UPS Configuration

User Prompt Service (UPS) configuration component (\securityconfig\ups\) includes a backup.xml file and a ROM stub SIS file for configuring a UPS policy file. Device creators must modify the configuration files of UPS and rebuild the securityconfig component, to customise the behavior of the UPS component.

Introduction

UPS policy files are resource files that specify whether application requests to access services are silently accepted or denied or whether they require the user to be prompted. Each service has a policy file. The policy file lists policies for various applications. The configuration of policy file involves configuring ROM stub package file and backup XML file.

Installing and Configuring UPS Policy file

Installing policy files

A policy file on the system drive eclipses a policy file on the Z drive if it has the same filename. If the policy file on the system drive is corrupt, the policy file on the Z drive (if it exists) is used instead. The policy files should be installed (and upgraded) through Software Install to the private directory of the UPS on the system drive. The private directory is \private\10283558\policies.

Upgrading package file

The SIS file must either contain the executable or be an upgrade to the base package which supplied the executable, for delivering files into the private directory of an executable.

The following is a default implementation of a package file for UPS server ROM stub SIS file:

; Package file for User Prompt Service server ROM stub SIS file
;
; A ROM stub SIS file is required to allow UPS policy files to be
; provisioned post-manufacture because policy files are loaded from
; the policies subdirectory of the UPS server's private directory.

&EN

#{"User Prompt Service"}, (0x10285777), 1, 0 , 0, TYPE=SA

%{"Nokia Corporation and/or its subsidiary(-ies)"}
:"Nokia Corporation and/or and/or its subsidiary(-ies)"

; UPS policy files on the Z drive must also be included here if
; upgrades (eclipsing) is required post-manufacture.

""-"z:\sys\bin\upsserver.exe"

Device creators must create a ROM stub SIS file if they want to allow policy files to be delivered after-market (since the UPS server is delivered in the ROM).

Note: To ensure that policy file upgrades are approved by manufacturers or Symbian Signed, SIS files that modify the private directory of the UPS must be signed by a certificate where CA has the

AllFiles capability.

Verifying hash of the policy

The VERIFY option must be added to the line in the package file that installs the UPS policy file to ensure that the Software Install checks the hash of the policy at restore time. The following sample package file uses the VERIFY flag.

; tupspolicies1.pkg
;
; 

; Checks the installation of UPS policies files

&EN
#{"UPS Policy Files"}, (0x10285777), 1, 0, 0, TYPE=SP
%{"Nokia"}
:"Nokia"

; The VERIFY option is used to flag the files as non-modifiable so that SWI
; checks the hashes during restore

"data\ups_01041000_01041001.rsc"-"$:\private\10283558\policies\ups_01041000_01041001.rsc", VERIFY
"data\ups_01041000_01041002.rsc"-"$:\private\10283558\policies\ups_01041000_01041002.rsc", VERIFY
"data\ups_01042000_01042001.rsc"-"$:\private\10283558\policies\ups_01042000_01042001.rsc", VERIFY
"data\ups_01043000_01043001.rsc"-"$:\private\10283558\policies\ups_01043000_01043001.rsc", VERIFY

Note:

  • Version 5.1.0.1 or higher of makesis should be used because the VERIFY flag is not supported in older versions.

  • The major and minor versions field in the policy header of the policy file can be used to provide information that is used in upgrades. If the major version number is changed when a policy file is upgraded, all decision records for that policy file are deleted (because the major version number is stored in the decision record).

  • Upgrading the plug-ins does not delete the decision records. If device creators want to delete decision records with a plug-in upgrade they must either update associated policy files or provide a run-on-install executable that calls the management API to delete decision records.

Back up and restoring

UPS policy files may be backed up and restored providing that a valid backup.xml file is provided. The following is a sample backup file provided by Symbian.

<?xml version="1.0" standalone="yes" ?>
- <backup_registration>
- <passive_backup>
  <include_directory name="policies" />
  </passive_backup>
  <restore requires_reboot="no" />
  </backup_registration>