Sony Ericsson UIQ 3 manual Data caging, Unsigned sandboxed applications

Page 10

Developers guidelines Signing applications

IF a VID value other than 0 is to be used, it is specified in the .MMP file of the application. VID values must not be specified for unsigned applications.

Data caging

Data caging has been introduced in Symbian OS v9 to prevent one application to overwrite data belong- ing to another application.

The file system has the following structure:

\sys : This is the restricted system area which is only accessible for highly trusted system processes.

\sys\bin : Holds all executables such as EXEs, DLLs and plug-ins.

\private : Each application has its own private view of the file system consisting of \pri- vate\<SID>\. This folder is only accessible by the application itself, the software installation pro- gram and applications trusted with capabilities on the highest level (granted by the phone manufacturer).

\resource : A public, read-only directory allowing files to be publicly shared without compromising integrity. An application should, for example, put its UI resource files and icon files in

\resource\apps.

Other directories are public and can be read from or written to by any program.

Unsigned - sandboxed applications

Unsigned applications are applications that have not been authorized through any signing process. Unsigned applications are allowed access to all unrestricted APIs and a small number of restricted APIs. Such applications are often referred to as “Unsigned - Sandboxed”, which implies that they have access to a limited number of APIs (the sandbox).

Unsigned - sandboxed applications using any of the restricted APIs, still need to be authorized by the user at install time. When the application is installed on the phone, the user is prompted to accept that the application is granted “blanket” permissions to any functions that it requires. If the user accepts, the appli- cation is granted permission to the functions as long as it is installed in the phone. If the user rejects, the installation is aborted.

Some capabilities can only be granted “one-shot” permissions when assigned to an unsigned application. Every time the application needs access to one of these capabilities, the user is prompted to accept the action that the application is about to perform. If the user rejects, an error condition is raised, which have to be managed by the code.

10

October 2006

Page 9 Page 11
Image 10
Page 9 Page 11
Contents Signing applications Preface Purpose of this documentProducts Sony Ericsson Developer WorldDocument conventions AbbreviationsTypographical conventions Trademarks and acknowledgementsDocument history Change historyContents Developers guidelines Signing applications Symbian OS v9 security architecture Capabilities IntroductionRestricted and unrestricted APIs Secure Identifier, SID IdentifiersUnique Identifiers, UIDs Vendor Identifier, VIDData caging Unsigned sandboxed applicationsCapability mapping Symbian Signed applicationsCapability User granted permission Basic Capabilties ACS publisher ID Publisher certifiers Developer certificatesSigning freeware applications Symbian OS v9 application signing Signing or not Planning for developmentRequired capabilities UserEnvironment LocalServicesNetworkServices LocationSWEvent PowerMgmtWriteDeviceData ProtServCreating a Symbian Signed application General signing procedureDiskAdmin AllFilesSymbian Signed portal account registration UID allocationUID UID range Purpose Class To retrieve a UID from the Symbian Signed PortalACS publisher ID Number of IMEIs Identity requirementsExtended Capabilities Developers guidelines Signing applications To do before submitting the application UID InformationPolicy statement dialog PKG file formatDevelopers guidelines Signing applications Appendix Capability AllFiles Functions listed by capabilityCapability CommDD Capability DiskAdmin Capability Drm Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability LocalServices Developers guidelines Signing applications Capability Location Capability MultimediaDD Capability NetworkControl Developers guidelines Signing applications Developers guidelines Signing applications Capability NetworkServices Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability ProtServ Capability PowerMgmtCapability ReadDeviceData Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability ReadUserData Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability SurroundingsDD Capability SwEvent Capability TrustedUI Capability UserEnvironment Capability TcbCapability WriteDeviceData Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability WriteUserData Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability Illegal Developers guidelines Signing applications
Top Page Image Contents