Capabilities
Reasons: hamishwillee (31 Jan 2012)
This update should be merged with, and redirected to, the official capabilities topic: Capabilities (Symbian Signed)
Article Metadata
Contents |
What are capabilities?
The Symbian platform enables applications to use the Platform Security architecture in order to gain access to sensitive functionality within the platform.
Access to certain APIs is restricted by the capabilities.
List of S60 capabilities
Basic capabilities - approved by the end user
- LocalServices
- UserEnvironment
- NetworkServices
- ReadUserData
- WriteUserData
- Location (from S60 3rd FP2)*
Extended capabilities - approved by Symbian Signing
Open signed online
- SwEvent
- SurroundingsDD
- ProtServ
- PowerMgmt
- ReadDeviceData
- WriteDeviceData
- TrustedUI
- Location (before S60 3rd FP2)*
Certified Signed
Manufacturer-approved capabilities
* Location capability needed to be open signed in devices prior S60 3rd Edition FP2. Starting from FP2, the Location capability becomes one of the "user capabilities".
Using capabilities
In native Symbian C++ projects the capabilities are listed in .MMP
//No capabilities CAPABILITY NONE
//Uses "LocalServices" capability CAPABILITY LocalServices
//Uses several capablities, space in between names CAPABILITY FirstCapability SecondCapability
In Qt the capabilities are listed in .PRO file. These values are ingored when building for other platforms.
symbian: {
TARGET.CAPABILITY = FirstCapability SecondCapability
}
Signing with capabilities
Applications need to be signed to be installed on a Symbian device.
Signing ensure that application does not access functions from the device other than those granted by the listed capabilities.
Level of signing required depends on the capabilities used.
Some capabilities can be self signed, meaning that any developer can add them to their application. User will be prompted for permission for these on the application installation process.
Others require some sort of controlled signing, either through free web service (open signed online for testing only) or by acquiring a publisher ID and signing the application with certified signing.
For most applications the basic capabilities are be enough. In Qt-builds, this is the default signing option, so you don't need to make any changes in template projects.
NOTE: In some older Nokia E-Series device (E51 fore example) self signed applications will not install by default, but the user needs to allow all applications (not trusted) to be installed in the device.
Capabilities in executable level
A capability is a feature of Symbian Platform Security, introduced on S60 in S60 3rd Edition (Symbian OS v9.1). For each of the capabilities, each running process (started from an EXE file) either has it or hasn't. Some actions, such as calling a server on the Symbian OS, require the calling process to have a capability. Whether or not the capability is required is controlled by the server that is being called: each server defines its own policy.
Also libraries (DLLs) have capabilities, but these are interpreted a bit differently than capabilities of processes (EXE files). When applied to a DLL, a capability indicates the trust level of the code within the DLL. When the DLL is loaded into a process, the code is executed with the capabilities of the process (EXE), not the capabilities of the DLL. The capabilities of the DLL just indicate to which extent the code in the DLL can be trusted. As an example, an EXE that has a TCB capability cannot load a DLL that does not have the TCB capability because the lack of TCB on a DLL indicates that the DLL code is not trusted to execute under TCB capability.
See Also
- Capabilities (Symbian Signed)
- Device Manufacturer Capabilities (Symbian Signed)
- Application types that usually require manufacturer or platform capabilities
- How to guide for creating/signing sis files
