iT人 – theiter

Unrestricted

User-grantable

(at
installation time)

Symbian
Signed

Manufacturer
approval

60% of
APIs

ReadUserData

WriteUserData

NetworkServices

LocalServices

UserEnvironment

Note:
Implementation may vary between devices.

The
user-grantable

capabilities

+

Symbian
Signed

capabilities

+

Declarative:

Location

ReadDeviceData

WriteDeviceData

PowerMgmt

SurroundingsDD

ProtServ

TrustedUI

SwEvent

DRM

TCB

Capability
Request Form & Platform approval:

DiskAdmin

AllFiles

CommDD

MultiMediaDD

NetworkControl

Capability

Description

1

NetworkServices

This capability is for, e.g., dialing a number or sending a text message.

2

LocalServices

This capability is for sending or receiving information through USB, IR, and point-to-point Bluetooth profiles.

3

ReadUserData

Grants read access to user data. System servers and application engines are free to grant this restriction level to their data.

4

WriteUserData

Grants write access to user data. Again, system servers and application engines are free to grant this restriction level to their data.

5

Location

Grants
access to the location of the phone.

6

UserEnvironment

Grants access to live confidential information about the user and his/her immediate environment.

7

PowerMgmt

Grants the right to kill any process in the system or to switch machine state (turn the phone off).

8

MultimediaDD

Controls access to all multimedia device drivers (sound, camera, etc.).

9

ReadDeviceData

Grants read access to sensitive system data.

10

WriteDeviceData

Grants write access to sensitive system data.

11

DRM

Grants access to protected content.

12

TrustedUI

This capability differentiates “normal” applications from “trusted”
applications. If a trusted application is displaying something on
the screen, a normal application cannot fake it.

13

ProtServ

Grants the right to a server to register with a protected name. Protected names start with an Ò!Ó (exclamation point). The
kernel will prevent servers without ProtServ capability
from using such a name, and therefore will prevent protected
servers from being impersonated.

14

NetworkControl

Grants the right to modify or access network protocol controls.

15

SwEvent

Grants the
right to generate and capture software key and pen events.

16

SurroundingsDD

Grants access to logical device drivers that provide input information about the surroundings of the phone.

17

TBC

Grants access to /sys and /recourse directories in the phone.

18

CommDD

Grants access to communication device drivers.

19

DiskAdmin

Grants the right to disk administration functions, such as formatting a drive.

20

AllFiles

Grants visibility to all files in the system and extra write access to
files under /private.