From 27d3905f3d08ef0498ceba1eeb367403cf9f2980 Mon Sep 17 00:00:00 2001
From: Miikka Heikkinen <miikka.heikkinen@digia.com>
Date: Thu, 10 Sep 2009 11:27:13 +0300
Subject: Fixed various PlatSec violations when app had no AllFiles capability.

Fixed QtCore in various places that caused Platform Security
violations in Symbian if AllFiles capability was missing from the
application. All of these these were caused by trying to access /private
folder unnecessarily, either by Qt code or Open C.

Task-number: 249008
Reviewed-by: Janne Koskinen
---
 src/corelib/io/qfsfileengine.cpp        | 10 +++++++++-
 src/corelib/kernel/qcoreapplication.cpp | 31 ++++++++++++++++++++++++-------
 src/corelib/plugin/qpluginloader.cpp    | 15 ++++++++++++++-
 3 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/src/corelib/io/qfsfileengine.cpp b/src/corelib/io/qfsfileengine.cpp
index b9e4061..7d31396 100644
--- a/src/corelib/io/qfsfileengine.cpp
+++ b/src/corelib/io/qfsfileengine.cpp
@@ -157,7 +157,15 @@ QString QFSFileEnginePrivate::canonicalized(const QString &path)
 #endif
         separatorPos = tmpPath.indexOf(slash, separatorPos + 1);
         QString prefix = separatorPos == -1 ? tmpPath : tmpPath.left(separatorPos);
-        if (!nonSymlinks.contains(prefix)) {
+        if (
+#ifdef Q_OS_SYMBIAN
+            // Symbian doesn't support directory symlinks, so do not check for link unless we
+            // are handling the last path element. This not only slightly improves performance, 
+            // but also saves us from lot of unnecessary platform security check failures
+            // when dealing with files under *:/private directories.
+            separatorPos == -1 &&
+#endif            
+            !nonSymlinks.contains(prefix)) {
             fi.setFile(prefix);
             if (fi.isSymLink()) {
                 QString target = fi.symLinkTarget();
diff --git a/src/corelib/kernel/qcoreapplication.cpp b/src/corelib/kernel/qcoreapplication.cpp
index 423bdf8..25098cc 100644
--- a/src/corelib/kernel/qcoreapplication.cpp
+++ b/src/corelib/kernel/qcoreapplication.cpp
@@ -1806,18 +1806,35 @@ QString QCoreApplication::applicationDirPath()
         RProcess proc;
         TInt err = proc.Open(proc.Id());
         if (err == KErrNone) {
+            QChar driveChar;
 #if defined(Q_CC_NOKIAX86)
             // In emulator, always resolve the private dir on C-drive
-            appPath.append(QChar('C'));
+            driveChar = QLatin1Char('C');
 #else
-            appPath.append(QChar((proc.FileName())[0]));
+            driveChar = QLatin1Char((proc.FileName())[0]);
 #endif
-            appPath.append(QLatin1String(":\\private\\"));
-            QString sid;
-            sid.setNum(proc.SecureId().iId, 16);
-            appPath.append(sid);
-            appPath.append(QLatin1Char('\\'));
             proc.Close();
+
+            driveChar = driveChar.toUpper();
+
+            TFileName privatePath;
+            RFs& fs = qt_s60GetRFs();
+            fs.PrivatePath(privatePath);
+            appPath = qt_TDesC2QString(privatePath);
+            appPath.prepend(QLatin1Char(':')).prepend(driveChar);
+
+            // Create the appPath if it doesn't exist. Non-existing appPath will cause
+            // Platform Security violations later on if the app doesn't have AllFiles capability.
+            // Can't create appPath for ROM unfortunately, so applications meant for
+            // ROM should always deploy something to their private dir to ensure appPath exists,
+            // if the PlatSec violations are an issue.
+            char driveDiff = QLatin1Char('Z').toLatin1() - driveChar.toLatin1();
+            TInt driveId = EDriveZ - static_cast<TInt>(driveDiff);
+            if (driveId != EDriveZ) {
+                TInt err = fs.CreatePrivatePath(driveId);
+                if (err != KErrNone)
+                    qWarning("QCoreApplication::applicationDirPath: Failed to create private path.");
+            }
         }
 
         QFileInfo fi(appPath);
diff --git a/src/corelib/plugin/qpluginloader.cpp b/src/corelib/plugin/qpluginloader.cpp
index eb963d0..7b3f011 100644
--- a/src/corelib/plugin/qpluginloader.cpp
+++ b/src/corelib/plugin/qpluginloader.cpp
@@ -48,6 +48,11 @@
 #include "qdebug.h"
 #include "qdir.h"
 
+#if defined(Q_OS_SYMBIAN)
+# include <f32file.h>
+# include "private/qcore_symbian_p.h"
+#endif
+
 #ifndef QT_NO_LIBRARY
 
 QT_BEGIN_NAMESPACE
@@ -309,10 +314,18 @@ void QPluginLoader::setFileName(const QString &fileName)
             if (stubPath.at(1).toAscii() == ':')
                 stubPath.remove(0,2);
             QFileInfoList driveList(QDir::drives());
+            RFs rfs = qt_s60GetRFs();
             foreach(const QFileInfo& drive, driveList) {
                 QString testFilePath(drive.absolutePath() + stubPath);
                 testFilePath = QDir::cleanPath(testFilePath);
-                if (QFile::exists(testFilePath)) {
+                // Use native Symbian code to check for file existence, because checking
+                // for file from under non-existent protected dir like E:/private/<uid> using
+                // QFile::exists causes platform security violations on most apps.
+                QString nativePath = QDir::toNativeSeparators(testFilePath);
+                TPtrC ptr(qt_QString2TPtrC(nativePath));
+                TUint attributes;
+                TInt err = rfs.Att(ptr, attributes);
+                if (err == KErrNone) {
                     fn = testFilePath;
                     break;
                 }
-- 
cgit v0.12