Symbian OS Developers

Capabilities for API Security

• Figure Drawing Step by Step Lessons
• Sound Effects For Music And Multimedia Productions
• Project Management Template Kit

Platform security divides sensitive operating system functions into 20 named sets known as capabilities. You can think of each capability as a box of functions with a combination lock on it. An application can be given the combination for as many of these boxes as it is approved to use. In this way, capabilities provide for fine-grained control over API security.

For an application to obtain a particular capability and use protected functionality (i.e., for it to get the 'combination') it must be authorized.

The Symbian Signed program is the authority which gives authorization, although phone manufacturers may also be involved where access to particularly sensitive functionality is requested.

Capabilities are assigned at the process level (i.e., EXE files) and are specified using the capability keyword in an MMP build file, as I'll show in more detail in section 7.4.7. If you call an API function in your process that requires a capability not specified in the MMP file, it will return KErrPermissionDenied (-46).

Not all API functions require a capability to use them. In fact, about 60% of the APIs are not associated with a capability at all. If your program consists of calls entirely in this set, then you do not need to worry about platform security, and you can run your software without going through the Symbian Signed process. Capabilities represent the APIs that are sensitive enough to be managed by platform security, such as those that directly access system or user data, or the phone hardware.

Capabilities fall into the following categories, based on just how sensitive they are:

• basic capabilities;

• extended capabilities;

• phone manufacturer capabilities.

For the last two categories, in addition to needing these capabilities in your MMP file, you must also have your application Symbian Signed to prove you are allowed to use these capabilities. Otherwise, the software cannot be installed. Software requiring just basic capabilities, or none at all, does not necessarily need to be signed. To explain this further, let's look at the three capability categories in more detail.