7 Nokia Corporation - initial contribution. |
7 Nokia Corporation - initial contribution. |
8 Contributors: |
8 Contributors: |
9 --> |
9 --> |
10 <!DOCTYPE concept |
10 <!DOCTYPE concept |
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
12 <concept id="GUID-ACDED56F-38FE-491D-B019-BE2C53A75D28" xml:lang="en"><title>Data |
12 <concept id="GUID-ACDED56F-38FE-491D-B019-BE2C53A75D28" xml:lang="en"><title>Data caging</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
13 caging</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
13 <p>Data caging means that the applications and the users have access |
14 <p>Data caging means that the applications and the users have access only |
14 only to certain areas of the file system. In practice the applications |
15 to certain areas of the file system. In practice the applications can access |
15 can access their own private folders and folders that are marked as |
16 their own private folders and folders that are marked as open. It means, for |
16 open. It means, for example, that one application cannot access the |
17 example, that one application cannot access the private folder and data of |
17 private folder and data of another application. There are restricted |
18 another application. There are restricted file storage areas for system, private, |
18 file storage areas for system, private, and resource data.</p> |
19 and resource data.</p> |
|
20 <p>The file system has the following structure:</p> |
19 <p>The file system has the following structure:</p> |
21 <ul> |
20 <ul> |
22 <li><p>The <codeph>\sys</codeph> folder is the restricted system |
21 <li><p>The <codeph>\sys</codeph> folder is the restricted |
23 area. You need <codeph>AllFiles</codeph> capability to read the content, and |
22 system area. You need <codeph>AllFiles</codeph> capability to read |
24 Trusted Computing Base (<codeph>TCB</codeph>) capability to modify the content.</p> |
23 the content, and Trusted Computing Base (<codeph>TCB</codeph>) capability |
25 <p>The subfolder <codeph>\sys\bin\</codeph> contains all binaries (<codeph>exe</codeph>, <codeph>dll</codeph>, |
24 to modify the content.</p><p>The subfolder <codeph>\sys\bin\</codeph> contains all binaries (<codeph>exe</codeph>, <codeph>dll</codeph>, etc.). All binaries must have a different name. An application |
26 etc.). All binaries must have a different name. An application can only be |
25 can only be launched from this subfolder.</p></li> |
27 launched from this subfolder.</p></li> |
26 <li><p>The <parmname>\private\</parmname> folder includes |
28 <li><p>The <parmname>\private\</parmname> folder includes folders |
27 folders for all applications.</p><p>The <codeph>\private\<SID>\</codeph> subfolder contains private data only to be accessed by the application |
29 for all applications.</p><p>The <codeph>\private\<SID>\</codeph> subfolder |
28 itself. SID is determined by the <xref href="GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98.dita#GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98/GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC652">Secure Identifier</xref> of the process. Without any capabilities |
30 contains private data only to be accessed by the application itself. SID is |
29 you can read and write only in the application's own directory. You |
31 determined by the <xref href="GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98.dita#GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98/GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC652">Secure |
30 need <codeph>AllFiles</codeph> capability to access all private directories. |
32 Identifier</xref> of the process. Without any capabilities you can read and |
31 Backup software can read and write to this directory.</p><p>The <codeph>\private\<SID>\import\</codeph> subfolder is for resource |
33 write only in the application's own directory. You need <codeph>AllFiles</codeph> capability |
32 files, such as registration files, that are not directly related to |
34 to access all private directories. Backup software can read and write to this |
33 the application. You can write into this subfolder only after it is |
35 directory.</p><p>The <codeph>\private\<SID>\import\</codeph> subfolder |
34 created and named correctly.</p><p>Application registration |
36 is for resource files, such as registration files, that are not directly related |
35 resource files should be installed in the <parmname>\private\10003a3f\import\apps</parmname> subfolder.</p></li> |
37 to the application. You can write into this subfolder only after it is created |
36 <li><p>The <parmname>\resource</parmname> folder is for |
38 and named correctly.</p><p>Application registration resource files should |
37 sharing resource files. This data can be icons, bitmaps, and other |
39 be installed in the <parmname>\private\10003a3f\import\apps</parmname> subfolder.</p> |
38 material useful for all the applications. You do not need any capabilities |
40 </li> |
39 to read these files. You need <codeph>TCB</codeph> capability to modify |
41 <li><p>The <parmname>\resource</parmname> folder is for sharing |
40 the content.</p><p>ECom registration resource files should be |
42 resource files. This data can be icons, bitmaps, and other material useful |
41 installed in the <parmname>\resource\plugins</parmname> subfolder.</p> |
43 for all the applications. You do not need any capabilities to read these files. |
|
44 You need <codeph>TCB</codeph> capability to modify the content.</p><p>ECom |
|
45 registration resource files should be installed in the <parmname>\resource\plugins</parmname> subfolder.</p> |
|
46 </li> |
42 </li> |
47 </ul> |
43 </ul> |
48 <p>For more information, see <xref href="GUID-54E62386-E4DB-55C3-BA9A-FFB7BFE6703E.dita">File |
44 <p>For more information, see <xref href="GUID-54E62386-E4DB-55C3-BA9A-FFB7BFE6703E.dita">File locations</xref>.</p> |
49 locations</xref>.</p> |
|
50 </conbody></concept> |
45 </conbody></concept> |