diff -r 000000000000 -r b497e44ab2fc policymanagement/policyengine/policyengineserver/src/PolicyProcessor.cpp --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/policymanagement/policyengine/policyengineserver/src/PolicyProcessor.cpp Thu Dec 17 09:07:52 2009 +0200 @@ -0,0 +1,1228 @@ +/* +* Copyright (c) 2002-2004 Nokia Corporation and/or its subsidiary(-ies). +* All rights reserved. +* This component and the accompanying materials are made available +* under the terms of "Eclipse Public License v1.0" +* which accompanies this distribution, and is available +* at the URL "http://www.eclipse.org/legal/epl-v10.html". +* +* Initial Contributors: +* Nokia Corporation - initial contribution. +* +* Contributors: +* +* Description: Implementation of policymanagement components +* +*/ + + +// INCLUDE FILES + +#include "PolicyProcessor.h" +#include "PolicyStorage.h" +#include "PolicyParser.h" +#include "elements.h" +#include "ElementBase.h" +#include "DataTypes.h" +#include "ErrorCodes.h" +#include "TrustedSession.h" +#include "XACMLconstants.h" +#include "PolicyEngineServer.h" +#include "PolicyEngineClientServer.h" +#include "debug.h" + +#include "PolicyEngineUi.h" + +// CONSTANTS +const TUid KUidPolicyEngineUi = { 0x10207817 }; + + +// ----------------------------------------------------------------------------- +// RAttributeContainer::AppendL() +// ----------------------------------------------------------------------------- +// +void RAttributeContainer::AppendL( AttributeContainerHelper::TAttributeTypes aAttributeTypes, CAttribute* aAttribute) +{ + //temporary to cleanup stack + CleanupStack::PushL( aAttribute); + + //create container for attribute + AttributeContainerHelper::TContainer * container = new (ELeave) AttributeContainerHelper::TContainer; + CleanupStack::PushL( container); + + //set container properties + container->iAttribute = aAttribute; + container->iAttributeType = aAttributeTypes; + + //append to list + RArray::AppendL( container); + + //remove from cleanup + CleanupStack::Pop( 2, aAttribute); +} + +// ----------------------------------------------------------------------------- +// RAttributeContainer::Close() +// ----------------------------------------------------------------------------- +// +void RAttributeContainer::Close() +{ + //delete attributes and container... + for ( TInt i(0); i < Count(); i++) + { + AttributeContainerHelper::TContainer * container = operator[]( i); + delete container->iAttribute; + delete container; + } + + RArray::Close(); +} + + + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::CPolicyProcessor() +// ----------------------------------------------------------------------------- +// + +CPolicyProcessor::CPolicyProcessor() + : CActive( EPriorityStandard) +{ +} + + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::NewL() +// ----------------------------------------------------------------------------- +// + +CPolicyProcessor * CPolicyProcessor::NewL() +{ + CPolicyProcessor * self = new(ELeave) CPolicyProcessor(); + + CleanupStack::PushL( self); + self->ConstructL(); + CleanupStack::Pop( self); + + return self; + +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::~CPolicyProcessor() +// ----------------------------------------------------------------------------- +// + +CPolicyProcessor::~CPolicyProcessor() +{ + ResetRequestContext(); + delete iRequestBuffer; + + CPolicyEngineServer::RemoveActiveObject( this); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::ConstructL() +// ----------------------------------------------------------------------------- +// + +void CPolicyProcessor::ConstructL() +{ + CPolicyEngineServer::AddActiveObjectL( this); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::HandleErrorL() +// ----------------------------------------------------------------------------- +// + +void CPolicyProcessor::HandleErrorL( const TDesC8& aText ) +{ + RDEBUG("CPolicyProcessor::HandleErrorL"); + //error handling for processor + RDEBUG_2("XACML request indeterminate: %S", &aText); + User::Leave( KErrAbort); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::ResetRequestContext() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::ResetRequestContext() +{ + if ( iDeleteAttributes ) + { + //delete subject attributes and closes RArray + for ( TInt i(0); i < iSubjects.Count(); i++) + { + CAttribute * attribute = iSubjects[i]; + delete attribute; + } + + //delete actions attributes and closes RArray + for ( TInt i(0); i < iActions.Count(); i++) + { + CAttribute * attribute = iActions[i]; + delete attribute; + } + + //delete resources attributes and closes RArray + for ( TInt i(0); i < iResources.Count(); i++) + { + CAttribute * attribute = iResources[i]; + delete attribute; + } + + //delete environments attributes and closes RArray + for ( TInt i(0); i < iEnvironments.Count(); i++) + { + CAttribute * attribute = iEnvironments[i]; + delete attribute; + } + } + + iSubjects.Close(); + iActions.Close(); + iResources.Close(); + iEnvironments.Close(); +} + + + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::ResetRequestContext() +// ----------------------------------------------------------------------------- +// +TPtrC8 CPolicyProcessor::NextToken( TPtrC8& aText) +{ + if ( !aText.Length() ) return aText; + + //remove first delimiter + if ( aText[0] == KMessageDelimiterChar) + { + aText.Set( aText.Mid(1)); + } + + //find next delimiter + TPtrC8 retVal = aText; + TInt index = aText.Locate( KMessageDelimiterChar); + + if ( index != KErrNotFound ) + { + //set retVal to point token and aText to remaining part + retVal.Set( aText.Left( index)); + aText.Set( aText.Mid( index )); + } + + return retVal; +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::ExecuteRequestL() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::ExecuteRequestL( RAttributeContainer &aAttributes, TMatchResponse &aResponse) +{ + iDeleteAttributes = EFalse; + iUseEditedElements = ETrue; + + //reset request context + ResetRequestContext(); + + for ( TInt i(0); i < aAttributes.Count(); i++) + { + RAttributeList * list = 0; + + using namespace AttributeContainerHelper; + TContainer * container = aAttributes[i]; + + switch ( container->iAttributeType ) + { + case ESubjectAttributes : + { + list = &iSubjects; + break; + } + case EActionAttributes : + { + list = &iActions; + break; + } + case EResourceAttributes : + { + list = &iResources; + break; + } + case EEnvironmentAttributes : + { + list = &iEnvironments; + break; + } + default: + User::Panic( PolicyParserPanic, KErrCorrupt); + break; + } + + //append attribute to attribute list + list->AppendL( container->iAttribute); + } + + //make request + DoRequestExecutionL( aResponse, ETrue); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::ExecuteRequestL() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::ExecuteRequestL( const RMessage2& aMessage) +{ + iUseEditedElements = EFalse; + iDeleteAttributes = ETrue; + + + RDEBUG("PolicyEngineServer: CPolicyProcessor::ExecuteRequestL"); + + + //reset request context + ResetRequestContext(); + + iMessage = &aMessage; + iProcessorState = 0; + + //Add object to active scheduler + if ( !IsAdded()) + { + CActiveScheduler::Add( this); + } + + //complete own request + SetActive(); + TRequestStatus * status = &iStatus; + User::RequestComplete( status, KErrNone); +} + + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::RunL() +// ----------------------------------------------------------------------------- +// + +void CPolicyProcessor::RunL() +{ + RDEBUG("PolicyEngineServer: CPolicyProcessor::RunL"); + + CPolicyEngineServer::SetActiveSubSession( this); + + if ( iProcessorState == 0) + { + //Read request context from client + delete iRequestBuffer; + iRequestBuffer = NULL; + iRequestBuffer = HBufC8::NewL( iMessage->GetDesLength(0)); + TPtr8 msg = iRequestBuffer->Des(); + iMessage->ReadL(0, msg, 0); + TPtrC8 ptr = msg; + + TBool continueLoop( ETrue); + + //read msg from client, msg contain request attributes + while ( continueLoop ) + { + TPtrC8 type = NextToken( ptr); + RAttributeList * list; + + //identifie attribute type (subject, action, resource or env) + if ( type == _L8("S")) + { + list = &iSubjects; + } + else + if ( type == _L8("A")) + { + list = &iActions; + } + else + if ( type == _L8("R")) + { + list = &iResources; + } + else + if ( type == _L8("E")) + { + list = &iEnvironments; + } + else + { + //no more attributes + continueLoop = EFalse; + } + + if ( continueLoop ) + { + //read attribute id, value and datatype + TPtrC8 aAttributeId( NextToken( ptr)); + TPtrC8 aAttributeValue( NextToken( ptr)); + TPtrC8 aDataType( CPolicyParser::ConvertValues( EXACML, NextToken( ptr))); + + //types, which contains default values must be converted to native language + if ( aDataType == PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType ) + { + aAttributeValue.Set( CPolicyParser::ConvertValues( EXACML, aAttributeValue)); + } + + CAttribute * attribute = CAttribute::NewL( aAttributeId, + aAttributeValue, + aDataType); + + //append attribute to attribute list + list->AppendL( attribute); + } + } + + iProcessorState++; + SetActive(); + TRequestStatus * status = &iStatus; + User::RequestComplete( status, KErrNone); + return; + } + + if ( CPolicyEngineServer::StatusFlags()->iProcessorActive && !CPolicyEngineServer::StatusFlags()->iUiActive ) + { + //Start new execution only if no other executions active or + //if execution is ongoing in state + SetActive(); + TRequestStatus * status = &iStatus; + User::RequestComplete( status, KErrNone); + return; + } + + //tell other processors that processor is reserved + CPolicyEngineServer::StatusFlags()->iProcessorActive = ETrue; + + //make request + TMatchResponse matchResponse; + RDEBUG("PolicyEngineServer: RunL - start request execution"); + TRAPD( err, DoRequestExecutionL( matchResponse, EFalse)); + RDEBUG("PolicyEngineServer: RunL - stop request execution"); + + if ( err != KErrNone) + { + matchResponse = EIndeterminate; + } + + //set default response + TResponse response; + response.SetResponseValue( EResponseIndeterminate); + + + //convert internal response to external response + switch ( matchResponse ) + { + case EDeny : + { + RDEBUG("PolicyEngineServer: Request executed - response deny"); + response.SetResponseValue( EResponseDeny); + break; + } + case EPermit : + { + RDEBUG("PolicyEngineServer: Request executed - response permit"); + response.SetResponseValue( EResponsePermit); + break; + } + case ENotApplicable : + { + RDEBUG("PolicyEngineServer: Request executed - response not applicable"); + response.SetResponseValue( EResponseNotApplicable); + break; + } + case EIndeterminate : + { + RDEBUG("PolicyEngineServer: Request executed - response indeterminate"); + response.SetResponseValue( EResponseIndeterminate); + break; + } + default: + { + RDEBUG("PolicyEngineServer: Request executed - response indeterminate"); + response.SetResponseValue( EResponseIndeterminate); + break; + } + } + + //tell other processors that processor is free + CPolicyEngineServer::StatusFlags()->iProcessorActive = EFalse; + + CompleteMessage( KErrNone, response); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::DoCancel() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::DoCancel() +{ + RunError( KErrAbort); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::RunError() +// ----------------------------------------------------------------------------- +// +TInt CPolicyProcessor::RunError( TInt /*aError*/) +{ + TResponse resp; + resp.SetResponseValue( EResponseIndeterminate); + CompleteMessage( KErrAbort, resp ); + + return KErrNone; +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::CompleteMessage() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::CompleteMessage( TInt aError, TResponse aResponse) + { + RDEBUG_2("PolicyEngineServer: CPolicyProcessor::CompleteMessage( %d )", aError ); + + delete iRequestBuffer; + iRequestBuffer = NULL; + + //write response to msg (to client side) + TPckg< TResponse> pack( aResponse); + TRAPD( err, iMessage->WriteL(1, pack) ); + if( err != KErrNone ) + { + iMessage->Complete( err ); + } + else + { + iMessage->Complete( aError ); + } + + RDEBUG("PolicyEngineServer: CPolicyProcessor::CompleteMessage - end"); + } + + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::DoRequestExecutionL() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::DoRequestExecutionL( TMatchResponse &aResponse, TBool iUseEditableElements) +{ + RDEBUG("PolicyEngineServer: CPolicyProcessor::DoRequestExecutionL"); + + + + //get root element, execution starts from root + CElementBase * rootElement = 0; + + if ( iUseEditableElements ) + { + rootElement = CPolicyStorage::PolicyStorage()->GetEditableElementL( PolicyLanguage::Constants::RootElement); + } + else + { + rootElement = CPolicyStorage::PolicyStorage()->GetElementL( PolicyLanguage::Constants::RootElement); + } + + aResponse = EIndeterminate; + + //if root found + if ( rootElement ) + { + //reserve element from storage and check match to root policy + TElementReserver rootReserver( rootElement); + aResponse = rootElement->MatchL( this); + rootReserver.Release(); + //execution runs recursive inside MatchL-function to correct branches and elements in policy system + //response is result of many element combination + RDEBUG("PolicyEngineServer: DoRequestExecutionL - Match evaluated"); + } + + RDEBUG("PolicyEngineServer: CPolicyProcessor::DoRequestExecutionL - end"); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::FunctionL() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::FunctionL( const TDesC8 &aFunctionId, RParameterList& aParams, CAttributeValue* aResponseElement) +{ + RDEBUG("PolicyEngineServer: CPolicyProcessor::FunctionL"); + + //executes correct function call + if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionAnd) + { + RDEBUG("PolicyEngineServer: AND-function start"); + AndFunctionL( aParams, aResponseElement); + RDEBUG("PolicyEngineServer: AND-function end"); + } + else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionOr) + { + RDEBUG("PolicyEngineServer: OR-function start"); + OrFunctionL( aParams, aResponseElement); + RDEBUG("PolicyEngineServer: OR-function end"); + } + else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionNot) + { + RDEBUG("PolicyEngineServer: NOT-function start"); + NotFunctionL( aParams, aResponseElement); + RDEBUG("PolicyEngineServer: NOT-function end"); + } + else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionRuleTargetStructure) + { + RDEBUG("PolicyEngineServer: Rule target structure-function start"); + RuleTargetStructureFunctionL( aParams, aResponseElement); + RDEBUG("PolicyEngineServer: Rule target structure-function end"); + } + else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionUserAcceptCorpPolicy) + { + RDEBUG("PolicyEngineServer: User accept corporate-function start"); + CorporateUserAcceptFunctionL( aParams, aResponseElement); + RDEBUG("PolicyEngineServer: User accept corporate-function end"); + } + else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionCertificatedSession) + { + RDEBUG("PolicyEngineServer: Certificate for session-function start"); + CertificateForSessionL( aResponseElement); + RDEBUG("PolicyEngineServer: Certificate for session-function end"); + } + else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionStringEqualId || + aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionBooleanEqualId) + { + RDEBUG("PolicyEngineServer: Equal-function start"); + EqualFunctionsL( aParams, aResponseElement); + RDEBUG("PolicyEngineServer: Equal-function end"); + } + else + { + RDEBUG("PolicyEngineServer: Function is not allowed!"); + HandleErrorL( RequestErrors::FunctionIsNotAllowed); + } +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::BooleanFunction() +// ----------------------------------------------------------------------------- +// + +TBool CPolicyProcessor::MatchFunctionL( const TDesC8 &aFunctionId, CDataType * data1, CDataType * data2) +{ + RDEBUG("PolicyEngineServer: CPolicyProcessor::MatchFunctionL"); + + //data1 is policy context value + //data2 is request context value + + TBool retVal(EFalse); + + //execute function + if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionStringEqualId || + aFunctionId == PolicyLanguage::NativeLanguage::Functions::FunctionBooleanEqualId ) + { + TInt value = data1->Compare( data2); + retVal = ( 0 == value); + } + else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::TrustedSubjectMatch) + { + //compare trusted subjects... + retVal = iTrustedSession->CertMatchL( data1->Value(), data2->Value(), iUseEditedElements); + } + else if ( aFunctionId == PolicyLanguage::NativeLanguage::Functions::TrustedRoleMatch) + { + //compare roles and subjects... + retVal = iTrustedSession->RoleMatchL( data2->Value(), data1->Value(), iUseEditedElements); + } + else + { + User::Panic(PolicyParserPanic, KErrCorrupt); + } + + + + return retVal; +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::Subjects() +// ----------------------------------------------------------------------------- +// +CPolicyProcessor::RAttributeList * CPolicyProcessor::Subjects() +{ + return &iSubjects; +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::Actions() +// ----------------------------------------------------------------------------- +// +CPolicyProcessor::RAttributeList * CPolicyProcessor::Actions() +{ + return &iActions; +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::Resources() +// ----------------------------------------------------------------------------- +// +CPolicyProcessor::RAttributeList * CPolicyProcessor::Resources() +{ + return &iResources; +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::Environments() +// ----------------------------------------------------------------------------- +// +CPolicyProcessor::RAttributeList * CPolicyProcessor::Environments() +{ + return &iEnvironments; +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::SetTargetElement() +// ----------------------------------------------------------------------------- +// + +void CPolicyProcessor::SetTargetElement( CElementBase * aElement) +{ + iManagementTargetPolicy = aElement; +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::SetSessionTrust() +// ----------------------------------------------------------------------------- +// + +void CPolicyProcessor::SetSessionTrust( CTrustedSession * aTrustedSession) +{ + iTrustedSession = aTrustedSession; +} + + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::MakeBooleanResponseL() +// ----------------------------------------------------------------------------- +// + + +void CPolicyProcessor::MakeBooleanResponseL( const TBool aValue, CAttributeValue* aResponseElement ) +{ + if ( aValue ) + { + RDEBUG("PolicyEngineServer: Boolean response TRUE"); + aResponseElement->SetDataL( PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue, + PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType); + } + else + { + RDEBUG("PolicyEngineServer: Boolean response FALSE"); + aResponseElement->SetDataL( PolicyLanguage::NativeLanguage::AttributeValues::BooleanFalse, + PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType); + } +} + + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::CorporateUserAcceptFunctionL() +// ----------------------------------------------------------------------------- +// + +void CPolicyProcessor::CorporateUserAcceptFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) +{ + RDEBUG("PolicyEngineServer: CPolicyProcessor::CorporateUserAcceptFunctionL"); + + if ( !aParams.Count()) + { + HandleErrorL( RequestErrors::FunctionIsNotAllowed); + } + + //Get trusted subject + CAttributeValue * attributeValue = aParams[0]; + TDesC8& trustedSubject = attributeValue->Data()->Value(); + + //resolve name and fingerprint + const TDesC8& name = iTrustedSession->CommonNameForSubjectL( trustedSubject, iUseEditedElements); + const TDesC8& fingerPrint = iTrustedSession->FingerPrintForSubjectL( trustedSubject, iUseEditedElements); + + TUserResponse response = EUserDeny; + + if ( name.Length() && fingerPrint.Length()) + { + //create notifier + RNotifier notifier; + CleanupClosePushL( notifier); + User::LeaveIfError( notifier.Connect() ); + + //create parameter descriptor + TBuf8<100> responseBuf; + HBufC8 * data = HBufC8::NewLC( name.Length() + fingerPrint.Length() + 1); + TPtr8 ptr = data->Des(); + ptr.Append(name); + ptr.Append(KDelimeterChar); + ptr.Append(fingerPrint.Left(4)); + + //create CAsyncHandler to Auto start/stop CActiveScheduler + CASyncHandler * async = CASyncHandler::NewLC(); + notifier.StartNotifierAndGetResponse( async->GetRequestStatus(), KUidPolicyEngineUi, ptr, responseBuf); + + //Start CActiveScheduler and execute stop when request is completed + async->WaitForRequest(); + CPolicyEngineServer::SetActiveSubSession( this); + + + if ( async->GetRequestStatus() > 0) //request pending... + { + notifier.CancelNotifier( KUidPolicyEngineUi); + } + else + { + //Check response + if ( responseBuf == KUserAcceptMark) + { + RDEBUG("PolicyEngineServer: CPolicyProcessor user accept corporate policy!"); + response = EUserAccept; + } + } + + CleanupStack::PopAndDestroy( 3, ¬ifier); //notifier, data, CASyncHandler + + + } + + MakeBooleanResponseL( response == EUserAccept, aResponseElement); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::OrFunctionL() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::OrFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) +{ + TBool valueTrue = EFalse; + for ( TInt i(0); i < aParams.Count(); i++) + { + CAttributeValue * attribute = aParams[i]; + __ASSERT_ALWAYS ( attribute, User::Panic(PolicyParserPanic, KErrCorrupt)); + + + if ( attribute->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType) + { + HandleErrorL( ParserErrors::IncombatibleDataType); + } + + if ( attribute->Data()->Value() == PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue ) + { + valueTrue = ETrue; + break; + } + } + + MakeBooleanResponseL( valueTrue, aResponseElement); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::EqualFunctionsL() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::EqualFunctionsL( const RParameterList& aParams, CAttributeValue* aResponseElement ) + { + TInt count = aParams.Count(); + if( count <= 1 ) + { + MakeBooleanResponseL( EFalse, aResponseElement ); + } + else + { + __ASSERT_ALWAYS ( aParams.Count() == 2, User::Panic(PolicyParserPanic, KErrCorrupt)); + + CAttributeValue * value1 = aParams[0]; + CAttributeValue * value2 = aParams[1]; + __ASSERT_ALWAYS ( value1, User::Panic(PolicyParserPanic, KErrCorrupt)); + __ASSERT_ALWAYS ( value2, User::Panic(PolicyParserPanic, KErrCorrupt)); + + TInt value = value1->Data()->Compare( value2->Data()); + + MakeBooleanResponseL( 0 == value, aResponseElement ); + } + } + + + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::AndFunctionL() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::AndFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) +{ + TBool valueTrue = ETrue; + for ( TInt i(0); i < aParams.Count(); i++) + { + CAttributeValue * attribute = aParams[i]; + __ASSERT_ALWAYS ( attribute, User::Panic(PolicyParserPanic, KErrCorrupt)); + + if ( attribute->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType) + { + HandleErrorL( ParserErrors::IncombatibleDataType); + } + + if ( attribute->Data()->Value() != PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue ) + { + valueTrue = EFalse; + break; + } + } + + MakeBooleanResponseL( valueTrue, aResponseElement); + +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::NotFunctionL() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::NotFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) +{ + if ( aParams.Count() != 1) + { + HandleErrorL( ParserErrors::IncombatibleParameters); + } + + CAttributeValue * attribute = aParams[0]; + __ASSERT_ALWAYS ( attribute, User::Panic(PolicyParserPanic, KErrCorrupt)); + + + if ( attribute->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::BooleanDataType) + { + HandleErrorL( ParserErrors::IncombatibleDataType); + } + + MakeBooleanResponseL( aParams[0]->Data()->Value() != PolicyLanguage::NativeLanguage::AttributeValues::BooleanTrue, aResponseElement); + +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::RuleTargetStructureFunctionL() +// ----------------------------------------------------------------------------- +// +void CPolicyProcessor::RuleTargetStructureFunctionL( const RParameterList& aParams, CAttributeValue* aResponseElement ) +{ + //We expect that param count is 3n... + if ( (aParams.Count() % 3) != 0) + { + HandleErrorL( ParserErrors::IncombatibleParameters); + } + + if ( !iManagementTargetPolicy ) + { + HandleErrorL( RequestErrors::FunctionIsNotAllowed); + } + + TBool validRule = EFalse; + + //this operation is only valid for rules + if ( iManagementTargetPolicy->ElementType() == ERule ) + { + CRule * rule = (CRule*)iManagementTargetPolicy; + CTarget * target = rule->GetTarget(); + __ASSERT_ALWAYS ( target, User::Panic(PolicyParserPanic, KErrCorrupt)); + + for ( TInt i = 0; i < aParams.Count(); i++) + { + if ( aParams[i]->Data()->DataType(ENative) != PolicyLanguage::NativeLanguage::AttributeValues::StringDataType) + { + HandleErrorL( ParserErrors::IncombatibleDataType); + } + } + + //get subject/actions/resource/environment and compare their match content to parameters + RMatchObjectArray container; + CleanupClosePushL( container); + target->GetMatchContainersL( container); + + validRule = ETrue; + + //read one subject/action/resource/environment group at time + for ( TInt i = 0; i < aParams.Count() / 3 && validRule; i++) + { + validRule = EFalse; + for ( TInt j = 0; j < container.Count() && !validRule; j++) + { + validRule = container[j]->CheckMatchObject( aParams[ i*3]->Data()->Value(), + aParams[ (i*3)+1]->Data()->Value(), + aParams[ (i*3)+2]->Data()->Value()); + } + } + + CleanupStack::PopAndDestroy( &container); + } + + MakeBooleanResponseL( validRule, aResponseElement); +} + +// ----------------------------------------------------------------------------- +// CPolicyProcessor::CertificateForSessionL() +// ----------------------------------------------------------------------------- +// + +void CPolicyProcessor::CertificateForSessionL( CAttributeValue* aResponseElement ) +{ + + if ( !iTrustedSession) + { + HandleErrorL( RequestErrors::FunctionIsNotAllowed); + } + + MakeBooleanResponseL( iTrustedSession->CertificatedSession(), aResponseElement); +} + + + +// ----------------------------------------------------------------------------- +// TCombiningAlgorith::TCombiningAlgorith() +// ----------------------------------------------------------------------------- +// +TCombiningAlgorith::TCombiningAlgorith( const TDesC8 &aAlgorithId) +{ + //set properties + iResultReady = iAtLeastOneError = iPotentialDeny = EFalse; + iPotentialPermit = iAtLeastOneDeny = iAtLeastOnePermit = EFalse; + + //set algorithm specific properties.... + if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::RuleDenyOverrides) + { + iAlgorithm = ERuleDenyOverrides; + iCurrentResponse = ENotApplicable; + } + else + if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::PolicyDenyOverrides) + { + iAlgorithm = EPolicyDenyOverrides; + iCurrentResponse = ENotApplicable; + } + else + if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::RulePermitOverrides) + { + iAlgorithm = ERulePermitOverrides; + iCurrentResponse = ENotApplicable; + } + else + if ( aAlgorithId == PolicyLanguage::NativeLanguage::CombiningAlgorithms::PolicyPermitOverrides) + { + iAlgorithm = EPolicyPermitOverrides; + iCurrentResponse = ENotApplicable; + } + + + iResultReady = EFalse; +} + +// ----------------------------------------------------------------------------- +// TCombiningAlgorith::AddInput() +// ----------------------------------------------------------------------------- +// + +TBool TCombiningAlgorith::AddInput( const TMatchResponse& aInput, const TMatchResponse& aEffect) +{ + //for rule algorithms, also "aEffect" has effect to result + + //if result is ready return it... + if ( iResultReady ) + { + return iResultReady; + } + + //select algorithm... + switch ( iAlgorithm) + { + case ERuleDenyOverrides: + { + //algorithm specific handling.... + if ( aInput == EDeny ) + { + iCurrentResponse = EDeny; + iResultReady = ETrue; + } + else if ( aInput == EIndeterminate) + { + iAtLeastOneError = ETrue; + if ( aEffect == EDeny ) + { + iPotentialDeny = ETrue; + } + } + else if ( aInput == EPermit) + { + iAtLeastOnePermit = ETrue; + } + } + break; + case ERulePermitOverrides: + { + //algorithm specific handling.... + if ( aInput == EPermit ) + { + iCurrentResponse = EPermit; + iResultReady = ETrue; + } + else if ( aInput == EIndeterminate) + { + iAtLeastOneError = ETrue; + if ( aEffect == EPermit ) + { + iPotentialPermit = ETrue; + } + } + else if ( aInput == EDeny) + { + iAtLeastOneDeny = ETrue; + } + } + } + + return iResultReady; +} + +// ----------------------------------------------------------------------------- +// TCombiningAlgorith::AddInput() +// ----------------------------------------------------------------------------- +// + +TBool TCombiningAlgorith::AddInput( const TMatchResponse& aInput) +{ + //for policy algorithms + + //if result is ready return it... + if ( iResultReady ) + { + return iResultReady; + } + + switch ( iAlgorithm) + { + case EPolicyDenyOverrides: + { + //algorithm specific handling.... + if ( aInput == EDeny || aInput == EIndeterminate) + { + iCurrentResponse = EDeny; + iResultReady = ETrue; + } + else if ( aInput == EPermit) + { + iAtLeastOnePermit = ETrue; + } + } + break; + case EPolicyPermitOverrides: + { + //algorithm specific handling.... + if ( aInput == EPermit ) + { + iCurrentResponse = EPermit; + iResultReady = ETrue; + } + else if ( aInput == EDeny) + { + iAtLeastOneDeny = ETrue; + } + else if ( aInput == EIndeterminate) + { + iAtLeastOneError = ETrue; + } + } + break; + } + + return iResultReady; +} + +// ----------------------------------------------------------------------------- +// TCombiningAlgorith::ResultReady() +// ----------------------------------------------------------------------------- +// + +TBool TCombiningAlgorith::ResultReady() +{ + return iResultReady; +} + +// ----------------------------------------------------------------------------- +// TCombiningAlgorith::Result() +// ----------------------------------------------------------------------------- +// + +TMatchResponse TCombiningAlgorith::Result() +{ + //default... + TMatchResponse response( ENotApplicable); + + if ( !iResultReady) + { + //if result is not ready + switch ( iAlgorithm) + { + case ERuleDenyOverrides: + { + //algorithm specific handling.... + if ( iPotentialDeny ) response = EIndeterminate; else + if ( iAtLeastOnePermit ) response = EPermit; else + if ( iAtLeastOneError ) response = EIndeterminate; + } + break; + case ERulePermitOverrides: + { + //algorithm specific handling.... + if ( iPotentialPermit ) response = EIndeterminate; else + if ( iAtLeastOneDeny ) response = EDeny; else + if ( iAtLeastOneError ) response = EIndeterminate; + } + break; + case EPolicyDenyOverrides: + { + //algorithm specific handling.... + if ( iAtLeastOnePermit ) response = EPermit; + } + break; + case EPolicyPermitOverrides: + { + //algorithm specific handling.... + if ( iAtLeastOneDeny ) response = EDeny; else + if ( iAtLeastOneError ) response = EIndeterminate; + } + break; + } + + iCurrentResponse = response; + iResultReady = ETrue; + + } + else + { + //and if result is ready return it + response = iCurrentResponse; + } + +#ifdef _DEBUG + switch ( response) + { + case EDeny: + RDEBUG("PolicyEngineServer: DENY"); + break; + case EPermit: + RDEBUG("PolicyEngineServer: PERMIT"); + break; + case EIndeterminate: + RDEBUG("PolicyEngineServer: INDETERMINATE"); + break; + default: + RDEBUG("PolicyEngineServer: NOT APPLICABLE"); + break; + }; +#endif + + return response; +} +