CPolicyServer::TPolicy Class Reference

#include <e32base.h>

class CPolicyServer::TPolicy

Detailed Description

Object specifying which security checks to perform on each request number and what action to take if the check fails.

Explanations of each of the members of this class are detailed below.

As explained in CPolicyServer::CPolicyServer, it is important that the instance of this class (CPolicyServer::TPolicy) given to the policy server constructor, exists for the lifetime of the server. For this reason, as well as code size considerations, it is recommended that the TPolicy instance is const static data. The following code segment shows the recommended way of doing this. Further detail on what each of these statements means is given below.

	const TUint myRangeCount = 4;
	const TInt myRanges[myRangeCount] = 
		{
		0, //range is 0-2 inclusive
		3, //range is 3-6 inclusive
		7, //range is 7
		8, //range is 8-KMaxTInt inclusive
		};
	const TUint8 myElementsIndex[myRangeCount] = 
		{
		1, 								//applies to 0th range (req num: 0-2)
		CPolicyServer::ECustomCheck, 	//applies to 1st range (req num: 3-6)
		0, 								//applies to 2nd range (req num: 7)
		CPolicyServer::ENotSupported,	//applies to 3rd range (req num: 8-KMaxTInt)
		};
	const CPolicyServer::TPolicyElement myElements[] = 
		{
		{_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin), CPolicyServer::EFailClient},
		{_INIT_SECURITY_POLICY_C1(ECapabilityLocation), CMyPolicyServer::EQueryUser},
		}
	const CPolicySErver::TPolicy myPolicy =
		{
		CPolicyServer::EAlwaysPass, //specifies all connect attempts should pass
		myRangeCount,					
		myRanges,
		myElementsIndex,
		myElements,
		}

Member Attribute Documentation

iElements

const TPolicyElement *iElements

A pointer to an array of distinct policy elements.

Continuing with the previous examples:
		const TInt myRanges[4] = {0, 3, 7, 8};
		const TUInt8 myElementsIndex[4] = {
			1, 
			CPolicyServer::ECustomCheck, 
			0, 
			CPolicyServer::ENotSupported
			};
		const TPolicyElement iElements[] = {
			{_INIT_SECURITY_POLICY_C1(ECapabilityDiskAdmin), CPolicyServer::EFailClient},
			{_INIT_SECURITY_POLICY_C1(ECapabilityLocation), CMyPolicyServer::EQueryUser}
			}
The instantiation of iElements specifies that:
  1. Request numbers 0-2 require the Location capability. As the iAction member of the 1st element specifies a custom action (represented by the negative number, CMyPolicyServer::EQueryUser), requests without Location will passed to the reimplementation of CustomFailureActionL.

  2. Request number 7 requires the DiskAdmin capability. Requestors without DiskAdmin will have their request completed with KErrPermissionDenied.

iElementsIndex

const TUint8 *iElementsIndex

A pointer to an array of TUint8 values specifying the appropriate action to take for each range in iRanges. For example, the 0th element of iElementsIndex specifies the appropriate action to take for the 0th range in iRanges. As such, iElementsIndex must have precisely the same number of elements as iRanges.

The following rules apply to the value of each element in iElementsIndex:
  1. Each value must be a valid index into iElements (that is, less than the number of elements in iElements) OR a valid value from TSpecialCase.

  2. Elements' values need not follow any special ordering.

  3. Elements may repeat values.

Continuing the example from iRanges:
		const TInt myRanges[4] = {0, 3, 7, 8};
		const TUInt8 myElementsIndex[4] = {
			1, 
			CPolicyServer::ECustomCheck, 
			0, 
			CPolicyServer::ENotSupported
			};
This means that:
  1. Requests within the first range of myRanges (request numbers 0-2) will be checked against the policy specified by the 1st element of iElements.

  2. Requests with the the second range of myRanges (request numbers 3-6) require a custom check to determine if they are allowed. This requires derived server implementations to implement CustomSecurityCheckL()

  3. Requests within the third range of myRanges (request number 7) will be checked against the policy specified by the 0th element of iElements.

  4. Requests within the fourth range of myRanges (request numbers 8-KMaxTInt) will automatically be completed with KErrNotSupported by the policy server framework.

iOnConnect

TUint8 iOnConnect

The index into iElements, or an allowed value of TSpecialCase, that is used to check a connection attempt .

iRangeCount

TUint16 iRangeCount

Number of ranges in the iRanges array.

iRanges

const TInt *iRanges
A pointer to an array of ordered ranges of request numbers. Each element in this array refers to the starting request number of a range. The range of the previous element is up to and including the current element minus 1. Thus an array like:
		const TInt myRanges[4] = {0, 3, 7, 8};
means that:
  • the 0th range is 0-2 (inclusive).

  • the 1st range is 3-6 (inclusive).

  • the 2nd range is solely request number 7.

  • the 3rd range is 8-KMaxTInt (inclusive).

Note that the all possible request numbers must be accounted for. This implies that the first element must be 0. It also implies that the last range goes from the that element to KMaxTint. Finally, each element must be strictly greater than the previous element. As the first element is 0, this clearly implies that iRanges must not contain negative elements.