Widget Platform Security
Following are some of the points of the security policy for widgets running on S60 mobile devices:
- Unlike sis file, Widgets need not to be signed.
- Widgets are considered untrusted by the device platform currently. Widget access to platform services is controlled and that mobile device users must grant permission.
- Widgets access the network through the Web Browser for S60.
Runtime Security Manager
The Runtime Security Manager controls access to platform services for Web Runtime version 1.1 widgets. The security manager uses this policy to determine whether a widget has access to a platform service and then prompts the mobile device user accordingly. Access policy for all WRT 1.1 is determined by the device manufacturer, It cannot be customized by developer or user. WRT 1.1 provides a default access policy that mobile devices can use if they do not define their own.
The widget security life cycle for WRT 1.1 is as follows:
- WRT 1.1 files an access policy with the security manager.
- The widget is registered by the Security manager when it is installed.
- WRT 1.1 starts a session with the security manager each time that it attempts to access a new platform service.
- During a session, the security manager performs run time access control according to the access policy.
- The widget is unregistered by the Security manager when it is uninstalled.
RSM Access Policy
The Run time Security Manager access policy defines:
- A set of capabilities that are allowed automatically to the widget or are granted to via prompts.
- The Access duration/Session. The durations supported for WRT 1.1 are one time or while the widget is launched.
The following capabilities are supported for WRT 1.1
- ReadUserData: Read access to user confidential data(contacts, messages, appointments, and notes).
- WriteUserData: Write access to user confidential data(contacts, messages, appointments, and notes).
- Location: Access to location information of the mobile device.
- NetworkServices: Access to remote services without regard to the mobile device location(voice calls and SMS).
The following table lists the capabilities defined for each Service API by the default WRT 1.1 access policy. All capabilities are granted for the session.
Table: Default capabilities for WRT 1.1 widgets
|Messaging||ReadUserData, WriteUserData, NetworkServices|