<?xml version="1.0" encoding="utf-8"?>
<!-- Copyright (c) 2007-2010 Nokia Corporation and/or its subsidiary(-ies) All rights reserved. -->
<!-- This component and the accompanying materials are made available under the terms of the License 
"Eclipse Public License v1.0" which accompanies this distribution, 
and is available at the URL "http://www.eclipse.org/legal/epl-v10.html". -->
<!-- Initial Contributors:
    Nokia Corporation - initial contribution.
Contributors: 
-->
<!DOCTYPE concept
  PUBLIC "-//OASIS//DTD DITA Concept//EN" "concept.dtd">
<concept id="GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22" xml:lang="en"><title>Capabilities</title><prolog><metadata><keywords/></metadata></prolog><conbody>
<p>Capabilities allow the Symbian platform to control access by applications
to the functionalities provided by the platform APIs. Access to capabilities
is determined by the device configuration and how the application has been
signed. Capabilities can be divided into four categories:</p>
<ul>
<li><p><i>user capabilities</i>: <xref href="http://wiki.forum.nokia.com/index.php/LocalServices" scope="external"><codeph>LocalServices</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/NetworkServices" scope="external"><codeph>NetworkServices</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/ReadUserData" scope="external"><codeph>ReadUserData</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/WriteUserData" scope="external"><codeph>WriteUserData</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/UserEnvironment" scope="external"><codeph>UserEnvironment</codeph></xref> and, <xref href="http://wiki.forum.nokia.com/index.php/Location" scope="external"><codeph>Location</codeph></xref></p>
</li>
<li><p><i>system capabilities</i>: <xref href="http://wiki.forum.nokia.com/index.php/PowerMgmt" scope="external"><codeph>PowerMgmt</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/ProtServ" scope="external"><codeph>ProtServ</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/ReadDeviceData" scope="external"><codeph>ReadDeviceData</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/SurroundingsDD" scope="external"><codeph>SurroundingsDD</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/SwEvent" scope="external"><codeph>SwEvent</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/TrustedUI" scope="external"><codeph>TrustedUI</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/WriteDeviceData" scope="external"><codeph>WriteDeviceData</codeph></xref></p>
</li>
<li><p><i>restricted capabilities</i>: <xref href="http://wiki.forum.nokia.com/index.php/CommDD" scope="external"><codeph>CommDD</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/DiskAdmin" scope="external"><codeph>DiskAdmin</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/MultimediaDD" scope="external"><codeph>MultimediaDD</codeph></xref> and <xref href="http://wiki.forum.nokia.com/index.php/NetworkControl" scope="external"><codeph>NetworkControl</codeph></xref></p>
</li>
<li><p><i>device manufacturer capabilitie</i>s: <xref href="http://wiki.forum.nokia.com/index.php/AllFiles" scope="external"><codeph>AllFiles</codeph></xref>, <xref href="http://wiki.forum.nokia.com/index.php/DRM" scope="external"><codeph>DRM</codeph></xref> and <xref href="http://wiki.forum.nokia.com/index.php/Trusted_Computing_Base_%28TCB%29" scope="external"><codeph>TCB</codeph></xref></p>
</li>
</ul>
<p>Capabilities required by the application are defined in the <codeph>mmp</codeph> project
definition file during the build process, and cannot be changed during run
time. For information on the parameters you can use, see <xref href="jar:GUID-35228542-8C95-4849-A73F-2B4F082F0C44.jar!/sdk/doc_source/ToolsAndUtilities94/Build-ref/Mmp-ref/capability.html" format="application/java-archive">capability</xref>.
Carbide.c++ has a Capability Scanner tool which can be accessed through the <b>Project
&gt; Run Capability Scanner on Project MMP</b> menu. The tool scans and checks
the project for required capabilities.</p>
<p>During the installation the <xref href="GUID-1293DE8C-E803-4ADF-9FA8-862519337331.dita">Software
Installer</xref> application in the device checks whether the application
has been certified or signed. It then checks the capabilities requested by
the application. If the application has been certified, it checks that the
root certificate is allowed to grant the required capabilities. If no problems
are encountered, the installation can continue. For information on certifications
required by the capabilities, see <xref href="GUID-B9414AE8-820E-4CA5-A9C4-29560CD6F2EF.dita">Application
signing</xref>.</p>
<p>The user can grant the <i>user capabilities</i> to a self-signed application.
For example, the following dialog is shown to the user to grant the <codeph>LocalServices</codeph> capability:</p>
<fig id="GUID-5FCD68FB-BB79-48E0-B438-E8BFAD37331D"><title>Granting LocalServices capability during the installation</title><image href="GUID-08152DC3-2A5D-42AC-B722-3D49275FE548_d0e8048_href.png"/></fig>
<section id="GUID-DD22FF50-BE6F-4929-85BA-EAF3481EA2BD"><title>dll capabilities</title>
<p>A <codeph>dll</codeph> must have equal or greater set of capabilities
than the loading process, otherwise the process is not allowed to load the <codeph>dll</codeph>.
Once loaded, a <codeph>dll</codeph> runs at the capability level of the loading
process. A <codeph>dll</codeph> that has a higher capability set than the
loading process cannot leak capabilities to the process, but a process can
leak capabilities to the <codeph>dll</codeph>.</p>
<p>For more information, see <xref href="http://wiki.forum.nokia.com/index.php/TSS000454_-_DLL_capability_model_in_a_secure_platform" scope="external">DLL
capability model in a secure platform</xref> (TSS000454) in the Forum Nokia
Knowledge Base.</p>
</section>
</conbody></concept>