User Prompt Service (UPS) configuration component (\securityconfig\ups\
) includes a backup.xml
file and a ROM stub
SIS file for configuring a UPS policy file. Device creators must modify
the configuration files of UPS and rebuild the securityconfig
component, to customise the behavior of the UPS component.
UPS policy files are resource files that specify whether application requests to access services are silently accepted or denied or whether they require the user to be prompted. Each service has a policy file. The policy file lists policies for various applications. The configuration of policy file involves configuring ROM stub package file and backup XML file.
Installing policy files
A policy file on the system drive eclipses a policy file
on the Z drive if it has the same filename. If the policy file on
the system drive is corrupt, the policy file on the Z drive (if it
exists) is used instead. The policy files should be installed (and
upgraded) through Software Install to the private directory of the
UPS on the system drive. The private directory is \private\10283558\policies
.
Upgrading package file
The SIS file must either contain the executable or be an upgrade to the base package which supplied the executable, for delivering files into the private directory of an executable.
The following is a default implementation of a package file for UPS server ROM stub SIS file:
; Package file for User Prompt Service server ROM stub SIS file ; ; A ROM stub SIS file is required to allow UPS policy files to be ; provisioned post-manufacture because policy files are loaded from ; the policies subdirectory of the UPS server's private directory. &EN #{"User Prompt Service"}, (0x10285777), 1, 0 , 0, TYPE=SA %{"Nokia Corporation and/or its subsidiary(-ies)"} :"Nokia Corporation and/or and/or its subsidiary(-ies)" ; UPS policy files on the Z drive must also be included here if ; upgrades (eclipsing) is required post-manufacture. ""-"z:\sys\bin\upsserver.exe"
Device creators must create a ROM stub SIS file if they want to allow policy files to be delivered after-market (since the UPS server is delivered in the ROM).
Note: To ensure that policy file upgrades are approved by manufacturers or Symbian Signed, SIS files that modify the private directory of the UPS must be signed by a certificate where CA has the
AllFiles
capability. Verifying hash of the policy
The VERIFY
option must be added to the line in the package file that installs
the UPS policy file to ensure that the Software Install checks the
hash of the policy at restore time. The following sample package file
uses the VERIFY
flag.
; tupspolicies1.pkg ; ; ; Checks the installation of UPS policies files &EN #{"UPS Policy Files"}, (0x10285777), 1, 0, 0, TYPE=SP %{"Nokia"} :"Nokia" ; The VERIFY option is used to flag the files as non-modifiable so that SWI ; checks the hashes during restore "data\ups_01041000_01041001.rsc"-"$:\private\10283558\policies\ups_01041000_01041001.rsc", VERIFY "data\ups_01041000_01041002.rsc"-"$:\private\10283558\policies\ups_01041000_01041002.rsc", VERIFY "data\ups_01042000_01042001.rsc"-"$:\private\10283558\policies\ups_01042000_01042001.rsc", VERIFY "data\ups_01043000_01043001.rsc"-"$:\private\10283558\policies\ups_01043000_01043001.rsc", VERIFY
Note:
Version 5.1.0.1 or higher of makesis should be used because the VERIFY flag is not supported in older versions.
The major and minor versions field in the policy header of the policy file can be used to provide information that is used in upgrades. If the major version number is changed when a policy file is upgraded, all decision records for that policy file are deleted (because the major version number is stored in the decision record).
Upgrading the plug-ins does not delete the decision records. If device creators want to delete decision records with a plug-in upgrade they must either update associated policy files or provide a run-on-install executable that calls the management API to delete decision records.
Back up and restoring
UPS policy files
may be backed up and restored providing that a valid backup.xml
file is provided. The following is a sample backup file provided
by Symbian.
<?xml version="1.0" standalone="yes" ?> - <backup_registration> - <passive_backup> <include_directory name="policies" /> </passive_backup> <restore requires_reboot="no" /> </backup_registration>