Sony Ericsson UIQ 3 manual Symbian Signed applications, Capability mapping

Page 11

Developers guidelines Signing applications

The following table lists allowed user granted permissions per capability for unsigned applications:

Capability	User granted permission

NetworkServices	One-shot

LocalServices	Blanket

ReadUserData	One-shot

WriteUserData	One-shot

UserEnvironment	Blanket

Location	One-shot

Note: An application that could be deployed as an unsigned - sandboxed application may as well be sub- dued to the Symbian Signed process. When an application like this has been signed, no user interaction is required at installation, and the mapped capabilities are automatically granted blanket permissions.

Note: Sony Ericsson strongly recommends users only to install signed applications in their phones and only allows signed applications to be distributed through its official sales channels, thus encouraging developers who want to market their applications for wide use with Sony Ericsson phones, always to favour signed applications before unsigned.

Symbian Signed applications

The security enhancements of Symbian OS v9, have enforced a number of changes in the Symbian Signed process. As a consequence, also developer procedures for having applications Symbian Signed have changed considerably.

Capability mapping

Capabilities are categorized into three separate sets on different levels, depending on their potential impact on the device, the network or the user. The more serious impact a capability might have, the higher level of trust is required by an application to access it, and the more testing is needed in the Symbian Signed process to make sure that the application makes use of the capability in a safe and secure man- ner.

Note that unrestricted APIs have no capabilities associated with them. As mentioned above, they can be included even in unsigned applications and are automatically given blanket permission at installation.

The three cabability sets are:

•Basic capabilities

Applications requiring basic capabilities can either be Symbian Signed or unsigned. When installing an unsigned application requiring one or more of the basic capabilities, the user is prompted to grant

11	October 2006

Image 11

Contents Signing applications Purpose of this document PrefaceAbbreviations Sony Ericsson Developer WorldDocument conventions ProductsChange history Trademarks and acknowledgementsDocument history Typographical conventionsContents Developers guidelines Signing applications Symbian OS v9 security architecture Restricted and unrestricted APIs IntroductionCapabilities Vendor Identifier, VID IdentifiersUnique Identifiers, UIDs Secure Identifier, SIDUnsigned sandboxed applications Data cagingCapability User granted permission Symbian Signed applicationsCapability mapping Basic Capabilties Signing freeware applications Developer certificatesACS publisher ID Publisher certifiers Symbian OS v9 application signing Required capabilities Planning for developmentSigning or not Location LocalServicesNetworkServices UserEnvironmentProtServ PowerMgmtWriteDeviceData SWEventAllFiles General signing procedureDiskAdmin Creating a Symbian Signed applicationUID allocation Symbian Signed portal account registrationTo retrieve a UID from the Symbian Signed Portal UID UID range Purpose ClassACS publisher ID Identity requirements Number of IMEIsExtended Capabilities Developers guidelines Signing applications UID Information To do before submitting the applicationPKG file format Policy statement dialogDevelopers guidelines Signing applications Appendix Capability CommDD Functions listed by capabilityCapability AllFiles Capability DiskAdmin Capability Drm Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability LocalServices Developers guidelines Signing applications Capability Location Capability MultimediaDD Capability NetworkControl Developers guidelines Signing applications Developers guidelines Signing applications Capability NetworkServices Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability ReadDeviceData Capability PowerMgmtCapability ProtServ Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability ReadUserData Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability SurroundingsDD Capability SwEvent Capability WriteDeviceData Capability TcbCapability TrustedUI Capability UserEnvironment Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability WriteUserData Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability Illegal Developers guidelines Signing applications