Archived:Platform Security in PySymbian: Part2
This main purpose of this article is to make the concept of platform security clear in context with PySymbian. Archived:Platform Security in PySymbian: Part1 on this series talked about basics of platform security, the changes that were introduced on platform security and limitations imposed by platform security. This article will deal with a single word which is very important when we talk about platform security and its effect to PySymbian. This term is Known as Capability. This term is used often now and then in the discussion boards. This article will define and explain what is capability. What are the types of capabilities and there will be also a list of capabilities explained which are required in PySymbian.
What is Capability??
We all know that S60 3rd edition devices uses platform security and there are some limitations imposed by this platform security. In this devices a program must have permission to access potentially sensitive features . These permissions in platform security are called capabilities. A program needs certain capabilities if it wants the access certain set of key features. There is always not the case because there are many things one can do without having these so called capabilities. There is a small and fixed set of capabilities and each capability grant a set of functions.
Types of Capabilities
PySymbian runtime is signed by Nokia with an extended set of capabilities (all 17 of developer certificate with Publisher ID). Then the PySymbian Scriptshell can have between 0 or 17 capabilities (less or equal than PySymbian).
In connection with PySymbian, the capabilities of PySymbian Scriptshell can roughly divided in four groups.
- User-grantable Capabilities (5):
These are the capabilities that the user who is installing can grant to the program at the installation time. A program which requires only user grant capabilities can be self-signed.
- Capabilities Available with an old developers certificate(devcert) (13):
These are the capabilities with which one can experiment on a single phone using the devcert provided by symbian signed service.This certificate is no more available (replaced by opensigned service)
- Capabilities Available without certificate online (opensigned) (13):
These are the capabilities with which one can experiment on a single phone using the opensigned service on www.symbiansigned.com. This service replace the free dev cert.
- Capabilities Available with developers certificate with a publisher id (17):
These are the capabilities with which one can experiment on a single phone using the devcert provided by symbian signed service.
- Manufacturer-Approved Capabilities(until 20):
These are the highest sensitive capabilities and can be obtained from the device manufacturers only. If any one wants these capabilities then he/she needs to justify its purpose to the device manufacturers.
Capabilities Required in PySymbian
Most of the PySymbian functions need only user-grantable capabilities. Some need opensigned or a certificate.
|Description||Function or Module||Required Capabilities|
|Global Key Capture||KeyCapture Module||SwEvent (is part of opensigned caps)|
|Reading the Cellid||Location Module(loaction.gsm_location())||Location, ReadDeviceData (opensigned)|
|Reading the internal GPS Location (not an bluetooth external !)||Position Module||Location (is part of opensigned except in 3rd edition FP 2)|
Because of the limit of 17 capabilities of the PySymbian, there are no functions in PySymbian using manufacturer capabilities.
Signing The Python Scriptshell
Basic functions need only the self-signed shell in PySymbian.
Signing the shell is a optional feature when you are installing the PySymbian in your device. If one want to use the above mentioned features. Then one must get the shell signed at the Symbian Online Signing with all 13 capabilities. The procedure is very simple and is self explainable. You can also use the following free Python application for signing with the opensigned service (experimental !)