+Symbian platform v9.1 introduced Platform
+Security (the concept of Capabilities, Signing and Data Caging) to
+protect a phone against malicious code. Granting a program certain capabilities
+enables it to use protected operating system functionality, and signing an
+installation file enables it to be installed onto different phones.
+A program using the P.I.P.S. libraries may need certain capabilities in
+order to use protected functionality to be available. The capabilities required
+are listed in the program's makefile (or an MMP file on the Symbian
+platform). For example, the following line added to a Symbian MMP file will
+grant network access to a program.
+CAPABILITY NetworkServices
+Each Symbian program has access to a private area of storage in a /private/<secureid>/ directory
+where secureid is an identifier specified in the MMP file.
+If a secureid is not specified in the MMP file, the secureid is
+set from the program's third UID (Unique Identifier). Some extra capabilities
+are required if the program wishes to have access to another program's private
+area. Also it is worth noting that P.I.P.S. does not allow file descriptors
+in private directories to be inherited.
+Capabilities
+supported for P.I.P.S. APIs The following table provides details
+of the P.I.P.S. APIs and the capabilities that may need to be added.
+
+
+
+ P.I.P.S. API
+ Capabilities required
+
+
+ lstat(), stat(), tmpnam(), tempnam(), wstat()
+ None if the path is not in the protected /sys/
+or /private/ directory.
AllFiles if the path contains
+the protected /sys/ directory.
AllFiles if the path
+contains the protected /private/ directory using another program's Secure
+Identifier.
+
+
+ open(), wfopen()
+ None if the path is not in the protected /sys/
+or /private/ directory.
AllFiles if the path contains
+the protected /sys/ directory and read mode is specified.
TCB if
+the path contains the protected /sys/ directory and write mode is specified.
+P.I.P.S. libraries do not have the TCB capability, and so it is not possible
+to write to this directory.
AllFiles if the path
+contains the protected /private/ directory using another program's Secure
+Identifier.
+
+
+ access(), chdir(), chmod(), creat(), fchmod(), ftok(), mkdir(), mkfifo(), rename(), rmdir(), utimes(), waccess(), wchdir(), wcreat(), wmkdir(), wrmdir(), wunlink(), unlink(), utime()
+ None if the path is not in the protected /sys/,
+/resource/ or /private/ directory.
TCB if the path
+contains the protected /sys/ or /resource/ directory. P.I.P.S. libraries do
+not have the TCB capability, and so it is not possible to write to this directory.
AllFiles if
+the path contains the protected /private/ directory using another program's
+Secure Identifier.
+
+
+ accept(), bind(), connect(), ioctl(), recv(), recvfrom(), send(), sendto(), recvmsg(), sendmsg()
+ None if the descriptor does not refer to a socket.
NetworkServices if
+the descriptor is a socket.
+
+
+
+
+A P.I.P.S. platform security example The following
+code illustrates how P.I.P.S. conforms to Data Caging rules while creating
+a file with and without capabilities.
#include <stdio.h>
+
+int main(int argc, char *argv[])
+{
+ FILE* file;
+
+ //Create the file in another program's private directory
+ file = fopen("/private/10004902/out.file", "w");
+ if (file == NULL)
+ {
+ int I = errno;
+
+ //Error occurred
+ printf("\nError creating file, error=%d", errno);
+ return EXIT_FAILURE;
+ }
+ else
+ {
+ //File created
+ fprintf(file, "Sample File Output");
+ fclose(file);
+
+ printf("\nFile created");
+ }
+
+ return EXIT_SUCCESS;
+} If no capabilities are provided, the code will print out
+an error message due to the attempted use of fopen() on
+another program's /private/ directory. The error code
+displayed will be EACCESS, showing a security error.
If,
+however, the AllFiles capability is listed in the program's
+MMP file, the file will be generated successfully.
Note: Here, AllFiles represents
+a system capability and is not something your application should require or
+use, in most of the cases.
+