×

Discussion Board

Results 1 to 5 of 5

Hybrid View

  1. #1
    (Retired) Nokia Developer Admin.
    Join Date
    Jan 2006
    Location
    Michigan
    Posts
    4,664

    Requesting feedback for few ideas related to Symbian Platform Security tools

    Dear all,

    I'm seeking feedback for few ideas related to Symbian Platform Security tools. The ideas are related to Native Symbian application development to S60 3rd Edition. We are considering tools that could help developers in their development and certification process' and I would like to hear if you see these or some other tools helpful for developers.

    The four ideas I would like you to evaluate related to Symbian C++ application development & certification to S60 3rd Edition are:

    1. Certificate manager
    Tool to manage different certificates. Enabling for example self signing certificate creation and possibility to create Symbian Signed Developer Certificate request creation. Makes it possible to easily change the certificate you use to sign your SIS files with Carbide. Naturally viewing capabilities and IMEI's of your developer certificates is in place.

    2. PlatSec scanner
    A plug-in for Carbide to scan you source code and give a high level list of capabilities which the application would require. There are certain areas where the capability scanner would not necessarily be 100% accurate. For example when the application uses layers which determine the capabilities run time. But over all it would provide on a high level a list of what could be needed.

    3. Epocwind.out displayer
    When you run your application in the emulator and you have specified certain settings, the SDK will generate a log file which lists, among other things, the capabilities needed by the application during run time. Currently the log file is text file and the idea is to make a proper view for reading such information.

    4. Capability requirement manager
    In short: You need a capability, what type of requirements does that bring to your application? A simple tool or presentation allowing you to select capabilities you need and as an output listing all the requirements your application has and things you need to go through.

    Please consider if any of the above mentioned tools would bring additional value to you as a developer. I would also appreciate ideas of any other tools which we could create to help your work. This post will be here untill Friday the 25th of August when the feedback will be gathered.

    Thanks,

    For Risto H by Ron L

  2. #2
    Registered User
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    200

    Re: Requesting feedback for few ideas related to Symbian Platform Security tools

    Even at the risk of expanding the scope of the list, I would suggest another "tool" that I would personally have found useful already a couple of times.

    It would be great if there was a possibilty to set a breakpoint on the "*platsec* warning" for a missing capability, so that execution stops inside the API call that detects that it would have to fail.

    This way, I could use a stack backtrace to the point of my code that makes the call, and find out exactly which bit of code triggered the warning, rather than single-stepping line-by-line over a suspicious piece of code to narrow down on the culprit.

    This is probably somewhat more complicated in the case of client/server APIs, where the server detects the missing capability, while I would have to check the call stacks of other threads to see what the last client-side call from my own code was - but at least in Visual Studio, which had a very nice "view all threads" window, this would still be relatively easy.

    I would personally prefer this over a static capability scanner, because it will more accurately cover cases where, for example, a specific parameter value demands a certain capability in an otherwise unrestricted API.

  3. #3
    Registered User
    Join Date
    Mar 2003
    Location
    Germany
    Posts
    200

    Re: Requesting feedback for few ideas related to Symbian Platform Security tools

    Quote Originally Posted by Nokia Ron
    3. Epocwind.out displayer
    When you run your application in the emulator and you have specified certain settings, the SDK will generate a log file which lists, among other things, the capabilities needed by the application during run time. Currently the log file is text file and the idea is to make a proper view for reading such information.
    Of the given list, if I had to choose one, my vote would be for this one - EPOCWIND.OUT (i.e. the output of RDebug::Print) is useful for many other cases as well, because it also allows you to monitor thread creation/destruction, and the output of various system components.

    In addition, RDebug::Print() is probably the easiest way to produce trace output in your own code.

    [Note: I have no experience with Carbide, only with CodeWarrior and Visual Studio. There, the output that goes into EPOCWIND.OUT would also be available in a window inside the IDE as "debug output" anyway - only that this is made somewhat less useful in Visual Studio lately because of the huge number of "unhandled exception" warnings triggered by a Symbian 9 emulator...]

  4. #4
    Regular Contributor
    Join Date
    Mar 2005
    Posts
    60

    Re: Requesting feedback for few ideas related to Symbian Platform Security tools

    #2 would have been very useful when I first ported my application and in the period before the MR documentation was released (in the original 3rd edition SDK documentation of capabilities was inaccurate), but has less value to me now on an ongoing basis. But people will still need to develop 2nd edition apps for a few years to come, so it will still be useful.

    The more intelligent it can be the better as some methods don't need all the listed capabilities for some of thier cases - like CSendUi::CreateAndSendMessageL needing an extra capability if you create an email, but not if you create an SMS or MMS.

    The list of possibly affected calls and capabilities would need to be coallesced/grouped - for example, any call that opens a file might need a capability depending on the path, and if every one of those was reported the results would be overhwelming. And ideally provide direct links into the documentation.

    #3 handling epocwind.out could be useful. Right now the Visual Studio display is swamped by unhandled exceptions (as the previous poster pointed out) but even with those stripped out there are a lot of messages. I'm sure I'd have saved time in the past if I'd noticed certain warnings in the log file. Finding capabilities isn't a priority to me, as find works just fine, but that's a case where I know what I need to find. Having something flag to me what I didn't expect to find would be a help.

  5. #5
    Registered User
    Join Date
    Oct 2006
    Location
    Cumbria, UK
    Posts
    4

    Re: Requesting feedback for few ideas related to Symbian Platform Security tools

    I second Marcus's request for a breakpoint on the platsec error. While you're about it, another almost identical requirement is to support a breakpoint on User::Leave in the current thread (there's a way to do this, but it's hardly intuitive).

    For item #2, I'd suggest if you want to implement it, it's much easier to do using the Edition 2 APP file, rather than by source file. WIth the App file it's easy to get a list of APIs used (imports), and then cross reference them against the Symbian documents. It's fairly straightforward to script.

    - Charles
    http://www.penrillian.com

Similar Threads

  1. Security platform: controversial information
    By mikfi in forum Symbian Signed Support, Application Packaging and Distribution and Security
    Replies: 6
    Last Post: 2006-10-03, 10:21
  2. Current Symbian Development Opportunities...!!
    By mobile2004 in forum Symbian
    Replies: 0
    Last Post: 2005-01-17, 17:58
  3. Replies: 0
    Last Post: 2004-05-21, 11:16
  4. Replies: 2
    Last Post: 2004-05-08, 09:09

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •