Mercurial Mercurial > oss > FCL > sftools > depl > docscontent / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Symbian3/SDK/Source/GUID-9E4D75C0-D797-5541-8E52-3C6D154CC74A.dita
author Dominic Pinkman <dominic.pinkman@nokia.com>
Tue, 20 Jul 2010 12:00:49 +0100
changeset 13 48780e181b38
parent 0 89d6a7a84779
permissions -rw-r--r--
Week 28 contribution of SDK documentation content. See release notes for details. Fixes bugs Bug 1897 and Bug 1522.

<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License 
"Eclipse Public License v1.0" which accompanies this distribution, 
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
    Nokia Corporation - initial contribution.
Contributors: 
-->
<!DOCTYPE concept
  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept id="GUID-9E4D75C0-D797-5541-8E52-3C6D154CC74A" xml:lang="en"><title>ECom
and the Platform Security Architecture</title><prolog><metadata><keywords/></metadata></prolog><conbody>
<p>The Symbian Platform Security Architecture is designed to provide defences
against malicious or badly implemented code. The following aspects of platform
security are particularly relevant to the ECom plug-in architecture: </p>
<ul>
<li id="GUID-299B3BF1-9A55-5CCC-AA77-49F4EBE07ABD"><p>The <i>platform security
capability model</i>, which protects processes from loading and using DLLs
that are less secure than the process itself. </p> </li>
<li id="GUID-92E6F90B-EFE0-5026-AA61-1C068376C21C"><p>Control over software
installation, so that insecure software cannot disrupt legitimately installed
software. </p> </li>
<li id="GUID-2DE8CE05-57EE-582F-80F8-BAEB82B38FAB"><p>Control over which processes
have access to particular files. </p> </li>
</ul>
<p>For more information on the Platform Security Architecture, see <i>Symbian
OS v9 Security Architecture</i> in the <xref href="GUID-9E4D75C0-D797-5541-8E52-3C6D154CC74A.dita">Platform
security</xref> section. </p>
<section><title>ECom and the platform security capability model</title> <p>The
Platform Security Architecture protects processes against loading and using
DLLs that are less secure than the processes themselves. This is done using
platform security capabilities assigned to the process and the DLL. The rule
applied is that the DLL must have the same or greater capabilities than the
process in which it is loaded. </p> <p>With ECom, a plug-in is a DLL that
is loaded into a client process when an interface implementation provided
by that DLL is instantiated. If the plug-in DLL has lower capabilities than
the loading process, then a "permission denied" (-46) error is returned. See <xref href="GUID-8A7B837D-4069-5364-A596-686EEBAE351D.dita">How to troubleshoot plug-in
loading errors</xref> for details of how to investigate this error. </p> <p>Providers
of plug-in DLLs must consider the following with respect to platform security
capabilities: </p> <ul>
<li id="GUID-FB693866-59D7-56DD-9FF4-07AB3CDDA9F7"><p>If you give a plug-in
DLL no capabilities, it can only be used by client processes that also have
no capabilities. </p> </li>
<li id="GUID-8FA6F9BF-9631-5110-8121-219041C07C4A"><p>If you intend a plug-in
to work only with one client program, such as a particular server, then the
documentation for that program should tell you what capabilities it needs. </p> </li>
<li id="GUID-494937B7-AF39-5222-A97E-5F7478A4EC9E"><p>If you want a plug-in
to be usable by any program (apart from the kernel and the file server), then
the capability setting <codeph>All -Tcb</codeph> may be what you require.
Note, however, programs with such high platform security capabilities require
signing and authorisation to be installed by users on phones. See <xref href="https://www.symbiansigned.com/" scope="external">Symbian Signed</xref> for details. </p> </li>
<li id="GUID-B5CD618B-F202-553A-BB5F-F1DF9AF70B58"><p> <i> Custom resolver</i> plug-ins
are a special case. They are loaded by a server process in ECom itself, and
so must be trusted by that server. This requires that you give the plug-in
the <codeph>ProtServ</codeph> capability. See <xref href="GUID-E10A3336-9C4C-59A5-B94F-6CECA92FFB9F.dita">How
to provide a custom resolver</xref> for more details on writing resolvers. </p> </li>
</ul> <p>Platform security also allows you to specify that clients should
only use plug-in implementations supplied by a particular company. See <xref href="GUID-7F4692A0-1801-5D91-8F28-06075AC45DE2.dita">How to filter implementations
by vendor ID</xref> for more details. </p> </section>
<section><title>Installation and upgrade controls</title> <p>Under Platform
Security, the Software Installer program controls what software is installed
to the device. It enables programs originally delivered in ROM, including
ECom plugins, to be upgraded securely. </p> <p>Before platform security, applications
could chose to use only ROM-based plug-ins. This guaranteed that the plug-ins
were secure, but did not allow upgrades. Alternatively, both ROM-based and
installed plug-ins were used, which allowed upgrades, but also risked the
use of possibly insecure plug-ins. </p> <p>Platform security improves this
situation, as it allows clients to access securely both ROM-based plug-ins
and any installed upgrades to those plug-ins. For more information for how
clients can do this, see <xref href="GUID-08007041-CE18-5B1C-9AE6-042EBBFD1AB6.dita">Using
the ROM-only resolver</xref>. </p> <p>Providers of ROM-based plug-ins should
see <xref href="GUID-93F53961-9DA3-5D01-A881-D28E0EBF8B3C.dita">How to upgrade
ROM-based plug-ins securely</xref>. </p> </section>
<section><title>File locations</title><p>The Platform Security architecture
tightly controls access to executable code by: <ul>
<li><p>requiring that all such code, including plug-in DLLs, is located under
a directory <filepath>\sys\bin</filepath></p></li>
<li><p>restricting access to that directory to a small number of key system
processes. </p></li>
</ul></p><p>The registration resource file for a plug-in must be readable
by ECom, but should not be alterable after installation. For this reason,
registration resource files are always installed to the read-only directory <filepath>\resource\plugins</filepath>.</p><p>To
build plug-in code to these locations, set the target type in the project
file to <codeph>PLUGIN</codeph>. For more information, see the <xref href="GUID-641A276D-F618-50CE-BA5A-658DCC26BAB5.dita">Creating an Implementation
Project File</xref> section.  </p> </section>
</conbody></concept>
FCL/sftools/depl/docscontent