Please note that as of October 24, 2014, the Nokia Developer Wiki will no longer be accepting user contributions, including new entries, edits and comments, as we begin transitioning to our new home, in the Windows Phone Development Wiki. We plan to move over the majority of the existing entries. Thanks for all your past and future contributions.

(Redirected from Sensitive Applications)

App types that require sensitive Symbian capabilities

From Wiki
Jump to: navigation, search

This article contains a non-exhaustive list of the sorts of applications that typically need to be granted sensitive platform security capabilities, along with information about the capabilities required and why.

Article Metadata
Created: aaumala (25 May 2007)
Last edited: hamishwillee (27 Jan 2012)

Capabilities for known applications

Here is a non-exhaustive list of known applications and the needed capabilities. If you are developing an application that falls into a category listed here, you should prepare to apply for listed capabilities when applying for a DevCert. In addition your application must pass both Symbian Signed. If any of the manufacturer approved capabilities (TCB, DRM and/or AllFiles) are included also Nokia test criteria must be passed in order to receive the final Symbian Signed certification.

Note also, that the capability reasoning given here is not self sufficient when applying for the DevCert; you will need to provide detailed information on the APIs needing mentioned capabilities. (Stating only that application XY needs TCB because stated so on this wiki page, is not itself a good enough reason for getting TCB approval)

Also, when making the DevCert request, it is strongly recommended that you scan your application code to see what other capabilities are really needed, and to omit all unnecessary capabilities from your DevCert request. Doing so may reduce otherwise unnecessary steps when handling your request.

Capabilities for known applications - by type

CommDD, NetworkControl

Reasons: Hook in IP stack, advanced connections management

AllFiles, TCB, DiskAdmin, CommDD

Reasons: Read & Write access to caged data (\sys, \resource, \private), virus definition file updates from network.

Note that antivirus application needs to create file hooks, which cannot be implemented without a Symbian Platinum Partner development kit.

AllFiles, TCB, DiskAdmin

Reasons: Read & Write access to caged data (\sys, \resource, \private)

Device management & device blocking
AllFiles, DiskAdmin, NetworkControl, CommDD, MultimediaDD

Reasons: Read & Write access to caged data (\sys, \resource, \private), managing connections, managing system resources

NetworkControl, MultimediaDD

Reasons: Full duplex audio (APS), low level IP protocol access

Network Monitoring
CommDD, NetworkControl

Reasons: Protocol packets access, access to IAP tables

CommDD, NetworkControl

Reasons: Access to protocol packets, tunneling secure data

HotSpot Framework
CommDD, NetworkControl

Reasons: Access to protocol packets, tunneling secure data

Following are examples of applications that in theory can need sensitive capabilities but do so only in rare circumstances, and thus need extra reasoning in order to be approved.

Data call
CommDD, NetworkControl

Reasons: There are better way to implement data connection that a CSD data call.

SIP application

Reasons: Enabling a SIP profile – not a common action of a SIP application.

File browser application
DiskAdmin, AllFiles

Reasons: File browser application that has access to all caged data will not get accepted, as it will jeopardize the Platform Security feature as such.

File access capabilities in general
Three caged locations in the file system need capabilities to access:

\sysAllFiles to read, TCB to write
\resource – no caps to read, TCB to write
\private – no caps for process’ own caged part, for other parts AllFiles is needed (read & write).

DLL loading requirements by DLL type

Message Type Modules:
Client side MTMs

Server MTM
NetworkControl and DiskAdmin

BIO Messaging:
BIO Parser
NetworkControl, DiskAdmin
BIO Control plug-in

All –TCB

Profile plug-in
All –TCB

Browser plug-in

Phonebook plug-in

This page was last modified on 27 January 2012, at 05:06.
70 page views in the last 30 days.