE FILES + + +#include + +#include "CommsDatEnforcement.h" +#include "XACMLconstants.h" +#include "debug.h" +#include "PolicyEngineServer.h" +#include "PolicyStorage.h" + +#include + +#include +#include +#include +#include + +// EXTERNAL DATA STRUCTURES +// EXTERNAL FUNCTION PROTOTYPES +// CONSTANTS + +_LIT( KCommsDatEnformentPanic, "CommsDat enforcement panic"); + + +//Repository UIDs + +const TUid TCommsDatRepository = { 0xCCCCCC00 }; +const TUint32 KCDMaskRecordType = 0x7f800000; + +const TUint32 KWLANServiceExtRecord = 0x05000000; + +const TPtrC KWLANServiceExtTable( _S("WLANServiceExtensionTable")); +const TPtrC KWLANServiceTable( _S("WLANServiceTable")); +const TPtrC KWLANDeviceTable( _S("WLANDeviceTable")); +const TPtrC KWLANSecondarySSID( _S("SecondarySSID")); +const TPtrC KDestinationNetwork( _S("DestinationNetwork")); + + +_LIT8( KAPURI, "AP"); + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::CCommsDatEnforcement() +// ----------------------------------------------------------------------------- +// +CCommsDatEnforcement::CCommsDatEnforcement() + { + RDEBUG("CCommsDatEnforcement::CCommsDatEnforcement()"); + } + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::~CCommsDatEnforcement() +// ----------------------------------------------------------------------------- +// +CCommsDatEnforcement::~CCommsDatEnforcement() + { + RDEBUG("CCommsDatEnforcement::~CCommsDatEnforcement()"); + + if( iSession ) + { + iSession->Close(); + delete iSession; + } + + iMaskList.Close(); + iTableList.Close(); + iCommsDatEnforcement.Close(); + iCentRepServer.Close(); + iDMUtil.Close(); + } + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::ConstructL() +// ----------------------------------------------------------------------------- +// +void CCommsDatEnforcement::ConstructL() + { + RDEBUG("CCommsDatEnforcement::ConstructL()"); + //no implementation needed + iSession = CMDBSession::NewL( CMDBSession::LatestVersion() ); + } + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::NewL() +// ----------------------------------------------------------------------------- +// +CCommsDatEnforcement* CCommsDatEnforcement::NewL( const TDesC8& aEnforcementId ) + { + RDEBUG("CCommsDatEnforcement::NewL()"); + CCommsDatEnforcement* self = 0; + + if( aEnforcementId == PolicyLanguage::Constants::EAPEnforcementPolicy ) + { + RDEBUG(" -> EAPEnforcementPolicy"); + self = new ( ELeave ) CCommsDatEnforcement(); + self->ConstructL(); + CleanupStack::PushL( self ); + self->iMaskList.AppendL( KCDTIdWAPAccessPointRecord ); + self->iTableList.AppendL( TPtrC(KCDTypeNameWAPAccessPoint )); + self->iMaskList.AppendL( KCDTIdWAPSMSBearerRecord ); + self->iTableList.AppendL( TPtrC(KCDTypeNameWAPSMSBearer) ); + self->iMaskList.AppendL( KCDTIdWAPIPBearerRecord ); + self->iTableList.AppendL( TPtrC(KCDTypeNameWAPIPBearer) ); + self->iMaskList.AppendL( KCDTIdIAPRecord ); + self->iTableList.AppendL( TPtrC(KCDTypeNameIAP) ); + self->iSettingType = EAPEnforcement; + CleanupStack::Pop( self ); + } + else if( aEnforcementId == PolicyLanguage::Constants::EWLANEnforcementPolicy ) + { + RDEBUG(" -> EWLANEnforcementPolicy"); + self = new ( ELeave ) CCommsDatEnforcement(); + self->ConstructL(); + CleanupStack::PushL( self ); + self->iMaskList.AppendL( KWLANServiceExtRecord ); + self->iTableList.AppendL( KWLANServiceExtTable ); + + TUint32 wlanServiceTableId = self->GetRecordIdL( KWLANServiceTable ); + self->iMaskList.AppendL( wlanServiceTableId ); + self->iTableList.AppendL( KWLANServiceTable ); + + TUint32 wlanDeviceTableId = self->GetRecordIdL( KWLANDeviceTable ); + self->iMaskList.AppendL( wlanDeviceTableId ); + self->iTableList.AppendL( KWLANDeviceTable ); + + TUint32 wlanSSIDTableId = self->GetRecordIdL( KWLANSecondarySSID ); + self->iMaskList.AppendL( wlanSSIDTableId ); + self->iTableList.AppendL( KWLANSecondarySSID ); + + TUint32 wlanDestinationNetworkTableId = self->GetRecordIdL( KDestinationNetwork ); + self->iMaskList.AppendL( wlanDestinationNetworkTableId ); + self->iTableList.AppendL( KDestinationNetwork ); + + self->iSettingType = EWLANEnforcement; + CleanupStack::Pop( self ); + } + + return self; + } + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::ValidEnforcementElement() +// ----------------------------------------------------------------------------- +// +TBool CCommsDatEnforcement::ValidEnforcementElement( const TDesC8& aEnforcementId ) + { + RDEBUG("CCommsDatEnforcement::ValidEnforcementElement()"); + if ( aEnforcementId == PolicyLanguage::Constants::EAPEnforcementPolicy ) + { + RDEBUG(" -> valid EAPEnforcementPolicy"); + return ETrue; + } + else if ( aEnforcementId == PolicyLanguage::Constants::EWLANEnforcementPolicy ) + { + RDEBUG(" -> valid EWLANEnforcementPolicy"); + return ETrue; + } + + return EFalse; + } + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::InitEnforcement() +// ----------------------------------------------------------------------------- +// +void CCommsDatEnforcement::InitEnforcementL( TRequestStatus& aRequestStatus ) + { + RDEBUG("CCommsDatEnforcement::InitEnforcementL()"); + //set restore flag + if ( iAccessControlList->Count() ) + { + iRestore = EFalse; + } + else + { + iRestore = ETrue; + iInitState++; + } + + //in first phase open connections to centreptool + if ( iInitState == 0 || iRestore ) + { + RDEBUG(" -> Opening connections ... "); + User::LeaveIfError( iCentRepServer.Connect() ); + User::LeaveIfError( iCommsDatEnforcement.Open( TCommsDatRepository , iCentRepServer ) ); + User::LeaveIfError( iDMUtil.Connect()); + RDEBUG(" -> Opening connections ... DONE!"); + } + + //init each session in own cycle.... + switch ( iInitState ) + { + case 0: + { + RDEBUG("CCommsDatEnforcement: Protect AP tables ... "); + CCommsDatabaseProtect* dbprotect = CCommsDatabaseProtect::NewL(); + + //add protection for GS + for ( TInt i( 0 ); i < iTableList.Count(); i++ ) + { + TInt err = dbprotect->ProtectTable( iTableList[ i ] ); + RDEBUG_2("CCommsDatEnforcement: Protection status %d", err ); + } + + delete dbprotect; + dbprotect = NULL; + + // enable all WLAN AP locks + if(iSettingType == EWLANEnforcement) + { + LockWLANAccessPointsL( ETrue ); + } + + //compelete request + TRequestStatus * status = &aRequestStatus; + User::RequestComplete( status, KErrNone ); + } + break; + case 1: + { + RDEBUG("CCommsDatEnforcement: Init commsDat enforcement session"); + iCommsDatEnforcement.InitSession( aRequestStatus ); + } + break; + default: + { + RDEBUG("**** CCommsDatEnforcement PANIC, invalid switch-case!"); + User::Panic( KCommsDatEnformentPanic, KErrAbort ); + } + break; + } + + iInitState++; + } + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::InitReady() +// ----------------------------------------------------------------------------- +// +TBool CCommsDatEnforcement::InitReady() + { + RDEBUG("CCommsDatEnforcement::InitReady()"); + return ( iInitState > 1 ); + } + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::InitReady() +// ----------------------------------------------------------------------------- +// +void CCommsDatEnforcement::DoEnforcementL( TRequestStatus& aRequestStatus ) + { + RDEBUG("CCommsDatEnforcement::DoEnforcementL()"); + if( !iRestore ) + { + //if there any number subject which have exclusively right for setting, give access only for DM client + for ( TInt i( 0 ); i < iMaskList.Count(); i++ ) + { + RDEBUG_3(" making enforcement: %d/%d", i, iMaskList.Count() ); + User::LeaveIfError( iCommsDatEnforcement.SetSIDWRForMask( iMaskList[ i ], KCDMaskRecordType, KDMClientUiD)); + User::LeaveIfError( iCommsDatEnforcement.RemoveBackupFlagForMask( iMaskList[ i ], KCDMaskRecordType)); + CPolicyStorage::PolicyStorage()->ActivateEnforcementFlagL( iSettingType ); + } + + //ACL... + RDEBUG(" making ACL modifications for enforcement ... "); + User::LeaveIfError( iDMUtil.SetMngSessionCertificate( SessionCertificate() ) ); + User::LeaveIfError( iDMUtil.AddACLForNode( KAPURI, EForChildrens, EACLDelete ) ); + User::LeaveIfError( iDMUtil.AddACLForNode( KAPURI, EForNode, EACLGet ) ); + User::LeaveIfError( iDMUtil.SetACLForNode( KAPURI, EForNode, EACLAdd ) ); + RDEBUG(" making ACL modifications for enforcement ... DONE!"); + } + else + { + //Clear default settings + for ( TInt i( 0 ); i < iMaskList.Count(); i++ ) + { + RDEBUG_3(" clearing default settings: %d/%d", i, iMaskList.Count() ); + User::LeaveIfError( iCommsDatEnforcement.RestoreMask( iMaskList[ i ], KCDMaskRecordType )); + User::LeaveIfError( iCommsDatEnforcement.RestoreBackupFlagForMask( iMaskList[ i ], KCDMaskRecordType)); + CPolicyStorage::PolicyStorage()->DeactivateEnforcementFlagL( iSettingType ); + } + + //ACL... + RDEBUG(" removing ACL modifications for enforcement ... "); + User::LeaveIfError( iDMUtil.RemoveACL( KAPURI, ETrue ) ); + RDEBUG(" removing ACL modifications for enforcement ... DONE!"); + + } + + iEnforcementState++; + TRequestStatus * status = &aRequestStatus; + User::RequestComplete( status, KErrNone ); + } + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::EnforcementReady() +// ----------------------------------------------------------------------------- +// +TBool CCommsDatEnforcement::EnforcementReady() + { + RDEBUG("CCommsDatEnforcement::EnforcementReady()"); + return iEnforcementState > 0; + } + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::FinishEnforcementL() +// ----------------------------------------------------------------------------- +// +void CCommsDatEnforcement::FinishEnforcementL( TBool aFlushSettings) + { + RDEBUG("CCommsDatEnforcement::FinishEnforcementL()"); + //Close sessions + if( aFlushSettings ) + { + iCommsDatEnforcement.Flush(); + iDMUtil.Flush(); + } + + iCommsDatEnforcement.Close(); + + //Close centrep server... + iCentRepServer.Close(); + + iDMUtil.Close(); + + + if( iRestore && aFlushSettings ) + { + RDEBUG("PolicyEngineServer: Remove AP table Protection"); + + CCommsDatabaseProtect* dbprotect = CCommsDatabaseProtect::NewL(); + CleanupStack::PushL( dbprotect ); + + TRAP_IGNORE( LockWLANAccessPointsL( EFalse ) ); + //remove protection for GS + for ( TInt i( 0 ); i < iTableList.Count(); i++ ) + { + TInt err = dbprotect->UnProtectTable( iTableList[ i ] ); + RDEBUG_2("PolicyEngineServer: Protection status %d", err ); + } + //Condition when AP + WLAN are enforced and AP is being removed + //GS should still show lock icons for WLANs + RDbRowSet::TAccess checkAccessType = RDbRowSet::EReadOnly ; + TRAP_IGNORE( checkAccessType = dbprotect->GetTableAccessL(TPtrC(WLAN_SERVICE))); + switch(checkAccessType) + { + case RDbRowSet::EReadOnly : + TRAP_IGNORE(LockWLANAccessPointsL( ETrue )); + default : break; + } + CleanupStack::PopAndDestroy( dbprotect ); + } + } + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::AccessRightList() +// ----------------------------------------------------------------------------- +// +void CCommsDatEnforcement::AccessRightList( RAccessControlList& aAccessControlList) + { + RDEBUG("CCommsDatEnforcement::AccessRightList()"); + iAccessControlList = &aAccessControlList; + } + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::ResetEnforcementL() +// ----------------------------------------------------------------------------- +// +void CCommsDatEnforcement::ResetEnforcementL() + { + RDEBUG("CCommsDatEnforcement::ResetEnforcementL()"); + + User::LeaveIfError( iCentRepServer.Connect() ); + User::LeaveIfError( iCommsDatEnforcement.Open( TCommsDatRepository , iCentRepServer ) ); + User::LeaveIfError( iDMUtil.Connect()); + + TRequestStatus request; + iCommsDatEnforcement.InitSession( request ); + User::WaitForRequest( request); + + for ( TInt i( 0 ); i < iMaskList.Count(); i++ ) + { + User::LeaveIfError( iCommsDatEnforcement.RestoreMask( iMaskList[ i ], KCDMaskRecordType )); + User::LeaveIfError( iCommsDatEnforcement.RestoreBackupFlagForMask( iMaskList[ i ], KCDMaskRecordType)); + } + + //ACL... + User::LeaveIfError( iDMUtil.RemoveACL( KAPURI, ETrue ) ); + + + iCommsDatEnforcement.Flush(); + iCommsDatEnforcement.Close(); + iCentRepServer.Close(); + iDMUtil.Close(); + } + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::LockWLANAccessPointsL() +// ----------------------------------------------------------------------------- +// +void CCommsDatEnforcement::LockWLANAccessPointsL( TBool aLockValue ) + { + RDEBUG_2("CCommsDatEnforcement::LockAccessPoint( %d )", aLockValue ); + + //Get WLAN service table and get ServiceID--> which is nothing but IAP ID and lock that record + + //TBool ret = EFalse; + TUint32 apIAPID = 0; + + CCommsDbTableView* checkView; + CCommsDatabase* commsDataBase = CCommsDatabase::NewL(); + CleanupStack::PushL( commsDataBase ); + checkView = commsDataBase->OpenTableLC(TPtrC(IAP)); + RDEBUG(" -> After opening IAP table "); + TBuf serviceType; + TInt error = checkView->GotoFirstRecord(); + RDEBUG(" -> After going to first record "); + while (error == KErrNone) + { + RDEBUG(" -> KERRNONE "); + // Get the ID and check for service type + checkView->ReadTextL(TPtrC(IAP_SERVICE_TYPE), serviceType); + if(serviceType == TPtrC(LAN_SERVICE)) + { + checkView->ReadUintL(TPtrC(COMMDB_ID), apIAPID); + RDEBUG_2(" ->found %d WLAN AP. being protected or unprotected", apIAPID ); + if(aLockValue) + { + ((CCommsDbProtectTableView*)checkView)->ProtectRecord(); + RDEBUG(" -> WLAN AP protected successfully!"); + } + else + { + ((CCommsDbProtectTableView*)checkView)->UnprotectRecord(); + RDEBUG(" -> WLAN AP UN protected successfully!"); + } + + } + error = checkView->GotoNextRecord(); + + } + CleanupStack::PopAndDestroy(); // checkView + + CleanupStack::PopAndDestroy( commsDataBase ); + + + } + + +// ----------------------------------------------------------------------------- +// CCommsDatEnforcement::GetRecordId() +// ----------------------------------------------------------------------------- +// +TUint32 CCommsDatEnforcement::GetRecordIdL( const TDesC& aTableName ) + { + RDEBUG_2("looking rentrep record id for table: %S", &aTableName ); + TMDBElementId tableRecordId = 0; + CMDBGenericRecord* tempUserDefinedRecord = static_cast(CCDRecordBase::RecordFactoryL(0)); + CleanupStack::PushL(tempUserDefinedRecord); + + tempUserDefinedRecord->InitializeL(aTableName, NULL); + tempUserDefinedRecord->LoadL(*iSession); + + // Get the Id that we're interested in... + tableRecordId = tempUserDefinedRecord->TableId(); + RDEBUG_2(" found tableRecordId: %08x", tableRecordId ); + CleanupStack::PopAndDestroy(tempUserDefinedRecord); + + // ..and validate it. + if ((tableRecordId & KCDMaskShowRecordType) < KCDInitialUDefRecordType) + { + RDEBUG("Error validating tableRecordId"); + User::Leave(KErrNotFound); + } + + return tableRecordId; + } +