Namespaces
Variants
Actions

Symbian Platform Security Model

Jump to: navigation, search

There are three main modules in the Symbian Security Model:

1. Trusted computing base.
2. Data caging.
3. Capabilities.


Contents

Trusted computing base

The trusted computing base is a collection of software that enforces capabilities and data caging. It contains the kernel, the file system, and the software installer. This is the controlling part of the operating system for the platform security model.


Data caging

Data caging means that the applications and the users have access only to certain areas of the file system. In practice the applications can access their own private directories and directories that are marked as open. It means, for example, that one application cannot access another application’s private directory and data.

The access is restricted as follows:

\resource

Location for application icons, bitmaps, etc. Writing allowed only at application installation. Everyone can read the folder.

\sys

Location for binaries, including application installation registry and root certificates. Writing allowed only at application installation. Reading allowed to backup the application.

\private

This is a private playground for each application. Reading and writing is only allowed to the application's own directory. Backup software has read and write access to this directory.

\all the rest

Access to all the other folders is free for all, for example, user’s own photos, music, and documents.


Capabilities

A capability grants access to a set of APIs and can be obtained through certification, for example Symbian Signed. The capabilities can be divided into four:


Open to all

  • APIs in this category enable development of all the basic applications, for example, most of the single-player games.
  • Generally speaking, about 60 percent of the APIs are freely available without any capability requirement.


Granted by the user at installation time

  • Some capabilities can be granted by the user at the application installation phase.
  • The application will have the capability until the application is removed from the device.
  • This option may not be active in some devices by default. Thus the user has to activate the installation time capability granting separately.


Granted through Symbian Signed

  • Some capabilities are available after passing Symbian Signed testing.
  • More sensitive capabilities require declarative justification why the application needs access to such a capability. Passing the testing is required as well.
  • The most sensitive capabilities require the developer to fill in the Capability Request Form and acceptance from the platform manufacturer. Passing the testing is required as well.


Granted by the manufacturer

  • Submit your request via the Symbian Signed site, as above, but select Nokia as the device manufacturer. Manufacturer approval is needed if your request contains AllFiles, DRM, or TCB - or if you list more than 1000 IMEIs in your request.


Internal Links

Retrieved from "http://www.developer.nokia.com/Community/Wiki/Symbian_Platform_Security_Model"

Comments

Consider merging this document with Platform_Security --antonypranata 18:11, 27 June 2007 (UTC)

Log in or Join to leave comments.
This page was last modified on 3 August 2009, at 06:19.
108 page views in the last 30 days.
Featured links
Develop
Distribution
Blogs
Community
Resources
Site Map
Terms & Conditions
Privacy Policy
Nokia Developer aims to help you create apps and publish them so you can connect with users around the world.

京ICP备05048969号  © Copyright Nokia 2012 All rights reserved