The following table, Comparison of capabilities, shows how the capabilities are divided.
Unrestricted | User-grantable (at installation time) | Symbian Signed | Manufacturer approval |
60% of APIs | ReadUserData WriteUserData NetworkServices LocalServices UserEnvironment
Note: Implementation may vary between devices. | The user-grantable capabilities + | Symbian Signed capabilities + |
Declarative: Location ReadDeviceData WriteDeviceData PowerMgmt SurroundingsDD ProtServ TrustedUI SwEvent
| DRM TCB | ||
Capability Request Form & Platform approval: DiskAdmin AllFiles CommDD MultiMediaDD NetworkControl
|
Table: Comparison of capabilities
The following table, Description of capabilities, provides more information on what the separate capabilities mean in practice.
| Capability | Description |
1 | NetworkServices | This capability is for, e.g., dialing a number or sending a text message. |
2 | LocalServices | This capability is for sending or receiving information through USB, IR, and point-to-point Bluetooth profiles. |
3 | ReadUserData | Grants read access to user data. System servers and application engines are free to grant this restriction level to their data. |
4 | WriteUserData | Grants write access to user data. Again, system servers and application engines are free to grant this restriction level to their data. |
5 | Location | Grants access to the location of the phone. |
6 | UserEnvironment | Grants access to live confidential information about the user and his/her immediate environment. |
7 | PowerMgmt | Grants the right to kill any process in the system or to switch machine state (turn the phone off). |
8 | MultimediaDD | Controls access to all multimedia device drivers (sound, camera, etc.). |
9 | ReadDeviceData | Grants read access to sensitive system data. |
10 | WriteDeviceData | Grants write access to sensitive system data. |
11 | DRM | Grants access to protected content. |
12 | TrustedUI | This capability differentiates "normal" applications from "trusted" applications. If a trusted application is displaying something on the screen, a normal application cannot fake it. |
13 | ProtServ | Grants the right to a server to register with a protected name. Protected names start with an Ò!Ó (exclamation point). The kernel will prevent servers without ProtServ capability from using such a name, and therefore will prevent protected servers from being impersonated. |
14 | NetworkControl | Grants the right to modify or access network protocol controls. |
15 | SwEvent | Grants the right to generate and capture software key and pen events. |
16 | SurroundingsDD | Grants access to logical device drivers that provide input information about the surroundings of the phone. |
17 | TBC | Grants access to /sys and /recourse directories in the phone. |
18 | CommDD | Grants access to communication device drivers. |
19 | DiskAdmin | Grants the right to disk administration functions, such as formatting a drive. |
20 | AllFiles | Grants visibility to all files in the system and extra write access to files under /private. |
Table: Description of capabilities
As described earlier, some capabilities are granted by the device's manufacturer. The manufacturer will use its discretion before granting the capabilities. Usually strong enough business reasoning is sufficient to gain the capabilities.
For a developer to be able to get manufacturer capabilities for the application, it is necessary to contact the manufacturer in question for more details.