|
1 <?xml version="1.0" encoding="utf-8"?> |
|
2 <!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. --> |
|
3 <!-- This component and the accompanying materials are made available under the terms of the License |
|
4 "Eclipse Public License v1.0" which accompanies this distribution, |
|
5 and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". --> |
|
6 <!-- Initial Contributors: |
|
7 Nokia Corporation - initial contribution. |
|
8 Contributors: |
|
9 --> |
|
10 <!DOCTYPE concept |
|
11 PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd"> |
|
12 <concept id="GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98" xml:lang="en"><title>Process |
|
13 identification</title><prolog><metadata><keywords/></metadata></prolog><conbody> |
|
14 <p>Sometimes it is useful for security reasons to obtain more information |
|
15 about server or application processes, and identify an application and even |
|
16 its vendor uniquely.</p> |
|
17 <ul> |
|
18 <li><p>To verify an application's identity, use <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/RApaLsSessionClass.html" format="application/java-archive">RApaLsSession</xref></codeph> to retrieve the application's name and <i>Unique Identifier</i> UID, |
|
19 and compare them against known information.</p><p>For more information, |
|
20 see <xref href="GUID-EA05F9B6-52C7-4BD9-8B9A-4BA3456E70B5.dita">UID</xref>.</p> |
|
21 </li> |
|
22 <li><p>Use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/TApaTaskListClass.html" format="application/java-archive">TApaTaskList</xref></codeph> class |
|
23 to get a list of currently running applications.</p><p>In the platform |
|
24 security architecture there are two different identifiers for applications: |
|
25 Secure Identifier (SID) and Vendor Identifier (VID).</p></li> |
|
26 </ul> |
|
27 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC652">Secure Identifier |
|
28 (SID)</b></p> |
|
29 <p>Every executable has its own <i>Secure Identifier</i> (SID), which is |
|
30 used to identify the running process launched from the executable. It can |
|
31 also be used to determine which private directory a process can access. SID |
|
32 is stored in the executable binary, so it has the same security as any executable |
|
33 code. The SID value is not relevant for <codeph>dll</codeph>.</p> |
|
34 <p>SID values are requested from the <xref href="http://www.symbiansigned.com" scope="external">Symbian |
|
35 Signed</xref> web site. The <xref href="GUID-1293DE8C-E803-4ADF-9FA8-862519337331.dita">Software |
|
36 Installer</xref> ensures that no two applications have the same SID value |
|
37 on a particular target device.</p> |
|
38 <p>To retrieve the SID of a process, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/RProcessClass.html#%3a%3aRProcess%3a%3aSecureId%28%29const" format="application/java-archive">RProcess::SecureId()</xref></codeph> method . During inter process communication, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/TSecurityPolicyClass.html" format="application/java-archive">TSecurityPolicy</xref></codeph> class to specify a security policy consisting of both <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> and |
|
39 SID checks.</p> |
|
40 <p>For information on how to define the SID in the <codeph>mmp</codeph> file, |
|
41 see <codeph><xref href="GUID-A98F7AA2-A908-527E-9AEC-54DDD10A49C1.dita">secureid</xref></codeph>. |
|
42 If SID is not specified in the <codeph>mmp</codeph> file, the value of UID3 |
|
43 is used as the SID.</p> |
|
44 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC654">Vendor Identifier |
|
45 (VID)</b></p> |
|
46 <p>In addition to SID, signed applications have a <i>Vendor Identifier</i> (VID) |
|
47 which can be used to identify the source of the application. Applications |
|
48 from one vendor usually share a common VID, but the vendor may have different |
|
49 VIDs for different product families. VIDs can also be used to group servers |
|
50 and clients into logical groups providing services to each other.</p> |
|
51 <p>Note that the VID cannot be reused for any other entity. For example, |
|
52 the Nokia VID (<codeph>0x101FB657</codeph>) is property of Nokia.</p> |
|
53 <p>For information on how to define the VID in the <codeph>mmp</codeph> file, |
|
54 see <codeph><xref href="GUID-535793F2-08F1-5B4E-AD32-783985C53124.dita">vendorid</xref></codeph>.</p> |
|
55 <section id="GUID-09668673-7926-453D-BD33-9894F5631C90"><title>Secure inter |
|
56 process communication</title> |
|
57 <p>Authentication can be done in different ways. The server can decide |
|
58 to request (or not to request) capabilities from the client. The client's |
|
59 options are more limited, the server is usually authenticated by name. The <codeph>ProtServ</codeph> <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> allows |
|
60 the server to insert an "!" in front of its name, indicating that the server |
|
61 can be trusted. Nameless servers are also possible, but no client can connect |
|
62 to them without a handle to the server. The server can also authenticate the |
|
63 client with SID and VID.</p> |
|
64 <p>Every server should define the following security policies:</p> |
|
65 <ul> |
|
66 <li><p>Which capabilities are required by the calling application</p> |
|
67 </li> |
|
68 <li><p>Which SID and VID are required by the calling application</p> |
|
69 </li> |
|
70 <li><p>What actions are possible or must be done with the information |
|
71 provided:</p> |
|
72 <ul> |
|
73 <li><p>Can input data be trusted?</p></li> |
|
74 <li><p>Is user acceptance needed for this operation?</p></li> |
|
75 <li><p>Can this server act as a proxy towards other components?</p> |
|
76 </li> |
|
77 </ul> |
|
78 </li> |
|
79 </ul> |
|
80 </section> |
|
81 </conbody></concept> |