Mercurial Mercurial > oss > MCL > sftools > depl > docscontent / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Symbian3/PDK/Source/GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98.dita
changeset 5 f345bda72bc4
parent 3 46218c8b8afa
child 12 80ef3a206772
equal deleted inserted replaced
4:4816d766a08a 5:f345bda72bc4 
     7     Nokia Corporation - initial contribution.
 
     7     Nokia Corporation - initial contribution.
 
     8 Contributors: 
     8 Contributors: 
     9 -->
 
     9 -->
 
    10 <!DOCTYPE concept
 
    10 <!DOCTYPE concept
 
    11   PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
 
    11   PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
 
    12 <concept id="GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98" xml:lang="en"><title>Process identification</title><prolog><metadata><keywords/></metadata></prolog><conbody>
 
    12 <concept id="GUID-3B6E25F7-C1A8-461F-97F7-421DB559BC98" xml:lang="en"><title>Process
 
    13 <p>Sometimes it is useful for security reasons to obtain more information about server or application processes, and identify an application and even its vendor uniquely.</p>
 
    13 identification</title><prolog><metadata><keywords/></metadata></prolog><conbody>
 
       
    14 <p>Sometimes it is useful for security reasons to obtain more information
 
       
    15 about server or application processes, and identify an application and even
 
       
    16 its vendor uniquely.</p>
 
    14 <ul>
 
    17 <ul>
 
    15 <li><p>To verify an application's identity, use <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/RApaLsSessionClass.html" format="application/java-archive">RApaLsSession</xref></codeph> to retrieve the application's name and  <i>Unique Identifier</i> UID, and compare them against known information.</p><p>For more information, see <xref href="GUID-EA05F9B6-52C7-4BD9-8B9A-4BA3456E70B5.dita">UID</xref>.</p></li>
 
    18 <li><p>To verify an application's identity, use <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/RApaLsSessionClass.html" format="application/java-archive">RApaLsSession</xref></codeph> to retrieve the application's name and  <i>Unique Identifier</i> UID,
 
    16 <li><p>Use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/TApaTaskListClass.html" format="application/java-archive">TApaTaskList</xref></codeph> class to get a list of currently running applications.</p><p>In the platform security architecture there are two different identifiers for applications: Secure Identifier (SID) and Vendor Identifier  (VID).</p></li>
 
    19 and compare them against known information.</p><p>For more information,
 
       
    20 see <xref href="GUID-EA05F9B6-52C7-4BD9-8B9A-4BA3456E70B5.dita">UID</xref>.</p>
 
       
    21 </li>
 
       
    22 <li><p>Use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Application_Architecture/TApaTaskListClass.html" format="application/java-archive">TApaTaskList</xref></codeph> class
 
       
    23 to get a list of currently running applications.</p><p>In the platform
 
       
    24 security architecture there are two different identifiers for applications:
 
       
    25 Secure Identifier (SID) and Vendor Identifier  (VID).</p></li>
 
    17 </ul>
 
    26 </ul>
 
    18 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC652">Secure Identifier (SID)</b></p>
 
    27 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC652">Secure Identifier
 
    19 <p>Every executable has its own <i>Secure Identifier</i> (SID), which is used to identify the running process launched from the executable. It can also be used to determine which private directory a process can access. SID is stored in the executable binary, so it has the same security as any executable code. The SID value is not relevant for <codeph>dll</codeph>.</p>
 
    28 (SID)</b></p>
 
    20 <p>SID values are requested from the <xref href="http://www.symbiansigned.com" scope="external">Symbian Signed</xref> web site. The <xref href="GUID-1293DE8C-E803-4ADF-9FA8-862519337331.dita">Sofware Installer</xref> ensures that no two applications have the same SID value on a particular target device.</p>
 
    29 <p>Every executable has its own <i>Secure Identifier</i> (SID), which is
 
    21 <p>To retrieve the SID of a process, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/RProcessClass.html#%3a%3aRProcess%3a%3aSecureId%28%29const" format="application/java-archive">RProcess::SecureId()</xref></codeph> method . During inter process communication, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/TSecurityPolicyClass.html" format="application/java-archive">TSecurityPolicy</xref></codeph> class to specify a security policy consisting of both <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> and SID checks.</p>
 
    30 used to identify the running process launched from the executable. It can
 
    22 <p>For information on how to define the SID in the <codeph>mmp</codeph> file, see <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/ToolsAndUtilities94/Build-ref/Mmp-ref/secureid.html" format="application/java-archive">secureid</xref></codeph>. If SID is not specified in the <codeph>mmp</codeph> file, the value of UID3 is used as the SID.</p>
 
    31 also be used to determine which private directory a process can access. SID
 
    23 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC654">Vendor Identifier (VID)</b></p>
 
    32 is stored in the executable binary, so it has the same security as any executable
 
    24 <p>In addition to SID, signed applications have a <i>Vendor Identifier</i> (VID) which can be used to identify the source of the application. Applications from one vendor usually share a common VID, but the vendor may have different VIDs for different product families. VIDs can also be used to group servers and clients into logical groups providing services to each other.</p>
 
    33 code. The SID value is not relevant for <codeph>dll</codeph>.</p>
 
    25 <p>Note that the VID cannot be reused for any other entity. For example, the Nokia VID (<codeph>0x101FB657</codeph>) is property of Nokia.</p>
 
    34 <p>SID values are requested from the <xref href="http://www.symbiansigned.com" scope="external">Symbian
 
    26 <p>For information on how to define the VID in the <codeph>mmp</codeph> file, see <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/ToolsAndUtilities94/Build-ref/Mmp-ref/vendorid.html" format="application/java-archive">vendorid</xref></codeph>.</p>
 
    35 Signed</xref> web site. The <xref href="GUID-1293DE8C-E803-4ADF-9FA8-862519337331.dita">Software
 
    27 <section><title>Secure inter process communication</title>
 
    36 Installer</xref> ensures that no two applications have the same SID value
 
    28 <p>Authentication can be done in different ways. The server can decide to request (or not to request) capabilities from the client. The client's options are more limited, the server is usually authenticated by name. The <codeph>ProtServ</codeph> <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> allows the server to insert an "!" in front of its name, indicating that the server can be trusted. Nameless servers are also possible, but no client can connect to them without a handle to the server. The server can also authenticate the client with SID and VID.</p>
 
    37 on a particular target device.</p>
 
       
    38 <p>To retrieve the SID of a process, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/RProcessClass.html#%3a%3aRProcess%3a%3aSecureId%28%29const" format="application/java-archive">RProcess::SecureId()</xref></codeph> method . During inter process communication, use the <codeph><xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/reference/reference-cpp/Kernel_Architecture_2/TSecurityPolicyClass.html" format="application/java-archive">TSecurityPolicy</xref></codeph> class to specify a security policy consisting of both <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> and
 
       
    39 SID checks.</p>
 
       
    40 <p>For information on how to define the SID in the <codeph>mmp</codeph> file,
 
       
    41 see <codeph><xref href="GUID-A98F7AA2-A908-527E-9AEC-54DDD10A49C1.dita">secureid</xref></codeph>.
 
       
    42 If SID is not specified in the <codeph>mmp</codeph> file, the value of UID3
 
       
    43 is used as the SID.</p>
 
       
    44 <p><b id="GUID-EEC50FC0-46D5-4ED7-AD95-67430D5EC654">Vendor Identifier
 
       
    45 (VID)</b></p>
 
       
    46 <p>In addition to SID, signed applications have a <i>Vendor Identifier</i> (VID)
 
       
    47 which can be used to identify the source of the application. Applications
 
       
    48 from one vendor usually share a common VID, but the vendor may have different
 
       
    49 VIDs for different product families. VIDs can also be used to group servers
 
       
    50 and clients into logical groups providing services to each other.</p>
 
       
    51 <p>Note that the VID cannot be reused for any other entity. For example,
 
       
    52 the Nokia VID (<codeph>0x101FB657</codeph>) is property of Nokia.</p>
 
       
    53 <p>For information on how to define the VID in the <codeph>mmp</codeph> file,
 
       
    54 see <codeph><xref href="GUID-535793F2-08F1-5B4E-AD32-783985C53124.dita">vendorid</xref></codeph>.</p>
 
       
    55 <section id="GUID-09668673-7926-453D-BD33-9894F5631C90"><title>Secure inter
 
       
    56 process communication</title>
 
       
    57 <p>Authentication can be done in different ways. The server can decide
 
       
    58 to request (or not to request) capabilities from the client. The client's
 
       
    59 options are more limited, the server is usually authenticated by name. The <codeph>ProtServ</codeph> <xref href="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita">capability</xref> allows
 
       
    60 the server to insert an "!" in front of its name, indicating that the server
 
       
    61 can be trusted. Nameless servers are also possible, but no client can connect
 
       
    62 to them without a handle to the server. The server can also authenticate the
 
       
    63 client with SID and VID.</p>
 
    29 <p>Every server should define the following security policies:</p>
 
    64 <p>Every server should define the following security policies:</p>
 
    30 <ul>
 
    65 <ul>
 
    31 <li><p>Which capabilities are required by the calling application</p></li>
 
    66 <li><p>Which capabilities are required by the calling application</p>
 
    32 <li><p>Which SID and VID are required by the calling application</p></li>
 
    67 </li>
 
    33 <li><p>What actions are possible or must be done with the information provided:</p>
 
    68 <li><p>Which SID and VID are required by the calling application</p>
 
       
    69 </li>
 
       
    70 <li><p>What actions are possible or must be done with the information
 
       
    71 provided:</p>
 
    34 <ul>
 
    72 <ul>
 
    35 <li><p>Can input data be trusted?</p></li>
 
    73 <li><p>Can input data be trusted?</p></li>
 
    36 <li><p>Is user acceptance needed for this operation?</p></li>
 
    74 <li><p>Is user acceptance needed for this operation?</p></li>
 
    37 <li><p>Can this server act as a proxy towards other components?</p></li>
 
    75 <li><p>Can this server act as a proxy towards other components?</p>
 
       
    76 </li>
 
    38 </ul>
 
    77 </ul>
 
    39 </li>
 
    78 </li>
 
    40 </ul>
 
    79 </ul>
 
    41 </section>
 
    80 </section>
 
    42 </conbody></concept>
 
    81 </conbody></concept>
MCL/sftools/depl/docscontent