×
Namespaces

Variants
Actions

Capabilities (Symbian Signed)

From Nokia Developer Wiki
Jump to: navigation, search
Article Metadata
Article
Created: hamishwillee (16 Dec 2010)
Last edited: hamishwillee (20 Jul 2012)

Contents

What is a Capability?

Symbian's Platform Security architecture protects access to sensitive functionality using "capabilities". If your application uses an API that is protected with a capability you will need to declare the capability in your app project file at build time, and then digitally sign the application installation file with a certificate that is trusted to grant the needed capabilities.

There are twenty capabilities, and they are split into four groups - User Capabilities, System Capabilities, Restricted Capabilities and Device Manufacturer Capabilities. The groups protect progressively "more sensitive" APIs.

Which capabilities can I access?

The table below shows what certificates/signing mechanisms can grant capabilities in each group.

Capability Group Capability Name   Self-Signed Development Certificate

(unverified account)

Development Certificate

(verified account)

Express Signed Certified Signed
User Capabilities LocalServices Yes, with user confirmation at install time Yes Yes Yes Yes
Location
NetworkServices
ReadUserData
UserEnvironment
WriteUserData
System Capabilities PowerMgmt
ProtServ
ReadDeviceData
SurroundingsDD
SwEvent
TrustedUI
WriteDeviceData
Restricted Capabilities CommDD
DiskAdmin
NetworkControl
MultimediaDD
Manufacturer Capabilities AllFiles Nokia Approval Required Nokia Approval Required
DRM
TCB

How do I know which capabilities I need?

Most applications will use only need the "user grantable" capabilities; as a result it is generally quite easy to "guess" what capabilities your application needs based on what it does. For example, an application that needs to connect to the Internet will need NetworkServices.

Note.pngNote: You should apply just those capabilities that your application needs.

You can also look up the capabilities required for each API in the SDK/online documentation, as shown in the example below.

AppSigningSDKCapabilitiesExample.png

Lastly, the Carbide.c++ IDE also provides the "Capability Scanner" tool. Select the .mmp file in the Project Explorer window from within Carbide.c++ and select Project, Run Capability Scanner on Project MMP. The results will be displayed in a new Platform Security window, as shown in the screenshot below

OutputFromCapabilityScanner.png

Device Manufacturer Capabilities

AllFiles, TCB and DRM protect the most sensitive aspects of the platform functionality, and access to them is only permissible when working with a Device Manufacturer and with their consent. However, it is very unlikely that your application will need these capabilities as they are only required for some very sensitive operations.

A more in-depth discussion of these capabilities can be found in the full article on the subject.


Licence icon cc-by-sa 3.0-88x31.png© 2010 Symbian Foundation Limited. This document is licensed under the Creative Commons Attribution-Share Alike 2.0 license. See http://creativecommons.org/licenses/by-sa/2.0/legalcode for the full terms of the license.
Note that this content was originally hosted on the Symbian Foundation developer wiki.

This page was last modified on 20 July 2012, at 10:49.
75 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.

 

Thank you!

We appreciate your feedback.

×