Sunday, August 05, 2007

Symbian V9 Security Description.

A capability is an access token that corresponds to an access permission of sensitive system resources.

Basic capabilities

LocalServices
Grants access to "short-link" connections such as Bluetooth and infrared. These connections are not billable transactions. An example of this kind of action is device-to-device file transfer.

Location
Grants access to the location of the device, such as network cell ID.

NetworkServices
Grants access to remote service and might involve cost for the user. Typical use cases are dialing a normal GSM voice call or sending a text message.

ReadUserData
Grants read-only access to confidential user data. Typical use cases are reading contacts, messages, and calendar events.

WriteUserData
Grants write access to user data. Typical use cases are adding or deleting contacts, messages, or calendar events.

UserEnvironment
Grants access to live confidential information about the user and his/her immediate environment. An example of a typical protected resource in a mobile device is a camera.

Extended capabilities

PowerMgmt
Grants access to kill any process running in the system or completely turn off the device.

ProtServ
Grants the right to a server to register with the protected name. Protected names start with a “!”. The kernel will prevent servers without ProtServ capability from using such a name and therefore will prevent protected servers from being impersonated.

ReadDeviceData
Grants read-only access to sensitive system data such as device settings.

WriteDeviceData
Grants write access to sensitive system data such as device lock settings, system time, and time zone.

SurroundingsDD
Grants access to logical device drivers that provide input information about the surroundings of the mobile phone, for example global positioning system (GPS) device drivers.

SwEvent
Grants access to simulate key presses and capture such events from any application. Typical example is a screen-shot application.

TrustedUI
Grants access to create a trusted UI session and display dialogs in a secure UI environment. Typical example is password dialog.

Platform-approved capabilities

AllFiles
Grants read-only access to all data caged directories and write access to /private –directory. NOTE! AllFiles will not be granted for a filemanager type of application.

CommDD
Grants access to communication device drivers such as WiFi, USB, and serial device drivers.

DiskAdmin
Grants access to disk administration functions such as formatting a drive or mounting/unmounting drive partitions.

MultimediaDD
Grants access to critical multimedia device drivers such as camera and sound.

NetworkControl
Grants access to modify or access network protocol controls such as dropping all connections from the mobile phone.

Manufacturer-approved capabilities

DRM (digital rights management)
Grants access to DRM-protected content in plain form.

TCB
Grants write access to /sys and /resource directories in the mobile phone.

No comments:

stats counter