User Prompt Service (UPS) configuration component (\securityconfig\ups\) includes a backup.xml file and a ROM stub SIS file for configuring a UPS policy file. Device creators must modify the configuration files of UPS and rebuild the securityconfig component, to customise the behavior of the UPS component.
UPS policy files are resource files that specify whether application requests to access services are silently accepted or denied or whether they require the user to be prompted. Each service has a policy file. The policy file lists policies for various applications. The configuration of policy file involves configuring ROM stub package file and backup XML file.
Installing policy files
A policy file on the system drive eclipses a policy file on the Z drive if it has the same filename. If the policy file on the system drive is corrupt, the policy file on the Z drive (if it exists) is used instead. The policy files should be installed (and upgraded) through Software Install to the private directory of the UPS on the system drive. The private directory is \private\10283558\policies.
Upgrading package file
The SIS file must either contain the executable or be an upgrade to the base package which supplied the executable, for delivering files into the private directory of an executable.
The following is a default implementation of a package file for UPS server ROM stub SIS file:
; Package file for User Prompt Service server ROM stub SIS file ; ; A ROM stub SIS file is required to allow UPS policy files to be ; provisioned post-manufacture because policy files are loaded from ; the policies subdirectory of the UPS server's private directory. &EN #{"User Prompt Service"}, (0x10285777), 1, 0 , 0, TYPE=SA %{"Nokia Corporation and/or its subsidiary(-ies)"} :"Nokia Corporation and/or and/or its subsidiary(-ies)" ; UPS policy files on the Z drive must also be included here if ; upgrades (eclipsing) is required post-manufacture. ""-"z:\sys\bin\upsserver.exe"
Device creators must create a ROM stub SIS file if they want to allow policy files to be delivered after-market (since the UPS server is delivered in the ROM).
Verifying hash of the policy
The VERIFY option must be added to the line in the package file that installs the UPS policy file to ensure that the Software Install checks the hash of the policy at restore time. The following sample package file uses the VERIFY flag.
; tupspolicies1.pkg ; ; ; Checks the installation of UPS policies files &EN #{"UPS Policy Files"}, (0x10285777), 1, 0, 0, TYPE=SP %{"Symbian Foundation"} :"Symbian Foundation" ; The VERIFY option is used to flag the files as non-modifiable so that SWI ; checks the hashes during restore "data\ups_01041000_01041001.rsc"-"$:\private\10283558\policies\ups_01041000_01041001.rsc", VERIFY "data\ups_01041000_01041002.rsc"-"$:\private\10283558\policies\ups_01041000_01041002.rsc", VERIFY "data\ups_01042000_01042001.rsc"-"$:\private\10283558\policies\ups_01042000_01042001.rsc", VERIFY "data\ups_01043000_01043001.rsc"-"$:\private\10283558\policies\ups_01043000_01043001.rsc", VERIFY
Version 5.1.0.1 or higher of makesis should be used because the VERIFY flag is not supported in older versions.
The major and minor versions field in the policy header of the policy file can be used to provide information that is used in upgrades. If the major version number is changed when a policy file is upgraded, all decision records for that policy file are deleted (because the major version number is stored in the decision record).
Upgrading the plug-ins does not delete the decision records. If device creators want to delete decision records with a plug-in upgrade they must either update associated policy files or provide a run-on-install executable that calls the management API to delete decision records.
Back up and restoring
UPS policy files may be backed up and restored providing that a valid backup.xml file is provided. The following is a sample backup file provided by Symbian.
<?xml version="1.0" standalone="yes" ?> - <backup_registration> - <passive_backup> <include_directory name="policies" /> </passive_backup> <restore requires_reboot="no" /> </backup_registration>