Capabilities
What are capabilities?
A capability is a feature of Symbian Platform Security, introduced on S60 in S60 3rd Edition (Symbian OS v9.1). For each of the capabilities, each running process (started from an EXE file) either has it or hasn't. Some actions, such as calling a server on the Symbian OS, require the calling process to have a capability. Whether or not the capability is required is controlled by the server that is being called: each server defines its own policy.
Also libraries (DLLs) have capabilities, but these are interpreted a bit differently than capabilities of processes (EXE files). When applied to a DLL, a capability indicates the trust level of the code within the DLL. When the DLL is loaded into a process, the code is executed with the capabilities of the process (EXE), not the capabilities of the DLL. The capabilities of the DLL just indicate to which extent the code in the DLL can be trusted. As an example, an EXE that has a TCB capability cannot load a DLL that does not have the TCB capability because the lack of TCB on a DLL indicates that the DLL code is not trusted to execute under TCB capability.
List of S60 3rd Edition capabilities
Basic capabilities - approved by the end user
- LocalServices
- UserEnvironment
- NetworkServices
- ReadUserData
- WriteUserData
- Location (from S60 3rd Edition, FP2 onwards)
Extended capabilities - approved by Symbian Signing
Express Signed
Certified Signed
Manufacturer-approved capabilities
NetworkServices:用于使用移动网络,例如:拨打电话或发送文本消息。
LocalServices:用于通过USB、红外和蓝牙发送或接收消息。
ReadUserData:准许读取用户数据。系统服务器和应用引擎可以自由地对他们的数据施加这一限制。
WriteUserData:准许写入用户数据。系统服务器和应用引擎可以自由地对他们的数据施加这一限制。
Location:准许访问手机的位置信息。
UserEnvironment:准许访问用户及其附近环境的实时保密信息。
PowerMgmt:准许在系统中中断任何进程或者转换机器状态(关掉设备)。
SwEvent:准许生成或者捕获键盘以及笔输入事件。
ReadDeviceData:准许读取系统设备驱动数据。
WriteDeviceData:准许写入系统设备驱动数据。
SurroundingsDD:准许访问提供外围设备输入信息的逻辑设备驱动。
TustedUI:区分”normal”应用和”trusted”应用的UI。当一个”trusted”应用在屏幕上显示内容时,一个”normal”的应用不能伪造它。
ProtServ:准许服务器应用可以用一个受保护的名字进行注册。受保护的名字以”!”开头。
NetworkControl:准许修改或者访问网络协议控制。
MultimediaDD:准许对所有多媒体设备驱动(声音、摄像头等)的访问。
DRM:准许访问DRM保护的内容。
TCB:准许在终端中访问/sys以及/resource目录。
CommDD:准许访问通信设备驱动。
DiskAdmin:准许进行硬盘管理操作,例如格式化驱动器。
AllFiles:准许系统中的所有文件可见,而且还可对在/private下的文件进行写操作。