Sony Ericsson UIQ 3 manual Introduction, Capabilities, Restricted and unrestricted APIs

Page 8

Developers guidelines Signing applications

Introduction

Symbian OS version 9.x is specifically intended for mid-range phones to be produced in large numbers of units. The open development platform, featuring many new key technologies, offers large opportunities for ISVs (Independent Software Vendors) to find markets for their products.

Introduction of new functionality, such as DRM (Digital Rights Management), Device Management and enhanced networking functionality, has required changing of the Symbian OS core to support vital secu- rity concepts such as data protection or “caging” and restricting usage of some “sensitive” APIs.

Symbian OS v9 Platform Security (PlatSec) has been enhanced to provide a high degree of protection against malicious or badly implemented programs, which means that such programs are efficiently detected and prevented from executing on the platform. On the other hand, applications that have been tested and found “trustworthy”, can gain authorization to be installed and executed on the platform, with- out further security confirmations on the user level. This authorization is done via the Symbian Signed pro- gramme which include procedures for signing of applications using certificates, both in the development phase and when the application is to be packaged and distributed to the market.

This document is primarily intended to guide Symbian OS v9 application developers in the process of cre- ating applications to be authorized via the Symbian Signed programme.

Capabilities

The term “capability” has been introduced with Symbian OS v9 Platform Security. A capability can be assigned to a program, guaranteeing that the process started by the program uses the associated Symbian OS v9 functionality (for example an API) in a safe way. Thus, a capability can be regarded as a granted protection of its associated APIs. The protection is granted either by a digital signature, or by a user permission given for an unsigned application at installation.

An application can be signed at different levels of trust. The higher level of trust, the more sensitive capa- bilities can be granted access. Capabilities are therefore grouped into four different sets, each applicable for a certain level of trust. For more information, see “Capability mapping” on page 11.

Restricted and unrestricted APIs

A majority of Symbian APIs are classified as “unrestricted”, which means that they require no authoriza- tion, since they have no harmful security implications on the device or network integrity. Unrestricted APIs are not associated with capabilities, since no protection is needed.

APIs with potential security implications are referred to as “restricted”. Restricted APIs are grouped into capabilities based on their functionality. Applications are granted access to capabilities rather than to APIs in order to simplify the process of authorization.

8

October 2006

Page 7 Page 9
Image 8
Page 7 Page 9
Contents Signing applications Preface Purpose of this documentSony Ericsson Developer World Document conventionsProducts AbbreviationsTrademarks and acknowledgements Document historyTypographical conventions Change historyContents Developers guidelines Signing applications Symbian OS v9 security architecture Restricted and unrestricted APIs IntroductionCapabilities Identifiers Unique Identifiers, UIDsSecure Identifier, SID Vendor Identifier, VIDData caging Unsigned sandboxed applicationsCapability User granted permission Symbian Signed applicationsCapability mapping Basic Capabilties Signing freeware applications Developer certificatesACS publisher ID Publisher certifiers Symbian OS v9 application signing Required capabilities Planning for developmentSigning or not LocalServices NetworkServicesUserEnvironment LocationPowerMgmt WriteDeviceDataSWEvent ProtServGeneral signing procedure DiskAdminCreating a Symbian Signed application AllFilesSymbian Signed portal account registration UID allocationUID UID range Purpose Class To retrieve a UID from the Symbian Signed PortalACS publisher ID Number of IMEIs Identity requirementsExtended Capabilities Developers guidelines Signing applications To do before submitting the application UID InformationPolicy statement dialog PKG file formatDevelopers guidelines Signing applications Appendix Capability CommDD Functions listed by capabilityCapability AllFiles Capability DiskAdmin Capability Drm Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability LocalServices Developers guidelines Signing applications Capability Location Capability MultimediaDD Capability NetworkControl Developers guidelines Signing applications Developers guidelines Signing applications Capability NetworkServices Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability ReadDeviceData Capability PowerMgmtCapability ProtServ Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability ReadUserData Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability SurroundingsDD Capability SwEvent Capability WriteDeviceData Capability TcbCapability TrustedUI Capability UserEnvironment Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability WriteUserData Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Developers guidelines Signing applications Capability Illegal Developers guidelines Signing applications
Top Page Image Contents