Capabilities allow the Symbian platform to control access by applications to the functionalities provided by the platform APIs. Access to capabilities is determined by the device configuration and how the application has been signed. Capabilities can be divided into four categories:

Capabilities required by the application are defined in the mmp project definition file during the build process, and cannot be changed during run time. For information on the parameters you can use, see Symbian Tools Guide > Building > Symbian Build System (SBSv1) > Build tools reference > MMP file syntax > capability. Carbide.c++ has a Capability Scanner tool which can be accessed through the Project > Run Capability Scanner on Project MMP menu. The tool scans and checks the project for required capabilities.

During the installation the Software Installer application in the device checks whether the application has been certified or signed. It then checks the capabilities requested by the application. If the application has been certified, it checks that the root certificate is allowed to grant the required capabilities. If no problems are encountered, the installation can continue. For information on certifications required by the capabilities, see Application signing.

The user can grant the user capabilities to a self-signed application. For example, the following dialog is shown to the user to grant the LocalServices capability:

Figure 1. Granting LocalServices capability during the installation

dll capabilities

A dll must have equal or greater set of capabilities than the loading process, otherwise the process is not allowed to load the dll. Once loaded, a dll runs at the capability level of the loading process. A dll that has a higher capability set than the loading process cannot leak capabilities to the process, but a process can leak capabilities to the dll.

For more information, see DLL capability model in a secure platform (TSS000454) in the Forum Nokia Knowledge Base.