Capabilities (Symbian Signed)
What is a Capability?
Symbian's Platform Security architecture protects access to sensitive functionality using "capabilities". If your application uses an API that is protected with a capability you will need to declare the capability in your app project file at build time, and then digitally sign the application installation file with a certificate that is trusted to grant the needed capabilities.
There are twenty capabilities, and they are split into four groups - User Capabilities, System Capabilities, Restricted Capabilities and Device Manufacturer Capabilities. The groups protect progressively "more sensitive" APIs.
Which capabilities can I access?
The table below shows what certificates/signing mechanisms can grant capabilities in each group.
|Capability Group||Capability Name||Self-Signed|| Development Certificate
| Development Certificate
|Express Signed||Certified Signed|
|User Capabilities||LocalServices||Yes, with user confirmation at install time||Yes||Yes||Yes||Yes|
|Manufacturer Capabilities||AllFiles||Nokia Approval Required||Nokia Approval Required|
How do I know which capabilities I need?
Most applications will use only need the "user grantable" capabilities; as a result it is generally quite easy to "guess" what capabilities your application needs based on what it does. For example, an application that needs to connect to the Internet will need NetworkServices.
You can also look up the capabilities required for each API in the SDK/online documentation, as shown in the example below.
Lastly, the Carbide.c++ IDE also provides the "Capability Scanner" tool. Select the .mmp file in the Project Explorer window from within Carbide.c++ and select Project, Run Capability Scanner on Project MMP. The results will be displayed in a new Platform Security window, as shown in the screenshot below
Device Manufacturer Capabilities
AllFiles, TCB and DRM protect the most sensitive aspects of the platform functionality, and access to them is only permissible when working with a Device Manufacturer and with their consent. However, it is very unlikely that your application will need these capabilities as they are only required for some very sensitive operations.
A more in-depth discussion of these capabilities can be found in the full article on the subject.