Capabilities

diff -r 80ef3a206772 -r 48780e181b38 Symbian3/SDK/Source/GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita --- a/Symbian3/SDK/Source/GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita Fri Jul 16 17:23:46 2010 +0100 +++ b/Symbian3/SDK/Source/GUID-6971B0A2-F79B-4E05-8AF3-BB1FC1932A22.dita Tue Jul 20 12:00:49 2010 +0100 @@ -10,46 +10,42 @@ Capabilities -

Capabilities allow the Symbian platform to control access by applications -to the functionalities provided by the platform APIs. Access to capabilities -is determined by the device configuration and how the application has been -signed. Capabilities can be divided into four categories:

Capabilities allow the Symbian platform to control access by +applications to the functionalities provided by the platform APIs. +Access to capabilities is determined by the device configuration and +how the application has been signed. Capabilities can be divided into +four categories:

user capabilities: LocalServices, NetworkServices, ReadUserData, WriteUserData, UserEnvironment and, Location
-
system capabilities: PowerMgmt, ProtServ, ReadDeviceData, SurroundingsDD, SwEvent, TrustedUI, WriteDeviceData
-
restricted capabilities: CommDD, DiskAdmin, MultimediaDD and NetworkControl
-
device manufacturer capabilities: AllFiles, DRM and TCB
-
user capabilities: LocalServices, NetworkServices, ReadUserData, WriteUserData, UserEnvironment and, Location
system capabilities: PowerMgmt, ProtServ, ReadDeviceData, SurroundingsDD, SwEvent, TrustedUI, WriteDeviceData
restricted capabilities: CommDD, DiskAdmin, MultimediaDD and NetworkControl
device manufacturer capabilities: AllFiles, DRM and TCB

Capabilities required by the application are defined in the mmp project -definition file during the build process, and cannot be changed during run -time. For information on the parameters you can use, see capability. -Carbide.c++ has a Capability Scanner tool which can be accessed through the Project -> Run Capability Scanner on Project MMP menu. The tool scans and checks -the project for required capabilities.

During the installation the Software -Installer application in the device checks whether the application -has been certified or signed. It then checks the capabilities requested by -the application. If the application has been certified, it checks that the -root certificate is allowed to grant the required capabilities. If no problems -are encountered, the installation can continue. For information on certifications -required by the capabilities, see Application -signing.

The user can grant the user capabilities to a self-signed application. -For example, the following dialog is shown to the user to grant the LocalServices capability:

-Granting LocalServices capability during the installation +

Capabilities required by the application are defined in the mmp project definition file during the build process, and +cannot be changed during run time. For information on the parameters +you can use, see Symbian Tools Guide > Building > +Symbian Build System (SBSv1) > Build tools reference > MMP file syntax +> capability. Carbide.c++ has a Capability Scanner tool which +can be accessed through the Project > Run Capability Scanner on +Project MMP menu. The tool scans and checks the project for required +capabilities.

During the installation the Software Installer application in the device checks whether the application has been +certified or signed. It then checks the capabilities requested by +the application. If the application has been certified, it checks +that the root certificate is allowed to grant the required capabilities. +If no problems are encountered, the installation can continue. For +information on certifications required by the capabilities, see Application signing.

The user can grant the user capabilities to a self-signed +application. For example, the following dialog is shown to the user +to grant the LocalServices capability:

+Granting LocalServices capability during the installation

dll capabilities

A dll must have equal or greater set of capabilities -than the loading process, otherwise the process is not allowed to load the dll. -Once loaded, a dll runs at the capability level of the loading -process. A dll that has a higher capability set than the -loading process cannot leak capabilities to the process, but a process can -leak capabilities to the dll.

For more information, see DLL -capability model in a secure platform (TSS000454) in the Forum Nokia -Knowledge Base.

+than the loading process, otherwise the process is not allowed to +load the dll. Once loaded, a dll runs at the capability level of the loading process. A dll that has a higher capability set than the loading process cannot +leak capabilities to the process, but a process can leak capabilities +to the dll.

For more information, see DLL capability model in a secure platform (TSS000454) in +the Forum Nokia Knowledge Base.

\ No newline at end of file