From http://www.sf.org.cn/Article/symbiandev/200709/20544.html
Capabilities)
Since Symbian 9, platform security issues have been introduced, which means that hardware devices can only have limited access to secure data and software.
Therefore, on the s60 Third Edition and uiq3 devices, developers need some authorization to access the platform. Such authorization is called a capability. These capabilities are defined as authorized applications because an API is restricted to use, unless the capabilities are granted to the program to use these properties.
There are three main capabilities:
1. TCB (underlying processing trust)
2. User (user layer)
3. system capability
TCB: "trusted computing base )"
It consists of some underlying system attributes, such as directories in the file system. These capabilities are not granted to third-party applications and they are only authorized to the platform manufacturer.
TCB includes the core of the operating system, file services, and memory management units.
User (user layer)
Network services: Call, send text messages, and access remote services.
Local Service: this capability includes sending and receiving information through USB, infrared, and Bluetooth devices.
Read user data: authorized to read user information. System services and application engines are at this level.
Write user data: authorized to write user data, consistent with the read service.
Region: an area of the mobile phone.
User Environment: authorized access to confidential information about users and environments
System cabability)
These
API's under these capbilities has access to sensitive parts of
Machine which due programatical errors may have upt the phone's software
And hardware. So these capabilities are granted only after Symbian
Signed which after testing is done.
Allfiles, swevent, writedevicedata, powermgmt, DRM, etc.
How to empower
You can use the capability keyword in the matrix object to grant the ability.
Capability readuserdata diskadmin
Or
Capability all-allfiles DRM
// Besides allfiles and DRM
In the project, we can use relevant capabilities through corresponding APIs. For example, datafilesave () can call writedevicedata writeuserdata.
Capability is the token used to access sensitive API permissions. If you need to protect specific functions (APIS) in Symbian OS, the code that uses this function must have relevant capabilities.
The code that requires access to the protected function must pass the authorization process to obtain the permission to use the function.
Capability classification:
Unlimited: 60% API.
Users can authorize (during installation): readuserdata, writeuserdata, networkservices, localservices, and userenvironment.
Symbian signed: User-authorized capabilities + location, readdevicedata, writedevicedata,
Powermgmt, surroundingsdd, protserv, trustedui, and swevent.
License holder/platform approval: Symbian signed capability + [DRM, TCB] vendor, [allfiles, commdd, diskadmin, multimediadd, networkcontrol] capability request.
[DRM, TCB] must be obtained by applying to the vendor.
[Allfiles, commdd, diskadmin, multimediadd, networkcontrol] You need to fill in the "capability request form" on www.symbiansigned.com to obtain it.
Capabilities:
Networkservices: used to use a mobile network, such as making a call or sending a text message.
Localservices: used to send or receive messages through USB, infrared, and Bluetooth.
Readuserdata: allows reading user data. System servers and application engines can freely apply this restriction to their data.
Writeuserdata: Allows Writing user data. System servers and application engines can freely apply this restriction to their data.
Location: the location information of the mobile phone.
Userenvironment: allows access to real-time confidential information of users and their nearby environments.
Powermgmt: allows you to interrupt any process in the system or switch the machine status (disable the device ).
Swevent: allows you to generate or capture keyboard and pen input events.
Readdevicedata: allows reading system device driver data.
Writedevicedata: Allows writing data to the drive of the system device.
Surroundingsdd: A logical device driver that provides peripheral device input information.
Tustedui: differentiate the UI of the "normal" application and "trusted" application. When a "trusted" application displays content on the screen, a "normal" application cannot forge it.
Protserv: allows the server application to register with a protected name. The protected name is "!" .
Networkcontrol: allows modification or access to network protocol control.
Multimediadd: allows access to all multimedia device drivers (sound, camera, etc.
DRM: permission to access the content protected by DRM.
TCB: allow access to the/sys and/resource directories on the terminal.
Commdd: allow access to the driver of the communication device.
Diskadmin: Allows disk management, such as formatting a drive.
Allfiles: allows all files in the system to be visible and allows you to write files under/private.
1.
You can see from above
To "readuserdata", "writeuserdata", "networkservices", "localservices", "userenvironment"
These capabilities can be authorized by the user during installation, that is, self-Signed programs can use them. To apply for a developer certificate, ACS publisher ID is not required, but you have an ACS
Publisher ID can apply for more capabilities for the developer certificate.
3. To use a certain capability, you must use the capability statement to specify