×
Namespaces

Variants
Actions

App types that require sensitive Symbian capabilities

From Nokia Developer Wiki
Jump to: navigation, search

This article contains a non-exhaustive list of the sorts of applications that typically need to be granted sensitive platform security capabilities, along with information about the capabilities required and why.

Article Metadata
Article
Created: aaumala (25 May 2007)
Last edited: hamishwillee (27 Jan 2012)

Capabilities for known applications

Here is a non-exhaustive list of known applications and the needed capabilities. If you are developing an application that falls into a category listed here, you should prepare to apply for listed capabilities when applying for a DevCert. In addition your application must pass both Symbian Signed. If any of the manufacturer approved capabilities (TCB, DRM and/or AllFiles) are included also Nokia test criteria must be passed in order to receive the final Symbian Signed certification.

Note also, that the capability reasoning given here is not self sufficient when applying for the DevCert; you will need to provide detailed information on the APIs needing mentioned capabilities. (Stating only that application XY needs TCB because stated so on this wiki page, is not itself a good enough reason for getting TCB approval)

Also, when making the DevCert request, it is strongly recommended that you scan your application code to see what other capabilities are really needed, and to omit all unnecessary capabilities from your DevCert request. Doing so may reduce otherwise unnecessary steps when handling your request.


Capabilities for known applications - by type

Firewall
CommDD, NetworkControl

Reasons: Hook in IP stack, advanced connections management


Antivirus
AllFiles, TCB, DiskAdmin, CommDD

Reasons: Read & Write access to caged data (\sys, \resource, \private), virus definition file updates from network.

Note that antivirus application needs to create file hooks, which cannot be implemented without a Symbian Platinum Partner development kit.


Encryption
AllFiles, TCB, DiskAdmin

Reasons: Read & Write access to caged data (\sys, \resource, \private)


Device management & device blocking
AllFiles, DiskAdmin, NetworkControl, CommDD, MultimediaDD

Reasons: Read & Write access to caged data (\sys, \resource, \private), managing connections, managing system resources


VoIP
NetworkControl, MultimediaDD

Reasons: Full duplex audio (APS), low level IP protocol access


Network Monitoring
CommDD, NetworkControl

Reasons: Protocol packets access, access to IAP tables


VPN
CommDD, NetworkControl

Reasons: Access to protocol packets, tunneling secure data


HotSpot Framework
CommDD, NetworkControl

Reasons: Access to protocol packets, tunneling secure data



Following are examples of applications that in theory can need sensitive capabilities but do so only in rare circumstances, and thus need extra reasoning in order to be approved.


Data call
CommDD, NetworkControl

Reasons: There are better way to implement data connection that a CSD data call.


SIP application
NetworkControl

Reasons: Enabling a SIP profile – not a common action of a SIP application.


File browser application
DiskAdmin, AllFiles

Reasons: File browser application that has access to all caged data will not get accepted, as it will jeopardize the Platform Security feature as such.


File access capabilities in general
Three caged locations in the file system need capabilities to access:

\sysAllFiles to read, TCB to write
\resource – no caps to read, TCB to write
\private – no caps for process’ own caged part, for other parts AllFiles is needed (read & write).


DLL loading requirements by DLL type


Message Type Modules:
Client side MTMs

Server MTM
NetworkControl and DiskAdmin


BIO Messaging:
BIO Parser
NetworkControl, DiskAdmin
BIO Control plug-in
NetworkControl


FEP
All –TCB


Profile plug-in
All –TCB


Browser plug-in


Phonebook plug-in
NetworkControl



This page was last modified on 27 January 2012, at 08:06.
118 page views in the last 30 days.
×