Bashing my head against capabilities.
Mostly been developing for pre-production devices and rom-included applications so far, so havn't really had to deal with them.
This is my usecase:
Lets say I have a DLL with a few utility functions in that does not need any capabilites.
I want to use this DLL in several projects, and I want to distribute it in binary form to others, to use in their project(s).
Platsec force me to assign any capability to my DLL that the process that want to load it will use.
BUT. I can't possibly predict what capabilities they will need for their apps, and I can't just pre-emptively assign all capabilities I could imagine they would need to use. Or is this what I have to do?
This has serious implications on signing needed for the dll...
What capabilites would I need? All -TCB?
I assume that would be quite heavy, and lock anyone from using my dll with a self-signed application...
But if I just limit myself to the self-signable caps, then I lock out anyone wanting to use it in something that need more..
Do you have any tips of approaches here, or pointers to any documents I should read I might have missed?
What would you say is the minimal set of caps I should use for my dll?
Or should I just stop wasting my time trying to optimize rom waste and memory usage and make it a static library?