Mercurial Mercurial > oss > MCL > sftools > depl > docscontent / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Symbian3/SDK/Source/GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98.dita
changeset 13 48780e181b38
parent 7 51a74ef9ed63
equal deleted inserted replaced
12:80ef3a206772 13:48780e181b38 
     7     Nokia Corporation - initial contribution.
 
     7     Nokia Corporation - initial contribution.
 
     8 Contributors: 
     8 Contributors: 
     9 -->
 
     9 -->
 
    10 <!DOCTYPE concept
 
    10 <!DOCTYPE concept
 
    11   PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
 
    11   PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
 
    12 <concept id="GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98" xml:lang="en"><title>Process
 
    12 <concept id="GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98" xml:lang="en"><title>Process identification</title><prolog><metadata><keywords/></metadata></prolog><conbody>
 
    13 identification</title><prolog><metadata><keywords/></metadata></prolog><conbody>
 
       
    14 <p>Sometimes it is useful for security reasons to obtain more information
 
    13 <p>Sometimes it is useful for security reasons to obtain more information
 
    15 about server or application processes, and identify an application and even
 
    14 about server or application processes, and identify an application
 
    16 its vendor uniquely.</p>
 
    15 and even its vendor uniquely.</p>
 
    17 <ul>
 
    16 <ul>
 
    18 <li><p>To verify an application's identity, use <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/RApaLsSessionClass.html" format="application/java-archive">RApaLsSession</xref></codeph> to retrieve the application's name and  <i>Unique Identifier</i> UID,
 
    17 <li><p>To verify an application's identity, use <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/RApaLsSessionClass.html" format="application/java-archive">RApaLsSession</xref></codeph> to retrieve the application's
 
    19 and compare them against known information.</p><p>For more information,
 
    18 name and  <i>Unique Identifier</i> UID, and compare them against known
 
    20 see <xref href="GUID-EA05F9B6-52C7-4BD9-8B9A-4BA3456E70B5.dita">UID</xref>.</p>
 
    19 information.</p><p>For more information, see <xref href="GUID-EA05F9B6-52C7-4BD9-8B9A-4BA3456E70B5.dita">UID</xref>.</p>
 
    21 </li>
 
    20 </li>
 
    22 <li><p>Use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/TApaTaskListClass.html" format="application/java-archive">TApaTaskList</xref></codeph> class
 
    21 <li><p>Use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/TApaTaskListClass.html" format="application/java-archive">TApaTaskList</xref></codeph> class to get a list of currently
 
    23 to get a list of currently running applications.</p><p>In the platform
 
    22 running applications.</p><p>In the platform security architecture
 
    24 security architecture there are two different identifiers for applications:
 
    23 there are two different identifiers for applications: Secure Identifier
 
    25 Secure Identifier (SID) and Vendor Identifier  (VID).</p></li>
 
    24 (SID) and Vendor Identifier  (VID).</p></li>
 
    26 </ul>
 
    25 </ul>
 
    27 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC652">Secure Identifier
 
    26 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC652">Secure Identifier
 
    28 (SID)</b></p>
 
    27 (SID)</b></p>
 
    29 <p>Every executable has its own <i>Secure Identifier</i> (SID), which is
 
    28 <p>Every executable has its own <i>Secure Identifier</i> (SID),
 
    30 used to identify the running process launched from the executable. It can
 
    29 which is used to identify the running process launched from the executable.
 
    31 also be used to determine which private directory a process can access. SID
 
    30 It can also be used to determine which private directory a process
 
    32 is stored in the executable binary, so it has the same security as any executable
 
    31 can access. SID is stored in the executable binary, so it has the
 
    33 code. The SID value is not relevant for <codeph>dll</codeph>.</p>
 
    32 same security as any executable code. The SID value is not relevant
 
    34 <p>SID values are requested from the <xref href="http://www.symbiansigned.com" scope="external">Symbian
 
    33 for <codeph>dll</codeph>.</p>
 
    35 Signed</xref> web site. The <xref href="GUID-1293DE8C-E803-4ADF-9FA8-862519337331.dita">Software
 
    34 <p>SID values are requested from the <xref href="http://www.symbiansigned.com" scope="external">Symbian Signed</xref> web site.
 
    36 Installer</xref> ensures that no two applications have the same SID value
 
    35 The <xref href="GUID-1293DE8C-E803-4ADF-9FA8-862519337331.dita">Software
 
    37 on a particular target device.</p>
 
    36 Installer</xref> ensures that no two applications have the same SID
 
    38 <p>To retrieve the SID of a process, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/RProcessClass.html#%3a%3aRProcess%3a%3aSecureId%28%29const" format="application/java-archive">RProcess::SecureId()</xref></codeph> method . During inter process communication, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/TSecurityPolicyClass.html" format="application/java-archive">TSecurityPolicy</xref></codeph> class to specify a security policy consisting of both <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> and
 
    37 value on a particular target device.</p>
 
    39 SID checks.</p>
 
    38 <p>To retrieve the SID of a process, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/RProcessClass.html#%3a%3aRProcess%3a%3aSecureId%28%29const" format="application/java-archive">RProcess::SecureId()</xref></codeph> method . During inter
 
    40 <p>For information on how to define the SID in the <codeph>mmp</codeph> file,
 
    39 process communication, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/TSecurityPolicyClass.html" format="application/java-archive">TSecurityPolicy</xref></codeph> class to specify a security
 
    41 see <codeph><xref href="GUID-A98F7AA2-A908-527E-9AEC-54DDD10A49C1.dita">secureid</xref></codeph>.
 
    40 policy consisting of both <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> and SID checks.</p>
 
    42 If SID is not specified in the <codeph>mmp</codeph> file, the value of UID3
 
    41 <p>For information on how to define the SID in the <codeph>mmp</codeph> file, see <codeph>secureid</codeph>. If SID is not specified in
 
    43 is used as the SID.</p>
 
    42 the <codeph>mmp</codeph> file, the value of UID3 is used as the SID.</p>
 
    44 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC654">Vendor Identifier
 
    43 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC654">Vendor Identifier
 
    45 (VID)</b></p>
 
    44 (VID)</b></p>
 
    46 <p>In addition to SID, signed applications have a <i>Vendor Identifier</i> (VID)
 
    45 <p>In addition to SID, signed applications have a <i>Vendor Identifier</i> (VID) which can be used to identify the source of the application.
 
    47 which can be used to identify the source of the application. Applications
 
    46 Applications from one vendor usually share a common VID, but the vendor
 
    48 from one vendor usually share a common VID, but the vendor may have different
 
    47 may have different VIDs for different product families. VIDs can also
 
    49 VIDs for different product families. VIDs can also be used to group servers
 
    48 be used to group servers and clients into logical groups providing
 
    50 and clients into logical groups providing services to each other.</p>
 
    49 services to each other.</p>
 
    51 <p>Note that the VID cannot be reused for any other entity. For example,
 
    50 <p>Note that the VID cannot be reused for any other entity. For
 
    52 the Nokia VID (<codeph>0x101FB657</codeph>) is property of Nokia.</p>
 
    51 example, the Nokia VID (<codeph>0x101FB657</codeph>) is property of
 
    53 <p>For information on how to define the VID in the <codeph>mmp</codeph> file,
 
    52 Nokia.</p>
 
    54 see <codeph><xref href="GUID-535793F2-08F1-5B4E-AD32-783985C53124.dita">vendorid</xref></codeph>.</p>
 
    53 <p>For information on how to define the VID in the <codeph>mmp</codeph> file, see <codeph>vendorid</codeph>.</p>
 
    55 <section id="GUID-09668673-7926-453D-BD33-9894F5631C90"><title>Secure inter
 
    54 <section id="GUID-09668673-7926-453D-BD33-9894F5631C90"><title>Secure
 
    56 process communication</title>
 
    55 inter process communication</title>
 
    57 <p>Authentication can be done in different ways. The server can decide
 
    56 <p>Authentication can be done in different ways. The server can
 
    58 to request (or not to request) capabilities from the client. The client's
 
    57 decide to request (or not to request) capabilities from the client.
 
    59 options are more limited, the server is usually authenticated by name. The <codeph>ProtServ</codeph> <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> allows
 
    58 The client's options are more limited, the server is usually authenticated
 
    60 the server to insert an "!" in front of its name, indicating that the server
 
    59 by name. The <codeph>ProtServ</codeph> <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> allows the server to insert an "!" in front of its name, indicating
 
    61 can be trusted. Nameless servers are also possible, but no client can connect
 
    60 that the server can be trusted. Nameless servers are also possible,
 
    62 to them without a handle to the server. The server can also authenticate the
 
    61 but no client can connect to them without a handle to the server.
 
    63 client with SID and VID.</p>
 
    62 The server can also authenticate the client with SID and VID.</p>
 
    64 <p>Every server should define the following security policies:</p>
 
    63 <p>Every server should define the following security policies:</p>
 
    65 <ul>
 
    64 <ul>
 
    66 <li><p>Which capabilities are required by the calling application</p>
 
    65 <li><p>Which capabilities are required by the calling application</p>
 
    67 </li>
 
    66 </li>
 
    68 <li><p>Which SID and VID are required by the calling application</p>
 
    67 <li><p>Which SID and VID are required by the calling application</p>
 
    69 </li>
 
    68 </li>
 
    70 <li><p>What actions are possible or must be done with the information
 
    69 <li><p>What actions are possible or must be done with the
 
    71 provided:</p>
 
    70 information provided:</p>
 
    72 <ul>
 
    71 <ul>
 
    73 <li><p>Can input data be trusted?</p></li>
 
    72 <li><p>Can input data be trusted?</p></li>
 
    74 <li><p>Is user acceptance needed for this operation?</p></li>
 
    73 <li><p>Is user acceptance needed for this operation?</p>
 
       
    74 </li>
 
    75 <li><p>Can this server act as a proxy towards other components?</p>
 
    75 <li><p>Can this server act as a proxy towards other components?</p>
 
    76 </li>
 
    76 </li>
 
    77 </ul>
 
    77 </ul>
 
    78 </li>
 
    78 </li>
 
    79 </ul>
 
    79 </ul>
MCL/sftools/depl/docscontent